Malicious
Malicious

8e9c7def4e92f534712b56dc5e994a5e

PE Executable
|
MD5: 8e9c7def4e92f534712b56dc5e994a5e
|
Size: 48.13 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
8e9c7def4e92f534712b56dc5e994a5e
Sha1
4eede4087df2586221b9bf4a65873d2a547b8b93
Sha256
a252554acce04f9e83eaca3827a649fe1922195437e12ec439b9a078bf89be45
Sha384
1c4e4e5a39348580c2183bc6df250afc50a618039a481bc5284880fe1e11afb3638969711d1d0242a9b91fb0b1f2e3a7
Sha512
756a208d7ce2831fd6c6757e87ebb4bb2bedb2491de9195f56a1ee84e97d6c280f0a5bec198887d913cdd99c020c07a8c9d142045e00d339ecdf34e255f8cdef
SSDeep
768:axll5MZ2I5oqc+sETvOr3ouYduGK5r6CE1jbRgr3i92q0fAClZZ2tYcFmVc6K:axll5MZx+rTYJK5radberS92qe9rZKme
TLSH
96233B0037ED812AE2BE5B7868F251428677E6633603D98D3CCC11D75B13BC69A526FE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
8e9c7def4e92f534712b56dc5e994a5e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

RU5LRVpGeG5MS1RYUFZsSzEzanBPWHd1YUFiWEd3V1U=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQANltgjE8oZvdD47CEAkJGzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjMxMjE3MTk1MzIzWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJBYhJ2ujC4BO79fo21JpR64P5hi7FKPEKyLv3rqzu9w4l7FcI2d90jphjgIdnGEMYkeqePToC8ZG8x6lNhKEYDhCnXIAGXhlZLSEoY+GaCt9b2cV8FU7wHNkHt0WamAjoaQ3koHqubjwFn482kYbq95HGCRpYjii6VUwnF0CxxULKj4i7MTCd/8ansG4sX3uPGNO5hBBBX7dQhFkgfbeWuuO7BLh4jDzcjthx2puz3ABZBRtSFsBjhEiPnrEpOJmExURNxrAFfrssEHmWzP5CM00ueFeserQJ0ji5KfDGX16TNKWbtdXHU8H4GWzh8hFv8++7mCEahYe1Ps7j3KayyPaaJK0a5BLQMKunl7OYlX0GKPsHmyc701k6IwgD9X0e3TdkrsdM3Klp0B8KQ3PXBTvfSDOAFXORxnMlThY3eZ9V5o7IGgShfKO2jmZeRp9iBXBivlDPnuX4Lb937K+NNLr9z/2VG0PjXKIP5RrgAW0sADKsB3anB4oOZduFm9ie+vpcnXVvsrq8aEdEi1W1LbXxgbi7XFyrUnSVKdaMUJpEq4yw8Q6YdoluRCuB2IxXiJXfUjDcGXojpV4h4g8zT0GeduO5PDyg6/9Y8XsxsPH2OZXOJddvH4p6TgiE7cgfopI6yrSqhbNMxnDCMj5kQCAixeCzgDS1OMoHHV0HAnAgMBAAGjMjAwMB0GA1UdDgQWBBRIhL5AKYJhnZXqWV3k+isTKvTyXzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBpBjdfQiJ8FQI4HHeiBXdnPUE2bWmbbCvlmRoaulIEbbSWf32bxw+atelIm5Vs0V3EeEiihToEi2OdMg/bJQ3gR8CwYVXPp9d4fg0bfKSSBvkdcBxXEbkFaoQITnJlEZVBh1hVWcXBZZuGj86/AB5Wz+b5Bet9aNmAN+F9koXGMuqwsC03qraxQBSWsIoDP+19MVVcp65DKPveeuCGuSdUflvDwSJ35e7fsZjW7pUoJ0TSQODDysAhFLk9UTDO8X4ZbCc4Q8MmctiSO8uNpHaaRTwXCaFtr9bMnpvUZnYxixDUOmaYG9nxa4oeaBIMF1HbsVT8995ZAbUcvtJCu04smPdwpdA/nGT9WMSevgwJyRRxd3VGmGGNjPyBiLImK3MTES/AnDPWlO/u4gljZClqoDelivEQeuvJHjA+s9yDScR0gu1TJ11xDnI/OGFhPJbBtKbYBEnV3Yy7RlQMP9kUEUT9TyBFBOkNiC2Zsc4cByi3eTTodibnEV0vytb2BUAXy7ShFQwuZPozepDRxW5Sv6TJbrKhs3oGXxr42E5TJ9DqrnM9Tb+OJpEs7PvEskdfAz7lswJmGCIMQvaZFQ/XJvFIxihS4k1aSAu1oHHZhBjG8vyJs5tMSIvl/qYIoxksrNRdEooaD/eGtZ9pJhFH3dofFQZgDLpkni7oWutpWg==
ServerSignature

N560m+Y8XHy/gsXQknP/nhk9Xrh9iyqb7uOZmDJOKQix7bVy5yEwKaDy/20eLQfZgumqxN7wiFqCZ3jOyzvZ5q8HlOh7soOetN5vy1JRcxac7e1HakXl10T9oBzeCmAlnC/kVPMJq3SKh2vRDIj0WI1wEBev4p3waGJXh1loK4qQio3vxGqftQJKmLPZA+g8UlGdg1/bYl/gPM/mtBVnJ+IAn0nc5MFXzXP5+ivCmJPrEgXdN1pktDpe+UiSdCAjR/RXJqvrhpvj1T1ivcsEVUR/dd8vRhxOZIPTnAAWARd1dvFMuE0Y9uDFqv98zU/VA/7d1kj3cB/tE2VAEVdG3tip6/0uF4vGlbsTnpg5IGlh6QfknSbYPw9KM3ssv9AbxgOlqElg7h6JAEwFEO1drsqM4/gBILF/BTih/+ApDeG8hOBt7gikTYhH4tNqb9iAaArytb+kJFFTj/2oEKRbTwhHquSaqiZ74w+8EcCM2fD9d791ozcFfTZbRdyjYImV339h1zu0K4WesrH+I0Y1iFZOEgdlphZaEAFQQ8NTnApaIGI51yYZxm+ewQEUNE0RlSExk5D1tBFr4Amjy3FlESwqPCA3e781bcPSqonEn0J7VmoHKXHE52S866QJ0UKTFHjhHMyE6LTNhWhAOZvxHBxoL8ktg7ZXySMQzqxqDxE=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Version

0.5.7A
Hosts

otraprueba.ddnsfree.com
Ports

6606,8080
Mutex

uqaxwvuetboultzn
Delay

1
Group

OTRA PRUEBA
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

OTRA PRUEBA.exe
Full Name

OTRA PRUEBA.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

OTRA PRUEBA.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

OTRA PRUEBA
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

121
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

50
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AD: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 2000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

OTRA PRUEBA.exe
Full Name

OTRA PRUEBA.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

OTRA PRUEBA.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

OTRA PRUEBA
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

121
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

50
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AD: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 2000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

RU5LRVpGeG5MS1RYUFZsSzEzanBPWHd1YUFiWEd3V1U=
CnC

otraprueba.ddnsfree.com
Ports

6606
Ports

8080
Mutex

uqaxwvuetboultzn
8e9c7def4e92f534712b56dc5e994a5e (48.13 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