Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 4d02f58b443e52a399c6513345738069
|
| Sha1 | 797ce8441550097a804783dfd0998e1708f66d30
|
| Sha256 | e71d93f19a3e41004e671b5e107177d6fd0f9a83b6b4791ce4b1853bd6620da3
|
| Sha384 | 8d673c60c7a1cace68eb50af6e6eee4982e98f507dd47a2dc96840f1e5ec79d12261ad535988a9359a2addb4df06ab23
|
| Sha512 | a2b7fa41ef4023ea3a4fec7a9718810f32ec25c8895b429819e7926a02552d232ca8e530adbfac1e9f4fbb39f3b58eb770bf45f33616299c5ef8308b21b955a6
|
| SSDeep | 384:WzC4UiDzblmJEpRGyEfVL/7uOCY6oNDrAF+rMRTyN/0L+EcoinblneHQM3epzXVi:SCiHpR9EfVL6OCFoZrM+rMRa8Nu/Wt
|
| TLSH | A603194D7FE18168C5FD167B05B2D41207BBE04B6E23D90ECEE564AA37636C18B50AF2
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | svchost.exe |
| cnc_host [HH] | mhzlhhhh378-43006.portmap.host |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| NH [NH] | 0 |
| cnc_port [P] | 43006 |
| reg_key [RG] | bb289b6c00ce79a3180b1b4a0ba9c943 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | False |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | False |
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name | Value |
|---|---|
| Port | 43006 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | svchost.exe |
| cnc_host [HH] | mhzlhhhh378-43006.portmap.host |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| NH [NH] | 0 |
| cnc_port [P] | 43006 |
| reg_key [RG] | bb289b6c00ce79a3180b1b4a0ba9c943 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | False |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | False |
|
Name | Value | Location |
|---|---|---|
| Port | 43006 Malicious |
4d02f58b443e52a399c6513345738069 |