Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 68f9ac2efdeb32296e7893e7a0434179
|
| Sha1 | 6ee2d66181b6fb1f1345be0d63a4fe5f3f3d2b01
|
| Sha256 | 32eae37358a55c6b67ea3cc23a05b201d734bed442a90cd5c475eabbf1730255
|
| Sha384 | 2b09cd24c2d758893157a329fd18ed2a7677487ff135fc0f19393fe82fdd9519a8f2abb45c3f8aaada9ae632318c4b7a
|
| Sha512 | febefc03be7e3270433f3219ab53b271d2f8f08fee5b268d0eb4ee49787c91a61d25e2536ed3f0759dbdad881e3b3af5224042644901e9d764a916fcd000a642
|
| SSDeep | 768:OJ8R1g64bIaUAFlmGfITKKKjibH0XzM2rR5w4GladEFL26iuf+:fCF5f/40XzRzsadEUzuf+
|
| TLSH | 2A132C003BEDD127F27D5BB859F2624586B9E6737603E64A2C8411D60A13BC6CB427FE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | azY0Mkp1eWY1cGhNdExLa3Y5dDNjZFowNGkyS1JsNkM= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIqaXRdC2LUxodzUSYCI7zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMjIxMjIwMzU3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIXMIWl5TcohkIkay/U1gr9CyRToiamu0hLsJPHARdNTDx5OYPSWQhJ6q8uhn1Z7VC0FGqK177fw9oy4W0t/amH8FjsGJK8cbe4NH4UyWGy1dYuoSU/iWXc+0wQtm3gJQS0MxnGTnI1aPmJ8MZBTBJ3nxSS2u+FukWoikNe3OMsCzB4NBONcvswBhcTzaJSsOFQbXxSVMuX/H7uadqj0bT/906cgxZ48nzrXPzjnTs7q5cbRGbBuSGg/OzQLXyh/Unsy4cOXYP/qJ5nFaIGzTaDW4u0mg0CC/Pwf7LcdmnbRaa1hfYUQ/CyEuOGYlFDiIaVTsSm+ZWuppRw46Wo/BDOpYEtnbOg8mSki7p+3ZOxp6KMkki5PdW6+QMN7Xe1GGe+S5y0Ta4xyaPlJCPrFM+xEM2EzdmKboJN4XjUY2KCwx02ypn4OhU516IX5HM45UetrFmDISTn6591gX+iWCWNSpAM3aYrhdkKg+lHsdJ7YqPIRxmqqiLMebkiCn+mdxnKbnl5gODldPNYFXYMRutwNL1BRqdxtE2XIWoYZqFC3kkE8/ls2IJNui6ZISplTJmgdC2mpttlxN4xJljZOGgbWv8VbffWy/2+e2+9xfaDe0nudxf7FfAIUqYiq2RQwH7KzDf6Z+BwH+UkLPf+DhGpd83JGiNJJuwmw8SrW7eXrAgMBAAGjMjAwMB0GA1UdDgQWBBRbUpx4J2QLUbjEwF/ZIKoUu7TA4zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAbRc0qqk+iYtiLRz4lGQIfCDPSwxxM/InlVkigZV59bC5CvG7ovuF69w33stT+gSTd3hNtwV3S6fdFtUAzflU+TTeaO6hYeCI1+oLhdum/NH3RkG3n2LwqNHNroq5rHiX2hY1anKNnlChTu3AMK7QHmmBpTXuToY+y8sKzGPWMUEdNVDa5M7TdxHgOhQ14OMozU/6PjP5JInlSPac+vR2IwK4cfhTFISQ5+hhMMVvg0DWaxn4N/G2+0PtVfVPvYJGmg+4IMSl2Nt2Thtxp9nZ6ZeJf3JNblrwPdKhMKk1+4Z+hAfZ5jWnEFDsLtC6fWx5MO0BMxIvSO1fIlHLOSFqWS1f50mePfBcxaOqd7utYVO7hQYy1ey5ZldQkR8bVX2vsZu1s8sK2eNqucxQC4iBhFIgIj9ha4IShvOowvMYeUnhV8GTQJefHL/QNFe+6QcjMgn4Rfols2EHfMjTYFCxazW+fOK80dHw6RJqvreEFW5qgLf6pmKZFUYG0bTnsecuEVdACt2uhYV8Lmb1Psdc5BFTfFBpHgnCWVludu/S7WvzIJ+O3OKdpMoOYpPIXIva6e5jXc51R3BqJ6hhEWnLbiysKlCWlbkYBEdoSmvh20JNT6wE1RWQ8z+GSbq6ddLCDbtnuFkJQS/USlgqHwtFzd77BBPUih+Kzj7CX0o+IZg== |
