|
Hash | Hash Value |
|---|---|
| MD5 | 5e1583b953fbce83f90324558603902b
|
| Sha1 | 6e1017769ff31374f2396e030553402e9601c821
|
| Sha256 | 7ed207c4ee2943946feaf7aa6d7a587d9fc156e1c5a7d8f5a2b8248bec6c671e
|
| Sha384 | d9459f1f4aba85bac9a6dc83be91ae51feb2622a0c5bff76156f89944d7fb1cee033acba4139a0c3edd5350424a4f3a2
|
| Sha512 | ce0a550191a9bd110e90f846127d407a5bfa4c8757844208d5b484594d48c21c7552ece602aa14648dadd8e30b8b37358207e0827c5029af05444fea996f257a
|
| SSDeep | 6144:UTEgdc0YNebGbXOsA6j1RdhqnphmsXkJl5Etqg+yw4gUcEFOb8F9hbQiZcTR3C:UTEgdfYlA6OphoE4Nyw+Vp30gcdC
|
| TLSH | 05B45B8123FC852BE1AE57BDE4B10425ABF4F407A667EB4F4940A2F92C567429E407F3
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | DAE9E02E5E04D59D9AF2AA1D5E82248D5919AC6A |
| Version | 1.4.0 |
| Port | 4Mekey.myftp.biz |
| Host | 4Mekey.myftp.biz |
| ReconnectDelay | 3000 |
| SubDirectory | System32 |
| InstallName | Windows Update.e |
| Install | 0 |
| Startup | 0 |
| Mutex | 79d78a9a-b72c-4519-a3bc-4448c279 |
| StartupKey | Microsoft Window |
| HideFile | 1 |
| EnableLogger | 1 |
| Tag | 01BIS23 |
| LogDirectory | Logs |
| ServerSignature | EJCtUGUCcG8ry7ByKeeVMk3rzEDwglEbSnPhCC4jwq7SEAE3SkuTe0CnNn1bFQAOgFVYXCxFC60jG0Fg6E8om5Hi5BAaOqWnWLQrTr1hpCp1zf7I5g3AZ738Ql9KvTtfJgjEHZPhQJz3NMbibNT2TBaAvetCVhmtUUwBx+1cx7o/qWVMdFk6pn42MOscTYXa79T6hoFxSWMR3fCQbTgBHZpfRgyYRcdNVRQO7VuiLFDpwBAQpNhgD++gR/LN5bn2/wqUSpB/DU+QkmUn+F+AOdShY0DtEtzk0zgtXtO7D6JQ+V+XmO3pCUO0V7s28qfwys4SnEZlU2XQ0Z11+bNQ9SnODrW16xGFSbtLID9sNASclcZAM3qrfr/k252rLUyJIoFhNfeCXCfJW91K4jicvkxjwDyRq65Z+bPIXJZac8rxQhNTSIq0Tg3YSMa8ZHFDymL2N4r64HRDgPdy2mzKVAxfvyz29Ib2X2DtTR+Vvlbl07XYprx28FTGlxnOdr0vLCdBCJeT6/NqURO1GB6QZ+MszIPfMVxJIgmZZHoTZp8n6IzpcMYOUhJhKWlOCJwGAnRfYWfCsF+CvYoysaW26pcFpsZpdVtIUNJW3Q9MWe+6cLPB/mJetACb7Uzs1yrZ2b2GB6qxxuB3ZkIJc+YUzNkNSDhS1IvJ |
| ServerCertificate | MIIE9DCCAtygAwIBAgIQAJzZNY7VNjtC0hfc86mS3zANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIwMTEyNjAzMDgxOFoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoKyvZIJQJXjA1d/rCOcqCLE4EEmTjNtmL3JSMTt6CGrtpl+lRJSiO4v1P4cnHTDBXwwn+huQ8SY2n+gZTfyQ5TykbrLwj5ZSbur1gRDk9zBSQe5mb0j2rrID2WtViVCgqTInh457KWjz9vUXLKZNKZe429jPPYpVgJIqMbenWcGMs4D4ZY+SXf1BYUgJKj8WQq3+nU89IVXr4P7TalFrCZWGdO4Qwv0zStKblKy6xNNMRR5qiG4aPc+3mTsEe2i3jn9tdRj25nVNFiejxU0UftbkuMUqHIrFqLmF5RcSV1NVUSmV4I6fcfl2ErWnfgfchMCoiokoVkmEOb4/l9cQ1DpztLpTDFbENLpQUBNXk3tAamEA1dr4b2racR/N1eSklVNM0zkGOcEOjDXZz77NO4aAi5PI+WbsCKJMbYZeCByhNBT+6v0xVJ55q+rT8zhopy3Mt6socHVSTmvcC/FW1SozWz3n6fEDPBx81Yq4gBE6WSmjumP7T8s3fEGHlnCV4B/uUNkej2CXE5QKmcrQA4Fh7IOVnc+oEhMALPb4lmhWrBLkYsC/VRzkLjWRev0NgQblVtDG8uuCo/mwZsTYMPmC9l/50F4HI0oQ1Rs4mVeh8islvyi0LzVyd8D+oSbuZTq8QTkUYM463V8QHpIIyKXYwk8g+GsOC1i/v2e8Q4ECAwEAAaMyMDAwHQYDVR0OBBYEFKFaEPgbBTMk9yQBt2vrpHvIin+iMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBABmkhp4t3o/zEri6jUoP5foY6ZXSNUFxLUumbIuJkbVU0z+V0n6DWc19qr1JSGcn6VMbMudGvQqbyLfw9AnxRzSGN502TZWLV1BO6K4YBTkWvChVtYUg5a1mC9KNweL6bIcMiINrERgWKTiJjXeBqymyHPV8ZiVgHuX8Xjw0+yB4YAYaWyiuzw1/z/ddSw62eFQNE0BwMG0WEfT03a9J76/6stiu72x9D8E5yfDDanqiE2oy4fIfq+nW3DWHdwq+HXe/93KRoTvZgCNlH/w2x2fJpISWoRO3dEJ4m5SI+skh88LHMHw4kCYDMy+MrJ+7piwEEnSYQ45PfcikCK5E1X3ujgcIy5O361ku2y7NEuHCg/GVk0MvpJ3SkhfVfFlLX+DkMIT7EDcbfWNMnLr4IxrBtdsosEetVjOWs+Q+FchpsXxGKf4/V5vMh3Rfm2bkMx4n3IQKh55mFFCme/fJuzZ9V1dZJ3ahZpLmhHPVpDDfd2ydcuSDOwTyuJS2yAnPv/KWrt7EbGce1eFoLVzHNr6m5ApzYiRhMXohx1/b12VHN/xgp6SBybJ9YV4W9sp1x6CXKUx5xdiILzVwPkPhOZhFu9P0B+9/lrf01CNwC0t/ECwk4CMpb+u7B711gRorqq1W+LRBrZXxZGUDYfduSbQYB8vHJ+YYIgNriJCXR761 |
| HideLogDirectory | 1 |
| HideLogSubdirectory | 1 |
| UnattendedMod | 1 |
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[]) |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.4.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.2 |
| Total Strings | 1552 |
| Main Method | System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::밖䴶紾ꀮ飐ﵶ﹡脴혦鶲䃄ﬠ䞪정觥褄(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::₅僥껇럥샐팘떔윩䑡☓搎펿訬馎⧈ಬ浦ⷋᕃ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 货ᶬ�컂鿛暆ʽვ⺘剴ꓷ斝읒ᴈĀꚵ萍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[]) |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.4.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.2 |
| Total Strings | 1552 |
| Main Method | System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::밖䴶紾ꀮ飐ﵶ﹡脴혦鶲䃄ﬠ䞪정觥褄(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �槙↠ཇ⵰აࣻ䭤腛ⴶ滐죇㨉2瑝僋䄢ᙿ::₅僥껇럥샐팘떔윩䑡☓搎펿訬馎⧈ಬ浦ⷋᕃ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 货ᶬ�컂鿛暆ʽვ⺘剴ꓷ斝읒ᴈĀꚵ萍::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
|
Name | Value |
|---|---|
| CnC | 4Mekey.myftp.biz |
| Port | 4Mekey.myftp.biz |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | DAE9E02E5E04D59D9AF2AA1D5E82248D5919AC6A |
| Version | 1.4.0 |
| Port | 4Mekey.myftp.biz |
| Host | 4Mekey.myftp.biz |
| ReconnectDelay | 3000 |
| SubDirectory | System32 |
| InstallName | Windows Update.e |
| Install | 0 |
| Startup | 0 |
| Mutex | 79d78a9a-b72c-4519-a3bc-4448c279 |
| StartupKey | Microsoft Window |
| HideFile | 1 |
| EnableLogger | 1 |
| Tag | 01BIS23 |
| LogDirectory | Logs |
