Suspicious
Suspect

ccdf262a24d224f28c6754bc5f5881d0

PE Executable
|
MD5: ccdf262a24d224f28c6754bc5f5881d0
|
Size: 445.95 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very low

Hash
 Hash Value
MD5
ccdf262a24d224f28c6754bc5f5881d0
Sha1
a0a0b279b0ab0836179c074e3a372ec8b4082e10
Sha256
009257c4f91cf9e3a7fc81a41f0d1ab7c22c3434fdc109c85efa89131042a367
Sha384
3fece7234e96d5b896fca65a6d276c534a59b63ef8863d0a10962ace0180b3a9c14fc9f20434f1b6da916c1ca33e9b79
Sha512
7a3865d923344fd29a0577d80603360d190c7365101414d2cd6b066b2b89648e6520ba39e04f5c348a63ca6952378016f8a4c2d8f043ff9e1da254328dd77443
SSDeep
6144:LBvMVBUrg/me95dM2MR1sy9tBi3UWI6iwk+uG+b:LpMDUrgeeHCv1sy9tX6wG
TLSH
24948CD3E583C065E9DE0CB1223291FC51176D5316128B63D1BBB33626AD58C3B2F6AB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
ccdf262a24d224f28c6754bc5f5881d0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
ID:0002
ID:0
ID:0-preview.png
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
ID:0009
ID:0
ID:000A
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
lhlmsj.Resources
XClient.bat
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Phantom.exe
Full Name

Phantom.exe
EntryPoint

System.Void Program::Main()
Scope Name

Phantom.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Phantom
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

18
Main Method

System.Void Program::Main()
Main IL Instruction Count

37
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Void Program::RunBotKiller() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_0065: leave.s IL_0075 ldloc.0 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0075: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0075: ldnull ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
Module Name

Phantom.exe
Full Name

Phantom.exe
EntryPoint

System.Void Program::Main()
Scope Name

Phantom.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Phantom
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

18
Main Method

System.Void Program::Main()
Main IL Instruction Count

37
Main IL

ldc.i4 2000 call System.Void System.Threading.Thread::Sleep(System.Int32) call System.Boolean Program::CreateMutex() brtrue.s IL_001B: call System.Void Program::RunBotKiller() call System.Int32 System.Environment::get_ExitCode() call System.Void System.Environment::Exit(System.Int32) call System.Void Program::RunBotKiller() call My.MyComputer My.MyProject::get_Computer() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) stloc.0 <null> ldloc.0 <null> ldstr ShowSuperHidden callvirt System.Object Microsoft.Win32.RegistryKey::GetValue(System.String) ldc.i4.1 <null> box System.Int32 ldc.i4.0 <null> call System.Boolean Microsoft.VisualBasic.CompilerServices.Operators::ConditionalCompareObjectEqual(System.Object,System.Object,System.Boolean) brfalse.s IL_0065: leave.s IL_0075 ldloc.0 <null> ldstr ShowSuperHidden ldc.i4.0 <null> box System.Int32 callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0075: ldnull dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.1 <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0075: ldnull ldnull <null> call System.Object Program::WorkF(System.Object) pop <null> ret <null>
ccdf262a24d224f28c6754bc5f5881d0 (445.95 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