Malicious
Malicious

c3da87b2517d8f0cc6eb4cde81e8522f

PE Executable
|
MD5: c3da87b2517d8f0cc6eb4cde81e8522f
|
Size: 47.1 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
c3da87b2517d8f0cc6eb4cde81e8522f
Sha1
cea7776003c186c0ad57596bc8028666d523abcc
Sha256
99365cd4f6647464e6d27ce33330417f3df3cff023bc3e758b2176c32a61107c
Sha384
7d34ea33bdd3fb3092eb6058e4a1e0bdabe7cbc9219b5fdb1255ed288ff41e797ff0583590588b864789fd2fced0db61
Sha512
69fee03a7de149b6675b408914f37fceadb5aa8c916981d3fb165155b33ab46d9eec640d4b9a5d70b77be8322cf9392bd84575d2eb3ebf0d8d28a2cbf429e143
SSDeep
768:ZuIXdTYEXlTWU/+qhmo2qbqGQmQ+LdX7cvPIVYzjbkgX3i93rwtZNTHhfcOKNFz8:ZuIXdTYUN2Ag2lYoVY3brXS93rwtDTHl
TLSH
01233B003BE98127F2BE4F78ADF22145467AF5633613D65E1CC4519B1613FC68A82AFE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c3da87b2517d8f0cc6eb4cde81e8522f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

akF3djNHV0tsTWtlNWJEdGdiUVJuRHRGRmdhMTRFSVc=
Pastebin

-
Certificate

MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFwXjs8+Tjb6rGW2uRjpX92Pyhjh8LBpkQ8ZVWmHgnrg6rG0F60rBKz4ew8WXbKcUo3Q+oz/td4gqFQDlhw1kKoLeUmr+9QKyInnm/2UOlpU4DY3Vpgw9RKXcNYyUemiFybYORXhX5itphsOy7VNGbmDGcokwXemsR8Dxtx/fxqxdTSIJt2+bnMbPPCL05l7xkOyVQMnLIGcsDBoQXotDfeKlpluqyut2YjHGluh/uIUb/c37ZW17RCI+CtrNRGQjB8ErSBSWGtlxKh6a7DtgUD3Ixy87tueEKyeiHIjKNGM2DeeYpPp94vQ1L9omOqV6XBPRIlE8dZG2wIEh9U7nAbyILI5CsDNK3ZKIo9rFYVDCqRpjSpDW6EE3X+megquYTgBmYwz0wc3Nm7DyXpYWw9M6ubgwJOY4IuNEV3JNHsxHdX457CHJ1B3pvyDSRoD4GGQWzFrod/rSdbc6h0Znk520NtZ7qkP+AA3KumXQoREuIENMqFyEeb4jAL/o+NLZJ2s25y37AhIULalSXUWRpFFN4afCogVBX2Lq5fTnARunBy+iM0cTCITKg1PzdagOzpIYZ1301QYewT1wIDAQABozIwMDAdBgNVHQ4EFgQUwIO7jdsbGYhuyUURLCnL8u8aCiswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAPXoIXK5CvTxz3g1MuFheFwcA6CSzDoKFPW4zVdDtZTjVtAd9wnPaH7HpQXLwpPUb3WM8iEX/zgdze8q36+IWIv7LOpMKCDr3+dyeR5dyuSF0HNggANxw64nb8ggfquNYXofQDR8B2fp/c1iXT3NQcZ4CsM37nMLyvKC7n2hWWArrhshFMKZ/AnT+3r996JaT0BopXowQsSIzBNFez3KrBQ2fKj8HuJPZ3VJKnAH+sUBvTup/5qk5+aijalDJU/APvTFLKBom0ifAqZoYgwI/B9H0mEO7qYXokEVtEPX9LS41ALFQl/naWldHpnhmMgpN3Y30HgI+CJIyUxR9k7f0AIYXdGHdXeqc+MhZa25H+ESwSwI7N7FMyxkdzkikWAXIYoKK3o1mdb9+0s1/CstbjWs8QAzUYmZTb1vUAg9tUMhL2LqaWlpnzOOXdQUhRqk1JuYoBAvlesZ5qsgrZxzaQtDZ7hq6oWsqdDScXGUt7SrPvtXFjFXHjdCrfVHISH0RcEsmaSSV6+cjvcSZe3gb/t5lfjmaDMgWvlIHtKONjneUbCKzoYY2OHU/gy4DkWdt4q8SX1a0jLYXkYr7KPKFaDR/oc85PRUsCKg/vhCtRIbTAJ1CCf0RCk61CuONfs18uIvo08JwHJgWVwN/1lq94mdsEzo1SPA5
ServerSignature

HFHvVqxG43tNTopjRzIsEVxJwT7BJaEv3uKgKdHuD77yXl3WZxHMXD0dtGzx7YYSCW9wDXZqfewaVQvOYJw439fwfnPT2ZnMXy3JlHcasz0pfHBWuIMBvPGAQLLIUH0h1+i8J7CL3WBGnH3kqXeG+fVbA+0e1tnYIQSZr7XyzGcgvYy75cm2DrRc8RtIH9h6S5LaLkmX4cJ8iVwtQtNU0Pa0uWf4X1lJvGjojtMf50fOR7h3bsbhxA7GC89b1GBipd7u+TvxkV+Hygbf8d/aMFMfAzEPKmp2eXvcJAHF913jsaqmAkzLyFhOpPhhtNilEXfHjJCEqUuJe+I5184Vb9FVKfpfejJiBIVhMnR8vNRlvDySJ9qtSLJxpTvgGjchquv+Jnl18mrTgDy7pW/0I7t7+SaGtWr+jkSLKPX6M5KEwFbPbQsjlRoRFpQZLYCtGXTtiwAOJ8cKtZFTqY7hz3XUXsywq5127qgkUYlbG23eCasB5cEbd8jox2i8xdEBnknH7uLV0wyXELtVDZLTNAPRZS9kVN5RWuZVYMHg5n2kIrxlHGTdvkRlqmVIQqy+rW2N61klJk3FcGdVgrYmS9lOk0hJ8f7wSM8JalF3y4U2jCmJZgwlH908cDeVsTxJrF7i+3asBfSz/huAxGfvLJICRWnq3gMz
Install

true
BDOS

false
Anti-VM

false
Install File

ADGLotteryClient.exe
Install-Folder

%AppData%
Ports

80,443,5555,6606,8000,8080,8443
Mutex

4U1zn1NWzPVw
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

ADGLotteryClient.exe
Full Name

ADGLotteryClient.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ADGLotteryClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ADGLotteryClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

ADGLotteryClient.exe
Full Name

ADGLotteryClient.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

ADGLotteryClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ADGLotteryClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

akF3djNHV0tsTWtlNWJEdGdiUVJuRHRGRmdhMTRFSVc=
Ports

80
Ports

443
Ports

5555
Ports

6606
Ports

8000
Ports

8080
Ports

8443
Mutex

4U1zn1NWzPVw
c3da87b2517d8f0cc6eb4cde81e8522f (47.1 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