Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 3315f37af72ee9ecf9107199ceadb7eb
|
| Sha1 | fc8991060917b64fb0ed95e955870a9d8efc2515
|
| Sha256 | 36f6c3ba39bba88fbb949f9ac6956016bca8301fecc846ebe8f798639e1d8bf6
|
| Sha384 | 62f0d984bcd4639d44fd6517b7d0a9f7de5e73d267b09b9b97de5be5e76ff36b59e84edc9942f1cf56b385e905cdd717
|
| Sha512 | 82b5001afb72fd710f641e1f6224af59c31eaf692c4ee0451c10c85f4e60a469e28e19b76ab528252034ee5268e9ead4fb0622775d2fd4c202ea6c5ab8d4e7a7
|
| SSDeep | 3072:pBYojwv+yJzGzdSYvALuFxBaJ0NhSTTIAak+E4WDlrC:XYof3z8YvfFxBaJq4TPDWWDd
|
| TLSH | 8594E4B0BE93C76DF4380D3FF05689041AE6AC5F1B129146E680FE1D3AE36F58A4469D
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | SERVER.exe |
| cnc_host [HH] | 192.121.16.196 |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 443 |
| reg_key [RG] | 494e0143cccb3061dd187b8a6d1cc06d |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | active |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Port | 443 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | SERVER.exe |
| cnc_host [HH] | 192.121.16.196 |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 443 |
| reg_key [RG] | 494e0143cccb3061dd187b8a6d1cc06d |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | active |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value | Location |
|---|---|---|
| Port | 443 Malicious |
3315f37af72ee9ecf9107199ceadb7eb |