Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 4081aaa83fe8d7c1383491351eb7296e
|
| Sha1 | 1824aa46bf68a54f1185e86f43a9c8132470ec9c
|
| Sha256 | 41c1346afc5bd376fb0132a236647a5b94c4eedc943ad40a8d4aee1a20f3e268
|
| Sha384 | 28650001fd8f94e277183d8bfba1d88cc385986ac081886ecfb48cf21dc4e42cbbbb9d11eb6f5005cf7a8d6bf91f4f98
|
| Sha512 | 40eea9e71d6894a0b6beb7092b48d195b284a743187bee15d571431aa1319a9b81fd61eb83c8808e3ceaddbeaeb86fadc7eae931a099b5385ea458a5fed4587d
|
| SSDeep | 768:uu201TwwL/dWUdN+3mo2qzeWnq1sE7fgPkJPInuW6UBD0bxoYO+SuOzjQyC/43lw:uu201TwQk2hWysE7IPBnufbxofeOXQyc
|
| TLSH | 2C233B003BE9812EF27E4F74A9F26145857AF2677603D64E2CC441D75A13FC68642AFE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQALZ70x25LR856+62fbSbtzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMTAyMDc1ODUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI0zxprtGLDWPnYO2M+cJqe2xlvh89hQPe72zwI0oo23Q6WByBFKRnJA83ZIcm4ulr0orDLyj/v2qp0XupkztScdbh/XtxcB4XcmtDkl87QWXskLlfvlIcrEPJxgpIXheubUl0vtmafHKh0EyC7S2JqW0gLWR2SRuBRuTYqmF5QPUW1BlSiInkBRN2JqXYT0qe2uFtlHtBm5orhXuSb6mubfXZELXhKfeO+ktlSwdsxnR4um/vuEqSij7EhSqRmgixOOz492RKF84Gz6xsI+wY8Utt6NOrZxwm+sphMK814yvdx47xqEWjioRDKaZM4HfhV7xinl5tvOcrc6w1rGmcLXeWGMgGUV11XXNCprhT1ZVEeQU+bIlumY/6ypJaJ1W7AwZvZ//Rycv+0iFkEcZFihoFdg2mdhk7MES7H9grz8dK1v34ZltErRuf1Aln8g3+j2r/6o5sg9RY8vHUfzNjY2ptH9vXyrfzuh941LxeH5/nVHDRCuHoCT0K1ux3b5JDpcC1sCvKnkVDIicudzfi0ZM11gQTw8JWzHPdjXxrTTcLeK5UNhwHo+AkM88qJeNTgPRpPic4H8krXDWPoxH0o6g5GDv8PNeQfREgD7f1kZIavoEfhKeGVsL3hC7Or2IPWkU/kCbFrW1JhugkO4aqjpIT0HgC/d55fbJloLLMwvAgMBAAGjMjAwMB0GA1UdDgQWBBQv+DQDQt5L3cCz/+unn7AQk1Uz0zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQASf5PdoHa9Z2oGr3FyeUTT4fdNUobDdKXHjfajQ+D7m8ISoAZ98TVacfDYN4SUt0smdLfXPLMryZHmN4MSpA2BhTav7VI1Zo3ISxYOOb2gloIg08wY8zBT4e4VyOCfRjU0tOe95IkDs4MilljZHB/So+lDKm+6stKay3tLXq+rdZqWFEHGHstMp24k9jrcT69o1kZjfZGnc/g51dj66LvWKccwea5UfokRfB7UZ1AdkDT2MWZbunNTK4BpXRWvf9RfE3+vr7E3jYEpNKNYlsPRbyacnINOINU+fuuP5+APT+ipVomeCCgMPq2pTVB+21W4nM6H10eaXlAESfUfZYZEAbwo5pPI27GDCK7bd9RFKye+wIzPWNXrDrwZ1eMtPJptb2hSrJ21YPhv8a/0JnofDp+xVbfl4xH5+bbGVL2qBIPV0WefdjeeBouO016FDuFCm99oWCYJ3EXgRf9GSAIfIaqgTxdoPzirtd1VLM2BX4V47xlUpyYgRJ0/KI/yonK6/WzsrB9MzkPV6aVJ64bTGx97YuTE+4jcNQMBf0BK4PHKqDYFPdWKM1bcW9TDy5uPMl2KUejFcCfS2Q+pIdvvJGt4Yw13wcTLcwSbIVPgamBlOLetuvEm/ZOj70VdG0YbuTeBU30/pWFC3mlwr4ftnD/byRJ59dobqcdn3zfRFw== |
| ServerSignature | QVEhLCV8wHyMcZEyQYqsb+3gn7ndNw3VYvVlkFoNY+R2qn64I6ykZXRgQPPWisbhjg/5zWYR+mTRSVJT198xbNg1LQzF/hGNXV8TNv5flAs7B0bxKAroQE7BC/dzswEpASgYZTx6+fPxbB4B56mi1+Om119nFQyD0EoG5jYua7tl21gXuObAa9z+BAiTqiVTFbcbxPregOa85n5Xrki+tTs1qDDndX23kEZI3ANi3b8Yy0YflIcmJQBI7XSn7yaHjFl8Bli3WIwfXqsjueuLqqVqPOyq5Ukh4e/ihga947jg1d21kEjxoP4hxTPlfYvbqH2qUpXR1wsD4ACAds+TOjR2af31Y6X2Dkx78FTA/HtdOI4eAhOJ487s+oeDV+jTCvu9bbUWQHGlow8ERH5k2QoFnCrc4UqCbwbK2XtWCt3n3izyUxJgmRhyIObDDkMM+rE6JBTTZp6sOZB14eX4hvsE25O+2mhqNwBBOeJ0SXr1gpo55TCRxhvfccI5locIaVQvFwVktFNvDCwsyHwKZMNF1PNK16gGQ1tXQbntACeUm8yVPb85bHA/N9/0XMLrvmQ+iXT5ikoCRtC/jHZsJ887q3XyzbHbWv2fYklTG/3L4BgBEMj4heqLos2ZnBA01TrADacMHS5nuljH8iMQ3khdkUgjA9o+ |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | bedavasorgupaneli.exe |
