Malicious
Malicious

af936b56e6f109e234bc06134041959d

PE Executable
|
MD5: af936b56e6f109e234bc06134041959d
|
Size: 46.08 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
af936b56e6f109e234bc06134041959d
Sha1
e92bcf0d7f2ed18a78af57734e936e781d7fdd53
Sha256
3941d2e13d9ed19d7f867bd266338e9ec0c8eb986ff656743c83c6d1a03555cc
Sha384
5c9b63701eb85b7ee05afdc14249388095afb4e8cdbe91ed39965bc686eab8f662975e22c3f47665d5318ca02d34bcb5
Sha512
9e92aa87509235ab74eb6a7f16c90ffbd8ff681e04af5f42201682f0a0962acc7d171e27a3b98957ccda3480704b1e60baf08cebc7eb954cb683c2846cc890d6
SSDeep
768:ZuoqdT1LxHaFzWUfbmBmo2qbNpL+Vl78tPIWzjbkgX3iuQXfvMZD8KLqoGBDZrx:ZuoqdT1LoG2CU3W3brXSuQP0ZtLOdrx
TLSH
6E231B003BE8863BF2BE4FB898F26145467AF2673603D54D2CC452DB5623BC696426FD

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
af936b56e6f109e234bc06134041959d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

TUxmcWFuSjBnMEc5bEEybnVPZjdhRktET2FlcEV6cmQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3sxzv+EGF5LQeaXs0YqDTPyJcwPYA3v6lC1E74aQzkI+QgcO2h98BhzVUvNd+KMBMWJoKe5s5NnFFnhum4vC8uLsl9SbZmV+JRDrrNFh+A1rGp/mhvjG/MpLTr92lg3tGq/Rf0CCYWOfZZwGfYxBGDRsN0KlgqmwY/s1rktG1iPzM8sRiR3chFpAHPovHDZrFd8rtGaL8h/OUVYR+iFcwThw3lma5Y6mHSKOXlYGdT8UC4Babek6i/SuXvApdgRZditWzPB55CgjkofUW94mNM3xvJwGVzshrptvyxmW6hKIp/NAytENAQZRgCVxHUCYIqNH9xJ7+AxGkPKdwQOHxFcgieJB1ffuU55SAgkkrV21Rd9uL2vhSxwfWeY3q0hILbNkTpwAYMkUI/jQVXIa58c3klZO7J6UzOXQP+XWcU4aYrofz6a/tsUrnP9mjDTm1zMvVBdtDKFsujblEr4ZQezvtBTKIFqLTKgsecx0OUxeP6Rehzzv6d6BTEOf010GK3rYgkChBOksZk9hQCU7GlK3vuoQ77Q/d8vUVyAO+qeHVA828KbCLr0hOBum0L5mnHFNKVK+kpfgOVj/8cRvCJaKZyHpfXjHvAgMBAAGjMjAwMB0GA1UdDgQWBBQocingxRqHz0kVELeUZLwiHch5BDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAGOkJ2pvdC2G0HIaScIcJefPO/SVuUZVgvgK5GPnqEFazeDUw4w/j4IevIuhdyve3MdKjPWgWt0vB4mrHMBZbvlNvpm77bFxH75zWW8DJ2w98yjv61H1QBKt2yYuN3sSIuBsJqgG/qFI8gKTLpA25u6Xa4/LBZk7evYrCtXhhstaOmPjwznNbKxDtU3ePXi+0wFzJDBSqN5SXDktPgoDls6wY4sEQqdEOxhUEfPvS5+SOnZLCE6rQ0lGZMlg/DQwPrxS/RBd9oKUJd0HUfYrR8FTzsHNE5kxswSRB9c15Oq8w2SWpg2ED8w3hKC/cOnfgN/gHAH8KSNt+nxdlrQU7sYT8VCflwiiBZrmiVt9trcD3gIcRpIIWHDcV+a56WJI+0+dQLKmchyuof2Bsrtrp41cKN9CssftU/Mp5Q5GWmcsWad3mT8A90qEv8b7Gvb1SEh748ON869TXEuT0IL1jFTolSVVNVvcjNnIfz3blXA3fzn+ZFmbUO2rI8CNg4IiTDmzdz5oXio0s47vl4qAtknfI9WYGaWvnTg+sSB8h75WL6NUguXGZrlgIEIPIydVRgBShzubgLEVHlQWD7u3YW+9Om6wV3NYY5aNalTfpttLEvIW9pfUDLNpJI8tZ2c/PzWrUCZaPRhtu01swnKc7saqrlb+wJ/HVL8LyvwBjFww==
ServerSignature

