Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | a76e38a17f86d21961ef59b713d48fc9
|
| Sha1 | 701c6cecaad59ab97ecc60b90b9410d0b56550fc
|
| Sha256 | f5362f0e66656ec786d48c3385551bdb8cacf5be8445608fb08c4ab20da6b3ba
|
| Sha384 | f1188df573df6d144640b8b3c5d7e07dd3773c6c62f07f19c0fbfb6131275ac5eb20cb598136197ad5939a9be19cb72f
|
| Sha512 | 086dfd5af364c11e92502c99e0dc1f2334eb6566c9d4df36ad80ab837fc17bff2b81c4d5f47ad3fb9934a1781e2f6591ecea0acf3c7d468f3b36a11087ca21f2
|
| SSDeep | 384:q8lqiU154NLHdayszHtyPpWsobO7krAF+rMRTyN/0L+EcoinblneHQM3epzXrkNf:9/ZdJszHtycVOIrM+rMRa8Nu2Ht
|
| TLSH | 6F032A4D7FE18168C5FD067B06B2D412077AE04B6E23D90E8EF664AA37636C58F50AF1
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | server.exe |
| cnc_host [HH] | nice-chairman.gl.at.ply.gg |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 42061 |
| reg_key [RG] | 874c251df4ad58ca05d485820464b7d0 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Port | 42061 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | server.exe |
| cnc_host [HH] | nice-chairman.gl.at.ply.gg |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 42061 |
| reg_key [RG] | 874c251df4ad58ca05d485820464b7d0 |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value | Location |
|---|---|---|
| Port | 42061 Malicious |
a76e38a17f86d21961ef59b713d48fc9 |