Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | d038db0e1ca8658439a7d8d6581b0875
|
| Sha1 | 59c0aa82e2f96e36e2562b8e8aacc80d8d25faec
|
| Sha256 | 58262acb3762876961bfd9e207b8d034d43061b13490d426bb9e0d51b89b7706
|
| Sha384 | 4d6b296584fbfd80ffdc5719af69f30d4710ca9b1ca5bf9b0a0ab696ab5728716f27506c404c78879f074da4b19e5940
|
| Sha512 | 932b45bd64b43140f1149dd5ff1357ad61c3f4ccf2993be352b5eb7b0c071648c8afd77fb5d828b47bd8a5cbd1bdffcda6347fc3b5ca16de31e306d48714de4c
|
| SSDeep | 768:Zu5dPTdMOGbWUnDurmo2qrBKjPGaG6PIyzjbFgX3ioEIAnKvphGBDZrx:Zu5dPTdlh2oKTkDy3bCXS52XIdrx
|
| TLSH | 1C231B003BE8822BF2BE4F78ACF26145867AF2672603D64A1CC451D75613FC6DA526FD
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | alRhZkVWMlFtZERKZWNaNjNkUVlsdjFrRGpSZHY1bkM= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAImIrYznNNtiS1zp7CfehzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjE2MDkwMzQ4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJH398tAnQ+3IBXzWGo8cmU8iF09rTWxzPNbZ0h14ND0Gz95QRyjiLa/gTMWQ6pq0Hylt/7MkvTVkE9xLKIzr3+H1VxmIq3Qp1SXg8Z3kYhMrk16L+i+vOldAiOD8jQgAyfKIAnCySmLRuxOGTrBRKHGUg+FD9eCHBQU7I4CQ1xBH+HQp6BudSllpHMaZfie1wfyCEMnF8VAgS28TM7DnVUYIMjlibVqLrno/+09G7V9CAbnO5F84vzra8yxrvfxuefQmvxIFxWwmAy/T8EViYzERieq3G0DviED0k6RQJrKvve9cdfEnFxiSb7Zt0EyjHty7avvQC0wrusWqLfgoh0ITeqoffckVf+jUlrsYecwg9URCyFDOmXR5nCafSOSDzhFgrif6S6mX8iGgGAd9TstZuMG/OqV4vhyZ0T7BIWOUk6asaYX/SnKsUD5CEMxzlihW/IkcCgXeA1Y2izYnuPiaZgMNWSpR5Gt4qKXAA973sghPxqSq8rT0DnekkvrkLtyLCYOzXlNjU1RIWKnq3d+o0mHDwe/zSqOFcP3n5TwOgHaQ1XHUxlqGltKBB7yEg48/i3iDszct73QJy1/tNETuhMmLF0vDGR4FOx9idF8ro6XlCaQof7Z6P1dRQMumTUmyzK6cP9oPonfpvMLH+kuuJPQkNlvXbR6L6ZQsLLXAgMBAAGjMjAwMB0GA1UdDgQWBBQkYqaN3+b//MOfiAFr+/xLMqgLuzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB5vO176tUJGVXovf5UPCS/HsSjDYKeXu0bSRlUQf2dEdpLMg86TTAt5q5XpvnZZ9vfRiMwwlvvkVYCBXdv7UiisdiJGi9+Ze8Bgf6sDCNBlxop4k4Q11ClJ8f9FSzhaV7VolshUggknJ5NDwLunvolNPbhlAKt7R8ylDcI52Y2JIqHhVDxDxnKRrIaSDFHg714XPuUMPkSCfhEFZBiaz+Ov+bkpMPrUBaW84aNQlp1U5iTi7ZMgtFdm1kGSGHCs8GFEThCMK9oEum1s0IMcG2dKb8qxRlug87H4Ci4YsA2TZToe8xOkbcHWPFHW+0ECqRfiZf4q4jvvJ7/8q4bge8OvipKYb/lbp44We4d2Dg1LtRSHSk7uzywToLvoyFu50qYNGTJZ65Qc46hmtljpK4H6/guYtSlEjAVRyZERAK+oj/qDaJi22PQK0ZXgfX/l50DGot2KyP6A7MNy0WDtU3GcPUgsahDdp2CmTKIHNIRzN5twGguBbHphB9sf26l7h7xPKv1okPDsFKXYFRDR57Q7zLxdZjgRKS8vRXAJCodNsdlEMl8O1867+N6zGXzwnA5a0xUqocDDiQWTYFQmEw1SF73j8/P1CdYJZycKgdGB+k97ndDXq8wrw+ifhqAYntvV5vvs8tkn4hYPtyjQhuiCm9QcxSQJc4mcjzd/T5hwg== |
