Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 711ae03bc4d97cebb362265fc4ba7708
|
| Sha1 | 062e4b3e14018bdf06a2ec1e259dff012e645e4e
|
| Sha256 | 846a2e3a606c07e5497cda85364879b8ff31009a4526d75a7d1ab0d06c71b948
|
| Sha384 | 79b026014b446afd93da80e754cf1e9577c375af52c05aab52e64d287133a2a7d10a3cc1839e5da1f9f3e08a4438dfea
|
| Sha512 | 2dcd0010a628a8e827777fa5bd15ee2643a8cde85289b7d1ba058e8d26b2bbb1d566419b8cc6214c6f012b791385f57a67b61adbd02382117bbdbfb765005c9b
|
| SSDeep | 768:fqajaMbXpmlUivz9rBCZjxuO60b4ktr6aF/ko5rYI6OCt50MtYcFmVc6K:frcUivz6Zkyb4ktmaFJ5l6Og0QmVcl
|
| TLSH | 41332A003BD9812EF2BE5F74B9F9A14582BEB513AD03D54A3CC841D64B137C6C962AB6
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | dlZJY0Y5SlQxbk1mbllEZ0lubFpQY3AwSVhJN0VtOXo= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAM/3krKm2g5CPN3bFr1iZTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDIwMDgxNjQ0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKhf7MqHLW49BhXCY6cccFmbJXY5xXZ5eUbnJykecH15Q+O8s2r4U4eIz620mwo41gyFZQCp97AtYoVoc85cZ9DaMjNjUQc6/E6pb5GSBjYzB7MrQrKD6lpND4wb0rAaFB4idA5XpyJkxrwDOdugKaN6FtXyFmJWDOWsEn6TK7BH65ciPLSUj8LLVCIj8ICcYwSJ7OLVazLFBGLchpPCuVEgpVYx12pKSuOJqJb/R32hw0FKb0XcaKqs/b9Tu/Uhlm5wx+MdIO4i0cZkiogqXH+0W7hXZfDy21T0J7Mmevdx5sbAEGpe0SOMwhhLsmee0c7NUsaIN3V3tkwgQkQsY1pMOVLXKVZcGf/T38F7hK+bwazJbLU5Mf/l0UEXDueNZxjzptD/vV6HKH2iE6f4JLYYRO+sCa4hgcNv2N8WI/y9IKMzd8cTDKUphSWurBmDC1Sk7+DWMpvYCJT8YLw76A4uXFXzjcjnZbalDLaZiuGq7ezn1YtO6qJGgCPLGcBx2i9RGkxYg4CSbFQ33VQnVgPPanvVpjLz2MHsmZ+gFF9IVVcfuFYHSIom9VgQ8b+pGdlHpwrWYwxjdlfMh23Ju9UNqubrWk4VMtcYEo1COh1hTewQwuKYZiL+EKIRXbq5LgNh/R/8qSNgYehnHzYkl56Q3I0rDBT3OJmo1mWWf4PxAgMBAAGjMjAwMB0GA1UdDgQWBBRsWKO60jPh6W56rLx8/mZbrRyY+jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCLMbm17AxbB/0ooT0l4jOLl6Dr0lG5eMoEVuvTxHaJXQk/M3E/4UBUAzwVc8HLgLwBvO8j7+2WMmw0gdzqW6r/00mgaJ4HSZMbdH4eBxSHLb+ZdHIlLt/cmCi2/sdjNLzMJF+DyVEwhFkVbf4K7WzoQcVyRB249CSdiEcLudzO/grj09dJvn6oRwjEwIvLcQc7QuHgoYnx8r4Szw1awTnU8AZg/NEkap0+LloA1pSTyvl3NbwwzyG/cO3WE9xpPn3X8IzzMRoXmscUlsmpUN7cr8v16Ds/9oq7O6S8HTB2Rd49uW3844KoA2P4+t+edNEn1XQMxf7n+xIBJ/vqSFoh/mk9oecXNpGnC+8UFILB0F18p+aX4mY0vv7cnPeRAvzD9T6xfwIZ0GIj95Uwco5mYyni37a+sT55r/u3z+RWBmHBy/4ppGeI4JPttuSSmD2E1PwA8rZC+achGvCb3uQMiqX7tq3JEcCd0zH1HV4+vza7NWWe7a1eLLh698mLs6zplZg7nll7y8i8QRjTQ6CCs/cQRaeNmRmFYbQzmR4gOe0RC20xeh3RCYneHl3AXhvLmqUhxIHcx1MzOyCYKMJYll6t4pqlptJpXryc29ZztSj2eEFxOZFqYEyPlVckEJwafHl9kIWbzrsoYu6ZkaXVPXtmyQx+J1Z9FmkvtUhb0w== |
