Malicious
Malicious

af4f645e046597f489815285ad187f78

PE Executable
|
MD5: af4f645e046597f489815285ad187f78
|
Size: 116.74 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
af4f645e046597f489815285ad187f78
Sha1
ffd653016a316c98b4b09a967d3e76ffc9284843
Sha256
7af19fd50abaaa9bd360f2d2a6ae06a8f095c1d9533b5dfc7df496eea527d762
Sha384
bfa4ec6af4b34bedbf9fa849963e87052792047b935c4c18fa87e259ed66d8cede05ad6a20f297c08bf6b95e5d3f5cb8
Sha512
2873f3f27f4ac95874b1e9b3c40435acceff381715684b3414a4787fe182cd46c6b8d483dfe36b4a7ab82eec6713f03d149ca539fb8c3b4c8e4caf55b5f19a6c
SSDeep
1536:Mu/dRTUPE2hJRRg2WvO1bCBQ86tbdu90vG8rPyQ8QlD+zVS/TRhjY/F:Mu/DTUPE2rRRRWvO1bCB6bnNPY/F
TLSH
2BB31900279F9177F17D9F7484926200C17EABB7B323C45E388865D976E378267C27AA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
af4f645e046597f489815285ad187f78
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

SENFdm1tY3laOFR5QlpaQWd4R0d2YWdTdHJhdVA5Snk=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAISvbKasaSkUhsZzs6y/3zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA5MTQyMTAwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJNJYDnc4OHf5ngh82IyBQaNI3NDOja6C10pPxlXMHYHnUZ+f4UIxUWQMOBWBztO2ARVE7NW79QkjWJXfB25fz/gbaZwJVc6wizEoZR2YD4pSq78Uz7mq11oaQvAYlo40HCclpkjrTykmxOsNWDIeQCT6e4g1sWRaBTj4NBzx+pF9/ArBFfk9phXUzg1rk4saLdESIRFgyU9gsh6ZVyPJlb4EIB59uOGJHL4vDu2V0ZowSAy37kWdK6cdgD7aG5dAjG7J1Mk9U3h9bRpCFqLp5GlSI8u5lHt2ASMeD8hET+/kVtB5SaYC/5i5qI7BY8ee8ncnaiOAy4EmuMLriYIsYSzQQjaX1Bk+bxYSM3GmYpAXRgntBOzBAiNcl/1xiVACH8YLNL1TWENTsuFmxSDJrWA7Ab9OPsAVkxoiBz/UMqAG5AxzykDcSg2PzDnnxhvkOyWbzlieY5yMyolxiaBSSWu33wxDPTGt54K9yWXK5+2XKhSn/PNiKm5211KIdfZ1AUrkBR2tibJ2Ix0AYEynua4w3Wv2Dcpydn0QZWxtf/X8oBaRIlIvHmIi86Pie/kWTIDxK/mUblJOymP+0vzcnpn+FBsYGwwUD/iIEybopSsGySCgft9pmZ2M8jN4NoBb/rXoWQSQZd6a/9zHv+w12RSWSNXdYvrh46OfiykeYaHAgMBAAGjMjAwMB0GA1UdDgQWBBSlbQ/ZDRx/3hxrRH1nan5vZcbJjTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB76aiOIyEDOPaIoeBzw9MV27+UUa1jxjLXZxaz+LGfpuj4DPkww/69c08ZLuoJ/0WoFs3phEt+wo7WegCR1PWdAeTKZdawTQiE95y6KTTu9o2uM4ntbBUkTYNbW695mq4U9Nnzh4wxQKuBGUEyN+Jhiq3L1gCC6VW4oWaQIz3otngKmjlGo+RM5107/v3P5hvhKGj/aBrIg5IX7hH6+wWNoKFhtb2/1Jn8SESXp2urCS1DC3LS4ApxFMbZiJpSRzAbkz+ziwjvVktoLSlaCnY94gnIDJoSo/DQrm/vfhj9tQdHqtFxI8mfzBpakPZVL6FNGYxoBbp1/03qNZ1Te5JN7jqYG8qsQdOfq92PxWye+GCceSJb5r1QYhqmgr06IIQWGgXy5MOGE/MEH5SSeY+GljCw4UfsrqYXrcp24KNDX8RY++DatJ1Sy+GueOyWQ6AFl3Fi8SdlkIFk8Xza309fhnmx2IvaAgQrN920vXBPlQjAAY6G732QgGrT5E/paKhrxXM7D29IaIRS7alEfs9Xpx6j8WquDYyr70ku0TkACKq8zVg8diR+XHNMRRJj2WEVm/EZlHupSmeDyVvlscfLkaL1a1PXSOB+idWcvtOaoaphiYZ/NBXKrk2dCiSNgH0jDkn4AI6ResL1bCG+wqViXuKTuYbpZ355SFRA36UBJw==
ServerSignature

