addb2f9bc9ffad336cbee648fdfcf138
PE Executable | MD5: addb2f9bc9ffad336cbee648fdfcf138 | Size: 52.52 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | addb2f9bc9ffad336cbee648fdfcf138
|
| Sha1 | a44be384a8c20df29544e9aa86f2a28679e3566b
|
| Sha256 | 4bb4a303b8e4873401be1cea68d50bdaa454471685dc30ad61e9ef746181aa29
|
| Sha384 | 6b33de9076a71eb6d2a19bb9538c0cf05e28849fad4d1dc9223962bb1d1d38e796ad3bc1fc83600698bd7fda55c37d02
|
| Sha512 | 40ce8f84548b89049171e2b17d66357e84052c0fa0df5c3aac297265a7df7b790fc70cd1ad6c20c198a53df7320c2569f5d4b5ec1c58d9ff48e2050de206759c
|
| SSDeep | 768:Hu/6ZTgoiziWUUM9rmo2qrrKjGKG6PIyzjbFgX3iUuwXPjNnKkBDZjx:Hu/6ZTgle2mKYDy3bCXSUdPjFtdjx
|
| TLSH | 0C332B003BE8812BF2BE5F789CF25145467AF2A36603DA4D2CC451D75623FC69A426FE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | RmY2VnlnR0VtWEx4WjE3dVUxZnFCd3l2N05vdDVKdHc= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAKQGet42YhZGwX5m2hVLdzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjQwNTI1MjI1NzA0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIf5pvvIXv1kpd4MMqa3W8CwuY+UNznK8meJRWl12RCZqGK9pw17eyQFgemVAEGgDs0CxjB77vFalASc+bDJj6Z3/cGGUzVsmsda9XRpL+yxTyZf5QbVcd9X7y17SoOMHX3v8KvPXaDgGfGAcDCN1MfH72mEmW6thgFbr0pz6fQ2Mfo8bDAGWgSDI2bDXgwNxZaC1Tlh1H2FjDfM/1KFf8IKP16eo5YmGoIW8oYNLSEEYTZN1o4e4v7veUBV68SZG4iRESC3D04kkbmLkU1N1yLqH1O9nunw87kDpPzA3MWRNz9/XD97kjGkamCObNsy3TfpiFLYRL+BlJs0zg6tNl3lu9dcLotfO4GA5jOkJPmFfs/5dFh3OYN2SAIAKSEropD4tEnRyUKLnED73oliYC7QWDSZUNP5NiAegSQaiuP130pNVd4wQc6dfbOX933CQDaZi1f3/WyRX2M8a18zYwqv1Sb0A0FRAV+Yr/FXWn4fzTB/jFjsVwyOtQ9Ve1E9ojnH5lru03PMOAQ6ev8CPfJOXO0zxINnZY2XQ+Ip++pVxw9qEhaLrUkcf2qDUNej2Wff3pBTGTtXJ0fPR71iKG0KvxdzYFpduwuwwcxvqQeOg6DI1znKiAQbUTMEzmSnCN5cieFUX8Ezx8F6loh0QdXQAvGb6+SdjzrHYopEGYTVAgMBAAGjMjAwMB0GA1UdDgQWBBRzZ8O41Tbbg8bPa1Uy3yrzXNpFRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB7+cHPX7Wa/wdLtWowGY6aUYRBwCD4K8DQtRvMapbh+5K5e4uwHXWndWrMnH1pJQx6vwEhCwioL9rIrkqURd6ELm+f5GamyTadyHhIGj4ENdw8w6Eu8hAPUytiMo28aduxpHyQ54TnzSwa4uMJP3QlM6TOPEao36fWtUVZogTuv3yQpJB0jKN5PLGeXDU+4jrngGhLWIDenJWWTBJuPrps5FqBCxXgjt0UGZTFOtNhuB9Kqja80484aZXnugjq0lhMKzAJT3JirMRlACWlY8Y7DSHoEswhZf1HkegaJDj23d77ZLhIpviLzA3Gmxn97iwC/ouII24TM/Krq21tdz0se+mhkzUu6hLNJaDQkCUGZN3uA+JVBKQkgDfGQW9LJ1qni3aBNQMNWC/UUe1d7FW87wjMmYMR9xLq41QV2rfODnIWWPwGAkJsRcomNC9C+1J/Gf5nXRdnxnZxabFUVJWPbQ9AA5VRDnPE2a4gURFufNf5tjanIAEs3myh7oKRcfYDyuUiKcgnn/BME0+JI8MOLu1gN0H9BxoQwXA3+xWCYSGRNrpMUA0P6yZcxpvJHuJHwFp/aYmPqEjoXoOG398HaRCx8xAlzFYr03CY2UmZAwKN7Mfe4iigMhlsMMtMc9TrOtnPFMvBYsbO6MK7/MB9wVyspUSOVveQB+qjGyRk2Q== |
