Malicious
Malicious

5e1583b953fbce83f90324558603902b

PE Executable
MD5: 5e1583b953fbce83f90324558603902b
Size: 514.05 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
5e1583b953fbce83f90324558603902b
Sha1
6e1017769ff31374f2396e030553402e9601c821
Sha256
7ed207c4ee2943946feaf7aa6d7a587d9fc156e1c5a7d8f5a2b8248bec6c671e
Sha384
d9459f1f4aba85bac9a6dc83be91ae51feb2622a0c5bff76156f89944d7fb1cee033acba4139a0c3edd5350424a4f3a2
Sha512
ce0a550191a9bd110e90f846127d407a5bfa4c8757844208d5b484594d48c21c7552ece602aa14648dadd8e30b8b37358207e0827c5029af05444fea996f257a
SSDeep
6144:UTEgdc0YNebGbXOsA6j1RdhqnphmsXkJl5Etqg+yw4gUcEFOb8F9hbQiZcTR3C:UTEgdfYlA6OphoE4Nyw+Vp30gcdC
TLSH
05B45B8123FC852BE1AE57BDE4B10425ABF4F407A667EB4F4940A2F92C567429E407F3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - QuasarRAT config.
Config. Field
Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41

Conf. AES-Key

DAE9E02E5E04D59D9AF2AA1D5E82248D5919AC6A

Version

1.4.0

Port

4Mekey.myftp.biz

Host

4Mekey.myftp.biz

ReconnectDelay

3000

SubDirectory

System32

InstallName

Windows Update.e

Install

0

Startup

0

Mutex

79d78a9a-b72c-4519-a3bc-4448c279

StartupKey

Microsoft Window

HideFile

1

EnableLogger

1

Tag

01BIS23

LogDirectory

Logs

ServerSignature

EJCtUGUCcG8ry7ByKeeVMk3rzEDwglEbSnPhCC4jwq7SEAE3SkuTe0CnNn1bFQAOgFVYXCxFC60jG0Fg6E8om5Hi5BAaOqWnWLQrTr1hpCp1zf7I5g3AZ738Ql9KvTtfJgjEHZPhQJz3NMbibNT2TBaAvetCVhmtUUwBx+1cx7o/qWVMdFk6pn42MOscTYXa79T6hoFxSWMR3fCQbTgBHZpfRgyYRcdNVRQO7VuiLFDpwBAQpNhgD++gR/LN5bn2/wqUSpB/DU+QkmUn+F+AOdShY0DtEtzk0zgtXtO7D6JQ+V+XmO3pCUO0V7s28qfwys4SnEZlU2XQ0Z11+bNQ9SnODrW16xGFSbtLID9sNASclcZAM3qrfr/k252rLUyJIoFhNfeCXCfJW91K4jicvkxjwDyRq65Z+bPIXJZac8rxQhNTSIq0Tg3YSMa8ZHFDymL2N4r64HRDgPdy2mzKVAxfvyz29Ib2X2DtTR+Vvlbl07XYprx28FTGlxnOdr0vLCdBCJeT6/NqURO1GB6QZ+MszIPfMVxJIgmZZHoTZp8n6IzpcMYOUhJhKWlOCJwGAnRfYWfCsF+CvYoysaW26pcFpsZpdVtIUNJW3Q9MWe+6cLPB/mJetACb7Uzs1yrZ2b2GB6qxxuB3ZkIJc+YUzNkNSDhS1IvJ