Qi/RUeZ3NN3kcYE41rBO6Qf9PuoaOpA/9pHmW9LchVMI21QXSYsfq2Ts6ufr4I1MECzwW3G2m/FIrDd+YeOfrpv9u+l3wn5q/VKAE6Nqv7XLnTNIOqGS2JGrK8lVE5uZ2/vjyYuJ5Fvc4HhG2S7D2t0RBIiXUovahjlhTHRHM2KDdphVPl5O+itodc4LrA/dkYkgszhFkN7fLKEGrvXbKQZf3JgGBu5scjtnDgwT/dLLqkYb1M+0FdIKHRQNhTyWITAPuzNsq446Pp2doRuB3jVMAQDYUTMzmfJGApmAbSH9VGQFB231zt3eyewjZ3ONWiXsZG01M0dafjWlg9TSfmi7RVgsjnWxD0YT+Ffql0y0Sd6zSxCRHj924kZiCj7kCWZgFvrRQKoKZy1Uw/tERsdD+gs2qp9Ma80o0Ge7UcKr158o2hlSVmYqxf0Lwl9TKNJczvIfoZhn8atEUd0oXQcpyChWuwATcSj3s1n3Fr2XTTf7VxYWJGsMWp2k4k1NxBuyI6hmjH5GmgzTY12L2/USfWkai790wiwbCFE5ixen0o/4GsUpn0qPRDv19pIJASIBIBApNkBFnrs3Pjlg2Ri9J1hjXNYU6tvnv3d7Mq6SllQgNmV74Fs9NLZfQLgOU/cSoRPIjqpV8xxfk2Tqd9yT2F/2e/dqHiW5indpnyo=
Install

true
BDOS

true
Anti-VM

true
Install File

ditmemay.exe
Install-Folder

%AppData%
Hosts

electronicsbazaar.in.net
Ports

80,443,8080,8443
Mutex

qqi05b7gL49U
Version

0.5.8
Delay

3
Group

electronicsbazaar.in.net
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

nacmayne.exe
Full Name

nacmayne.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

nacmayne.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nacmayne
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

nacmayne.exe
Full Name

nacmayne.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

nacmayne.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

nacmayne
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

TUxmcWFuSjBnMEc5bEEybnVPZjdhRktET2FlcEV6cmQ=
CnC

electronicsbazaar.in.net
Ports

80
Ports

443
Ports

8080
Ports

8443
Mutex

qqi05b7gL49U
af936b56e6f109e234bc06134041959d (46.08 KB)
File Structure
af936b56e6f109e234bc06134041959d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

TUxmcWFuSjBnMEc5bEEybnVPZjdhRktET2FlcEV6cmQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAP8v17eCZUuhVc4ak9AKITANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTMxMTMxNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhdNOa/xKQBPfYc/YUafPCv7lyifwXTvNZJ27fsFCxLGtCQzbEjtrdth+pwEUrT501AvFvaFfD3sxzv+EGF5LQeaXs0YqDTPyJcwPYA3v6lC1E74aQzkI+QgcO2h98BhzVUvNd+KMBMWJoKe5s5NnFFnhum4vC8uLsl9SbZmV+JRDrrNFh+A1rGp/mhvjG/MpLTr92lg3tGq/Rf0CCYWOfZZwGfYxBGDRsN0KlgqmwY/s1rktG1iPzM8sRiR3chFpAHPovHDZrFd8rtGaL8h/OUVYR+iFcwThw3lma5Y6mHSKOXlYGdT8UC4Babek6i/SuXvApdgRZditWzPB55CgjkofUW94mNM3xvJwGVzshrptvyxmW6hKIp/NAytENAQZRgCVxHUCYIqNH9xJ7+AxGkPKdwQOHxFcgieJB1ffuU55SAgkkrV21Rd9uL2vhSxwfWeY3q0hILbNkTpwAYMkUI/jQVXIa58c3klZO7J6UzOXQP+XWcU4aYrofz6a/tsUrnP9mjDTm1zMvVBdtDKFsujblEr4ZQezvtBTKIFqLTKgsecx0OUxeP6Rehzzv6d6BTEOf010GK3rYgkChBOksZk9hQCU7GlK3vuoQ77Q/d8vUVyAO+qeHVA828KbCLr0hOBum0L5mnHFNKVK+kpfgOVj/8cRvCJaKZyHpfXjHvAgMBAAGjMjAwMB0GA1UdDgQWBBQocingxRqHz0kVELeUZLwiHch5BDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAGOkJ2pvdC2G0HIaScIcJefPO/SVuUZVgvgK5GPnqEFazeDUw4w/j4IevIuhdyve3MdKjPWgWt0vB4mrHMBZbvlNvpm77bFxH75zWW8DJ2w98yjv61H1QBKt2yYuN3sSIuBsJqgG/qFI8gKTLpA25u6Xa4/LBZk7evYrCtXhhstaOmPjwznNbKxDtU3ePXi+0wFzJDBSqN5SXDktPgoDls6wY4sEQqdEOxhUEfPvS5+SOnZLCE6rQ0lGZMlg/DQwPrxS/RBd9oKUJd0HUfYrR8FTzsHNE5kxswSRB9c15Oq8w2SWpg2ED8w3hKC/cOnfgN/gHAH8KSNt+nxdlrQU7sYT8VCflwiiBZrmiVt9trcD3gIcRpIIWHDcV+a56WJI+0+dQLKmchyuof2Bsrtrp41cKN9CssftU/Mp5Q5GWmcsWad3mT8A90qEv8b7Gvb1SEh748ON869TXEuT0IL1jFTolSVVNVvcjNnIfz3blXA3fzn+ZFmbUO2rI8CNg4IiTDmzdz5oXio0s47vl4qAtknfI9WYGaWvnTg+sSB8h75WL6NUguXGZrlgIEIPIydVRgBShzubgLEVHlQWD7u3YW+9Om6wV3NYY5aNalTfpttLEvIW9pfUDLNpJI8tZ2c/PzWrUCZaPRhtu01swnKc7saqrlb+wJ/HVL8LyvwBjFww==
ServerSignature