| ServerSignature | BkmymlzSzjUAlAj9qlVnOOnhmhX0J0eNop/ffHhmyb9JPzbm6MfQDHd8CQsOHoYuuKYcQAYePF7wvxQuLYzu2FFrt8gaqWIlFMCASqw6bjH1BpGelFslod65i9Fu510RvMKaqa/Z5Z+56jsyX+Ql4dEvAQYTdqeD9om09c1hVqhycBftwa9JHBmGP2jb6LEL97xxVKhkN652jzLD9vUTo3tQB+vlBJBbhS04CuOxhCFh8IS5kJa/fDuwls5h+GtdL+MBOiRRtarocax7gm47bqzYi30igEn865bqC4Tr8fKdlsfukDTO0iV28RIQrYhzevgIgfIg8HWrFpnjr1R8G/ZYuzroDBG8d0qy4Cc2hK96LnrDaoVYyoUZSlwQjRn+oTr1EUG6lS3En/T3nymHxMSnZoPkME7x/rKxF06NttepSh7jJtXHTQ1N3VSJIWRXgU8Cx9dOu9nTt3N3U6pRVJt0Gva6Fa4kLzcFiX2XJn1FpLpMmcR5OU1MXdzocCsKKa5lmWSRd5cjqfOmy6xHKhSU2P4zXr64YdGyMzVsOCjCfspbtpIBs5+Sw6sFDSnIv/Wxa2tb380c6FBrIaeoLhGMU4T8JKVJ8z8bxsWF080UBB0ZLh+O/B6x8r/FtLEPNAZOOuYHKL4BOieEzXsHhHpDUmpuXwg6tFvVWlk36qA= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | 2.tcp.cpolar.top |
| Ports | 12656 |
| Mutex | ch44xYFaA9Fj |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | fad.exe |
| Full Name | fad.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | fad.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | fad |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 69 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 26 |
| Main IL | call System.Boolean Client.Settings::InitializeSettings() brtrue IL_000B: ldc.i4 3000 ret <null> ldc.i4 3000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Client.Helper.MutexControl::CreateMutex() pop <null> leave IL_0026: nop pop <null> leave IL_0026: nop nop <null> call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0037: nop pop <null> leave IL_0037: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_004C: leave IL_0057 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_0057: ldc.i4 5000 pop <null> leave IL_0057: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0037: nop |
| Module Name | fad.exe |
| Full Name | fad.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | fad.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | fad |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 69 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 26 |
| Main IL | call System.Boolean Client.Settings::InitializeSettings() brtrue IL_000B: ldc.i4 3000 ret <null> ldc.i4 3000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Client.Helper.MutexControl::CreateMutex() pop <null> leave IL_0026: nop pop <null> leave IL_0026: nop nop <null> call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0037: nop pop <null> leave IL_0037: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_004C: leave IL_0057 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_0057: ldc.i4 5000 pop <null> leave IL_0057: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0037: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | azY0Mkp1eWY1cGhNdExLa3Y5dDNjZFowNGkyS1JsNkM= |
| CnC | 2.tcp.cpolar.top |
| Ports | 12656 |
