Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 2d1c955c6f44d70985fb7ea0f85ace73
|
| Sha1 | 1cf6892560e0fe5fd9cd18d5a57c46468cdd92ee
|
| Sha256 | 7b739b1ecfd76e94cd22186b0778b0797f193a2a52f459acb0fe9a5176ec000b
|
| Sha384 | bd6459f707a5b28504e4ecaaf8b16fd4ebf4438a35c73ac10e542dab71d2a871ae7fddc118dfa2cea735477fdffc44fb
|
| Sha512 | d38fe3d710f3890b132dc605350fb55d0ce10bbd45cf612a0640bbbea95498602ee4109c5d6b01ae2bf1636e249fcb52fcf670b6578735770304c06d31a6fd9a
|
| SSDeep | 384:Ec6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZwT:TIU0tw3RpcnuN
|
| TLSH | 87B23A4E3FA98856C4BC17748AB5965043B491870423EE2FCCC464DBAFB3AD91D4CAF9
|
PeID
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | |
| version [VR] | 0.7d |
| executable_name [EXE] | mineccrafti.exe |
| directory [DR] | AppData |
| reg_key [RG] | d6185b9a2fc09bbcdc10db2184aadd30 |
| cnc_host [H] | rony.publicvm.com |
| cnc_port [P] | 1177 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | call System.Void j.OK::ko() ret <null> |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | call System.Void j.OK::ko() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | rony.publicvm.com |
| Port | 1177 |
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | |
| version [VR] | 0.7d |
| executable_name [EXE] | mineccrafti.exe |
| directory [DR] | AppData |
| reg_key [RG] | d6185b9a2fc09bbcdc10db2184aadd30 |
| cnc_host [H] | rony.publicvm.com |
| cnc_port [P] | 1177 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | rony.publicvm.com Malicious |
2d1c955c6f44d70985fb7ea0f85ace73 |
| Port | 1177 Malicious |
2d1c955c6f44d70985fb7ea0f85ace73 |