Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | b7b0284b0a883b14741a4de2b99d0be6
|
| Sha1 | c704e57d2060c40faa41ffe787da75712833db76
|
| Sha256 | c41bdae3a8c738db247ce311db878cda9c7c4954ec0eeed58999b336360846bc
|
| Sha384 | 925fbf75d8d19c6efc1a14d60e90a1cded7a8e28058590fe926324d26c1b59265eb3d8fed8df9c14433ba06d30ec224f
|
| Sha512 | 13262a91a85d248d4971ca37e69786b99956715faef0f617cf7140c8b631aeb91c83fa156c1c897ce083384029e02c3e76f441747382daf644465f6123434491
|
| SSDeep | 49152:kCoa4sHYG5ovdgpd2gIGAYIgriJIRK84jlWp1kMYiaB9rfO/ovjCqD9E:vsvMdegxK80lWp1SrPO/MZE
|
| TLSH | 03E523044F9BFCA6D52D0EB4497A98840B69DF5ED1A1A76C2CF46F7C33E2868D114F22
|
PeID
|
Config. Field0 | Value |
|---|---|
| ref_elem_0x0000000E | jusched.exe-=>True-=>False |
| ref_elem_0x00000016 | miner.exe-=>True-=>False |
| ref_elem_0x0000001E | update.exe-=>True-=>False |
| Workpath | %AppData% |
| SPL | -=> |
| Mutex | BW76c2DOTYAYOfAaj |
|
Config. Field0 | Value |
|---|---|
| Mutex | ZK7g6OvRHf54xeb6 |
| Hosts | adobe-cdn.duckdns.org,chelou.duckdns.org,mauvaise.duckdns.org,truesir.duckdns.org |
| Port | 8887 |
| KEY | goku92ad!! |
| USBNM | <Xwormmm> |
| LoggerPath | %Temp% |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | edge.exe |
| Full Name | edge.exe |
| EntryPoint | System.Void Program::Main() |
| Scope Name | edge.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | edge |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 12 |
| Main Method | System.Void Program::Main() |
| Main IL Instruction Count | 159 |
| Main IL | ldc.i4.1 <null> stloc.s V_5 call System.Boolean Program::CreateMutex() brtrue.s IL_0013: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.2 <null> stloc.s V_5 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.1 <null> stloc.3 <null> ldc.i4.5 <null> stloc.s V_5 ldsfld System.Collections.Generic.List`1<System.String> Program::List callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.2 <null> br IL_0130: ldloca.s V_2 ldloca.s V_2 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.0 <null> ldc.i4.6 <null> stloc.s V_5 ldsfld System.String Program::Workpath call System.Object Program::GETP(System.String) ldstr \ call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stloc.1 <null> ldc.i4.7 <null> stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.2 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_00CB: ldc.i4.s 13 ldc.i4.8 <null> stloc.s V_5 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_00C9: br.s IL_0123 ldc.i4.s 9 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 10 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> br.s IL_0123: ldc.i4.s 19 ldc.i4.s 13 stloc.s V_5 ldc.i4.s 14 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 15 stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.1 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_0123: ldc.i4.s 19 ldc.i4.s 16 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 19 stloc.s V_5 call System.Void System.GC::Collect() ldc.i4.s 20 stloc.s V_5 ldloca.s V_2 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue IL_002D: ldloca.s V_2 ldloca.s V_2 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() leave IL_01F8: ldloc.s V_4 ldloc.s V_4 br.s IL_0156: ldc.i4.0 ldloc.s V_4 ldc.i4.1 <null> add <null> ldc.i4.0 <null> stloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 ldloc.s V_5 stloc.s V_4 ldloc.3 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 isinst System.Exception ldnull <null> cgt.un <null> ldloc.3 <null> ldc.i4.0 <null> cgt.un <null> and <null> ldloc.s V_4 ldc.i4.0 <null> ceq <null> and <null> endfilter <null> castclass System.Exception call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) leave.s IL_01B8: ldloc.s V_5 ldc.i4 -2146828237 call System.Exception Microsoft.VisualBasic.CompilerServices.ProjectData::CreateProjectError(System.Int32) throw <null> ldloc.s V_4 brfalse.s IL_0201: ret call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ret <null> |
| Module Name | edge.exe |
| Full Name | edge.exe |
| EntryPoint | System.Void Program::Main() |
| Scope Name | edge.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | edge |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 12 |
| Main Method | System.Void Program::Main() |
| Main IL Instruction Count | 159 |
