Suspicious
Suspect

b92320cdab8a02dfd609afde785ce743

PE Executable
|
MD5: b92320cdab8a02dfd609afde785ce743
|
Size: 36.86 KB
|
application/x-dosexec

Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
b92320cdab8a02dfd609afde785ce743
Sha1
a2e3c85558bd2fa59d961b928786272fa8b0cb58
Sha256
0106fe54cfba5d7d45142717531034bf72c057ccd97e289fe04399f4a83ac181
Sha384
a5d872f34b84772c5b9861c6b831a8e9bdf2e1f5657974b9b5757341029502d795aa369f1332c5716aa44a52d7b0c2ce
Sha512
9c3418e85e4960a3688331a88b665979ccf95dbbdaad771eba6a3fbc217838fdb77aff2ae2fb036887386afaf1f4b6e889faac38361a87cd7d49d6fa98a47f68
SSDeep
768:n8LV2JektxVbm0i3Y1RBjdH8DNoEZGT1Cv9vhbhx:GVEnLC7o1vSDNoBO9vF
TLSH
C2F2BF21A7F90663CBED0B731870BA4203B5EA1A6E53AF1E64D9E16D1E721D083437F1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b92320cdab8a02dfd609afde785ce743
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yvbpbacbzqrdl.Resources
BotKiller.exe
XClient.exe
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

XBinderOutput.exe
Full Name

XBinderOutput.exe
EntryPoint

System.Void Program::Main()
Scope Name

XBinderOutput.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XBinderOutput
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

23
Main Method

System.Void Program::Main()
Main IL Instruction Count

37
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Void Program::RunBotKiller() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_0065: leave.s IL_0075 ldloc.0 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0075: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0075: ldnull ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
Module Name

XBinderOutput.exe
Full Name

XBinderOutput.exe
EntryPoint

System.Void Program::Main()
Scope Name

XBinderOutput.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XBinderOutput
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

23
Main Method

System.Void Program::Main()
Main IL Instruction Count

37
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Void Program::RunBotKiller() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_0065: leave.s IL_0075 ldloc.0 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0075: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0075: ldnull ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
b92320cdab8a02dfd609afde785ce743 (36.86 KB)
File Structure
b92320cdab8a02dfd609afde785ce743
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
yvbpbacbzqrdl.Resources
BotKiller.exe
XClient.exe
Characteristics
No malware configuration were found at this point.
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