| ServerSignature | QRHRB8hSYSnIzyv4kJnuMs6je6USl71LNZPOAzPRpJK/KGfSf3miqUtsPVJIaz8IgKt02CR96wt1K7DbtBz6mGYn+0LYpg8MHY0Xg6lrE7Dn4tCI51yTD+5lPOpxqTrZlthw9QKY2imieKzWSnWatIuqGMLuc3N+yhHtVqyLfJ4a+WA6oYASkXttuLLUxTCHQgJTq3WSFozGoGWxv1ruG/4akjq7zpOcS5so/OwCB1G5nnaFktRTWOSiOuRqH4qKeGAXtFUygwTNT6gzpkTbRAoRQfseeiBOjCwwdemcxVmd0ypyw+EG+uS1QV6Y5v4UXVdeGd/i/ZwWg3sypVs8S6icsog7EC55roCJMwECp8rPSRS558XiBHGg8y3u7pS6NRnIhi6AgSgndkqt7URYaogGsv/knjp4JZhgWLJNboe5Mba764EhyaQXF48AmvJO3FmehGJ1ENV/9CTNcqaB/f33sIgnGTuMFu3Qlu8b+EydAUCUVVKLxCTMONSYKJSCAcOOESZ0VEadKYaHd3j2x0VUmof7IGCTDJroL852AIdq8AJ6jxdaK+6k+AiyQqTC07PMYiIHXEdf4xCz3uVo/W/bM9zGO+oCHftDtfglc4dTfWdAHVEgqSsf110Dswr8erKFv5+GRk1Kd2h7EtyhBBpbrt/a7EXjyDTUjuIv/qQ= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Version | 0.5.7B |
| Hosts | uejrhnfq.duckdns.org |
| Ports | 6745 |
| Mutex | AsyncMutex_6SI8OkPnk |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Overlay extracted: Overlay_60851e5c.bin (6440 bytes) |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | RmY2VnlnR0VtWEx4WjE3dVUxZnFCd3l2N05vdDVKdHc= |
| CnC | uejrhnfq.duckdns.org |
| Ports | 6745 |
| Mutex | AsyncMutex_6SI8OkPnk |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | RmY2VnlnR0VtWEx4WjE3dVUxZnFCd3l2N05vdDVKdHc= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAKQGet42YhZGwX5m2hVLdzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjQwNTI1MjI1NzA0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIf5pvvIXv1kpd4MMqa3W8CwuY+UNznK8meJRWl12RCZqGK9pw17eyQFgemVAEGgDs0CxjB77vFalASc+bDJj6Z3/cGGUzVsmsda9XRpL+yxTyZf5QbVcd9X7y17SoOMHX3v8KvPXaDgGfGAcDCN1MfH72mEmW6thgFbr0pz6fQ2Mfo8bDAGWgSDI2bDXgwNxZaC1Tlh1H2FjDfM/1KFf8IKP16eo5YmGoIW8oYNLSEEYTZN1o4e4v7veUBV68SZG4iRESC3D04kkbmLkU1N1yLqH1O9nunw87kDpPzA3MWRNz9/XD97kjGkamCObNsy3TfpiFLYRL+BlJs0zg6tNl3lu9dcLotfO4GA5jOkJPmFfs/5dFh3OYN2SAIAKSEropD4tEnRyUKLnED73oliYC7QWDSZUNP5NiAegSQaiuP130pNVd4wQc6dfbOX933CQDaZi1f3/WyRX2M8a18zYwqv1Sb0A0