Qi/RUeZ3NN3kcYE41rBO6Qf9PuoaOpA/9pHmW9LchVMI21QXSYsfq2Ts6ufr4I1MECzwW3G2m/FIrDd+YeOfrpv9u+l3wn5q/VKAE6Nqv7XLnTNIOqGS2JGrK8lVE5uZ2/vjyYuJ5Fvc4HhG2S7D2t0RBIiXUovahjlhTHRHM2KDdphVPl5O+itodc4LrA/dkYkgszhFkN7fLKEGrvXbKQZf3JgGBu5scjtnDgwT/dLLqkYb1M+0FdIKHRQNhTyWITAPuzNsq446Pp2doRuB3jVMAQDYUTMzmfJGApmAbSH9VGQFB231zt3eyewjZ3ONWiXsZG01M0dafjWlg9TSfmi7RVgsjnWxD0YT+Ffql0y0Sd6zSxCRHj924kZiCj7kCWZgFvrRQKoKZy1Uw/tERsdD+gs2qp9Ma80o0Ge7UcKr158o2hlSVmYqxf0Lwl9TKNJczvIfoZhn8atEUd0oXQcpyChWuwATcSj3s1n3Fr2XTTf7VxYWJGsMWp2k4k1NxBuyI6hmjH5GmgzTY12L2/USfWkai790wiwbCFE5ixen0o/4GsUpn0qPRDv19pIJASIBIBApNkBFnrs3Pjlg2Ri9J1hjXNYU6tvnv3d7Mq6SllQgNmV74Fs9NLZfQLgOU/cSoRPIjqpV8xxfk2Tqd9yT2F/2e/dqHiW5indpnyo=
Install

true
BDOS

true
Anti-VM

true
Install File

ditmemay.exe
Install-Folder

%AppData%
Hosts

electronicsbazaar.in.net
Ports

80,443,8080,8443
Mutex

qqi05b7gL49U
Version

0.5.8
Delay

3
Group

electronicsbazaar.in.net
Artefacts
Name
 Value Location
Key (AES_256)

TUxmcWFuSjBnMEc5bEEybnVPZjdhRktET2FlcEV6cmQ=

Malicious

af936b56e6f109e234bc06134041959d
CnC

electronicsbazaar.in.net

Malicious

af936b56e6f109e234bc06134041959d
Ports

80

Malicious

af936b56e6f109e234bc06134041959d
Ports

443

Malicious

af936b56e6f109e234bc06134041959d
Ports

8080

Malicious

af936b56e6f109e234bc06134041959d
Ports

8443

Malicious

af936b56e6f109e234bc06134041959d
Mutex

qqi05b7gL49U

Malicious

af936b56e6f109e234bc06134041959d
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