Malicious
Malicious

a857a36ad55edd11feb85218f3129b40

PE Executable
|
MD5: a857a36ad55edd11feb85218f3129b40
|
Size: 816.13 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
a857a36ad55edd11feb85218f3129b40
Sha1
d4e947a264f0e3eddf6dd31e2ec16c7256578fc5
Sha256
71fbd6c477cb25f200ef1dc1f7819d90ad32e805e0eb79b50c968c4314b21949
Sha384
a5b709b97a775f2d15df1318ff28bcf60fe7aab9f587a82aecd8073b2c24a2222b8a832d776c222287973347b689d74c
Sha512
77ec29ef082cf715c09b784c05680dc5e41e900c0b4df954117cbf8cb0749aec339f20be4191925ecc1bdf536809476e1793a700daa9e23506b3cdc09ddcb094
SSDeep
3072:YuE2T0cE2Wfp3M3bBs13Ak411ejd6sMm+fKopu+CHjbhxHNgFTqSGqfo+MQCpq8B:YuEatb3b6iu7
TLSH
E3052B2164092857E9DBA53BC4F7992F2710AE15FD516283E82F3D85F373B07EAC8606

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a857a36ad55edd11feb85218f3129b40
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
ID:000D
ID:0
ID:000E
ID:0
ID:000F
ID:0
ID:0010
ID:0
ID:0011
ID:0
ID:0012
ID:0
ID:0013
ID:0
ID:0014
ID:0
ID:0015
ID:0
ID:0016
ID:0
ID:0017
ID:0
ID:0018
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

eEpvM29FcGRCZGRXNjVZY0VwTlJCczVveUFlQ3hYMzA=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQALhpP6c/lzBhRfZpd/rs2zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMwMDQzODAzWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKIXD0Dv5Bsd/QexWDu0KiHP9ZuMblxtyUrTYALFekyu8Besq6HKRKss35Eqn05SaYRBJNVJK7SD0Aw1WUCZNtc+RUdOaRx32SgkErBVhtDs0VBKkxnLnQECgtRB6Gd5kfuOtFUwjyabj5YW0ExLyVvUWP52brx4VOM07VJnDmlX4fqFWD4MsGZeAGMfjrcZXcWC7libLGWOzacclrx5QCpS25uh5aMi7d+9KYFuPB9orrOWtbMgZ5WJJTQipj0fUi3EMEm49mmPt45B0MJFvSXG+PDxznx/bGZ2r4Keiq22oNv+8X/jKm6azhWzx3h9ppYD46eY9f2ySdgrN4VvU7DWmLPK+Clr2CQhS3usdy9WnNCikho5DM9kpOp3UgDGmibp7z3UvlPuyGJkUI81zSkX/z4QNT81q9SnlxqDGRbTK+sRwkceUO6zB7+n8M3hfw5FNuTMHOjnX9/nvBCu6fA84hxebGTneBIvXHc+eK1EE3Zyv0FcbaO1JBHHUMMUp/ufOw73fGW4lK919MQefppnOuQuXTTG49t5Axmvr3Jw7QIQ4qzNEH/De84q/lbM8y3c+ZLb06UjHdODU6DEv+emhKaQUfACMQivyUrmiiXNOjNP+P+crtptNbZceEeaGH6YDe6RfyDdKqoDsF/YKeMD7AyA68m6CuicrAnZWDYvAgMBAAGjMjAwMB0GA1UdDgQWBBSyND31q3J7dL9g3kls6PzKaTC+ojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBzPb5yU6MyIpsnhT4wFupaxc5crhgLCtIyhKynGXxwD/V1YLKAneV+zaVtRyas8O81av6f+MDLl43ly8c0OOxtFoHe/AHpcf5jeRlL0VTW5seOz7OT71e2J7kaUPCSommUeOpV6oEdrw5NTHTQPBRtG54oa8YzYH2+FHgu8r0SCJnPQmhV+3x7dra1ko/0fI36uTzKhd5dGGTl/Td90IweP75H2FtYMJtif6ag8b1TzUPKmxOjDMVf/8IoOG4xQ/wUKwDcd1daweaLQIn6N2B0Sl3aP81GdcihoDCgcqSr57e6plyZnM38rUlF6ip7WdvWhnlGGr27OEbya2k6p+Fg+ljjnXA80q/8wro4kSKCz3K7j/aeEt4EBg+c6lzokUkxfxKR8ejUvibu9Gpp+55aWcmBGxWxPEA0Wok4SJ4sGxGuaIqIStvspaARUSvNoQN19ARyVMddOzgZSuFRx8RweVWK3MgMGHC7zdWZKEOCBpDC4lgZSy7hbCNEjnurfMabQ5s+8LSrOP8e3OBXXApwVxnR8oVfgvg0/dW4SrjijlfOvVZzorp5AfpGRjerPwbrwgMtrdjgNHJOboVyKoyr9NtBLSFzblkRt4zHGB2Ci8uo0fAezfG9C4BR8KceW2oxn7RxhaTV4Bqi72F/EwW+UxC8ToaZ8mGb9forU64L8w==
ServerSignature