| ServerSignature | WDnwRF5bqaL16YcuGrfUcxxtol0dfkV75fZOojcL2yjFVb3KxmEE8WC2kRGmEeyy/NryHOiWG7wZT+5vQLf+N2wJwj1gKbB0NeZ6O0Subs+s8hymtdIskP1hIik6vMehZhu/dF6FxkNfDdDCWery8GZ/E3T3GBKAXxv+NbUtz5um5EVZyvdeqK2BTMJc4hpnbV89lqh5F7jLmHaB5r+FyqXNj/w7CaM9nJpFgEUgl1kfTgFBkrKBl3AEtFB9jPzDCiyFzFCsf1MG1TiusNBcqn/K6e7cu6MehsyZs0Slw5NIA1NgTq4irGQfc5Gn6QsEe4BTsx0S5ijX1PvemtNf4ABGG2LPKUhQuMYz2Tu0Nj4d7fzVlsUTUPk2/4SApd9BG6yzbic4xeJc/x/R64s2zDwllUycn2+uhgcqDZ2XgcFycuAspQeODMlEu2Ym8BQ+URf4eJMDT7AK3xiXAkXnSOtnVbLteZ2F/149MOp1i3lRacjnT+7qjgEC65ekL5O8OqyjB95yAPeYukX4J7n6K2LHLzdue3FZU7ntLK9LMgDNwb0UQeSJqvrJ1K+Et5fp89Xom0uew/7MnLT+MXzeQb0AwsbSXsJLqol9M0KqlkD95mQJeFIois2kVwRPXVWRKUhbdWKvQPwIwy8EPJdDhDwNovjxtqTdmDMzUHUg1z4= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | hm888.exe |
| Install-Folder | %Temp% |
| Version | 0.5.6A |
| Ports | 44,64,443,6606,7707,8808 |
| Mutex | krsyrlzupzvz |
| Delay | 5 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | sZbNqYLWLcD |
| Full Name | sZbNqYLWLcD |
| EntryPoint | System.Void PmXCIMVLUjSesP.fbpvYHTALBY::Main() |
| Scope Name | sZbNqYLWLcD |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 130 |
| Main Method | System.Void PmXCIMVLUjSesP.fbpvYHTALBY::Main() |
| Main IL Instruction Count | 53 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::tomMvONqIHXqnseu call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean PmXCIMVLUjSesP.CBCcLhvGhE::zUBjfTnOTAxk() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean PXUVgXsGsJjHCo.lrPugYyQJn::vsHSntKIWOxpHaSRt() brtrue.s IL_003A: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::UxOCxlEFBTi ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::UxOCxlEFBTi call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::NdAnoTibqbTOq call System.Void PXUVgXsGsJjHCo.BvzwzljUQOkkWu::ESeiuNQqrUb() ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::NdAnoTibqbTOq call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::teGiRUkwTDgFZt call System.Void maUOxuLhYo.anfioiEYjTPJbr::jcZLkwVwwQv() ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::teGiRUkwTDgFZt call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() call System.Boolean PXUVgXsGsJjHCo.EvBzDVVzESdxdb::qgAIfblCqPyvUBT() brfalse.s IL_0074: call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() call System.Void PXUVgXsGsJjHCo.jrzxUixXhCACyn::JkhgWrEZVHr() call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() newobj System.Void PXUVgXsGsJjHCo.nVDATrnGTH::.ctor() call System.String PXUVgXsGsJjHCo.nVDATrnGTH::SgxXNopEMBDT() pop <null> leave.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void tfpoveAUMjzVwA.ALcazossgqXEtk::pLOzNkMfwewTU() call System.Void tfpoveAUMjzVwA.ALcazossgqXEtk::epBzJPSNdpiEr() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() |
| Module Name | sZbNqYLWLcD |
| Full Name | sZbNqYLWLcD |
