Malicious
PE Executable
MD5: a74e42e01be14448df8f5c66d20a7387
Size: 31.74 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | a74e42e01be14448df8f5c66d20a7387 |
| Sha1 | 6b3f2db19c3cfe64c9960679c2a065df6bb5370c |
| Sha256 | dea1749df010fbc19c00ec9de6bd1c85ed89d3e8ff61bc25f8f6130bb5b736b0 |
| Sha384 | 6f1ab8729b0e7f95852046a0e055523a3f46503be152af63cda12421a41e4e1c75c739c6b06484e60cf55b15f35966c4 |
| Sha512 | 22bc30b4b3a82a77c3f5e07e249df0e2868d319977bee7d2c6399d32a1634eeca39520b8f606982ffbc76cf06273ce8454f19bac13fc3402fb97efbda52af094 |
| SSDeep | 384:48VU/pNfWhFo1sgVrwY2+3RYGZ/RmUcET2qc5ibbSve+5VzO+p+mv7K:/4NfWhFoOglgiZ/R17KfVO |
| TLSH | FFE24A5937E69812C7FD2BB906A3BD2142B8E1436603CE1E6DD414EB0F6B7C41A80AF5 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
| Config. Field | Value |
|---|---|
| packet_size [b] | 5huhuhuhu |
| BD [BD] | Fhuhuhuhu |
| directory [DR] | Thuhuhuhu |
| executable_name [EXE] | Searhuhuhuhuhuhuhu |
| CAPMODE | [huhuhuhu |
| FI | [huhuhuhu |
| SCHEDNAME | Microshuhuhuhuhuhuhuhuhuhuhu |
| ORIG | [Ohuhuhuhu |
| EXECNAME | [EXhuhuhuhu |
| cnc_host [H] | tsoh.phuhuhuhuhuhuhu |
| is_dir_defined [Idr] | Fhuhuhuhu |
| DFire | Fhuhuhuhu |
| Ghost | Fhuhuhuhu |
| Sched | Fhuhuhuhu |
| Melt | Fhuhuhuhu |
| ANYRUN | Fhuhuhuhu |
| VMWare | Fhuhuhuhu |
| VirtualBOX | Fhuhuhuhu |
| TaskMGR | Fhuhuhuhu |
| KProc | Fhuhuhuhu |
| Proc | Exsahuhuhuhu |
| is_startup_folder [IsF] | Fhuhuhuhu |
| is_user_reg [Isu] | Fhuhuhuhu |
| cnc_port [P] | 9huhuhuhu |
| reg_key [RG] | b3ed09huhuhuhuhuhuhuhuhuhuhu |
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu |
| victim_name [VN] | |
| version [VR] | vhuhuhuhu |
| splitter [Y] | |Ghuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 284 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
| Module Name | Stub.exe |
| Full Name | Stub.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | Stub.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Stub |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 284 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
CnC
CNCmalicious
tsoh.phuhuhuhuhuhuhu
Port
PORTmalicious
9huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential