Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 744e1221f6467d0b7e73a10f52e6cd6c
|
| Sha1 | 33e85ae9412fa870e5d6de31502e7d48c64ce224
|
| Sha256 | 31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b
|
| Sha384 | 149b363a9157d2218222ecb1c12b587ea214fb99252ab1905767a59a7fc8e344b42d4b595d212d617875f443ad4f31c1
|
| Sha512 | 704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de
|
| SSDeep | 384:6yTMUiDHblmJEpRGyEfBffXuKCYyEAnrAF+rMRTyN/0L+EcoinblneHQM3epzXGd:fTqHpR9EfBfWKClEOrM+rMRa8NuoXt
|
| TLSH | 0F03294D7FE18168C5FD057B05B2D41207BBE04B6E23D90E8EF564AA37636C18B94AF2
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | saads.bat |
| cnc_host [HH] | 5.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 19587 |
| reg_key [RG] | d8c514f6c639c3b8951aabb752c3344a |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name | Value |
|---|---|
| Port | 19587 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | AppData |
| executable_name [EXE] | saads.bat |
| cnc_host [HH] | 5.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 19587 |
| reg_key [RG] | d8c514f6c639c3b8951aabb752c3344a |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name | Value | Location |
|---|---|---|
| Port | 19587 Malicious |
744e1221f6467d0b7e73a10f52e6cd6c |