ServerCertificate

MIIE9DCCAtygAwIBAgIQAJzZNY7VNjtC0hfc86mS3zANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIwMTEyNjAzMDgxOFoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoKyvZIJQJXjA1d/rCOcqCLE4EEmTjNtmL3JSMTt6CGrtpl+lRJSiO4v1P4cnHTDBXwwn+huQ8SY2n+gZTfyQ5TykbrLwj5ZSbur1gRDk9zBSQe5mb0j2rrID2WtViVCgqTInh457KWjz9vUXLKZNKZe429jPPYpVgJIqMbenWcGMs4D4ZY+SXf1BYUgJKj8WQq3+nU89IVXr4P7TalFrCZWGdO4Qwv0zStKblKy6xNNMRR5qiG4aPc+3mTsEe2i3jn9tdRj25nVNFiejxU0UftbkuMUqHIrFqLmF5RcSV1NVUSmV4I6fcfl2ErWnfgfchMCoiokoVkmEOb4/l9cQ1DpztLpTDFbENLpQUBNXk3tAamEA1dr4b2racR/N1eSklVNM0zkGOcEOjDXZz77NO4aAi5PI+WbsCKJMbYZeCByhNBT+6v0xVJ55q+rT8zhopy3Mt6socHVSTmvcC/FW1SozWz3n6fEDPBx81Yq4gBE6WSmjumP7T8s3fEGHlnCV4B/uUNkej2CXE5QKmcrQA4Fh7IOVnc+oEhMALPb4lmhWrBLkYsC/VRzkLjWRev0NgQblVtDG8uuCo/mwZsTYMPmC9l/50F4HI0oQ1Rs4mVeh8islvyi0LzVyd8D+oSbuZTq8QTkUYM463V8QHpIIyKXYwk8g+GsOC1i/v2e8Q4ECAwEAAaMyMDAwHQYDVR0OBBYEFKFaEPgbBTMk9yQBt2vrpHvIin+iMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBABmkhp4t3o/zEri6jUoP5foY6ZXSNUFxLUumbIuJkbVU0z+V0n6DWc19qr1JSGcn6VMbMudGvQqbyLfw9AnxRzSGN502TZWLV1BO6K4YBTkWvChVtYUg5a1mC9KNweL6bIcMiINrERgWKTiJjXeBqymyHPV8ZiVgHuX8Xjw0+yB4YAYaWyiuzw1/z/ddSw62eFQNE0BwMG0WEfT03a9J76/6stiu72x9D8E5yfDDanqiE2oy4fIfq+nW3DWHdwq+HXe/93KRoTvZgCNlH/w2x2fJpISWoRO3dEJ4m5SI+skh88LHMHw4kCYDMy+MrJ+7piwEEnSYQ45PfcikCK5E1X3ujgcIy5O361ku2y7NEuHCg/GVk0MvpJ3SkhfVfFlLX+DkMIT7EDcbfWNMnLr4IxrBtdsosEetVjOWs+Q+FchpsXxGKf4/V5vMh3Rfm2bkMx4n3IQKh55mFFCme/fJuzZ9V1dZJ3ahZpLmhHPVpDDfd2ydcuSDOwTyuJS2yAnPv/KWrt7EbGce1eFoLVzHNr6m5ApzYiRhMXohx1/b12VHN/xgp6SBybJ9YV4W9sp1x6CXKUx5xdiILzVwPkPhOZhFu9P0B+9/lrf01CNwC0t/ECwk4CMpb+u7B711gRorqq1W+LRBrZXxZGUDYfduSbQYB8vHJ+YYIgNriJCXR761

HideLogDirectory

1

HideLogSubdirectory

1

UnattendedMod

1

Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

Client

Full Name

Client

EntryPoint

System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[])

Scope Name

Client

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Client

Assembly Version

1.4.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.5.2

Total Strings

1552

Main Method

System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[])

Main IL Instruction Count

19

Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::቎밖䴶紾ꀮ飐ﵶ﹡脴혦鶲䃄ﬠ䞪정觥褄(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::₅僥껇럥샐팘떔윩䑡☓搎펿訬馎⧈ಬ浦ⷋᕃ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 货ᶬ�컂鿛暆ʽვ⺘剴ꓷ斝읒ᴈĀꚵ萍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>

Module Name

Client

Full Name

Client

EntryPoint

System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[])

Scope Name

Client

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v4.0.30319

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Client

Assembly Version

1.4.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

.NETFramework,Version=v4.5.2

Total Strings

1552

Main Method

System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[])

Main IL Instruction Count

19

Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::቎밖䴶紾ꀮ飐ﵶ﹡脴혦鶲䃄ﬠ䞪정觥褄(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::₅僥껇럥샐팘떔윩䑡☓搎펿訬馎⧈ಬ浦ⷋᕃ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 货ᶬ�컂鿛暆ʽვ⺘剴ꓷ斝읒ᴈĀꚵ萍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>

Artefacts
Name
Value
CnC

4Mekey.myftp.biz

Port

4Mekey.myftp.biz

5e1583b953fbce83f90324558603902b (514.05 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