| EntryPoint | System.Void PmXCIMVLUjSesP.fbpvYHTALBY::Main() |
| Scope Name | sZbNqYLWLcD |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 130 |
| Main Method | System.Void PmXCIMVLUjSesP.fbpvYHTALBY::Main() |
| Main IL Instruction Count | 53 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::tomMvONqIHXqnseu call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean PmXCIMVLUjSesP.CBCcLhvGhE::zUBjfTnOTAxk() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean PXUVgXsGsJjHCo.lrPugYyQJn::vsHSntKIWOxpHaSRt() brtrue.s IL_003A: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::UxOCxlEFBTi ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::UxOCxlEFBTi call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::NdAnoTibqbTOq call System.Void PXUVgXsGsJjHCo.BvzwzljUQOkkWu::ESeiuNQqrUb() ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::NdAnoTibqbTOq call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::teGiRUkwTDgFZt call System.Void maUOxuLhYo.anfioiEYjTPJbr::jcZLkwVwwQv() ldsfld System.String PmXCIMVLUjSesP.CBCcLhvGhE::teGiRUkwTDgFZt call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() call System.Boolean PXUVgXsGsJjHCo.EvBzDVVzESdxdb::qgAIfblCqPyvUBT() brfalse.s IL_0074: call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() call System.Void PXUVgXsGsJjHCo.jrzxUixXhCACyn::JkhgWrEZVHr() call System.Void PXUVgXsGsJjHCo.EvBzDVVzESdxdb::IhpPmMPhJp() newobj System.Void PXUVgXsGsJjHCo.nVDATrnGTH::.ctor() call System.String PXUVgXsGsJjHCo.nVDATrnGTH::SgxXNopEMBDT() pop <null> leave.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void tfpoveAUMjzVwA.ALcazossgqXEtk::pLOzNkMfwewTU() call System.Void tfpoveAUMjzVwA.ALcazossgqXEtk::epBzJPSNdpiEr() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean tfpoveAUMjzVwA.ALcazossgqXEtk::get_IsConnected() |
|
Name0 | Value |
|---|---|
| Key (AES_256) | dlZJY0Y5SlQxbk1mbllEZ0lubFpQY3AwSVhJN0VtOXo= |
| Ports | 44 |
| Ports | 64 |
| Ports | 443 |
| Ports | 6606 |
| Ports | 7707 |
| Ports | 8808 |
| Mutex | krsyrlzupzvz |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | dlZJY0Y5SlQxbk1mbllEZ0lubFpQY3AwSVhJN0VtOXo= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAM/3krKm2g5CPN3bFr1iZTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNDIwMDgxNjQ0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKhf7MqHLW49BhXCY6cccFmbJXY5xXZ5eUbnJykecH15Q+O8s2r4U4eIz620mwo41gyFZQCp97AtYoVoc85cZ9DaMjNjUQc6/E6pb5GSBjYzB7MrQrKD6lpND4wb0rAaFB4idA5XpyJkxrwDOdugKaN6FtXyFmJWDOWsEn6TK7BH65ciPLSUj8LLVCIj8ICcYwSJ7OLVazLFBGLchpPCuVEgpVYx12pKSuOJqJb/R32hw0FKb0XcaKqs/b9Tu/Uhlm5wx+MdIO4i0cZkiogqXH+0W7hXZfDy21T0J7Mmevdx5sbAEGpe0SOMwhhLsmee0c7NUsaIN3V