| ServerSignature | SgafwhXlWizUClTblqDBFbwSc1tCmP1cy8lJxu/lyOATs+Y6dsKCdSSQvz/cnDpYldiTNFmstYV8OWPNcze9r9YVOtONymj2hPVQxVrTLsrS1QLPbCEfIT4HrJPshNhywpuJn782arDi2fAr30H2nr1O9IjTERDZuH3dYafQPLkVA5MQO1l6XtFg1jnlKu2QLnWurlEL5U5/wO4ae2vLkvxtT+rJekX8tRODJ7PF5v6MjRz236DW4PKeKrVsPHewChzwqFuPOCs5pG4vBt1TTvlBvBYkpKveCDcPjqMlQAcf6vqi5cnR6Ar1Wfp8+/rI96bS//v091cdRivnDt8pzP/0VhlTMhViLmMP9bmyfB6PHSIizwmchO/c7jZcC/gm4Rdeq7+vFmaw1BaYmp6IBqF0mQsKhhyfprL9Sn7W6Qh69S+bcpGa5RyI86iJFSkD5UxEqXyBaIUnXveEA/HlSvRLpBQxf8v32080zzv10W3hTHoNY9ohu9kVD1lqxwMN8KBdNQapSnnf5gzuMSLYN710MgaaRs4C8R3Kuk4iJvIV7ggVn6B6v1ncPsf7tzv3ml2RdvmmhU7gcmrjIV44rTgTA4M15paLDZV9A/Jyko8hDyEWn4dnjY+B+wJGAC/cWeuoVOvjdmamWVkCm4FCcGBKxzcqhs9i |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Ports | 6606,7707,8808 |
| Mutex | Xdj1MGIDq4v1 |
| Version | 0.5.8 |
| Delay | 3 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | AsyncClient.exe |
| Full Name | AsyncClient.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AsyncClient.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | alRhZkVWMlFtZERKZWNaNjNkUVlsdjFrRGpSZHY1bkM= |
| Ports | 6606 |
| Ports | 7707 |
| Ports | 8808 |
| Mutex | Xdj1MGIDq4v1 |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | alRhZkVWMlFtZERKZWNaNjNkUVlsdjFrRGpSZHY1bkM= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAImIrYznNNtiS1zp7CfehzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjE2MDkwMzQ4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJH398tAnQ+3IBXzWGo8cmU8iF09rTWxzPNbZ0h14ND0Gz95QRyjiLa/gTMWQ6pq0Hylt/7MkvTVkE9xLKIzr3+H1VxmIq3Qp1SXg8Z3kYhMrk16L+i+vOldAiOD8jQgAyfKIAnCySmLRuxOGTrBRKHGUg+FD9eCHBQU7I4CQ1xBH+HQp6BudSllpHMaZfie1wfyCEMnF8VAgS28TM7DnVUYIMjlibVqLrno/+09G7V9CAbnO5F84vzra8yxrvfxuefQmvxIFxWwmAy/T8EViYzERieq3G0DviED0k6RQJrKvve9cdfEnFxiSb7Zt0EyjHty7avvQC0wrusWqLfgoh0ITeqoffckVf+jUlrsYecwg9URCyFDOmXR5nCafSOSDzhFgrif6S6mX8iGgGAd9TstZuMG/OqV4vhyZ0T7BIWOUk6asaYX/SnKsUD5CEMxzlihW/IkcCgXeA1Y2izYnuPiaZgMNWSpR5Gt4qKXAA973sghPxqSq8rT0DnekkvrkLtyLCYOzXlNjU1RIWKnq3d+o0mHDwe/zSqOFcP3n5TwOgHaQ1XHUxlqGltKBB7yEg48/i3iDszct73QJy1/tNETuhMmLF0vDGR4FOx9idF8ro6XlCaQof7Z6P1dRQMumTUmyzK6cP9oPonfpvMLH+kuuJPQkNlvXbR6L6ZQsLLXAgMBAAGjMjAwMB0GA1UdDgQWBBQkYqaN3+b//MOfiAFr+/xLMqgLuzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB5vO176tUJGVXovf5UPCS/HsSjDYKeXu0bSRlUQf2dEdpLMg86TTAt5q5XpvnZZ9vfRiMwwlvvkVYCBXdv7UiisdiJGi9+Ze8Bgf6sDCNBlxop4k4Q11ClJ8f9FSzhaV7VolshUggknJ5NDwLunvolNPbhlAKt7R8ylDcI52Y2JIqHhVDxDxnKRrIaSDFHg714XPuUMPkSCfhEFZBiaz+Ov+bkpMPrUBaW84aNQlp1U5iTi7ZMgtFdm1kGSGHCs8GFEThCMK9oEum1s0IMcG2dKb8qxRlug87H4Ci4YsA2TZToe8xOkbcHWPFHW+0ECqRfiZf4q4jvvJ7/8q4bge8OvipKYb/lbp44We4d2Dg1LtRSHSk7uzywToLvoyFu50qYNGTJZ65Qc46hmtljpK4H6/guYtSlEjAVRyZERAK+oj/qDaJi22PQK0ZXgfX/l50DGot2KyP6A7MNy0WDtU3GcPUgsahDdp2CmTKIHNIRzN5twGguBbHphB9sf26l7h7xPKv1okPDsFKXYFRDR57Q7zLxdZjgRKS8vRXAJCodNsdlEMl8O1867+N6zGXzwnA5a0xUqocDDiQWTYFQmEw1SF73j8/P1CdYJZycKgdGB+k97ndDXq8wrw+ifhqAYntvV5vvs8tkn4hYPtyjQhuiCm9QcxSQJc4mcjzd/T5hwg== |
| ServerSignature | SgafwhXlWizUClTblqDBFbwSc1tCmP1cy8lJxu/lyOATs+Y6dsKCdSSQvz/cnDpYldiTNFmstYV8OWPNcze9r9YVOtONymj2hPVQxVrTLsrS1QLPbCEfIT4HrJPshNhywpuJn782arDi2fAr30H2nr1O9IjTERDZuH3dYafQPLkVA5MQO1l6XtFg1jnlKu2QLnWurlEL5U5/wO4ae2vLkvxtT+rJekX8tRODJ7PF5v6MjRz236DW4PKeKrVsPHewChzwqFuPOCs5pG4vBt1TTvlBvBYkpKveCDcPjqMlQAcf6vqi5cnR6Ar1Wfp8+/rI96bS//v091cdRivnDt8pzP/0VhlTMhViLmMP9bmyfB6PHSIizwmchO/c7jZcC/gm4Rdeq7+vFmaw1BaYmp6IBqF0mQsKhhyfprL9Sn7W6Qh69S+bcpGa5RyI86iJFSkD5UxEqXyBaIUnXveEA/HlSvRLpBQxf8v32080zzv10W3hTHoNY9ohu9kVD1lqxwMN8KBdNQapSnnf5gzuMSLYN710MgaaRs4C8R3Kuk4iJvIV7ggVn6B6v1ncPsf7tzv3ml2RdvmmhU7gcmrjIV44rTgTA4M15paLDZV9A/Jyko8hDyEWn4dnjY+B+wJGAC/cWeuoVOvjdmamWVkCm4FCcGBKxzcqhs9i |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Ports | 6606,7707,8808 |
| Mutex | Xdj1MGIDq4v1 |
| Version | 0.5.8 |
| Delay | 3 |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | alRhZkVWMlFtZERKZWNaNjNkUVlsdjFrRGpSZHY1bkM= Malicious |
AsyncClient.exe |
| Ports | 6606 Malicious |
AsyncClient.exe |
| Ports | 7707 Malicious |
AsyncClient.exe |
| Ports | 8808 Malicious |
AsyncClient.exe |
| Mutex | Xdj1MGIDq4v1 Malicious |
AsyncClient.exe |