| Install-Folder | %AppData% |
| Hosts | 92.205.187.34 |
| Mutex | teiZyYfZCVIa |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | hQBVpzbZxg |
| Full Name | hQBVpzbZxg |
| EntryPoint | System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main() |
| Scope Name | hQBVpzbZxg |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::eOrKVRmjco call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean TqCbdvbOkoiFg.pEvRcnboUiUW::jLRNDKwqyHYZ() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean OUuNQYBxpD.CDqIKgryAZxQ::dwofgXCXKlebhNRn() brtrue IL_0043: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Void OUuNQYBxpD.HHlmLQvBIVGl::yCWmRGxCYohm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Void yCRYhGcQmsKkwWck.HfkrQujdDzVKqmN::mqUkXODyNm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Boolean OUuNQYBxpD.jpOGplcRovYf::dnZiOMZUwcXveH() brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Void OUuNQYBxpD.xxejNhiNCnvwh::mnwCKQeslM() call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean RfXIpsHTggwf.QSfkMlCRgMJQsND::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::XXYLUPdbwfg() call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::ApgfmSzskCgGj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | hQBVpzbZxg |
| Full Name | hQBVpzbZxg |
| EntryPoint | System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main() |
| Scope Name | hQBVpzbZxg |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::eOrKVRmjco call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean TqCbdvbOkoiFg.pEvRcnboUiUW::jLRNDKwqyHYZ() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean OUuNQYBxpD.CDqIKgryAZxQ::dwofgXCXKlebhNRn() brtrue IL_0043: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Void OUuNQYBxpD.HHlmLQvBIVGl::yCWmRGxCYohm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Void yCRYhGcQmsKkwWck.HfkrQujdDzVKqmN::mqUkXODyNm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Boolean OUuNQYBxpD.jpOGplcRovYf::dnZiOMZUwcXveH() brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Void OUuNQYBxpD.xxejNhiNCnvwh::mnwCKQeslM() call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean RfXIpsHTggwf.QSfkMlCRgMJQsND::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::XXYLUPdbwfg() call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::ApgfmSzskCgGj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc= |
| CnC | 92.205.187.34 |
