Malicious
Malicious

3a4d57fa2cb647a83891cd1cb1ba1461

PE Executable
MD5: 3a4d57fa2cb647a83891cd1cb1ba1461
Size: 3.39 MB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
3a4d57fa2cb647a83891cd1cb1ba1461
Sha1
8d53af15d6cbb1f355ce090581e399d67e358598
Sha256
9fc57c6c1e344cdda502eba5ce23b69c6c56f0a4124c2a1fca3ac067ca5f74c0
Sha384
d7aa63946836876f027105a5cab7a736ed929326109234b7a5e4e89ce00d244799076388a78c42d6cd4ae50e61678eba
Sha512
ea89b49183cb9eeced1c1a13b35bddc16744ec25c6d98618119f37e02b5c69943bb5d5de2df38d700acf5e1efbc8c06c7a54caa1b3172dc9df29ebbdcd4f78c7
SSDeep
49152:AvyI22SsaNYfdPBldt698dBcjHbEmOmzU8oGdDTHHB72eh2NT:Avf22SsaNYfdPBldt6+dBcjHbEmf
TLSH
BCF55A1477F85E62E16BD3B3D5F0542363F0F82AF3A3EB0B5191667A1C93B4098426A7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0-preview.png
ID:0003
ID:0
ID:0-preview.png
ID:0004
ID:0
ID:0-preview.png
ID:0005
ID:0
ID:0-preview.png
ID:0006
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BlackBinderStub.Form1.resources
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ILRepack.List
Password.txt
Malware Configuration - AsyncRAT config.
Config. Field
Value
Key (AES_256)
-huhuhuhu
Pastebin
-huhuhuhu
ServerSignature
kCHSOQhuhuhuhuhuhuhuhuhuhuhu
Install-Folder
/M4pqhhuhuhuhuhuhuhuhuhuhuhu
Group
dhuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

BlackBinderStub.exe

Full Name

BlackBinderStub.exe

EntryPoint

System.Void BlackBinderStub.My.MyApplication::Main(System.String[])

Scope Name

BlackBinderStub.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

BlackBinderStub

Assembly Version

10.0.18362.1

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

10

Main Method

System.Void BlackBinderStub.My.MyApplication::Main(System.String[])

Main IL Instruction Count

8

Main IL

call System.Boolean Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::get_UseCompatibleTextRendering() call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) leave.s IL_000D: call BlackBinderStub.My.MyApplication BlackBinderStub.My.MyProject::get_Application() endfinally <null> call BlackBinderStub.My.MyApplication BlackBinderStub.My.MyProject::get_Application() ldarg.0 <null> callvirt System.Void Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::Run(System.String[]) ret <null>

Module Name

BlackBinderStub.exe

Full Name

BlackBinderStub.exe

EntryPoint

System.Void BlackBinderStub.My.MyApplication::Main(System.String[])

Scope Name

BlackBinderStub.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

BlackBinderStub

Assembly Version

10.0.18362.1

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.0

Total Strings

10

Main Method

System.Void BlackBinderStub.My.MyApplication::Main(System.String[])

Main IL Instruction Count

8

Main IL

call System.Boolean Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::get_UseCompatibleTextRendering() call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) leave.s IL_000D: call BlackBinderStub.My.MyApplication BlackBinderStub.My.MyProject::get_Application() endfinally <null> call BlackBinderStub.My.MyApplication BlackBinderStub.My.MyProject::get_Application() ldarg.0 <null> callvirt System.Void Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase::Run(System.String[]) ret <null>

Artefacts
Name
Value
Key (AES_256)
-huhuhuhu
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
3a4d57fa2cb647a83891cd1cb1ba1461 (3.39 MB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0-preview.png
ID:0003
ID:0
ID:0-preview.png
ID:0004
ID:0
ID:0-preview.png
ID:0005
ID:0
ID:0-preview.png
ID:0006
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
BlackBinderStub.Form1.resources
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ILRepack.List
Password.txt
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
Value
Key (AES_256)
-huhuhuhu
Pastebin
-huhuhuhu
ServerSignature
kCHSOQhuhuhuhuhuhuhuhuhuhuhu
Install-Folder
/M4pqhhuhuhuhuhuhuhuhuhuhuhu
Group
dhuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
Name
Value Location
Key (AES_256)
-huhuhuhu
Malicious

3a4d57fa2cb647a83891cd1cb1ba1461

Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