| Main IL | ldc.i4.1 <null> stloc.s V_5 call System.Boolean Program::CreateMutex() brtrue.s IL_0013: call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.2 <null> stloc.s V_5 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ldc.i4.1 <null> stloc.3 <null> ldc.i4.5 <null> stloc.s V_5 ldsfld System.Collections.Generic.List`1<System.String> Program::List callvirt System.Collections.Generic.List`1/Enumerator<System.String> System.Collections.Generic.List`1<System.String>::GetEnumerator() stloc.2 <null> br IL_0130: ldloca.s V_2 ldloca.s V_2 call System.String System.Collections.Generic.List`1/Enumerator<System.String>::get_Current() stloc.0 <null> ldc.i4.6 <null> stloc.s V_5 ldsfld System.String Program::Workpath call System.Object Program::GETP(System.String) ldstr \ call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Object Microsoft.VisualBasic.CompilerServices.Operators::ConcatenateObject(System.Object,System.Object) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stloc.1 <null> ldc.i4.7 <null> stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.2 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_00CB: ldc.i4.s 13 ldc.i4.8 <null> stloc.s V_5 ldloc.1 <null> call System.Boolean System.IO.File::Exists(System.String) brtrue.s IL_00C9: br.s IL_0123 ldc.i4.s 9 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 10 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> br.s IL_0123: ldc.i4.s 19 ldc.i4.s 13 stloc.s V_5 ldc.i4.s 14 stloc.s V_5 ldloc.1 <null> ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.0 <null> ldelem.ref <null> call System.Byte[] Program::GetTheResource(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 15 stloc.s V_5 ldloc.0 <null> call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) ldsfld System.String Program::SPL ldc.i4.m1 <null> ldc.i4.0 <null> call System.String[] Microsoft.VisualBasic.Strings::Split(System.String,System.String,System.Int32,Microsoft.VisualBasic.CompareMethod) ldc.i4.1 <null> ldelem.ref <null> ldstr True ldc.i4.0 <null> call System.Int32 Microsoft.VisualBasic.CompilerServices.Operators::CompareString(System.String,System.String,System.Boolean) ldc.i4.0 <null> bne.un.s IL_0123: ldc.i4.s 19 ldc.i4.s 16 stloc.s V_5 ldloc.1 <null> call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 19 stloc.s V_5 call System.Void System.GC::Collect() ldc.i4.s 20 stloc.s V_5 ldloca.s V_2 call System.Boolean System.Collections.Generic.List`1/Enumerator<System.String>::MoveNext() brtrue IL_002D: ldloca.s V_2 ldloca.s V_2 constrained. System.Collections.Generic.List`1/Enumerator<System.String> callvirt System.Void System.IDisposable::Dispose() leave IL_01F8: ldloc.s V_4 ldloc.s V_4 br.s IL_0156: ldc.i4.0 ldloc.s V_4 ldc.i4.1 <null> add <null> ldc.i4.0 <null> stloc.s V_4 switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 ldloc.s V_5 stloc.s V_4 ldloc.3 <null> switch dnlib.DotNet.Emit.Instruction[] leave.s IL_01ED: ldc.i4 -2146828237 isinst System.Exception ldnull <null> cgt.un <null> ldloc.3 <null> ldc.i4.0 <null> cgt.un <null> and <null> ldloc.s V_4 ldc.i4.0 <null> ceq <null> and <null> endfilter <null> castclass System.Exception call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) leave.s IL_01B8: ldloc.s V_5 ldc.i4 -2146828237 call System.Exception Microsoft.VisualBasic.CompilerServices.ProjectData::CreateProjectError(System.Int32) throw <null> ldloc.s V_4 brfalse.s IL_0201: ret call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() ret <null> |
|
Name0 | Value |
|---|---|
| Mutex | ZK7g6OvRHf54xeb6 |
| CnC | adobe-cdn.duckdns.org |
| CnC | chelou.duckdns.org |
| CnC | mauvaise.duckdns.org |
| CnC | truesir.duckdns.org |
| Port | 8887 |
|
Config. Field0 | Value |
|---|---|
| ref_elem_0x0000000E | jusched.exe-=>True-=>False |
| ref_elem_0x00000016 | miner.exe-=>True-=>False |
| ref_elem_0x0000001E | update.exe-=>True-=>False |
| Workpath | %AppData% |
| SPL | -=> |
| Mutex | BW76c2DOTYAYOfAaj |
|
Config. Field0 | Value |
|---|---|
| Mutex | ZK7g6OvRHf54xeb6 |
| Hosts | adobe-cdn.duckdns.org,chelou.duckdns.org,mauvaise.duckdns.org,truesir.duckdns.org |
| Port | 8887 |
| KEY | goku92ad!! |
| USBNM | <Xwormmm> |
| LoggerPath | %Temp% |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| Mutex | ZK7g6OvRHf54xeb6 Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |
| CnC | adobe-cdn.duckdns.org Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |
| CnC | chelou.duckdns.org Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |
| CnC | mauvaise.duckdns.org Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |
| CnC | truesir.duckdns.org Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |
| Port | 8887 Malicious |
b7b0284b0a883b14741a4de2b99d0be6 > .Net Resources > qcqgamt.Resources > jusched.exe > jusched.exe [AES Decoded] |