B9gk/mhX6kuWmynKKaJ3NK/0ror8RmN/ixUs7T9GFGyk+vCAzubQJrOLqve7+ckJhkl2AJ+9uvrp1iDUTaXrx2FTlvE+AO6NkTHyuGz4tfajg17vtbKMp3I7u8g6/B6bYc0F4W1chwc0Q4qiuSawwqWQvp82m9C8Gg5YZBE1wJxRQ0sFiLYy/ZA97J3u3AMS++iNhrnU+O+BF9pPdrmlQSLkgeaCzFvS+NL63zrCDbitokOF0MmIiGHm/HnRHpoKpif1yc1SfI0p/KJm5aiLqwN7PpKmWe1WtcEbriEj7Y1P7zdZNXctV8kqmDwvUEVmB9NxYXFYsmoYF+4bDqA9+5rauFr4eTqNjmXPSSPgtz7DoTJn4sr0oCnMlSZyIk5YrilwncZD1tk1tCFTsOfcX5HDvw56GZj8r99k8b6LROwmLGFL3H6IMHjP0cNKlOVNAx9Bahsg+SLysh4lJCsAQ2k5eRBTfqUpxLvTEegh8srBtrzGWaRiI+CpvtrEQ5aHiirgOygChgXIrRN1w2i5B3kyfa4TY/mY6+GFcLFCfKsoXC6azJDisM9POxgc4IWHECJlPwWe0xqqKog8hCPthff1Hyl0I/NvWacu7KXejbUX+b9XXr9GIn3WP+FsrHCznJ6/BJx8TzKGGV8bTpWbw2ZxQ3i7g+claB1sK4xN+gw=
Install

true
BDOS

false
Anti-VM

false
Install File

wan.uk.com.exe
Install-Folder

%AppData%
Hosts

wan.uk.com
Ports

1337,1604,4782
Mutex

3Cuh9VIRdiuz
Version

0.5.8
Delay

3
Group

CRB
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

wan.uk.com
Full Name

wan.uk.com
EntryPoint

System.Void Client.Program::Main()
Scope Name

wan.uk.com
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

wan.uk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

wan.uk.com
Full Name

wan.uk.com
EntryPoint

System.Void Client.Program::Main()
Scope Name

wan.uk.com
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

wan.uk
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

eEpvM29FcGRCZGRXNjVZY0VwTlJCczVveUFlQ3hYMzA=
CnC

wan.uk.com
Ports

1337
Ports

1604
Ports

4782
Mutex

3Cuh9VIRdiuz
a857a36ad55edd11feb85218f3129b40 (816.13 KB)
File Structure
a857a36ad55edd11feb85218f3129b40
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
ID:000B
ID:0
ID:000C
ID:0
ID:000D
ID:0
ID:000E
ID:0
ID:000F
ID:0
ID:0010
ID:0
ID:0011
ID:0
ID:0012
ID:0
ID:0013
ID:0
ID:0014
ID:0
ID:0015
ID:0
ID:0016
ID:0
ID:0017
ID:0
ID:0018
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

eEpvM29FcGRCZGRXNjVZY0VwTlJCczVveUFlQ3hYMzA=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQALhpP6c/lzBhRfZpd/rs2zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMwMDQzODAzWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKIXD0Dv5Bsd/QexWDu0KiHP9ZuMblxtyUrTYALFekyu8Besq6HKRKss35Eqn05SaYRBJNVJK7SD0Aw1WUCZNtc+RUdOaRx32SgkErBVhtDs0VBKkxnLnQECgtRB6Gd5kfuOtFUwjyabj5YW0ExLyVvUWP52brx4VOM07VJnDmlX4fqFWD4MsGZeAGMfjrcZXcWC7libLGWOzacclrx5QCpS25uh5aMi7d+9KYFuPB9orrOWtbMgZ5WJJTQipj0fUi3EMEm49mmPt45B0MJFvSXG+PDxznx/bGZ2r4Keiq22oNv+8X/jKm6azhWzx3h9ppYD46eY9f2ySdgrN4VvU7DWmLPK+Clr2CQhS3usdy9WnNCikho5DM9kpOp3UgDGmibp7z3UvlPuyGJkUI81zSkX/z4QNT81q9SnlxqDGRbTK+sRwkceUO6zB7+n8M3hfw5FNuTMHOjnX9/nvBCu6fA84hxebGTneBIvXHc+eK1EE3Zyv0FcbaO1JBHHUMMUp/ufOw73fGW4lK919MQefppnOuQuXTTG49t5Axmvr3Jw7QIQ4qzNEH/De84q/lbM8y3c+ZLb06UjHdODU6DEv+emhKaQUfACMQivyUrmiiXNOjNP+P+crtptNbZceEeaGH6YDe6RfyDdKqoDsF/YKeMD7AyA68m6CuicrAnZWDYvAgMBAAGjMjAwMB0GA1UdDgQWBBSyND31q3J7dL9g3kls6PzKaTC+ojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBzPb5yU6MyIpsnhT4wFupaxc5crhgLCtIyhKynGXxwD/V1YLKAneV+zaVtRyas8O81av6f+MDLl43ly8c0OOxtFoHe/AHpcf5jeRlL0VTW5seOz7OT71e2J7kaUPCSommUeOpV6oEdrw5NTHTQPBRtG54oa8YzYH2+FHgu8r0SCJnPQmhV+3x7dra1ko/0fI36uTzKhd5dGGTl/Td90IweP75H2FtYMJtif6ag8b1TzUPKmxOjDMVf/8IoOG4xQ/wUKwDcd1daweaLQIn6N2B0Sl3aP81GdcihoDCgcqSr57e6plyZnM38rUlF6ip7WdvWhnlGGr27OEbya2k6p+Fg+ljjnXA80q/8wro4kSKCz3K7j/aeEt4EBg+c6lzokUkxfxKR8ejUvibu9Gpp+55aWcmBGxWxPEA0Wok4SJ4sGxGuaIqIStvspaARUSvNoQN19ARyVMddOzgZSuFRx8RweVWK3MgMGHC7zdWZKEOCBpDC4lgZSy7hbCNEjnurfMabQ5s+8LSrOP8e3OBXXApwVxnR8oVfgvg0/dW4SrjijlfOvVZzorp5AfpGRjerPwbrwgMtrdjgNHJOboVyKoyr9NtBLSFzblkRt4zHGB2Ci8uo0fAezfG9C4BR8KceW2oxn7RxhaTV4Bqi72F/EwW+UxC8ToaZ8mGb9forU64L8w==
ServerSignature

B9gk/mhX6kuWmynKKaJ3NK/0ror8RmN/ixUs7T9GFGyk+vCAzubQJrOLqve7+ckJhkl2AJ+9uvrp1iDUTaXrx2FTlvE+AO6NkTHyuGz4tfajg17vtbKMp3I7u8g6/B6bYc0F4W1chwc0Q4qiuSawwqWQvp82m9C8Gg5YZBE1wJxRQ0sFiLYy/ZA97J3u3AMS++iNhrnU+O+BF9pPdrmlQSLkgeaCzFvS+NL63zrCDbitokOF0MmIiGHm/HnRHpoKpif1yc1SfI0p/KJm5aiLqwN7PpKmWe1WtcEbriEj7Y1P7zdZNXctV8kqmDwvUEVmB9NxYXFYsmoYF+4bDqA9+5rauFr4eTqNjmXPSSPgtz7DoTJn4sr0oCnMlSZyIk5YrilwncZD1tk1tCFTsOfcX5HDvw56GZj8r99k8b6LROwmLGFL3H6IMHjP0cNKlOVNAx9Bahsg+SLysh4lJCsAQ2k5eRBTfqUpxLvTEegh8srBtrzGWaRiI+CpvtrEQ5aHiirgOygChgXIrRN1w2i5B3kyfa4TY/mY6+GFcLFCfKsoXC6azJDisM9POxgc4IWHECJlPwWe0xqqKog8hCPthff1Hyl0I/NvWacu7KXejbUX+b9XXr9GIn3WP+FsrHCznJ6/BJx8TzKGGV8bTpWbw2ZxQ3i7g+claB1sK4xN+gw=
Install

true
BDOS

false
Anti-VM

false
Install File

wan.uk.com.exe
Install-Folder

%AppData%
Hosts

wan.uk.com
Ports

1337,1604,4782
Mutex

3Cuh9VIRdiuz
Version

0.5.8
Delay

3
Group

CRB
Artefacts
Name
 Value Location
Key (AES_256)

eEpvM29FcGRCZGRXNjVZY0VwTlJCczVveUFlQ3hYMzA=

Malicious

a857a36ad55edd11feb85218f3129b40
CnC

wan.uk.com

Malicious

a857a36ad55edd11feb85218f3129b40
Ports

1337

Malicious

a857a36ad55edd11feb85218f3129b40
Ports

1604

Malicious

a857a36ad55edd11feb85218f3129b40
Ports

4782

Malicious

a857a36ad55edd11feb85218f3129b40
Mutex

3Cuh9VIRdiuz

Malicious

a857a36ad55edd11feb85218f3129b40
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