55e27438cf7f3c4397b5cf32ea3514b5
PE Executable | MD5: 55e27438cf7f3c4397b5cf32ea3514b5 | Size: 46.59 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 55e27438cf7f3c4397b5cf32ea3514b5
|
| Sha1 | b228680a1d36593fee0ce22f2cb36ddcb9baade8
|
| Sha256 | a40193b7b352fe3a14cfe1ca65c9b5250c663f0240cbcda9be70b7898e57f31f
|
| Sha384 | 1af955574def6293593c0b61839cfd6500ae4dd293bcf656cf7bf3fc5959cb86072c40abaa68da0e815db7751d8fac2b
|
| Sha512 | 984c51102dd6cfdfc37d386f50aee758e727cbd65026e6f77328fb12614b075a680ea1d69fd09e9dc1a6ad705e22114323be89720510f3e66bcbbc4b4660b266
|
| SSDeep | 768:XakZELQ7GYxvcwZGmx891W66z2+1P1pJIjbNg77FQLW7S//r4+LFwL76mM5bZf+:XakZEIi/Xm1pKba7hQLWO3k+L47M5bZm
|
| TLSH | 8F232C007BE9C26AF2BE8B7899F262454575F2533603DA4D2CC412DA5613FC68B436FE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | Q3hWV1A5RzBqNVZDc0p0MkhFT1JMQTFDYmxIdnQ5V3Q= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQANEFfVa8HJvqFNkwGLzaHTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMzA0MDkxNjEzWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKmlY2WWVpZoLfpGq+oucqMQhjJrIobDQvSu3i1Y0FfD1QCQuxTpZfZILS+IcESxDUyvm2I2xuftcfs7p70n2jCgrjqjtEKwySTSoj9XqagylLsCxfQn7Mzt1GMqTsAEw7LLYj/Q66dWQZK+dEowJFfYEuoVHf/GnlWkiyQrhV9exTuSBXDoesTgO+PDTBKorHPAc6JvhSUwqI6y1zLW55FkXFHfj4DPJ3dUnAGjHeJX4RmrKemP20z+sF/dzwUNbxAnrX+0gP2a4UqiT+64aust9ICGyLFY1kQADhBNyY8DgyxOiqo1RorCQkUHrT1NFSbSwpZnU4C39IWnlHjape20JMaUdiRVaSq1fz14buRLH6zAsvzjqgQXccLB1ux6Gs6uZNt1jchJJv7e4P7IOOPrJK/7UNnPvZ0XRKO9TEnq5eYxM/QkLMQBBK6hv+lyaeMKa57yknjAl3MNgQMb6PKihiW6pOuflYzPEWAuewzr3+QK6sZWWQHZgxT0rtbeHfUtDsytQ+pgq4kEzM0z/QfVnHubBi1NcRSqTX98xwPEVAat4Qx81qXvuDkifykOoroV/76PyDTc5WIsoaVwYpnyEPwXuqj2kixxy12joVBo2lHG2j/62mhC1zbV4V8YhmzjavStCKa5noWyMpy75ubnGcuGClH7QnDX9jbxbdH3AgMBAAGjMjAwMB0GA1UdDgQWBBRU9dseKCE2WJS55E/edaStK9kD8TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCCmxXM7JaWGlWoL84Q+22iZFofUIvmJ6KFWDgKH5Vl435zVH3EbVqfW97/9q/8SWTOVKAt2VKn0oKZyikv1FQNssLnmK+VaH3po0//Ve7A8G2u7fqu2ezeV6kHr8NfTm9DHImnxN++KYCaZIDu9Lm4KY6QgzjtF83KTIiOH9kD3EI0DZ6B8FE4H/ojo7DgNEEKg1vjZFm96Ag4e8TgB1ZCHRuy3j5n+BHbYgHqehnx8ENFzaLWpbjIuYtZz1QI0kQsiSbUwVpLPsJDPhzoiH321/GyOairlC76T+A0R9hoBQEmv6h3dJHXI6ruMupPAvZgwdJGcfg5QHQst+gDVjQP6/yGsU7N4oGsPCdAW/LTfDBASWdsiwEQtywvKIWAFOgK0hc3Ymxr+A3MHvYwRpocWNHqrqQyQjgK5WjaM6jWdwmde3qPK8qMXrLekHM66GtsWeQKjKl+JGd1Vw1TMfFcAYLw1zgvBQ/NDJZapTTzQeZHkWepf3oJOdd7gX7JfXTpHcRJ03gr58x5KMo3oJxiER4Hbe995NCBgR4DmCPWSuRCnrqKIWNHHaEVZpssDfZ++9QaT8ilvWyhtKXkqoG28RBojccFcIQUCGfU6fl+YR4HNST1uCdOLGOw06jcXHQe2Ni33hXZK7dvaOGS2gZs2ZOhgNTUzXIsHPFAEKreAw== |
