Malicious
Malicious

645ecf7b7b5195b4bec44525750836a0

PE Executable
|
MD5: 645ecf7b7b5195b4bec44525750836a0
|
Size: 307.71 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
645ecf7b7b5195b4bec44525750836a0
Sha1
18c8b334bba162473f268a2919cd7d3865c271bb
Sha256
97d897fb3dfb4958562a07474e634c6465b4bc077df3180654c4f6fb04011969
Sha384
a68ce9977bd57b3d4d8964ecea1fe4105a94922477179a0f325181ae0f0021fb9b4c09dfb6f969232b52580271a64d89
Sha512
f99c596c063861abe1bbf479b3068dea0fcc5279fd7b7ba156e5bd04ed9cb6465b6f68a8a422e2c9a9d882c143b55164728c8d8b304e3abe3c9c9f590a043ac0
SSDeep
3072:icZqf7D34Ap/0+mAGkyYaxQwgrRB1fA0PuTVAtkxzG3R0eqiOL2bBOA:icZqf7DIwnm2lB1fA0GTV8kQ8L
TLSH
EB645A5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA51AB6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
645ecf7b7b5195b4bec44525750836a0
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Form1.resources
Patterns.Properties.Resource1.resources
rootCert
Malware Configuration - RedLine Encoded Config.
Config. Field
 Value
[Configuration Module Name]

Arguments
[Configuration Module Full Name]

Arguments
IP

stealer.ddns.net:9000
ID

test
Message

Key

Version

0
Malware Configuration - RedLine Decoded Config.
Config. Field
 Value
[Configuration Module Name]

Arguments
[Configuration Module Full Name]

Arguments
Key

Version

0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Steanings.exe
Full Name

Steanings.exe
EntryPoint

System.Void Program::Main()
Scope Name

Steanings.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Steanings
Assembly Version

1.1.21.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

301
Main Method

System.Void Program::Main()
Main IL Instruction Count

17
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> nop <null> leave.s IL_0022: ret stloc.0 <null> nop <null> nop <null> leave.s IL_0022: ret ret <null>
Module Name

Steanings.exe
Full Name

Steanings.exe
EntryPoint

System.Void Program::Main()
Scope Name

Steanings.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Steanings
Assembly Version

1.1.21.1
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

301
Main Method

System.Void Program::Main()
Main IL Instruction Count

17
Main IL

nop <null> nop <null> call System.Void System.Windows.Forms.Application::EnableVisualStyles() nop <null> ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) nop <null> newobj System.Void Form1::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) nop <null> nop <null> leave.s IL_0022: ret stloc.0 <null> nop <null> nop <null> leave.s IL_0022: ret ret <null>
645ecf7b7b5195b4bec44525750836a0 (307.71 KB)
File Structure
645ecf7b7b5195b4bec44525750836a0
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Form1.resources
Patterns.Properties.Resource1.resources
rootCert
Characteristics
Malware Configuration - RedLine Encoded Config.
Config. Field
 Value
[Configuration Module Name]

Arguments
[Configuration Module Full Name]

Arguments
IP

stealer.ddns.net:9000
ID

test
Message

Key

Version

0
Malware Configuration - RedLine Decoded Config.
Config. Field
 Value
[Configuration Module Name]

Arguments
[Configuration Module Full Name]

Arguments
Key

Version

0
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