6d9b59840baf06c4fb56c17c4d817579
PE Executable | MD5: 6d9b59840baf06c4fb56c17c4d817579 | Size: 646.66 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 6d9b59840baf06c4fb56c17c4d817579
|
| Sha1 | 30af45e1e6ec90ea103505ad37f58787ac4188b2
|
| Sha256 | 9469c0ecb56d97235377a1ef66799767e5c437e1c933a070276468cf47d1228a
|
| Sha384 | 7d26048417f3bd0b083c0f9e3db416a709e9d0706327d26cc6f074857682bd4cd093605b9f5fb548377e22ccb17119b7
|
| Sha512 | f229c4ede3c55305a1e57b3af7772c1a7263ee28d54e2739f2c051b8cc3350e759fe3238da8dcfb675539f4ea68d71dda23418d8f3d922080aaf9cc273665985
|
| SSDeep | 12288:MPRb9zoSjkqjVnl36ud0zR/6CtQ9PUHIG8Dl8gSD+37PWY1Y1+f7LfNxX3ho:MJ9pjkqjVnlqud+/2P+AlUDcPt1aKFxy
|
| TLSH | B4D4022037FD8247F1BF66B899F126016676F663B623EB4C184462FD4532341A9D33BA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | Yxvb1zbKq9WFS3zPe7oWbml6Q4AZIUs8ClRELSjUCXA5baiqGa/nFpRPu3N596TSo97Yqdo0JaEHOCkO2Pjmow== |
| Port | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
| Host | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
| ReconnectDelay | 3000 |
| Key | g6UoNkwcmU2FqnckSFAMeXB+gfmX6UwKXaNC8Q8uwsoufsWIAsATSMKUD6OCObEMEVMEDWNwziMzDxdDaONSxQ== |
| SubDirectory | DGsoPcFV9t6EHZ9DBcNotcoUeiUKYlA2CMtXEiAAI0KMwVSJYKxQgjfw04u/lMBMHyqbd1z3g9i+VF63YWLzEw== |
| InstallName | 0 |
| Install | 1 |
| Startup | ztwUitMlPwye1uwqgB0y+3qAMvQWm0vPWaMDQOBCT1ejvBKGD2H739kWeCSfeG1PR97W0RU+Gh9SyoYH7zbh5SE2aG7kvc9/PUAKL7IUdEaiQk+d+Y06n5MfvKwwpAPz |
| Mutex | 9h2aXsT+AUSut6LMM8h3I69VIL9YdYIWYX5G9k12t3fXq7IX/Uon6UgyYGBPCSFwK+x6at1WV3HAySXHl0jRFw== |
| StartupKey | 0 |
| HideFile | 1 |
| EnableLogger | 1F825050200F8025ED5B6C2D482B3409085F7099 |
| EncryptionKey | w14qrLQCZFuNuQGT8ke5kS71fLA0ZXut3zoBxpgO9xHaaVlsSHSA6RUudQhpBMYPWnCi0Jz5pYlFe6rpy9mj3g== |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::Main() |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 613 |
| Main Method | System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::Main() |
| Main IL Instruction Count | 21 |
| Main IL | call System.Boolean 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::ꒄ嗡籂萵珜尙졧ሬ鏀㪞胄ࣛ脽긒衑鯜쉈() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::替꧍Ĩ�퀫䊉⭝餵먒崎먢俯莽ᜉמּᩔេ싲(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::㈽ꌒ⾄ň敁�洣ꉯ彡ꃖ练씕䖍⩊緗컐✅هᵟ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 芇恏뉩䕦듳딈�ꪕ졍ᴈ䜯ᛓ䩥흕뭤啽::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::Main() |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 613 |
| Main Method | System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::Main() |
| Main IL Instruction Count | 21 |
| Main IL | call System.Boolean 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::ꒄ嗡籂萵珜尙졧ሬ鏀㪞胄ࣛ脽긒衑鯜쉈() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::替꧍Ĩ�퀫䊉⭝餵먒崎먢俯莽ᜉמּᩔេ싲(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 혏⫸泔ᣕ全ˎ廔Ꮛ䗗풏ꁸ埵釠剪勢촟뻂⡥㢅::㈽ꌒ⾄ň敁�洣ꉯ彡ꃖ练씕䖍⩊緗컐✅هᵟ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 芇恏뉩䕦듳딈�ꪕ졍ᴈ䜯ᛓ䩥흕뭤啽::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
|
Name0 | Value |
|---|---|
| CnC | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
| Port | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | Yxvb1zbKq9WFS3zPe7oWbml6Q4AZIUs8ClRELSjUCXA5baiqGa/nFpRPu3N596TSo97Yqdo0JaEHOCkO2Pjmow== |
| Port | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
| Host | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= |
| ReconnectDelay | 3000 |
| Key | g6UoNkwcmU2FqnckSFAMeXB+gfmX6UwKXaNC8Q8uwsoufsWIAsATSMKUD6OCObEMEVMEDWNwziMzDxdDaONSxQ== |
| SubDirectory | DGsoPcFV9t6EHZ9DBcNotcoUeiUKYlA2CMtXEiAAI0KMwVSJYKxQgjfw04u/lMBMHyqbd1z3g9i+VF63YWLzEw== |
| InstallName | 0 |
| Install | 1 |
| Startup | ztwUitMlPwye1uwqgB0y+3qAMvQWm0vPWaMDQOBCT1ejvBKGD2H739kWeCSfeG1PR97W0RU+Gh9SyoYH7zbh5SE2aG7kvc9/PUAKL7IUdEaiQk+d+Y06n5MfvKwwpAPz |
| Mutex | 9h2aXsT+AUSut6LMM8h3I69VIL9YdYIWYX5G9k12t3fXq7IX/Uon6UgyYGBPCSFwK+x6at1WV3HAySXHl0jRFw== |
| StartupKey | 0 |
| HideFile | 1 |
| EnableLogger | 1F825050200F8025ED5B6C2D482B3409085F7099 |
| EncryptionKey | w14qrLQCZFuNuQGT8ke5kS71fLA0ZXut3zoBxpgO9xHaaVlsSHSA6RUudQhpBMYPWnCi0Jz5pYlFe6rpy9mj3g== |
|
Name0 | Value | Location |
|---|---|---|
| CnC | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= Malicious |
6d9b59840baf06c4fb56c17c4d817579 |
| Port | ILYAVO0Txc3eczCLYlaexB6nJtKcaRuzpZcpiHSlppoGo81u4KoyWwmQV3300oN955UOB9PLic8ZV8UMkhfRze7g81HkNJbAgXXCbVfTkl8= Malicious |
6d9b59840baf06c4fb56c17c4d817579 |