76a4cc278667814431df456ceb237df1
PE Executable | MD5: 76a4cc278667814431df456ceb237df1 | Size: 37.89 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 76a4cc278667814431df456ceb237df1
|
| Sha1 | 339fcc85695df25131271977948c6a7ff056a022
|
| Sha256 | 9a36a3573c402a9719c8b8b10a492bafddbb3badb9aaf37bf976e44ceb050892
|
| Sha384 | a385cd439392d4aac20d324f8d43a6e6d79f2593dfad5fb606a669ee47be95af4b3bd8cdead4fa63a9a02167e54524fc
|
| Sha512 | dd4a121cb5c027ac351660e20e0950e1ce41b4e8f0ec218c392dec4ef9eb2248d08edf40adcd164d37b8e1a99d90361843f2e90a850305dfbef00958e0d82aee
|
| SSDeep | 384:j9uBz67gibXjpPu7w9qyMTA3/r6s2cLrrAF+rMRTyN/0L+EcoinblneHQM3epzXM:20NN9ZMTA3W1cvrM+rMRa8Nuutt
|
| TLSH | 1403294D7FE18168D5FD067B05B2D01207BAE04F6E23D90E8EE6649A37636C58B50EE2
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | system.exe |
| cnc_host [HH] | 6.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 15537 |
| reg_key [RG] | 31b4882139b1fcc7c89c45d1f24736b4 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 512 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Port | 15537 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | system.exe |
| cnc_host [HH] | 6.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 15537 |
| reg_key [RG] | 31b4882139b1fcc7c89c45d1f24736b4 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 512 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value | Location |
|---|---|---|
| Port | 15537 Malicious |
76a4cc278667814431df456ceb237df1 |