Malicious
PE Executable
MD5: 867703b3792be3dc03dbd1e2db81bdbc
Size: 70.95 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 867703b3792be3dc03dbd1e2db81bdbc |
| Sha1 | c1cfd55b43721b26d1a2f2274628f0f014c5a6d9 |
| Sha256 | 1dbda668c852a6992af32a9f16f53c2b5af3930f1c71d7d1608d32360dcc65d5 |
| Sha384 | 3afe8bd47b1a01a6d9f8b1026ff5bf21626a1f74c75c00eda7ce7ca3cbd01aa5989653b5d975a4b998f7b21d81e266ec |
| Sha512 | 39b450c34cc905a5596092ef43e480542b60cc615d811501b2a7ff756f1d73886c9a536feb3e871f6f3c82e65a8aaebf187f9db92eb7879e1594d68d8476c275 |
| SSDeep | 768:Gm0vnfEXf78awC8A+XUPvKJ1o8c3SSPD1+T4tSBGHmDbDMph0oXADzFAa6SuAdph:OEXiFa80/DCYUbCh92zOGuAdpqKmY7 |
| TLSH | 7C636B003B98C965E6AD4AB4BCF3550106B5C1772102DA1E3CC850DBABAFFC64A527FE |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
| Config. Field | Value |
|---|---|
| Key (AES_256) | S3BpdHhuhuhuhuhuhuhuhuhuhuhu |
| Pastebin | -huhuhuhu |
| Certificate | MIICKThuhuhuhuhuhuhuhuhuhuhu |
| ServerSignature | YlXk2bhuhuhuhuhuhuhuhuhuhuhu |
| Install | fhuhuhuhu |
| BDOS | fhuhuhuhu |
| Anti-VM | fhuhuhuhu |
| Install-Folder | %Aphuhuhuhu |
| Hosts | 127.0.huhuhuhuhuhuhu |
| Ports | 8huhuhuhu |
| Delay | 1huhuhuhu |
| Group | Dehuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_60851e5c.bin (6440 bytes) |
| Module Name | ap.exe |
| Full Name | ap.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | ap.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ap |
| Assembly Version | 3.6.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 163 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 77 |
| Main IL | |
| Module Name | ap.exe |
| Full Name | ap.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | ap.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | ap |
| Assembly Version | 3.6.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 163 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 77 |
| Main IL | |
Key (AES_256)
MUTEXmalicious
S3BpdHhuhuhuhuhuhuhuhuhuhuhu
CnC
CNCmalicious
127huhuhuhu
CnC
CNCmalicious
162.huhuhuhuhuhuhu
Ports
PORTmalicious
8huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential