Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | ac392f0ef3d4e04c951ada8721ed7709
|
| Sha1 | 149b4b5288ff771dd9fc67f4e57882ed39d8911b
|
| Sha256 | 69d3e8613330ada8e185e86add8415beb014d6c06ed4112bf41933f0df9b5050
|
| Sha384 | e46e5ff6f20ed2ed2d71689b261a049c590e739fd7fd67d507ce5587cc01d0a03a112692b22115c2a282a5383cb1f05c
|
| Sha512 | 420fefd143ca91bb18473f7e2d42badb57a632dc45c49579c5fbf7d1fc0a6170c2e1de912c9d69724091df4180f7727cc7e361ac5311556c2bd3f4857adc687d
|
| SSDeep | 6144:8w6bPXhLApfpvIoNRzv0ybl+EHNCgmE9ynbH8y:FmhApHNhMqxQgm2ynbH8y
|
| TLSH | 14846B1367A8D53BE1BE1737E43206045BB4D847B706E38B5A6855BD6C233868E90BF3
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | FKtxNVbGt2pxY6yyI19X |
| Version | 1.3.0.0 |
| Port | 19ap22.duckdns.o |
| Host | 19ap22.duckdns.o |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 0 |
| Mutex | QSR_MUTEX_7BYyMa |
| StartupKey | notes |
| HideFile | 1 |
| EnableLogger | 0 |
| Tag | 3rd JULY |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 1 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_c9088d9a.exe |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::ꐪᣙ얡蛫릉噥쯶⮩ꓚ뒽ꦤ긵㫦牼枩号䥜㤜䨕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 諭ᰤ˂ꑌ蝫겣⼿瞄䔢芯䓄쉲緕趕診抇^蹪::쥥�֟㶅촅졘禳䪋헌郚ꈕ錏䃈ģ㣣ᇗ␂() brfalse.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Boolean 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::䮧烏⿻腊�븮�ﴨꂸ띷⫧熿㊭㷒() brfalse.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Boolean ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊::get_Exiting() brtrue.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() ldsfld ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::簎阺虽贕覸됬䘺䨿鈨啯붴쟡䧍譖윚 callvirt System.Void ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊::ᇞ퐥慰퓓⸄ᜆ䏲읰㹑則둈搮䩼煅꽩㯁곱刍() call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::読羲⎏ꆛ�窱⻠㽖ꃶ쯓噆꿃獓骶ᦢ憓趲() ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::ꐪᣙ얡蛫릉噥쯶⮩ꓚ뒽ꦤ긵㫦牼枩号䥜㤜䨕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 諭ᰤ˂ꑌ蝫겣⼿瞄䔢芯䓄쉲緕趕診抇^蹪::쥥�֟㶅촅졘禳䪋헌郚ꈕ錏䃈ģ㣣ᇗ␂() brfalse.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Boolean 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::䮧烏⿻腊�븮�ﴨꂸ띷⫧熿㊭㷒() brfalse.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Boolean ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊::get_Exiting() brtrue.s IL_0040: call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() ldsfld ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::簎阺虽贕覸됬䘺䨿鈨啯붴쟡䧍譖윚 callvirt System.Void ㎺嘗亜ߌ䶒鈀們瑈㖨勰鮸狤傡忮臉뻯琊::ᇞ퐥慰퓓⸄ᜆ䏲읰㹑則둈搮䩼煅꽩㯁곱刍() call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::씞鿈讚肃貞弡ꀜ釶憓ヶ吠�哬ൠ㢯沂远邈() call System.Void 叭✧텤眠픁蔲渏䗠�⟝勏ቃ�蔁곐㧁ầ::読羲⎏ꆛ�窱⻠㽖ꃶ쯓噆꿃獓骶ᦢ憓趲() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | 19ap22.duckdns.o |
| Port | 19ap22.duckdns.o |
| PE Layout | MemoryMapped (process dump suspected) |
| CnC | 19ap22.duckdns.o |
| Port | 19ap22.duckdns.o |
| PE Layout | MemoryMapped (process dump suspected) |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | FKtxNVbGt2pxY6yyI19X |
| Version | 1.3.0.0 |
| Port | 19ap22.duckdns.o |
| Host | 19ap22.duckdns.o |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 0 |
| Mutex | QSR_MUTEX_7BYyMa |
| StartupKey | notes |
| HideFile | 1 |
| EnableLogger | 0 |
| Tag | 3rd JULY |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 1 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | 19ap22.duckdns.o Malicious |
ac392f0ef3d4e04c951ada8721ed7709 |
| Port | 19ap22.duckdns.o Malicious |
ac392f0ef3d4e04c951ada8721ed7709 |
| PE Layout | MemoryMapped (process dump suspected) |
ac392f0ef3d4e04c951ada8721ed7709 |
| CnC | 19ap22.duckdns.o Malicious |
ac392f0ef3d4e04c951ada8721ed7709 > [Rebuild from dump]_c9088d9a.exe |
| Port | 19ap22.duckdns.o Malicious |
ac392f0ef3d4e04c951ada8721ed7709 > [Rebuild from dump]_c9088d9a.exe |
| PE Layout | MemoryMapped (process dump suspected) |
ac392f0ef3d4e04c951ada8721ed7709 > [Rebuild from dump]_c9088d9a.exe |