Malicious
Malicious

82ee977523e6744e98ea1ba18dd0a695

PE Executable
|
MD5: 82ee977523e6744e98ea1ba18dd0a695
|
Size: 48.64 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
82ee977523e6744e98ea1ba18dd0a695
Sha1
6c76744aa89364a345b4d48176b0edbdbc90ba0c
Sha256
77c95ee25717c699b4452a07613026064a9f25e8703a0f2f63446912a5a05409
Sha384
33aaf46af9ada6d636f92ac5d6446c8791df4b88db75c3160e0321951efbfdea8b6008d6b6fa2558fd26d8c45ccd58d7
Sha512
44b10fb5e3cfdd3cee9c9bfa05c315c2636c9c1b42302790291e5e16dabb61a030475fabf3a948d875b775cdffc9bb1cd03fd2d3badafd68f63ce8298e265cdc
SSDeep
768:Ju/dRTUo0HQbWUnmjSmo2qMrjWgQQPIXpsJX0b4iMe4c6rqY/F3SWKzrOfNBDZbx:Ju/dRTUPE2tIXm2b46H62w3SJadbx
TLSH
94232A003BE9826BF2BE4F78ACF2614586BAF2673603D9491CC441D75B13FC696425F9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
82ee977523e6744e98ea1ba18dd0a695
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

SlFGRHc0N3ZMaE9CWHU5aG5nSk1rQzA5ZU5kTFVENlQ=
Ports

6606,7707,8808
Hosts

176.46.152.46
Version

0.5.8
Install

false
Install-Folder

%AppData%
Install File

�
Mutex

sTuBwOB0jxkO
Certificate

MIIE8jCCAtqgAwIBAgIQAJNT6qVL7us7UsZk0rG+7zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwNzI2MTI0NzE3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANQH9tFMqVuDENmORNeBE0XSePkI6yh/Z2WKeVkDqSfXOsiPevP/up9qeENM70vltO/7pM4wHsacEjCujALzouf9gz995nrXYnBCeovP/lhoT8sriGYcOgyoNJRpsqc6oV8mkwnoZRJHPHf31kDhDZqAfVsFz8jKsCSEmLJBE67clRfw565KiQleL2laNoy5aOWLGOkzYDWkjJ5QtRmLykompHk1kNZOHP2avI78PDdzWYSxfXT/lAto5wFGgFtOqwNzd3nCObI5a0e+cadh9nPFOtTrtF4LwehkEHiMfKbiwtYJi/URXf4TRfFuXL6e+tfeCaBqWPYQrKnDPCQXCeKIWG8kjIFGGTPUzOKudMYhAqVjaXJ+pVJvwfcr3FCPpVdwayNn7LLM13WGaxa4VfS8L29rBVGEl0uhq5F41TYBlVnSJ4ila6GnfuW7AxrCezX9tMoSWi+yNSf5pMoBvp8ilrnea3wBRQlUHUZSp+CAU/08BW2i+viWljmpiQ1aae+QcEkHGAAa9KBRMLzKaxl+lhTYddrBHUWzLAR6WRWtb4pOr8Yz10ihwyUa6YoSM2OeQdsc55HQ/NE4v+0+5bYvBiopnhy/tt4N4k9Qk/vIwVKuXw/l3I6UbOzyLJw+VS1sHVkNas7rB6UrWu7diz7X+mwXhWkHmS2TjxyyHEr7AgMBAAGjMjAwMB0GA1UdDgQWBBQfJe2OVd8wYSEY8NaPspVeAfc5dzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAsf5evbEkVLTo9Esss7ONQ0Lf0zro1seeg9uD6Xjp+OAydrwb7YMZUebLlR1+Zm/nudtmctvuk2saoKVc7hBXF7EYrlykfdlBGzSwUGZyn666+CVOloEwMOnhtlmzP6anf4ByYPXwnvJct3INLoA9lN9ygHjzDRsrjh8FqKUYvCJKjQOPckgXREAiocVfC7JEYcZME4Kx7xPx/I2caNtNVudy7Bc97Liz4fQhJA0HbyqwPZyVlgjZIlMmx5d881sLYuuaqEtPx7pCVKMYqKU3ff+4MXGUG4uGH7y78HAqkcrmxAw+iVNMcVZdGECqrCtN7Yz1fafDDc5JHNjz8bprKR6hETgZSt/QbnKnBp2yONhHcnBFNb1N0Cmso2wZhZFxglR/Ss269uNSO7HCwx07b8XuuYj46nv+DOOQByzR9x45cvLyIXu1efi9WEk4vMFI18J7nseO/UN5kSvi4Rjs+6trIlWYN3XFHTtoLnYd1B/AMK5XuKMEJbVVHIXGUL8ZHfH5QpMYk5Zk8edjojIzLeeiyLAZ9VvswzRL938PJ4eBszfFtFThmxEoqsRU7FZxdMP2K36oPfvL7HH+EoqWrZLHy7aFFUKfjfjaBrknKss2izBidPyk1WdlhS3jbnEMYMmj/Qcd40Vb5GK7qRU5ZkLpbzp6WqwPRoP+2kZLvfg==
ServerSignature

