Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 7f01e9f48c099f8198a9cf848330d627
|
| Sha1 | adb205e1f65d41efac130b238b55209a685c97bd
|
| Sha256 | db84d9f443caf57a41f96f4e10ecbcf055d89edc91d828ad582c0ef0a8d8cde4
|
| Sha384 | 8fb1aee4009d13c3d9d227b770bed41d57377e5ff0987fc6be26bd1be98e1ffd8e57239c49aa7fee52f8a8c40c02501c
|
| Sha512 | bf285127d0eef6a5ed19b91362cf5b74a9c9e4c89443d3f0ca6ac29edfda2b12b4d1b6e92391502fb95dd9d9fa68847adc3214dfd88ee237efaea0f17e361336
|
| SSDeep | 6144:dLNHXf500MbclRhbI+uHDFt7UXRgROIy:hd50y7u/HDFt7UXey
|
| TLSH | CD848C5773A4E53BD1FD173AE43246054BB0D8877A12F38B5A6C52B8AD223868D523B3
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | Ekoy7zfESBJh0yocrZIK |
| Version | 1.3.0.0 |
| Port | kamal199.ddns.ne |
| Host | kamal199.ddns.ne |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | video |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 1 |
| Mutex | QSR_MUTEX_LOQpWt |
| StartupKey | Quasar Client St |
| HideFile | 0 |
| EnableLogger | 1 |
| Tag | video |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_21764476.exe |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::擢貐욜鱳培䗥㆒䥠ᇛ刁篲诇荜쟒مᜇ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 蒺疒�뒷鴷⩐㚐酀ᅶꠁ㕝ᴜ䝷磍忡醶㽟䘜::缸늒炈첏쭛늷튙�ᙾ셀泜큙ﶅ꺮࿈�賲隌㞳() brfalse.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Boolean 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::閧ᗈფᛳ炀⇔⨞睃咝暰꞉瑪㑣琲() brfalse.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Boolean 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡::get_Exiting() brtrue.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() ldsfld 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::攖ﶬ乷鳇韎弝Ȋ⏇厘凲㹟ⵦ덁䉲畸깚阂脵爆軯 callvirt System.Void 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡::�ᒟ峌ᘛꖋ戲粫ᗯ쎙町俛葲㧫婓道Ꮥ() call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::䍌ဓꉮॺ㹑ԟ狺┻瓷젹밧洍죅悽뒓⡂ᨫ컃() ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::擢貐욜鱳培䗥㆒䥠ᇛ刁篲诇荜쟒مᜇ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 蒺疒�뒷鴷⩐㚐酀ᅶꠁ㕝ᴜ䝷磍忡醶㽟䘜::缸늒炈첏쭛늷튙�ᙾ셀泜큙ﶅ꺮࿈�賲隌㞳() brfalse.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Boolean 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::閧ᗈფᛳ炀⇔⨞睃咝暰꞉瑪㑣琲() brfalse.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Boolean 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡::get_Exiting() brtrue.s IL_0040: call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() ldsfld 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::攖ﶬ乷鳇韎弝Ȋ⏇厘凲㹟ⵦ덁䉲畸깚阂脵爆軯 callvirt System.Void 慟㊹ꉌ薗鏸쩅ꊅ꤃ 㗊䞪ᘠꌣ䉤婚褫쁶쎡::�ᒟ峌ᘛꖋ戲粫ᗯ쎙町俛葲㧫婓道Ꮥ() call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::ᩌ侵᱐骩�짪⹂᳅悵䵿휪欻䉲ꛄ떮矗욆() call System.Void 㖓䫼换찄싏梍荤浕湊�䵡蝼⋥Ὴ纬::䍌ဓꉮॺ㹑ԟ狺┻瓷젹밧洍죅悽뒓⡂ᨫ컃() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | kamal199.ddns.ne |
| Port | kamal199.ddns.ne |
| PE Layout | MemoryMapped (process dump suspected) |
| CnC | kamal199.ddns.ne |
| Port | kamal199.ddns.ne |
| PE Layout | MemoryMapped (process dump suspected) |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | Ekoy7zfESBJh0yocrZIK |
| Version | 1.3.0.0 |
| Port | kamal199.ddns.ne |
| Host | kamal199.ddns.ne |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | video |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 1 |
| Mutex | QSR_MUTEX_LOQpWt |
| StartupKey | Quasar Client St |
| HideFile | 0 |
| EnableLogger | 1 |
| Tag | video |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | kamal199.ddns.ne Malicious |
7f01e9f48c099f8198a9cf848330d627 |
| Port | kamal199.ddns.ne Malicious |
7f01e9f48c099f8198a9cf848330d627 |
| PE Layout | MemoryMapped (process dump suspected) |
7f01e9f48c099f8198a9cf848330d627 |
| CnC | kamal199.ddns.ne Malicious |
7f01e9f48c099f8198a9cf848330d627 > [Rebuild from dump]_21764476.exe |
| Port | kamal199.ddns.ne Malicious |
7f01e9f48c099f8198a9cf848330d627 > [Rebuild from dump]_21764476.exe |
| PE Layout | MemoryMapped (process dump suspected) |
7f01e9f48c099f8198a9cf848330d627 > [Rebuild from dump]_21764476.exe |