FRAV+Yr/FXWn4fzTB/jFjsVwyOtQ9Ve1E9ojnH5lru03PMOAQ6ev8CPfJOXO0zxINnZY2XQ+Ip++pVxw9qEhaLrUkcf2qDUNej2Wff3pBTGTtXJ0fPR71iKG0KvxdzYFpduwuwwcxvqQeOg6DI1znKiAQbUTMEzmSnCN5cieFUX8Ezx8F6loh0QdXQAvGb6+SdjzrHYopEGYTVAgMBAAGjMjAwMB0GA1UdDgQWBBRzZ8O41Tbbg8bPa1Uy3yrzXNpFRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB7+cHPX7Wa/wdLtWowGY6aUYRBwCD4K8DQtRvMapbh+5K5e4uwHXWndWrMnH1pJQx6vwEhCwioL9rIrkqURd6ELm+f5GamyTadyHhIGj4ENdw8w6Eu8hAPUytiMo28aduxpHyQ54TnzSwa4uMJP3QlM6TOPEao36fWtUVZogTuv3yQpJB0jKN5PLGeXDU+4jrngGhLWIDenJWWTBJuPrps5FqBCxXgjt0UGZTFOtNhuB9Kqja80484aZXnugjq0lhMKzAJT3JirMRlACWlY8Y7DSHoEswhZf1HkegaJDj23d77ZLhIpviLzA3Gmxn97iwC/ouII24TM/Krq21tdz0se+mhkzUu6hLNJaDQkCUGZN3uA+JVBKQkgDfGQW9LJ1qni3aBNQMNWC/UUe1d7FW87wjMmYMR9xLq41QV2rfODnIWWPwGAkJsRcomNC9C+1J/Gf5nXRdnxnZxabFUVJWPbQ9AA5VRDnPE2a4gURFufNf5tjanIAEs3myh7oKRcfYDyuUiKcgnn/BME0+JI8MOLu1gN0H9BxoQwXA3+xWCYSGRNrpMUA0P6yZcxpvJHuJHwFp/aYmPqEjoXoOG398HaRCx8xAlzFYr03CY2UmZAwKN7Mfe4iigMhlsMMtMc9TrOtnPFMvBYsbO6MK7/MB9wVyspUSOVveQB+qjGyRk2Q== |
| ServerSignature | QRHRB8hSYSnIzyv4kJnuMs6je6USl71LNZPOAzPRpJK/KGfSf3miqUtsPVJIaz8IgKt02CR96wt1K7DbtBz6mGYn+0LYpg8MHY0Xg6lrE7Dn4tCI51yTD+5lPOpxqTrZlthw9QKY2imieKzWSnWatIuqGMLuc3N+yhHtVqyLfJ4a+WA6oYASkXttuLLUxTCHQgJTq3WSFozGoGWxv1ruG/4akjq7zpOcS5so/OwCB1G5nnaFktRTWOSiOuRqH4qKeGAXtFUygwTNT6gzpkTbRAoRQfseeiBOjCwwdemcxVmd0ypyw+EG+uS1QV6Y5v4UXVdeGd/i/ZwWg3sypVs8S6icsog7EC55roCJMwECp8rPSRS558XiBHGg8y3u7pS6NRnIhi6AgSgndkqt7URYaogGsv/knjp4JZhgWLJNboe5Mba764EhyaQXF48AmvJO3FmehGJ1ENV/9CTNcqaB/f33sIgnGTuMFu3Qlu8b+EydAUCUVVKLxCTMONSYKJSCAcOOESZ0VEadKYaHd3j2x0VUmof7IGCTDJroL852AIdq8AJ6jxdaK+6k+AiyQqTC07PMYiIHXEdf4xCz3uVo/W/bM9zGO+oCHftDtfglc4dTfWdAHVEgqSsf110Dswr8erKFv5+GRk1Kd2h7EtyhBBpbrt/a7EXjyDTUjuIv/qQ= |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Version | 0.5.7B |
| Hosts | uejrhnfq.duckdns.org |
| Ports | 6745 |
| Mutex | AsyncMutex_6SI8OkPnk |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | RmY2VnlnR0VtWEx4WjE3dVUxZnFCd3l2N05vdDVKdHc= Malicious |
addb2f9bc9ffad336cbee648fdfcf138 |
| CnC | uejrhnfq.duckdns.org Malicious |
addb2f9bc9ffad336cbee648fdfcf138 |
| Ports | 6745 Malicious |
addb2f9bc9ffad336cbee648fdfcf138 |
| Mutex | AsyncMutex_6SI8OkPnk Malicious |
addb2f9bc9ffad336cbee648fdfcf138 |