wzCIoCXzLlL7HNq43F8vKZSMYXf7OKqFRG0pyyKs0QSzpL6QxOnN9nZflYt7T71Nwjg9Vo0Gncb10M8OlQU1EclQ9Io8B4kVq6FhC9CfIXGMheNm8/d4ax104UvMR2xZa92bkhh2HRaA10807xU0uBFLF9GTytXyrP6vxU9k2z5KV/m85J1u2fCv3FyuUXYCiggZ59/reQ/eykOWq/hrrcpljXCUaI+0lfoXPJxAo1orRh8LFda9vKqBd8RGK99UlFfaniFVbxkvPst/7w0R46LhNVRergmOK9NtLZUr0bAyiQc0bxUuQ+u65kEVANZZ2ilo7o05XMKuc3pR0BB2ht7FEgiaHbbqwVoozT38Kwxrp9sgMhWpG3oBuPP9+XcuNChWvgPdLVlQ9sAmrglqUjpGMxuLcWXqASCHAhcdaUm7feBYNhae63uweEKdENVSPoB4B3VWPdeVH58k9+bAXXTbcqTiyG5OPXj20Jo1Z1DaWCOQ/H79R7PDn/Wm4Jo7cOZm/L+FDBm06vGgRVAf2rCmeRcJ9/Zz2HmlxaTrMQxBzYqTb8rFhhX5AV0EqqfY1PZZ2ldVUdWIQjFiSdNdz7i6TxWEv/GjnEw6RNZtF+hRapFIQUiP3MB8+OYCsOQc8VNhZq5KrKBm5L7lYWqDX6YkD+Wq793A
Anti-VM

false
PasteBin

null
BDOS

false
Delay

3
Group

Default
Informations
Name
 Value
Module Name

hJUrdUbJkGnOGU
Full Name

hJUrdUbJkGnOGU
EntryPoint

System.Void epCvaTytHbTxhN.sMqJzgqAyX::Main()
Scope Name

hJUrdUbJkGnOGU
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void epCvaTytHbTxhN.sMqJzgqAyX::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::aewDavlFyUfRq call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean epCvaTytHbTxhN.UHUpMtsxUZn::IAtZmASmqANfo() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean SAgCiFKvjCl.rACrXSJfSGgciUn::HFcZmVtCIQfnfz() brtrue IL_0043: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::JMqRKPXzxdfX ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::JMqRKPXzxdfX call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::faxoFXbLGcVzu call System.Void SAgCiFKvjCl.PEmOAyyKVdFws::QiRqJDIIUVjWf() ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::faxoFXbLGcVzu call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::XsVgKmqScqyhB call System.Void CwFMtbzLnOfn.dDvULjwbfWttnxf::TPSIhTmqhDZj() ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::XsVgKmqScqyhB call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() call System.Boolean SAgCiFKvjCl.gZOwpNMRjB::xRnjrOFOgQwvK() brfalse IL_0089: call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() call System.Void SAgCiFKvjCl.wskmWUArlSjA::DpQZGGHmSm() call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean MFTcdDeiTgJf.LGqpuyIoMenEdUf::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void MFTcdDeiTgJf.LGqpuyIoMenEdUf::XYBFKctSMRcaZm() call System.Void MFTcdDeiTgJf.LGqpuyIoMenEdUf::quUyWeEEYh() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

hJUrdUbJkGnOGU
Full Name

hJUrdUbJkGnOGU
EntryPoint

System.Void epCvaTytHbTxhN.sMqJzgqAyX::Main()
Scope Name

hJUrdUbJkGnOGU
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void epCvaTytHbTxhN.sMqJzgqAyX::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::aewDavlFyUfRq call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean epCvaTytHbTxhN.UHUpMtsxUZn::IAtZmASmqANfo() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean SAgCiFKvjCl.rACrXSJfSGgciUn::HFcZmVtCIQfnfz() brtrue IL_0043: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::JMqRKPXzxdfX ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::JMqRKPXzxdfX call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::faxoFXbLGcVzu call System.Void SAgCiFKvjCl.PEmOAyyKVdFws::QiRqJDIIUVjWf() ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::faxoFXbLGcVzu call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::XsVgKmqScqyhB call System.Void CwFMtbzLnOfn.dDvULjwbfWttnxf::TPSIhTmqhDZj() ldsfld System.String epCvaTytHbTxhN.UHUpMtsxUZn::XsVgKmqScqyhB call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() call System.Boolean SAgCiFKvjCl.gZOwpNMRjB::xRnjrOFOgQwvK() brfalse IL_0089: call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() call System.Void SAgCiFKvjCl.wskmWUArlSjA::DpQZGGHmSm() call System.Void SAgCiFKvjCl.gZOwpNMRjB::GsUVNUfrwhQZxB() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean MFTcdDeiTgJf.LGqpuyIoMenEdUf::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void MFTcdDeiTgJf.LGqpuyIoMenEdUf::XYBFKctSMRcaZm() call System.Void MFTcdDeiTgJf.LGqpuyIoMenEdUf::quUyWeEEYh() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

SlFGRHc0N3ZMaE9CWHU5aG5nSk1rQzA5ZU5kTFVENlQ=
Ports

6606
Ports

7707
Ports

8808
CnC

176.46.152.46
Mutex

sTuBwOB0jxkO
82ee977523e6744e98ea1ba18dd0a695 (48.64 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