Symbol Ofbuscation Score
Hash | Hash Value |
---|---|
MD5 | b8b72fe838b238a72363d3a29112527b
|
Sha1 | d825aa7f1a3c3e3e3d5ae7f5ffbb3d52ac36361d
|
Sha256 | cd487892d68ffb985dcbaa538b42c9caf287dbd855289a7d40086593040b1ee9
|
Sha384 | 6751f0b4b9a7056b8cfcb91d852a5ed937fe0ded0201b22eb99b0d307f75864e36ecb8047c4fe6b89746e6e184191615
|
Sha512 | 216d088117a517c61f7cc84531755e66a3615c7a8dfd5c2eb227ca52c5596e0022503f656d107c3170d2463b962d94fae96909c0420c73badf75e01cbfb25d22
|
SSDeep | 384:ImOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3X:eFdGdkrgYRwWS0rM+rMRa8NuynRt
|
TLSH | C9032A4D7FE181A8C5FD067B05B2D41207BAE04B6A23DD0E8EE564EA37636C58B50AF1
|
PeID
Config. Field0 | Value |
---|---|
packet_size [b] | 5121 |
BD [BD] | False |
directory [DR] | TEMP |
executable_name [EXE] | server.exe |
cnc_host [HH] | 7.tcp.eu.ngrok.io |
is_dir_defined [Idr] | False |
is_startup_folder [IsF] | False |
is_user_reg [Isu] | False |
NH [NH] | 0 |
cnc_port [P] | 11722 |
reg_key [RG] | 5ea644e2b30c6c768b367536b63e23ad |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
sizk | 20 |
victim_name [VN] | HacKed |
version [VR] | im523 |
splitter [Y] | |'|'| |
HD | False |
anti [anti] | Exsample.exe |
anti2 [anti2] | False |
usb [usb] | False |
usbx [usbx] | svchost.exe |
task [task] | False |
Name0 | Value |
---|---|
Module Name | w.exe |
Full Name | w.exe |
EntryPoint | System.Void w.A::main() |
Scope Name | w.exe |
Scope Type | ModuleDef |
Kind | Windows |
Runtime Version | v2.0.50727 |
Tables Header Version | 512 |
WinMD Version | <null> |
Assembly Name | w |
Assembly Version | 0.0.0.0 |
Assembly Culture | <null> |
Has PublicKey | False |
PublicKey Token | <null> |
Target Framework | <null> |
Total Strings | 338 |
Main Method | System.Void w.A::main() |
Main IL Instruction Count | 5 |
Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
Module Name | w.exe |
Full Name | w.exe |
EntryPoint | System.Void w.A::main() |
Scope Name | w.exe |
Scope Type | ModuleDef |
Kind | Windows |
Runtime Version | v2.0.50727 |
Tables Header Version | 512 |
WinMD Version | <null> |
Assembly Name | w |
Assembly Version | 0.0.0.0 |
Assembly Culture | <null> |
Has PublicKey | False |
PublicKey Token | <null> |
Target Framework | <null> |
Total Strings | 338 |
Main Method | System.Void w.A::main() |
Main IL Instruction Count | 5 |
Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
Name0 | Value |
---|---|
Port | 11722 |
Embedded Resources | 0 |
Suspicious Type Names (1-2 chars) | 3 |
Config. Field0 | Value |
---|---|
packet_size [b] | 5121 |
BD [BD] | False |
directory [DR] | TEMP |
executable_name [EXE] | server.exe |
cnc_host [HH] | 7.tcp.eu.ngrok.io |
is_dir_defined [Idr] | False |
is_startup_folder [IsF] | False |
is_user_reg [Isu] | False |
NH [NH] | 0 |
cnc_port [P] | 11722 |
reg_key [RG] | 5ea644e2b30c6c768b367536b63e23ad |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
sizk | 20 |
victim_name [VN] | HacKed |
version [VR] | im523 |
splitter [Y] | |'|'| |
HD | False |
anti [anti] | Exsample.exe |
anti2 [anti2] | False |
usb [usb] | False |
usbx [usbx] | svchost.exe |
task [task] | False |
Name0 | Value | Location |
---|---|---|
Port | 11722 Malicious |
b8b72fe838b238a72363d3a29112527b |
Embedded Resources | 0 |
b8b72fe838b238a72363d3a29112527b |
Suspicious Type Names (1-2 chars) | 3 |
b8b72fe838b238a72363d3a29112527b |