667f6fffd727dbaeca3e4cd0d21244a5
PE Executable | MD5: 667f6fffd727dbaeca3e4cd0d21244a5 | Size: 49.15 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 667f6fffd727dbaeca3e4cd0d21244a5
|
| Sha1 | 55e1fd06662eb60a3470cb6de18028f7430a3baa
|
| Sha256 | f389da656e87e2cec98aa2c789a720de7e2c03a9a4dbafcfa5e26c81dc30a196
|
| Sha384 | fc7a04fadae9296e9f31fa290e7ed4c100c8034bce44599bfa74cfe9cc4d1f5a03fae28e3bb1b7b1c85f3038228a8d19
|
| Sha512 | 245e40cdc47290cb52c96c68666da27299b4430d5bd90477006a3c35c68a1ab645098e4829699f932af59531072caa9ef23c61be6be7a6056a13b627ec2fd8e5
|
| SSDeep | 768:6zkHlnBHAc6bxSZ12lnydD4vCI590TRXZ66QDY/X9u0hcbSHAyU:E0lnBHArbxSwydEvCrKY/Xg8cbSgy
|
| TLSH | D2232A4973D59525C5FD9E348565A20207BAF20BAC1BFB0D0CDADCE92BB36D10D10AEA
|
PeID
|
Config. Field0 | Value |
|---|---|
| cnc_host [st] | 5.tcp.eu.ngrok.io |
| cnc_port [PT] | 12027 |
| ml | False |
| hid | %hid% |
| UAC | False |
| NE | System32 |
| Trs | WWW.Google.com |
| Dow | 55$52$4c |
| Bt3 | 24 |
| Bt4 | %Bt4% |
| TipoDeIconesMensagem | Question |
| TipoDeButaoMensagem | AbortRetryIgnore |
| TituleMensagem | Erorr |
| TxtMensagem | System32 Erorr ! |
| OutreMensagems | %OutreMensagems% |
| packet_size [b] | 5121 |
| directory [DR] | TEMP |
| executable_name [EXE] | Qasim_Haxor.exe |
| Cc | System32 |
| Cz | System |
| Ts | 5 |
| M | $ |
| BR | $ |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| Cs | False |
| Hi | False |
| Sle | False |
| Ant | False |
| Tss | False |
| Us | False |
| csh | False |
| Ln | False |
| JS | False |
| VB | False |
| shh | False |
| Msg | False |
| Prs | False |
| Trr | False |
| Bc3 | False |
| cnc_host [HH] | False |
| KLG | False |
| reg_key [RG] | System32 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | HacKed |
| splitter [Y] | |-F-| |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void OK::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 503 |
| Main Method | System.Void OK::main() |
| Main IL Instruction Count | 37 |
| Main IL | ldsfld System.Boolean OK::HH brfalse.s IL_0086: call System.Void OK::ko() ldsfld System.IO.FileInfo OK::LO callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Object OK::HHK(System.String) pop <null> call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_LocalMachine() ldsfld System.String OK::sf ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String OK::RG ldsfld System.String OK::a callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld Microsoft.VisualBasic.Devices.Computer OK::F callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_LocalMachine() ldsfld System.String OK::sf ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String OK::RG ldsfld System.String OK::a callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0086: call System.Void OK::ko() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.0 <null> ldloc.0 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) ldloc.0 <null> stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0086: call System.Void OK::ko() call System.Void OK::ko() ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void OK::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 503 |
| Main Method | System.Void OK::main() |
| Main IL Instruction Count | 37 |
| Main IL | ldsfld System.Boolean OK::HH brfalse.s IL_0086: call System.Void OK::ko() ldsfld System.IO.FileInfo OK::LO callvirt System.String System.IO.FileSystemInfo::get_FullName() call System.Object OK::HHK(System.String) pop <null> call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_LocalMachine() ldsfld System.String OK::sf ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String OK::RG ldsfld System.String OK::a callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) ldsfld Microsoft.VisualBasic.Devices.Computer OK::F callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_LocalMachine() ldsfld System.String OK::sf ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String OK::RG ldsfld System.String OK::a callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0086: call System.Void OK::ko() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.0 <null> ldloc.0 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) ldloc.0 <null> stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0086: call System.Void OK::ko() call System.Void OK::ko() ret <null> |
|
Config. Field0 | Value |
|---|---|
| cnc_host [st] | 5.tcp.eu.ngrok.io |
| cnc_port [PT] | 12027 |
| ml | False |
| hid | %hid% |
| UAC | False |
| NE | System32 |
| Trs | WWW.Google.com |
| Dow | 55$52$4c |
| Bt3 | 24 |
| Bt4 | %Bt4% |
| TipoDeIconesMensagem | Question |
| TipoDeButaoMensagem | AbortRetryIgnore |
| TituleMensagem | Erorr |
| TxtMensagem | System32 Erorr ! |
| OutreMensagems | %OutreMensagems% |
| packet_size [b] | 5121 |
| directory [DR] | TEMP |
| executable_name [EXE] | Qasim_Haxor.exe |
| Cc | System32 |
| Cz | System |
| Ts | 5 |
| M | $ |
| BR | $ |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| Cs | False |
| Hi | False |
| Sle | False |
| Ant | False |
| Tss | False |
| Us | False |
| csh | False |
| Ln | False |
| JS | False |
| VB | False |
| shh | False |
| Msg | False |
| Prs | False |
| Trr | False |
| Bc3 | False |
| cnc_host [HH] | False |
| KLG | False |
| reg_key [RG] | System32 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| victim_name [VN] | HacKed |
| splitter [Y] | |-F-| |