| Mutex | ch44xYFaA9Fj |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | azY0Mkp1eWY1cGhNdExLa3Y5dDNjZFowNGkyS1JsNkM= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIqaXRdC2LUxodzUSYCI7zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMjIxMjIwMzU3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIXMIWl5TcohkIkay/U1gr9CyRToiamu0hLsJPHARdNTDx5OYPSWQhJ6q8uhn1Z7VC0FGqK177fw9oy4W0t/amH8FjsGJK8cbe4NH4UyWGy1dYuoSU/iWXc+0wQtm3gJQS0MxnGTnI1aPmJ8MZBTBJ3nxSS2u+FukWoikNe3OMsCzB4NBONcvswBhcTzaJSsOFQbXxSVMuX/H7uadqj0bT/906cgxZ48nzrXPzjnTs7q5cbRGbBuSGg/OzQLXyh/Unsy4cOXYP/qJ5nFaIGzTaDW4u0mg0CC/Pwf7LcdmnbRaa1hfYUQ/CyEuOGYlFDiIaVTsSm+ZWuppRw46Wo/BDOpYEtnbOg8mSki7p+3ZOxp6KMkki5PdW6+QMN7Xe1GGe+S5y0Ta4xyaPlJCPrFM+xEM2EzdmKboJN4XjUY2KCwx02ypn4OhU516IX5HM45UetrFmDISTn6591gX+iWCWNSpAM3aYrhdkKg+lHsdJ7YqPIRxmqqiLMebkiCn+mdxnKbnl5gODldPNYFXYMRutwNL1BRqdxtE2XIWoYZqFC3kkE8/ls2IJNui6ZISplTJmgdC2mpttlxN4xJljZOGgbWv8VbffWy/2+e2+9xfaDe0nudxf7FfAIUqYiq2RQwH7KzDf6Z+BwH+UkLPf+DhGpd83JGiNJJuwmw8SrW7eXrAgMBAAGjMjAwMB0GA1UdDgQWBBRbUpx4J2QLUbjEwF/ZIKoUu7TA4zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAbRc0qqk+iYtiLRz4lGQIfCDPSwxxM/InlVkigZV59bC5CvG7ovuF69w33stT+gSTd3hNtwV3S6fdFtUAzflU+TTeaO6hYeCI1+oLhdum/NH3RkG3n2LwqNHNroq5rHiX2hY1anKNnlChTu3AMK7QHmmBpTXuToY+y8sKzGPWMUEdNVDa5M7TdxHgOhQ14OMozU/6PjP5JInlSPac+vR2IwK4cfhTFISQ5+hhMMVvg0DWaxn4N/G2+0PtVfVPvYJGmg+4IMSl2Nt2Thtxp9nZ6ZeJf3JNblrwPdKhMKk1+4Z+hAfZ5jWnEFDsLtC6fWx5MO0BMxIvSO1fIlHLOSFqWS1f50mePfBcxaOqd7utYVO7hQYy1ey5ZldQkR8bVX2vsZu1s8sK2eNqucxQC4iBhFIgIj9ha4IShvOowvMYeUnhV8GTQJefHL/QNFe+6QcjMgn4Rfols2EHfMjTYFCxazW+fOK80dHw6RJqvreEFW5qgLf6pmKZFUYG0bTnsecuEVdACt2uhYV8Lmb1Psdc5BFTfFBpHgnCWVludu/S7WvzIJ+O3OKdpMoOYpPIXIva6e5jXc51R3BqJ6hhEWnLbiysKlCWlbkYBEdoSmvh20JNT6wE1RWQ8z+GSbq6ddLCDbtnuFkJQS/USlgqHwtFzd77BBPUih+Kzj7CX0o+IZg== |
| ServerSignature | BkmymlzSzjUAlAj9qlVnOOnhmhX0J0eNop/ffHhmyb9JPzbm6MfQDHd8CQsOHoYuuKYcQAYePF7wvxQuLYzu2FFrt8gaqWIlFMCASqw6bjH1BpGelFslod65i9Fu510RvMKaqa/Z5Z+56jsyX+Ql4dEvAQYTdqeD9om09c1hVqhycBftwa9JHBmGP2jb6LEL97xxVKhkN652jzLD9vUTo3tQB+vlBJBbhS04CuOxhCFh8IS5kJa/fDuwls5h+GtdL+MBOiRRtarocax7gm47bqzYi30igEn865bqC4Tr8fKdlsfukDTO0iV28RIQrYhzevgIgfIg8HWrFpnjr1R8G/ZYuzroDBG8d0qy4Cc2hK96LnrDaoVYyoUZSlwQjRn+oTr1EUG6lS3En/T3nymHxMSnZoPkME7x/rKxF06NttepSh7jJtXHTQ1N3VSJIWRXgU8Cx9dOu9nTt3N3U6pRVJt0Gva6Fa4kLzcFiX2XJn1FpLpMmcR5OU1MXdzocCsKKa5lmWSRd5cjqfOmy6xHKhSU2P4zXr64YdGyMzVsOCjCfspbtpIBs5+Sw6sFDSnIv/Wxa2tb380c6FBrIaeoLhGMU4T8JKVJ8z8bxsWF080UBB0ZLh+O/B6x8r/FtLEPNAZOOuYHKL4BOieEzXsHhHpDUmpuXwg6tFvVWlk36qA= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | 2.tcp.cpolar.top |
| Ports | 12656 |
| Mutex | ch44xYFaA9Fj |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | azY0Mkp1eWY1cGhNdExLa3Y5dDNjZFowNGkyS1JsNkM= Malicious |
68f9ac2efdeb32296e7893e7a0434179 |
| CnC | 2.tcp.cpolar.top Malicious |
68f9ac2efdeb32296e7893e7a0434179 |
| Ports | 12656 Malicious |
68f9ac2efdeb32296e7893e7a0434179 |
| Mutex | ch44xYFaA9Fj Malicious |
68f9ac2efdeb32296e7893e7a0434179 |