3tkwgQkQsY1pMOVLXKVZcGf/T38F7hK+bwazJbLU5Mf/l0UEXDueNZxjzptD/vV6HKH2iE6f4JLYYRO+sCa4hgcNv2N8WI/y9IKMzd8cTDKUphSWurBmDC1Sk7+DWMpvYCJT8YLw76A4uXFXzjcjnZbalDLaZiuGq7ezn1YtO6qJGgCPLGcBx2i9RGkxYg4CSbFQ33VQnVgPPanvVpjLz2MHsmZ+gFF9IVVcfuFYHSIom9VgQ8b+pGdlHpwrWYwxjdlfMh23Ju9UNqubrWk4VMtcYEo1COh1hTewQwuKYZiL+EKIRXbq5LgNh/R/8qSNgYehnHzYkl56Q3I0rDBT3OJmo1mWWf4PxAgMBAAGjMjAwMB0GA1UdDgQWBBRsWKO60jPh6W56rLx8/mZbrRyY+jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCLMbm17AxbB/0ooT0l4jOLl6Dr0lG5eMoEVuvTxHaJXQk/M3E/4UBUAzwVc8HLgLwBvO8j7+2WMmw0gdzqW6r/00mgaJ4HSZMbdH4eBxSHLb+ZdHIlLt/cmCi2/sdjNLzMJF+DyVEwhFkVbf4K7WzoQcVyRB249CSdiEcLudzO/grj09dJvn6oRwjEwIvLcQc7QuHgoYnx8r4Szw1awTnU8AZg/NEkap0+LloA1pSTyvl3NbwwzyG/cO3WE9xpPn3X8IzzMRoXmscUlsmpUN7cr8v16Ds/9oq7O6S8HTB2Rd49uW3844KoA2P4+t+edNEn1XQMxf7n+xIBJ/vqSFoh/mk9oecXNpGnC+8UFILB0F18p+aX4mY0vv7cnPeRAvzD9T6xfwIZ0GIj95Uwco5mYyni37a+sT55r/u3z+RWBmHBy/4ppGeI4JPttuSSmD2E1PwA8rZC+achGvCb3uQMiqX7tq3JEcCd0zH1HV4+vza7NWWe7a1eLLh698mLs6zplZg7nll7y8i8QRjTQ6CCs/cQRaeNmRmFYbQzmR4gOe0RC20xeh3RCYneHl3AXhvLmqUhxIHcx1MzOyCYKMJYll6t4pqlptJpXryc29ZztSj2eEFxOZFqYEyPlVckEJwafHl9kIWbzrsoYu6ZkaXVPXtmyQx+J1Z9FmkvtUhb0w== |
| ServerSignature | WDnwRF5bqaL16YcuGrfUcxxtol0dfkV75fZOojcL2yjFVb3KxmEE8WC2kRGmEeyy/NryHOiWG7wZT+5vQLf+N2wJwj1gKbB0NeZ6O0Subs+s8hymtdIskP1hIik6vMehZhu/dF6FxkNfDdDCWery8GZ/E3T3GBKAXxv+NbUtz5um5EVZyvdeqK2BTMJc4hpnbV89lqh5F7jLmHaB5r+FyqXNj/w7CaM9nJpFgEUgl1kfTgFBkrKBl3AEtFB9jPzDCiyFzFCsf1MG1TiusNBcqn/K6e7cu6MehsyZs0Slw5NIA1NgTq4irGQfc5Gn6QsEe4BTsx0S5ijX1PvemtNf4ABGG2LPKUhQuMYz2Tu0Nj4d7fzVlsUTUPk2/4SApd9BG6yzbic4xeJc/x/R64s2zDwllUycn2+uhgcqDZ2XgcFycuAspQeODMlEu2Ym8BQ+URf4eJMDT7AK3xiXAkXnSOtnVbLteZ2F/149MOp1i3lRacjnT+7qjgEC65ekL5O8OqyjB95yAPeYukX4J7n6K2LHLzdue3FZU7ntLK9LMgDNwb0UQeSJqvrJ1K+Et5fp89Xom0uew/7MnLT+MXzeQb0AwsbSXsJLqol9M0KqlkD95mQJeFIois2kVwRPXVWRKUhbdWKvQPwIwy8EPJdDhDwNovjxtqTdmDMzUHUg1z4= |
| Install | true |
| BDOS | true |
| Anti-VM | true |
| Install File | hm888.exe |
| Install-Folder | %Temp% |
| Version | 0.5.6A |
| Ports | 44,64,443,6606,7707,8808 |
| Mutex | krsyrlzupzvz |
| Delay | 5 |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | dlZJY0Y5SlQxbk1mbllEZ0lubFpQY3AwSVhJN0VtOXo= Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 44 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 64 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 443 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 6606 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 7707 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Ports | 8808 Malicious |
711ae03bc4d97cebb362265fc4ba7708 |
| Mutex | krsyrlzupzvz Malicious |
711ae03bc4d97cebb362265fc4ba7708 |