| Mutex | teiZyYfZCVIa |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQALZ70x25LR856+62fbSbtzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMTAyMDc1ODUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI0zxprtGLDWPnYO2M+cJqe2xlvh89hQPe72zwI0oo23Q6WByBFKRnJA83ZIcm4ulr0orDLyj/v2qp0XupkztScdbh/XtxcB4XcmtDkl87QWXskLlfvlIcrEPJxgpIXheubUl0vtmafHKh0EyC7S2JqW0gLWR2SRuBRuTYqmF5QPUW1BlSiInkBRN2JqXYT0qe2uFtlHtBm5orhXuSb6mubfXZELXhKfeO+ktlSwdsxnR4um/vuEqSij7EhSqRmgixOOz492RKF84Gz6xsI+wY8Utt6NOrZxwm+sphMK814yvdx47xqEWjioRDKaZM4HfhV7xinl5tvOcrc6w1rGmcLXeWGMgGUV11XXNCprhT1ZVEeQU+bIlumY/6ypJaJ1W7AwZvZ//Rycv+0iFkEcZFihoFdg2mdhk7MES7H9grz8dK1v34ZltErRuf1Aln8g3+j2r/6o5sg9RY8vHUfzNjY2ptH9vXyrfzuh941LxeH5/nVHDRCuHoCT0K1ux3b5JDpcC1sCvKnkVDIicudzfi0ZM11gQTw8JWzHPdjXxrTTcLeK5UNhwHo+AkM88qJeNTgPRpPic4H8krXDWPoxH0o6g5GDv8PNeQfREgD7f1kZIavoEfhKeGVsL3hC7Or2IPWkU/kCbFrW1JhugkO4aqjpIT0HgC/d55fbJloLLMwvAgMBAAGjMjAwMB0GA1UdDgQWBBQv+DQDQt5L3cCz/+unn7AQk1Uz0zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQASf5PdoHa9Z2oGr3FyeUTT4fdNUobDdKXHjfajQ+D7m8ISoAZ98TVacfDYN4SUt0smdLfXPLMryZHmN4MSpA2BhTav7VI1Zo3ISxYOOb2gloIg08wY8zBT4e4VyOCfRjU0tOe95IkDs4MilljZHB/So+lDKm+6stKay3tLXq+rdZqWFEHGHstMp24k9jrcT69o1kZjfZGnc/g51dj66LvWKccwea5UfokRfB7UZ1AdkDT2MWZbunNTK4BpXRWvf9RfE3+vr7E3jYEpNKNYlsPRbyacnINOINU+fuuP5+APT+ipVomeCCgMPq2pTVB+21W4nM6H10eaXlAESfUfZYZEAbwo5pPI27GDCK7bd9RFKye+wIzPWNXrDrwZ1eMtPJptb2hSrJ21YPhv8a/0JnofDp+xVbfl4xH5+bbGVL2qBIPV0WefdjeeBouO016FDuFCm99oWCYJ3EXgRf9GSAIfIaqgTxdoPzirtd1VLM2BX4V47xlUpyYgRJ0/KI/yonK6/WzsrB9MzkPV6aVJ64bTGx97YuTE+4jcNQMBf0BK4PHKqDYFPdWKM1bcW9TDy5uPMl2KUejFcCfS2Q+pIdvvJGt4Yw13wcTLcwSbIVPgamBlOLetuvEm/ZOj70VdG0YbuTeBU30/pWFC3mlwr4ftnD/byRJ59dobqcdn3zfRFw== |
| ServerSignature | QVEhLCV8wHyMcZEyQYqsb+3gn7ndNw3VYvVlkFoNY+R2qn64I6ykZXRgQPPWisbhjg/5zWYR+mTRSVJT198xbNg1LQzF/hGNXV8TNv5flAs7B0bxKAroQE7BC/dzswEpASgYZTx6+fPxbB4B56mi1+Om119nFQyD0EoG5jYua7tl21gXuObAa9z+BAiTqiVTFbcbxPregOa85n5Xrki+tTs1qDDndX23kEZI3ANi3b8Yy0YflIcmJQBI7XSn7yaHjFl8Bli3WIwfXqsjueuLqqVqPOyq5Ukh4e/ihga947jg1d21kEjxoP4hxTPlfYvbqH2qUpXR1wsD4ACAds+TOjR2af31Y6X2Dkx78FTA/HtdOI4eAhOJ487s+oeDV+jTCvu9bbUWQHGlow8ERH5k2QoFnCrc4UqCbwbK2XtWCt3n3izyUxJgmRhyIObDDkMM+rE6JBTTZp6sOZB14eX4hvsE25O+2mhqNwBBOeJ0SXr1gpo55TCRxhvfccI5locIaVQvFwVktFNvDCwsyHwKZMNF1PNK16gGQ1tXQbntACeUm8yVPb85bHA/N9/0XMLrvmQ+iXT5ikoCRtC/jHZsJ887q3XyzbHbWv2fYklTG/3L4BgBEMj4heqLos2ZnBA01TrADacMHS5nuljH8iMQ3khdkUgjA9o+ |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | bedavasorgupaneli.exe |
| Install-Folder | %AppData% |
| Hosts | 92.205.187.34 |
| Mutex | teiZyYfZCVIa |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc= Malicious |
4081aaa83fe8d7c1383491351eb7296e |
| CnC | 92.205.187.34 Malicious |
4081aaa83fe8d7c1383491351eb7296e |
| Mutex | teiZyYfZCVIa Malicious |
4081aaa83fe8d7c1383491351eb7296e |