Malicious
Malicious

b49d4a49be8a8f960c856d6878914e18

PE Executable
|
MD5: b49d4a49be8a8f960c856d6878914e18
|
Size: 419.33 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
b49d4a49be8a8f960c856d6878914e18
Sha1
6d61bd15cf50372071f291b0c147767dafd8c778
Sha256
ee28b64d4e17826527e6ee7bdf9ac22f8adb5d2c06ed533e8206f9fceecdcd8c
Sha384
162b0d8b864eaa3a8daae14dc422710206375dca62a65a01834caeba0f02b98de2b6131c0eaa63fc3f98a82d62bc532b
Sha512
74481bf4c963e33a170a2ac12eabcb2bf2fd5efb8f48b881a3ceaddc8f08eda023c7c5c551239958d66ad50b0caebbbb93770df57e49f8e458448a43beb43593
SSDeep
1536:aOiZmFuoiAyXzHJ/kbogXK+yAKQfO79D4Z9F:/ieUAyXzHVkboGKN4O7x4Zv
TLSH
7D94842F7F12B47AC3BC5ABF0850B149996C6C269AD9F207385FF72C6D39D075A05282

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b49d4a49be8a8f960c856d6878914e18
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

Yi9hIrVRvgHIOv6m
Hosts

m9dbmhskb.localto.net
Port

4230
KEY

antiskid
USBNM

<Xwormmm>
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

rackaz.exe
Full Name

rackaz.exe
EntryPoint

System.Void Stub.dIqASOa7B8XUD::17W1jvKLyeJn9()
Scope Name

rackaz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rackaz
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

237
Main Method

System.Void Stub.dIqASOa7B8XUD::17W1jvKLyeJn9()
Main IL Instruction Count

58
Main IL

ldsfld System.Int32 hAftPtovBvGp0::lrduFjZsyxKPA ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String hAftPtovBvGp0::1b7RItvr3TLGd call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::1b7RItvr3TLGd ldsfld System.String hAftPtovBvGp0::u1e1psQX04kD7 call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::u1e1psQX04kD7 ldsfld System.String hAftPtovBvGp0::zSPUC3xhInOtJ call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::zSPUC3xhInOtJ ldsfld System.String hAftPtovBvGp0::Vp3ew3JLQypYO call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::Vp3ew3JLQypYO ldsfld System.String hAftPtovBvGp0::pkhubeOq2K6VM call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::pkhubeOq2K6VM ldsfld System.String hAftPtovBvGp0::48Lxokb9LYKTn call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::48Lxokb9LYKTn leave.s IL_009E: call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() brtrue.s IL_00AB: call System.Void Stub.q0H3JNi1HfghK::mcKZV9GyoEiFf() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.q0H3JNi1HfghK::mcKZV9GyoEiFf() ldnull <null> ldftn System.Void Stub.dIqASOa7B8XUD::RjTbswyL4xwWs() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.dIqASOa7B8XUD::pfhEeKbeDRmw5() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

rackaz.exe
Full Name

rackaz.exe
EntryPoint

System.Void Stub.dIqASOa7B8XUD::17W1jvKLyeJn9()
Scope Name

rackaz.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

rackaz
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

237
Main Method

System.Void Stub.dIqASOa7B8XUD::17W1jvKLyeJn9()
Main IL Instruction Count

58
Main IL

ldsfld System.Int32 hAftPtovBvGp0::lrduFjZsyxKPA ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String hAftPtovBvGp0::1b7RItvr3TLGd call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::1b7RItvr3TLGd ldsfld System.String hAftPtovBvGp0::u1e1psQX04kD7 call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::u1e1psQX04kD7 ldsfld System.String hAftPtovBvGp0::zSPUC3xhInOtJ call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::zSPUC3xhInOtJ ldsfld System.String hAftPtovBvGp0::Vp3ew3JLQypYO call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::Vp3ew3JLQypYO ldsfld System.String hAftPtovBvGp0::pkhubeOq2K6VM call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::pkhubeOq2K6VM ldsfld System.String hAftPtovBvGp0::48Lxokb9LYKTn call System.Object Stub.PEsfIBP9leWvY::CrjPlbUjJVJ7X(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String hAftPtovBvGp0::48Lxokb9LYKTn leave.s IL_009E: call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() call System.Boolean Stub.q0H3JNi1HfghK::puxiN5lwJ0Sy7() brtrue.s IL_00AB: call System.Void Stub.q0H3JNi1HfghK::mcKZV9GyoEiFf() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.q0H3JNi1HfghK::mcKZV9GyoEiFf() ldnull <null> ldftn System.Void Stub.dIqASOa7B8XUD::RjTbswyL4xwWs() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.dIqASOa7B8XUD::pfhEeKbeDRmw5() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Mutex

Yi9hIrVRvgHIOv6m
CnC

m9dbmhskb.localto.net
Port

4230
b49d4a49be8a8f960c856d6878914e18 (419.33 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