M08ApQQRM8ifyHLqdb6K4xmGgAzNGl0y2ujT/PocQoxxLg4Ga8V7RBomGhUAjwkQLi7BJ+XU8kIvn+hJ4sLuP0LO35nzRb82nUbUijI13qgm6GHBfPM31Dmhm1xiq5v1bkw9Hve5XDs88FL1NZL/Y7wfzGbOwK8cpTz6WglcXbW6xsP51Nss8ts8wnom1S92bB3znN1l9yKJ1taRzHyvKP12zzcplWEvUfmuSWpArqgghfckc5i9QcUnBggAeGNY/+IAHZR2AFp9FZPwUnm8XEaGb4oSlE0PJSCGxpEFCJEr8cqYhZenP5Rju0ZTvoViS7qz6LFYfSPXV6BanfiqVAwK/wLcVvwHOiL7CbZcErRP4fdxaNWtH8rf70vkQcYwniaASaaN78qdvfdJf1aCdYOhSe2V5eFy2Jey8dezV6h5UTLjHD6TI9PVZm8zOmYPFIiB5PtTAgS/hop7BhXbD8qe0WvyOObthXwTkDTQt7gKdazjqV6EVV0jOu8OlHA8p9PRamWUVdrijJGu4piYluyHQxQdrLnVSfV7Nm70hVKygqIbIqeiZtWMjW9J/jg/wPOViqVYE0j2bYnzFFt+1elLC7zyt4YoijVsRAjWf+/KXQQmYM2MNRDAAF6kb4/SgB5w6S/E1CwNH/ojA1iFlrlme8h9D5ESNyySY2q02qo=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

89.213.118.219
Ports

2000
Mutex

Ty5lzB2Gerjw
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

guPVhqEvpibTCbct
Full Name

guPVhqEvpibTCbct
EntryPoint

System.Void MaUPFkughOQ.LYTJGjwOdIAGWbT::Main()
Scope Name

guPVhqEvpibTCbct
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Cursed Minecraft
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void MaUPFkughOQ.LYTJGjwOdIAGWbT::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::ZGRFQgXWzmaEF call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean MaUPFkughOQ.DBdZlZeOBkwWpBIj::MrwnADqojcRLwgu() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean LLcLgYQEPyEzIdFC.HwhdmbwOpAA::pHDKyfWeMRuB() brtrue IL_0043: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::TyaTDBJglUM ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::TyaTDBJglUM call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::sBKkDxqzgJIG call System.Void LLcLgYQEPyEzIdFC.vAWfAHuwaTp::pneMSUIdlweHw() ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::sBKkDxqzgJIG call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::DMLrFeiumRjBT call System.Void uvOfYoLnIkXABk.ySPDjffnGBl::NsEAFnzTnjAQ() ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::DMLrFeiumRjBT call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() call System.Boolean LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::IodGivrwzVi() brfalse IL_0089: call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() call System.Void LLcLgYQEPyEzIdFC.XqKJFSEASVbu::ISkKkYmdxdqYQ() call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean nUXoISGcMGUlB.usTvAgRllNd::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void nUXoISGcMGUlB.usTvAgRllNd::AEvMrdXLrxDN() call System.Void nUXoISGcMGUlB.usTvAgRllNd::oAqiEYkdHAy() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

guPVhqEvpibTCbct
Full Name

guPVhqEvpibTCbct
EntryPoint

System.Void MaUPFkughOQ.LYTJGjwOdIAGWbT::Main()
Scope Name

guPVhqEvpibTCbct
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Cursed Minecraft
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void MaUPFkughOQ.LYTJGjwOdIAGWbT::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::ZGRFQgXWzmaEF call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean MaUPFkughOQ.DBdZlZeOBkwWpBIj::MrwnADqojcRLwgu() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean LLcLgYQEPyEzIdFC.HwhdmbwOpAA::pHDKyfWeMRuB() brtrue IL_0043: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::TyaTDBJglUM ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::TyaTDBJglUM call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::sBKkDxqzgJIG call System.Void LLcLgYQEPyEzIdFC.vAWfAHuwaTp::pneMSUIdlweHw() ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::sBKkDxqzgJIG call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::DMLrFeiumRjBT call System.Void uvOfYoLnIkXABk.ySPDjffnGBl::NsEAFnzTnjAQ() ldsfld System.String MaUPFkughOQ.DBdZlZeOBkwWpBIj::DMLrFeiumRjBT call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() call System.Boolean LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::IodGivrwzVi() brfalse IL_0089: call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() call System.Void LLcLgYQEPyEzIdFC.XqKJFSEASVbu::ISkKkYmdxdqYQ() call System.Void LLcLgYQEPyEzIdFC.oBMjhwTmrAFHSQT::GyMFZAYAvEh() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean nUXoISGcMGUlB.usTvAgRllNd::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void nUXoISGcMGUlB.usTvAgRllNd::AEvMrdXLrxDN() call System.Void nUXoISGcMGUlB.usTvAgRllNd::oAqiEYkdHAy() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

SENFdm1tY3laOFR5QlpaQWd4R0d2YWdTdHJhdVA5Snk=
CnC

89.213.118.219
Ports

2000
Mutex

Ty5lzB2Gerjw
af4f645e046597f489815285ad187f78 (116.74 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