Malicious
Malicious

Tweak.exe

Share on LinkedIn
Print
PE Executable
MD5: a74e42e01be14448df8f5c66d20a7387
Size: 31.74 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 a74e42e01be14448df8f5c66d20a7387
Sha1 6b3f2db19c3cfe64c9960679c2a065df6bb5370c
Sha256 dea1749df010fbc19c00ec9de6bd1c85ed89d3e8ff61bc25f8f6130bb5b736b0
Sha384 6f1ab8729b0e7f95852046a0e055523a3f46503be152af63cda12421a41e4e1c75c739c6b06484e60cf55b15f35966c4
Sha512 22bc30b4b3a82a77c3f5e07e249df0e2868d319977bee7d2c6399d32a1634eeca39520b8f606982ffbc76cf06273ce8454f19bac13fc3402fb97efbda52af094
SSDeep 384:48VU/pNfWhFo1sgVrwY2+3RYGZ/RmUcET2qc5ibbSve+5VzO+p+mv7K:/4NfWhFoOglgiZ/R17KfVO
TLSH FFE24A5937E69812C7FD2BB906A3BD2142B8E1436603CE1E6DD414EB0F6B7C41A80AF5
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Config. Field Value
packet_size [b] 5huhuhuhu
BD [BD] Fhuhuhuhu
directory [DR] Thuhuhuhu
executable_name [EXE] Searhuhuhuhuhuhuhu
CAPMODE [huhuhuhu
FI [huhuhuhu
SCHEDNAME Microshuhuhuhuhuhuhuhuhuhuhu
ORIG [Ohuhuhuhu
EXECNAME [EXhuhuhuhu
cnc_host [H] tsoh.phuhuhuhuhuhuhu
is_dir_defined [Idr] Fhuhuhuhu
DFire Fhuhuhuhu
Ghost Fhuhuhuhu
Sched Fhuhuhuhu
Melt Fhuhuhuhu
ANYRUN Fhuhuhuhu
VMWare Fhuhuhuhu
VirtualBOX Fhuhuhuhu
TaskMGR Fhuhuhuhu
KProc Fhuhuhuhu
Proc Exsahuhuhuhu
is_startup_folder [IsF] Fhuhuhuhu
is_user_reg [Isu] Fhuhuhuhu
cnc_port [P] 9huhuhuhu
reg_key [RG] b3ed09huhuhuhuhuhuhuhuhuhuhu
reg_path [sf] Softwahuhuhuhuhuhuhuhuhuhuhu
victim_name [VN]
version [VR] vhuhuhuhu
splitter [Y] |Ghuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
Stub.exe
Full Name
Stub.exe
EntryPoint
System.Void j.A::main()
Scope Name
Stub.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Stub
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
284
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
Module Name
Stub.exe
Full Name
Stub.exe
EntryPoint
System.Void j.A::main()
Scope Name
Stub.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
Stub
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
284
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
CnC CNCmalicious
tsoh.phuhuhuhuhuhuhu
Port PORTmalicious
9huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