| ServerSignature | EJCtUGUCcG8ry7ByKeeVMk3rzEDwglEbSnPhCC4jwq7SEAE3SkuTe0CnNn1bFQAOgFVYXCxFC60jG0Fg6E8om5Hi5BAaOqWnWLQrTr1hpCp1zf7I5g3AZ738Ql9KvTtfJgjEHZPhQJz3NMbibNT2TBaAvetCVhmtUUwBx+1cx7o/qWVMdFk6pn42MOscTYXa79T6hoFxSWMR3fCQbTgBHZpfRgyYRcdNVRQO7VuiLFDpwBAQpNhgD++gR/LN5bn2/wqUSpB/DU+QkmUn+F+AOdShY0DtEtzk0zgtXtO7D6JQ+V+XmO3pCUO0V7s28qfwys4SnEZlU2XQ0Z11+bNQ9SnODrW16xGFSbtLID9sNASclcZAM3qrfr/k252rLUyJIoFhNfeCXCfJW91K4jicvkxjwDyRq65Z+bPIXJZac8rxQhNTSIq0Tg3YSMa8ZHFDymL2N4r64HRDgPdy2mzKVAxfvyz29Ib2X2DtTR+Vvlbl07XYprx28FTGlxnOdr0vLCdBCJeT6/NqURO1GB6QZ+MszIPfMVxJIgmZZHoTZp8n6IzpcMYOUhJhKWlOCJwGAnRfYWfCsF+CvYoysaW26pcFpsZpdVtIUNJW3Q9MWe+6cLPB/mJetACb7Uzs1yrZ2b2GB6qxxuB3ZkIJc+YUzNkNSDhS1IvJ |
| ServerCertificate | MIIE9DCCAtygAwIBAgIQAJzZNY7VNjtC0hfc86mS3zANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIwMTEyNjAzMDgxOFoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoKyvZIJQJXjA1d/rCOcqCLE4EEmTjNtmL3JSMTt6CGrtpl+lRJSiO4v1P4cnHTDBXwwn+huQ8SY2n+gZTfyQ5TykbrLwj5ZSbur1gRDk9zBSQe5mb0j2rrID2WtViVCgqTInh457KWjz9vUXLKZNKZe429jPPYpVgJIqMbenWcGMs4D4ZY+SXf1BYUgJKj8WQq3+nU89IVXr4P7TalFrCZWGdO4Qwv0zStKblKy6xNNMRR5qiG4aPc+3mTsEe2i3jn9tdRj25nVNFiejxU0UftbkuMUqHIrFqLmF5RcSV1NVUSmV4I6fcfl2ErWnfgfchMCoiokoVkmEOb4/l9cQ1DpztLpTDFbENLpQUBNXk3tAamEA1dr4b2racR/N1eSklVNM0zkGOcEOjDXZz77NO4aAi5PI+WbsCKJMbYZeCByhNBT+6v0xVJ55q+rT8zhopy3Mt6socHVSTmvcC/FW1SozWz3n6fEDPBx81Yq4gBE6WSmjumP7T8s3fEGHlnCV4B/uUNkej2CXE5QKmcrQA4Fh7IOVnc+oEhMALPb4lmhWrBLkYsC/VRzkLjWRev0NgQblVtDG8uuCo/mwZsTYMPmC9l/50F4HI0oQ1Rs4mVeh8islvyi0LzVyd8D+oSbuZTq8QTkUYM463V8QHpIIyKXYwk8g+GsOC1i/v2e8Q4ECAwEAAaMyMDAwHQYDVR0OBBYEFKFaEPgbBTMk9yQBt2vrpHvIin+iMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBABmkhp4t3o/zEri6jUoP5foY6ZXSNUFxLUumbIuJkbVU0z+V0n6DWc19qr1JSGcn6VMbMudGvQqbyLfw9AnxRzSGN502TZWLV1BO6K4YBTkWvChVtYUg5a1mC9KNweL6bIcMiINrERgWKTiJjXeBqymyHPV8ZiVgHuX8Xjw0+yB4YAYaWyiuzw1/z/ddSw62eFQNE0BwMG0WEfT03a9J76/6stiu72x9D8E5yfDDanqiE2oy4fIfq+nW3DWHdwq+HXe/93KRoTvZgCNlH/w2x2fJpISWoRO3dEJ4m5SI+skh88LHMHw4kCYDMy+MrJ+7piwEEnSYQ45PfcikCK5E1X3ujgcIy5O361ku2y7NEuHCg/GVk0MvpJ3SkhfVfFlLX+DkMIT7EDcbfWNMnLr4IxrBtdsosEetVjOWs+Q+FchpsXxGKf4/V5vMh3Rfm2bkMx4n3IQKh55mFFCme/fJuzZ9V1dZJ3ahZpLmhHPVpDDfd2ydcuSDOwTyuJS2yAnPv/KWrt7EbGce1eFoLVzHNr6m5ApzYiRhMXohx1/b12VHN/xgp6SBybJ9YV4W9sp1x6CXKUx5xdiILzVwPkPhOZhFu9P0B+9/lrf01CNwC0t/ECwk4CMpb+u7B711gRorqq1W+LRBrZXxZGUDYfduSbQYB8vHJ+YYIgNriJCXR761 |
| HideLogDirectory | 1 |
| HideLogSubdirectory | 1 |
| UnattendedMod | 1 |
|
Name | Value | Location |
|---|---|---|
| CnC | 4Mekey.myftp.biz Malicious |
5e1583b953fbce83f90324558603902b |
| Port | 4Mekey.myftp.biz Malicious |
5e1583b953fbce83f90324558603902b |