Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b0d26bd4ee5d3999407c0cdba17c255c
|
| Sha1 | 9926ab71e9b5acda4a1f3c70781cdf2533e60a16
|
| Sha256 | 8a5bee9f9a6511fcfef7bbdc1aa252c3f13894fff1296a6679b6e32d3df272d6
|
| Sha384 | cabc99ee641e3679ca47ffa6b6bc783a19a95df27e5a1cad943083042c91d6f7cd55dc9ad3a421e5ffa845a838c0dcdb
|
| Sha512 | d33eb0a10e49359df014122aae4306f530960842e5ccfb5c897ab0bab86fb4fbf63fbd33235643af61464fa0b09196461c992ba8f8471af2b583e34cece7dbb0
|
| SSDeep | 6144:qN6bPXhLApfph5BS6kgOmbmOjMfeouxPYBNF0LsfOY+:imhApzS6k3JgMfeoaPYfOLsfOY+
|
| TLSH | A9849D1337A4EE3BD1FE1736E43206090BB0D4677616E38B5A6A55B92D133868E913F3
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | Vl6roD6nO47rxhbzn50k |
| Version | 1.3.0.0 |
| Port | 160 |
| Host | 176.123.1.70 |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 1 |
| Mutex | QSR_MUTEX_2dC0tN |
| StartupKey | windows |
| HideFile | 0 |
| EnableLogger | 0 |
| Tag | Office04 |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_07ab9e2b.exe |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::큐벆橿錓結宲啭泒ウ⛒ꮫ䢊瀠ᯮᢜ;궕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ༺欩䜰�띋Jꋢ�䐂픂摠䪍뉎뒫䕐⎇�::쏎眅㹈톫珄䟰῞鹜髪�磐㮔앲䆢됓㊕폢粠() brfalse.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Boolean 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::粪㶨Ӕ蘇垦卯륔邙擷츏䋆煳ꫥ蹵ၷ뷫䛌횥똼ᠻ() brfalse.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Boolean ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫::get_Exiting() brtrue.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() ldsfld ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::饟ࢺ抦ꔞ⠏Ћ൭୳ߘ�耽紂أ㐁몪띕� callvirt System.Void ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫::㡹퍂〮뿈ᇹ꒿㋞䏉烔䪪曮潡曧띺ᆴ�鯐() call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::薢딊㒃嫧ᛎ윦푼綐鎉헉嚉紱楩㷬㫌搢�() ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::큐벆橿錓結宲啭泒ウ⛒ꮫ䢊瀠ᯮᢜ;궕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ༺欩䜰�띋Jꋢ�䐂픂摠䪍뉎뒫䕐⎇�::쏎眅㹈톫珄䟰῞鹜髪�磐㮔앲䆢됓㊕폢粠() brfalse.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Boolean 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::粪㶨Ӕ蘇垦卯륔邙擷츏䋆煳ꫥ蹵ၷ뷫䛌횥똼ᠻ() brfalse.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Boolean ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫::get_Exiting() brtrue.s IL_0040: call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() ldsfld ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::饟ࢺ抦ꔞ⠏Ћ൭୳ߘ�耽紂أ㐁몪띕� callvirt System.Void ᚖ펒봱晴⊟瞧༢짌ꊓ��텴⭛䢛뎢턑ڃ蛋㰫::㡹퍂〮뿈ᇹ꒿㋞䏉烔䪪曮潡曧띺ᆴ�鯐() call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::උ冷튅༔ꍈ⥪漑Ⰱ訬坿Έ싱짂㧱낧㵡̎() call System.Void 뻊墿əꜢ敮먢큍ﱤꂋ棲镘ᯣኟὬ귑ᷕ::薢딊㒃嫧ᛎ윦푼綐鎉헉嚉紱楩㷬㫌搢�() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | 176.123.1.70 |
| Port | 160 |
| PE Layout | MemoryMapped (process dump suspected) |
| CnC | 176.123.1.70 |
| Port | 160 |
| PE Layout | MemoryMapped (process dump suspected) |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | Vl6roD6nO47rxhbzn50k |
| Version | 1.3.0.0 |
| Port | 160 |
| Host | 176.123.1.70 |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 1 |
| Mutex | QSR_MUTEX_2dC0tN |
| StartupKey | windows |
| HideFile | 0 |
| EnableLogger | 0 |
| Tag | Office04 |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | 176.123.1.70 Malicious |
b0d26bd4ee5d3999407c0cdba17c255c |
| Port | 160 Malicious |
b0d26bd4ee5d3999407c0cdba17c255c |
| PE Layout | MemoryMapped (process dump suspected) |
b0d26bd4ee5d3999407c0cdba17c255c |
| CnC | 176.123.1.70 Malicious |
b0d26bd4ee5d3999407c0cdba17c255c > [Rebuild from dump]_07ab9e2b.exe |
| Port | 160 Malicious |
b0d26bd4ee5d3999407c0cdba17c255c > [Rebuild from dump]_07ab9e2b.exe |
| PE Layout | MemoryMapped (process dump suspected) |
b0d26bd4ee5d3999407c0cdba17c255c > [Rebuild from dump]_07ab9e2b.exe |