| ServerSignature | IkaBjUArUsbeb7OjfIFRC8ok6Er6TVfeDomuoEWqcgFeuZ3gjZMmyx2aAyLagAjEnr7WUO2hUj5qLD08idHBSVE/iZGlcBF/PSOVKDq9udWJNK8AgXiyQ3kn+imv43HxcFTLkmmFXqnfYw5eLi24v4SCpB80O3m/lXI+AaXtHf+2eduKR19SYNCJ/IgHT7EseDaWXFTUjezZzkRN3QO6W0U5WFWhBidanyptsvafuuoeqfLEeWkpIY2yJzf6Q1LsDkxhhi9teihEkTHzyVF3jdlpdbxw/GxIAkIvRabdqMJW0t9eN/f7EENBw0/fCj4xJ1TD4cNrzKmMdclJg5G42vvRZDhc+KRIXic+Imwdbw1IhwzXx58iqq2HzkBMFeQmogbe8gpu/g/4/eC20rzMq7BHm1vl8RbO5gzpD6AjvM5+jCofSBPvCfAZdQuMxzd8JQZlaQPXJfZbH08yXySi1lm27JYsUXn2Y5r8HIQ4AmjyT5hNXYNSJUAjLxJ8pKrTKReJcxrLxxHFUvk6JmRmg54+Oe5UJEGTvZu7emildPtXYp6NOVjal/lNeX9Bg4Us0JegyvzVIOKb1nlKNzc4OoS7kvQPSmnBE/hhrdfGlLbKMXtm2KSNLwWZxNb8JtONeMsrwvM7j1n/024q/9LvEWFIbG6X8gNeeebYWJ4bjv4= |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | RobloxHack.exe |
| Install-Folder | %AppData% |
| Hosts | indotech.it.com |
| Ports | 80 |
| Mutex | Kyh0bsYfv9xx |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | RobloxHack.exe |
| Full Name | RobloxHack.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | RobloxHack.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | RobloxHack |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 128 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | RobloxHack.exe |
| Full Name | RobloxHack.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | RobloxHack.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | RobloxHack |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 128 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | Q3hWV1A5RzBqNVZDc0p0MkhFT1JMQTFDYmxIdnQ5V3Q= |
| CnC | indotech.it.com |
| Ports | 80 |
| Mutex | Kyh0bsYfv9xx |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | Q3hWV1A5RzBqNVZDc0p0MkhFT1JMQTFDYmxIdnQ5V3Q= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQANEFfVa8HJvqFNkwGLzaHTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMzA0MDkxNjEzWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKmlY2WWVpZoLfpGq+oucqMQhjJrIobDQvSu3i1Y0FfD1QCQuxTpZfZILS+IcESxDUyvm2I2xuftcfs7p70n2jCgrjqjtEKwySTSoj9XqagylLsCxfQn7Mzt1GMqTsAEw7LLYj/Q66dWQZK+dEowJFfYEuoVHf/GnlWkiyQrhV9exTuSBXDoesTgO+PDTBKorHPAc6JvhSUwqI6y1zLW55FkXFHfj4DPJ3dUnAGjHeJX4RmrKemP20z+sF/dzwUNbxAnrX+0gP2a4UqiT+64aust9ICGyLFY1kQADhBNyY8DgyxOiqo1RorCQkUHrT1