Malicious
Malicious

692d9d9cd43c604ca4161e743536f61d

PE Executable
|
MD5: 692d9d9cd43c604ca4161e743536f61d
|
Size: 76.29 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
692d9d9cd43c604ca4161e743536f61d
Sha1
aefe733322b6ac450426963886c0f132a48ac6fb
Sha256
c52f07795607c12042cdff7cb2a29cdbbac6f40828495eb90659165a330e6ef7
Sha384
5e79e2dbe4a7530d6534373b2fc8baf699b87f762ef30b90e94a9e87eaef4c5c6afe7dc8545edb338fba0da93d3ca43a
Sha512
b3370f8a24f664acc802928042fe6fd8970f1b18608c8cbfa6d588302c1ad05d513d5f3cdf7b7e016ec55e52f3e9e21d7afd5e68b3f8b6bbed21a20f8c2de4f6
SSDeep
1536:yu/gIcT8XG2Uc5AVyaGMu54rmkbKnR1Hg92wdHeZ5/EAH5Bx:yu/gtT8XG27AVfGMCQbKPo5RoltHPx
TLSH
F77329302FD9825EF179CE7474A23275CE7AAD772D0EFD4ACC8034871A32A859641DE9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
692d9d9cd43c604ca4161e743536f61d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

TWFha2Q1MFN2ZU1jYmN1Q2VjQXBSSnEwc2ZyekU2Q08=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3sxzv+EGF5LQeaXs0YqDTPyJcwPYA3v6lC1E74aQzkI+QgcO2h98BhzVUvNd+KMBMWJoKe5s5NnFFnhum4vC8uLsl9SbZmV+JRDrrNFh+A1rGp/mhvjG/MpLTr92lg3tGq/Rf0CCYWOfZZwGfYxBGDRsN0KlgqmwY/s1rktG1iPzM8sRiR3chFpAHPovHDZrFd8rtGaL8h/OUVYR+iFcwThw3lma5Y6mHSKOXlYGdT8UC4Babek6i/SuXvApdgRZditWzPB55CgjkofUW94mNM3xvJwGVzshrptvyxmW6hKIp/NAytENAQZRgCVxHUCYIqNH9xJ7+AxGkPKdwQOHxFcgieJB1ffuU55SAgkkrV21Rd9uL2vhSxwfWeY3q0hILbNkTpwAYMkUI/jQVXIa58c3klZO7J6UzOXQP+XWcU4aYrofz6a/tsUrnP9mjDTm1zMvVBdtDKFsujblEr4ZQezvtBTKIFqLTKgsecx0OUxeP6Rehzzv6d6BTEOf010GK3rYgkChBOksZk9hQCU7GlK3vuoQ77Q/d8vUVyAO+qeHVA828KbCLr0hOBum0L5mnHFNKVK+kpfgOVj/8cRvCJaKZyHpfXjHvAgMBAAGjMjAwMB0GA1UdDgQWBBQocingxRqHz0kVELeUZLwiHch5BDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAGOkJ2pvdC2G0HIaScIcJefPO/SVuUZVgvgK5GPnqEFazeDUw4w/j4IevIuhdyve3MdKjPWgWt0vB4mrHMBZbvlNvpm77bFxH75zWW8DJ2w98yjv61H1QBKt2yYuN3sSIuBsJqgG/qFI8gKTLpA25u6Xa4/LBZk7evYrCtXhhstaOmPjwznNbKxDtU3ePXi+0wFzJDBSqN5SXDktPgoDls6wY4sEQqdEOxhUEfPvS5+SOnZLCE6rQ0lGZMlg/DQwPrxS/RBd9oKUJd0HUfYrR8FTzsHNE5kxswSRB9c15Oq8w2SWpg2ED8w3hKC/cOnfgN/gHAH8KSNt+nxdlrQU7sYT8VCflwiiBZrmiVt9trcD3gIcRpIIWHDcV+a56WJI+0+dQLKmchyuof2Bsrtrp41cKN9CssftU/Mp5Q5GWmcsWad3mT8A90qEv8b7Gvb1SEh748ON869TXEuT0IL1jFTolSVVNVvcjNnIfz3blXA3fzn+ZFmbUO2rI8CNg4IiTDmzdz5oXio0s47vl4qAtknfI9WYGaWvnTg+sSB8h75WL6NUguXGZrlgIEIPIydVRgBShzubgLEVHlQWD7u3YW+9Om6wV3NYY5aNalTfpttLEvIW9pfUDLNpJI8tZ2c/PzWrUCZaPRhtu01swnKc7saqrlb+wJ/HVL8LyvwBjFww==
ServerSignature

