Malicious
Malicious

867703b3792be3dc03dbd1e2db81bdbc

PE Executable
|
MD5: 867703b3792be3dc03dbd1e2db81bdbc
|
Size: 70.95 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
867703b3792be3dc03dbd1e2db81bdbc
Sha1
c1cfd55b43721b26d1a2f2274628f0f014c5a6d9
Sha256
1dbda668c852a6992af32a9f16f53c2b5af3930f1c71d7d1608d32360dcc65d5
Sha384
3afe8bd47b1a01a6d9f8b1026ff5bf21626a1f74c75c00eda7ce7ca3cbd01aa5989653b5d975a4b998f7b21d81e266ec
Sha512
39b450c34cc905a5596092ef43e480542b60cc615d811501b2a7ff756f1d73886c9a536feb3e871f6f3c82e65a8aaebf187f9db92eb7879e1594d68d8476c275
SSDeep
768:Gm0vnfEXf78awC8A+XUPvKJ1o8c3SSPD1+T4tSBGHmDbDMph0oXADzFAa6SuAdph:OEXiFa80/DCYUbCh92zOGuAdpqKmY7
TLSH
7C636B003B98C965E6AD4AB4BCF3550106B5C1772102DA1E3CC850DBABAFFC64A527FE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
867703b3792be3dc03dbd1e2db81bdbc
Malicious
Overlay_60851e5c.bin
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

S3BpdHJBR2ZzY1VhUVozS01lcDd0OEl4ZFVFRHg3RGk=
Pastebin

-
Certificate

MIICKTCCAZKgAwIBAgIVAPDv763N9HtL5baVK9fT6CII2FahMA0GCSqGSIb3DQEBDQUAMF0xDjAMBgNVBAMMBUVCT0xBMRMwEQYDVQQLDApxd3FkYW5jaHVuMRwwGgYDVQQKDBNEY1JhdCBCeSBxd3FkYW5jaHVuMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjUwMTI5MTk1ODI2WhcNMzUxMTA4MTk1ODI2WjAQMQ4wDAYDVQQDDAVEY1JhdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnNqgh6F3jILKfwir/ATbFKhxr7JtG5J8CjFaQp4fdtHLCUa4LnZoE50adGfNFxeX4fwRjGtx92TJnXPmkoQXaxlOl6LgStbuE3uvXamYYfk1FODHoKUGK4Hv1Irj8rR7qzbA6Cnqkpr9Y8fZdRn8+GorT19HVQWsavwVHc/xBrsCAwEAAaMyMDAwHQYDVR0OBBYEFBCpLKKoQu7KPivN4DmWAoSco8a1MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAF83ZlItAuOpmoVsQqTHK32AxyJRKKvEA1uSdEgRIsSkCUtnjaFqi8h1n7E+rqMlJtLtHlZYd7lY8BTSjQe5sse6TG5iphP635A4+IAkJW1jkEd9DES3rkQ9x35GLYrP3nxWHQ5bg69Bunl+9I/vovMwsv99yYnIE5gIosWmpAr8=
ServerSignature

YlXk2bDInrBCRZBLIIj4brAUN3wBvsU8myh7bhpvbh7WBumgCtR3FQwf8ILssRiZFEtn5iYNRNBtyfwWm0HjvBNFWLEHF3GWC+0O5hTaLnIdgeTP51tZ0uBMWGRbVptka3WbZwGo1SQoD+1c4ynSonqxoydAN5dG/d2xNkSV66w=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

127.0.0.1,162.62.231.174
Ports

8585
Delay

1
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

Overlay extracted: Overlay_60851e5c.bin (6440 bytes)
Module Name

ap.exe
Full Name

ap.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ap.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ap
Assembly Version

3.6.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

163
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

77
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0047: leave IL_0052 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0052: call System.Void Client.Helper.A::B() pop <null> leave IL_0052: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0067: leave IL_0072 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave IL_0072: nop pop <null> leave IL_0072: nop nop <null> ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0087: leave IL_0092 call System.Void Client.Helper.Bjifos::StartBlock() leave IL_0092: nop pop <null> leave IL_0092: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00B1: leave IL_00BC call System.Boolean Client.Helper.Mesth4ods::IsAdmin() brfalse IL_00B1: leave IL_00BC call System.Void Client.Helper.ProdfceassC1sritical::Set() leave IL_00BC: nop pop <null> leave IL_00BC: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00D1: leave IL_00DC call System.Void Client.Install.NormalStartup::Install() leave IL_00DC: call System.Void Client.Helper.Mesth4ods::PreventSleep() pop <null> leave IL_00DC: call System.Void Client.Helper.Mesth4ods::PreventSleep() call System.Void Client.Helper.Mesth4ods::PreventSleep() call System.Boolean Client.Helper.Mesth4ods::IsAdmin() brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.Mesth4ods::ClearSetting() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_0110: leave IL_011B call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_011B: ldc.i4 5000 pop <null> leave IL_011B: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00FB: nop
Module Name

ap.exe
Full Name

ap.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ap.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ap
Assembly Version

3.6.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

163
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

77
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0047: leave IL_0052 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0052: call System.Void Client.Helper.A::B() pop <null> leave IL_0052: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0067: leave IL_0072 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave IL_0072: nop pop <null> leave IL_0072: nop nop <null> ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0087: leave IL_0092 call System.Void Client.Helper.Bjifos::StartBlock() leave IL_0092: nop pop <null> leave IL_0092: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00B1: leave IL_00BC call System.Boolean Client.Helper.Mesth4ods::IsAdmin() brfalse IL_00B1: leave IL_00BC call System.Void Client.Helper.ProdfceassC1sritical::Set() leave IL_00BC: nop pop <null> leave IL_00BC: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00D1: leave IL_00DC call System.Void Client.Install.NormalStartup::Install() leave IL_00DC: call System.Void Client.Helper.Mesth4ods::PreventSleep() pop <null> leave IL_00DC: call System.Void Client.Helper.Mesth4ods::PreventSleep() call System.Void Client.Helper.Mesth4ods::PreventSleep() call System.Boolean Client.Helper.Mesth4ods::IsAdmin() brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.Mesth4ods::ClearSetting() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_0110: leave IL_011B call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_011B: ldc.i4 5000 pop <null> leave IL_011B: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00FB: nop
Artefacts
Name
 Value
Key (AES_256)

S3BpdHJBR2ZzY1VhUVozS01lcDd0OEl4ZFVFRHg3RGk=
CnC

127.0.0.1
CnC

162.62.231.174
Ports

8585
867703b3792be3dc03dbd1e2db81bdbc (70.95 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