NFSbSwpZnU4C39IWnlHjape20JMaUdiRVaSq1fz14buRLH6zAsvzjqgQXccLB1ux6Gs6uZNt1jchJJv7e4P7IOOPrJK/7UNnPvZ0XRKO9TEnq5eYxM/QkLMQBBK6hv+lyaeMKa57yknjAl3MNgQMb6PKihiW6pOuflYzPEWAuewzr3+QK6sZWWQHZgxT0rtbeHfUtDsytQ+pgq4kEzM0z/QfVnHubBi1NcRSqTX98xwPEVAat4Qx81qXvuDkifykOoroV/76PyDTc5WIsoaVwYpnyEPwXuqj2kixxy12joVBo2lHG2j/62mhC1zbV4V8YhmzjavStCKa5noWyMpy75ubnGcuGClH7QnDX9jbxbdH3AgMBAAGjMjAwMB0GA1UdDgQWBBRU9dseKCE2WJS55E/edaStK9kD8TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCCmxXM7JaWGlWoL84Q+22iZFofUIvmJ6KFWDgKH5Vl435zVH3EbVqfW97/9q/8SWTOVKAt2VKn0oKZyikv1FQNssLnmK+VaH3po0//Ve7A8G2u7fqu2ezeV6kHr8NfTm9DHImnxN++KYCaZIDu9Lm4KY6QgzjtF83KTIiOH9kD3EI0DZ6B8FE4H/ojo7DgNEEKg1vjZFm96Ag4e8TgB1ZCHRuy3j5n+BHbYgHqehnx8ENFzaLWpbjIuYtZz1QI0kQsiSbUwVpLPsJDPhzoiH321/GyOairlC76T+A0R9hoBQEmv6h3dJHXI6ruMupPAvZgwdJGcfg5QHQst+gDVjQP6/yGsU7N4oGsPCdAW/LTfDBASWdsiwEQtywvKIWAFOgK0hc3Ymxr+A3MHvYwRpocWNHqrqQyQjgK5WjaM6jWdwmde3qPK8qMXrLekHM66GtsWeQKjKl+JGd1Vw1TMfFcAYLw1zgvBQ/NDJZapTTzQeZHkWepf3oJOdd7gX7JfXTpHcRJ03gr58x5KMo3oJxiER4Hbe995NCBgR4DmCPWSuRCnrqKIWNHHaEVZpssDfZ++9QaT8ilvWyhtKXkqoG28RBojccFcIQUCGfU6fl+YR4HNST1uCdOLGOw06jcXHQe2Ni33hXZK7dvaOGS2gZs2ZOhgNTUzXIsHPFAEKreAw== |
| ServerSignature | IkaBjUArUsbeb7OjfIFRC8ok6Er6TVfeDomuoEWqcgFeuZ3gjZMmyx2aAyLagAjEnr7WUO2hUj5qLD08idHBSVE/iZGlcBF/PSOVKDq9udWJNK8AgXiyQ3kn+imv43HxcFTLkmmFXqnfYw5eLi24v4SCpB80O3m/lXI+AaXtHf+2eduKR19SYNCJ/IgHT7EseDaWXFTUjezZzkRN3QO6W0U5WFWhBidanyptsvafuuoeqfLEeWkpIY2yJzf6Q1LsDkxhhi9teihEkTHzyVF3jdlpdbxw/GxIAkIvRabdqMJW0t9eN/f7EENBw0/fCj4xJ1TD4cNrzKmMdclJg5G42vvRZDhc+KRIXic+Imwdbw1IhwzXx58iqq2HzkBMFeQmogbe8gpu/g/4/eC20rzMq7BHm1vl8RbO5gzpD6AjvM5+jCofSBPvCfAZdQuMxzd8JQZlaQPXJfZbH08yXySi1lm27JYsUXn2Y5r8HIQ4AmjyT5hNXYNSJUAjLxJ8pKrTKReJcxrLxxHFUvk6JmRmg54+Oe5UJEGTvZu7emildPtXYp6NOVjal/lNeX9Bg4Us0JegyvzVIOKb1nlKNzc4OoS7kvQPSmnBE/hhrdfGlLbKMXtm2KSNLwWZxNb8JtONeMsrwvM7j1n/024q/9LvEWFIbG6X8gNeeebYWJ4bjv4= |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | RobloxHack.exe |
| Install-Folder | %AppData% |
| Hosts | indotech.it.com |
| Ports | 80 |
| Mutex | Kyh0bsYfv9xx |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | Q3hWV1A5RzBqNVZDc0p0MkhFT1JMQTFDYmxIdnQ5V3Q= Malicious |
55e27438cf7f3c4397b5cf32ea3514b5 |
| CnC | indotech.it.com Malicious |
55e27438cf7f3c4397b5cf32ea3514b5 |
| Ports | 80 Malicious |
55e27438cf7f3c4397b5cf32ea3514b5 |
| Mutex | Kyh0bsYfv9xx Malicious |
55e27438cf7f3c4397b5cf32ea3514b5 |