TEXwZ//Z87EN+PsGYCPRomhBX/wYzwFdy6tu5OriypqmncGqABYGmqnUs+MP6mbbKKmFpf+qc/TSWUZy4aymyOyqeGmyVDUHfFtUPHYYUpDaBzVQ3dZBoieAV/FfVMnf4wU0bm2UdfWkryO1+3P5XdpYJrvYysu3EZ1n3je4ywiMZ4tRQohH7awMFmdWhG/RwhYR3W8Dt/5uKwxVNOSpE6YXan/u1Wlf3hYnjH26rQVS9YG+kGUR/FxxWBHylxhS7hrwbuPtAf2YXAwM9e59LgxOY27YITAp5u+6sLThqIDPa1vd6pIy1RtXhEDeibziF0YuFr/YXrz2xOAZZ8HaC6sTC86MnIqZzx1Il2ZpRrBqQDMLnxyOjjq+FyfAnG+Wq13bm1x6vLndU9lKNmmRRrmB9mqBneD1mV/8xjXzHTLLj1K46z5eJxnbwezk81dmplumbSB29y4cEdycG3WBY/MnHB7aOJkFuNT9vIOhFvASNHVNRbujCcmJjIqqLHpWXlYR8Rz24s7S4nmr2rnD3mv9YCbejpBIAtneNFrabfSLweji8TvFqVrq5mJQaXUNpBaJVPswNSW0KSU2r8yJMlMJlh+J/TasEwYRLMJX1eJUy4SvCQII41XxIXPxTc4ocJhocZJA4zN1D7jpBbq0+Er/qrICEB8bLK8GJ6800n0=
Install

true
BDOS

true
Anti-VM

true
Install File

google_register.exe
Install-Folder

%AppData%
Hosts

janseva.in.net,c2.janseva.in.net
Ports

22,80,443,1604,4444,4782,5552,6606,7707,8080,8848,8888,9527,9999
Mutex

JrzTWdptVqCJ
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

XwFmZmwaSXL
Full Name

XwFmZmwaSXL
EntryPoint

System.Void YmncOCKoUUU.OsPIJuEpmHs::Main()
Scope Name

XwFmZmwaSXL
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

iutngan
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void YmncOCKoUUU.OsPIJuEpmHs::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::WFvqenvnbDSx call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean YmncOCKoUUU.cCxiagiNWmtgj::HyNjtOvtMT() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean axhFmGHGIcL.TpTvMMTuSGbsFPUl::uOghVNHkGfRofDRo() brtrue IL_0043: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::MMJAmzXcKmO ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::MMJAmzXcKmO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::QNbPapHEMZ call System.Void axhFmGHGIcL.hqrSzvpKGrmhVo::VCOSDdxEtqNaHQr() ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::QNbPapHEMZ call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::cwbhSNWFxOmX call System.Void zRfsGByBtDX.CXoElcMVRQgAw::PIyeRGTIOyJ() ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::cwbhSNWFxOmX call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() call System.Boolean axhFmGHGIcL.AfZjeHnsrXf::JqdVBkUODKzw() brfalse IL_0089: call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() call System.Void axhFmGHGIcL.bAufEUesufSlYc::ykPYYbMxyIhGUg() call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean hQjtaSBskZm.MhDEdVagQX::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void hQjtaSBskZm.MhDEdVagQX::aFQDDKWHoerE() call System.Void hQjtaSBskZm.MhDEdVagQX::tIpXZNHyrnBLc() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

XwFmZmwaSXL
Full Name

XwFmZmwaSXL
EntryPoint

System.Void YmncOCKoUUU.OsPIJuEpmHs::Main()
Scope Name

XwFmZmwaSXL
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

iutngan
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void YmncOCKoUUU.OsPIJuEpmHs::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::WFvqenvnbDSx call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean YmncOCKoUUU.cCxiagiNWmtgj::HyNjtOvtMT() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean axhFmGHGIcL.TpTvMMTuSGbsFPUl::uOghVNHkGfRofDRo() brtrue IL_0043: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::MMJAmzXcKmO ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::MMJAmzXcKmO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::QNbPapHEMZ call System.Void axhFmGHGIcL.hqrSzvpKGrmhVo::VCOSDdxEtqNaHQr() ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::QNbPapHEMZ call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::cwbhSNWFxOmX call System.Void zRfsGByBtDX.CXoElcMVRQgAw::PIyeRGTIOyJ() ldsfld System.String YmncOCKoUUU.cCxiagiNWmtgj::cwbhSNWFxOmX call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() call System.Boolean axhFmGHGIcL.AfZjeHnsrXf::JqdVBkUODKzw() brfalse IL_0089: call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() call System.Void axhFmGHGIcL.bAufEUesufSlYc::ykPYYbMxyIhGUg() call System.Void axhFmGHGIcL.AfZjeHnsrXf::vQHpHiQEYhqEr() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean hQjtaSBskZm.MhDEdVagQX::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void hQjtaSBskZm.MhDEdVagQX::aFQDDKWHoerE() call System.Void hQjtaSBskZm.MhDEdVagQX::tIpXZNHyrnBLc() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

TWFha2Q1MFN2ZU1jYmN1Q2VjQXBSSnEwc2ZyekU2Q08=
CnC

janseva.in.net
CnC

c2.janseva.in.net
Ports

22
Ports

80
Ports

443
Ports

1604
Ports

4444
Ports

4782
Ports

5552
Ports

6606
Ports

7707
Ports

8080
Ports

8848
Ports

8888
Ports

9527
Ports

9999
Mutex

JrzTWdptVqCJ
692d9d9cd43c604ca4161e743536f61d (76.29 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