Malicious
Malicious

d2e06641c01116b6bbb87c3e82354f58

PE Executable
|
MD5: d2e06641c01116b6bbb87c3e82354f58
|
Size: 48.64 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d2e06641c01116b6bbb87c3e82354f58
Sha1
c2c871687fcb50f0ea69f1e43b83068b7a4b9096
Sha256
28bd8714ee4bf3a45af2c991d2f44e0ea8946306722c2ee67cac40e16d1885cf
Sha384
b27e530f4941a5b0fc94b78c894549a7fe9a6454ff7c8cf86a1f3af7f42d8ab6013b573e286593dbace151349e3843ae
Sha512
b12d327693e0d608c97d5c0aeae4c6b140030f50ed9bffc9bdb890b2f9e16c8fdbdaba68715b4e6c7efb9bbbc1c91f1bd00caf105cff0681aac423d2b644b1c4
SSDeep
768:Iuir1TUEFSuWUoV3kmo2qzRNZKi1Xi3NPIywoK0bw8XaZ7f9T5HxryJw0BDZox:Iuir1TUKP2uNViayHbzX4D9TpxmJvdox
TLSH
3C234C003BE9C12BF2BE4F78A8F36245857BF6676603D5491CC451971A23FC29642AFE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d2e06641c01116b6bbb87c3e82354f58
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

SDlycDhrTmM1RlQ5MlA0NjNoTjliU3dieURVemhHUmQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAPAaNwqvRcWScR6W6+G5FTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjE3MTkzNjI2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMQEHeEcQtPMZDDcVYDEvS1DB1D+U5F9PT6zAz4XfYkACxXiyaFz1qwrsXPj6sK8pK4FQtcrUP6Wz31ojlJSprRzJpGa+g+XuHLqWJrztlnFkqWD3osna0pRhwekyE9JH/LpUa4GhlHbDQMNXxUNf7DfqgJQbjAD//yKYN5mkPCa2TC/XHvBl7F7aZ3QPquu65OQuu8lAzy5v+bF9HBX14aP4BdEhsQ4z3HMpV3p0V858Gx54yBg78SXEi90y/qM4LLMGDfivK8UaH4w4RBgrtBikd2DTbOYpZR7t4ldULsCEQMNRcqlj14UlGnDdGcUTOfB+6d15fCc2zrjC2qITYuxuIHpqEeWD0cF5GGNqERjwYyxNZX7zghTYbHDCBttUfJJZmz1GYbfvn/IaqmkmLplV1a+mC2iBTsR/LFBxBUnp90k2aAHnepzJG2YnP1+jmP8pn5JymAXIM7uFuRAh/F0P3TD1djBuUPSvFJFvVlXlHW/g6Km41y7uQUHNijCx36nrYCEYHNwadEl73wVquNxvJPIUp0hucfeqXz81VmLDQlSEnPv6jlU0xRds4Mldhmb3TzaPbgNJ0MZSnRK6Z4hz0ZTi60cWTgfYixR2R0KaL2Vb3sZs+rQ5UzcnhU8BhCeN28r02xFoT7k/413KGngzMyu/g0OQaOhS+TTQLidAgMBAAGjMjAwMB0GA1UdDgQWBBTf6qA14ySAGqoJ7+LLhkmlPixd9TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQARU0d1iHX96X8a1A0qpSNEym4Etxv9049DBHusLNKUQlKpUh5MXfZsI+HyA9WusXTQka4M4NjaBrD2ZqqvPWDe/y8g+vod4jm3P0ACzaqPXrzP/Lp9nzSQ6uumwwsURL5iDCtOXs0iyNbc572p96daIElQUVfoVNzuv/5kjjLNOwn4v6f88rSkmUCo0C52iBcSGq4Oi9CB4ps1vpQ2kWt2m/jH9k1wOo1KwGj2vj2xhOK46nzoudurDS1HKbTIt5ZFoT4F9mjS+BNwy3UeNVMafmDjzgP6RVIADRPC84kS1p89Nsm9nrQqelItIM0mccMeZ/rEehB7tL66PuWGW+2pQFn6dK+Y0bYLFW1zpXx8D6ShyZ4sWFAxrhzknWRMzsdUY7MMCAKsvTXC1EJaywKRrzIjIi+s7XCa4QsDN8+eXjupXagrej4FT7piFUdc66xpLcXCbW2/a/4szx+IkxeP8PMcm4BQVys7JzsGOHNJ1NTwwA8jr1kmAJTPlJCJqnebwugTKHXqrF1/xU/oqw9fkbZGQRdA0l+xG3093yYb3qDUBdwLg/2UstSYZsdX/Y+SwpsYTC2pkhAJ5kUNK55JK0eSnyhq/LpeFEbTs51A4JODUYUwnGJDhxxN6yoUAoLe05Kt2pSptrHBiiJFzeQz8XoJK5svmVJcK8Gf7KOaWw==
ServerSignature

dYqKvZBQxwoc4oExnPB20Dzs7F9Zx4EohdbjZs8hC/ysvKUaI+QxmEoQnjGzPcSesDCMsIZJzcruP9mg8/elq70Gy8PbGSUfaiFSRtmsS5pwyU4X+98lXxr7HMynY+e68gFNDY37AFoZhghPoz/1EbAeSHv7Dj1Wv0dAXwOvWHtjPvjo2xtmFV3wzd4oPXHKiUkc/6u3pA4+8FatfEUXJZzB5fZugNnHCg1BXve98GL7NltJiCWWrCynY/CHYaLPEPV1f8k6ovWAHUDLt6Xptp7GkfGQPU0UvV6mvjtd34FzNoimPiflF/pdliS2I4wU1MacRkwGFBg5HGg18lqQrw6qXr1jHMi9CTecWo8cCl6SR9jHV6H8leSb4pra128JwRBgatWW/paemZTFn4qwO8tUGd6icfZaz/AC7Qrt/MH9Y3yxByDLctjHHcOYXPmPPU5kLKJjInFQLyF8vUEorBwP9dyOwZnnd28H1u1e0He4LhDmcEPb9O08OydchAeKkm7Ic6ilIoyJ6hfqqEvNIxRmhI/GTKMO9DUnfFar6u1RJSFRqp7hLxKX8jcC4cqWsGVCKhRXiekRuMfh6cLXtNgVzOuarrbhDO7K1m5wX0xLUGtzgiFQjpb6Hur3455qzXpqMvjDJSeusPsx3xlFmP+2bMdy6hso
Install

false
BDOS

false
Anti-VM

false
Install File

svopkf.exe
Install-Folder

%AppData%
Hosts

196.251.107.104
Ports

6606,7707,8808
Mutex

oCRV0EJhzwGf
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

OyetuzncsiPIvBY
Full Name

OyetuzncsiPIvBY
EntryPoint

System.Void hzlhcdyMdpGx.rDcWLIhvafIDAocQ::Main()
Scope Name

OyetuzncsiPIvBY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void hzlhcdyMdpGx.rDcWLIhvafIDAocQ::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::NoTshNArzEethfe call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean hzlhcdyMdpGx.sAbwgPwfPJTxVPw::ndlsGalGxQtP() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean ZFFAThpWuRj.zLCFVuKzGgK::NqTyrAPYFnHRafN() brtrue IL_0043: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::EPLHafGpIykDLfe ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::EPLHafGpIykDLfe call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::kRBNARzGajp call System.Void ZFFAThpWuRj.nJCpJBOxrb::cFUDeDvwPB() ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::kRBNARzGajp call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::MfLZmwNebLExV call System.Void WAvpqrrbJue.UmtxVkkZQwRYwaov::NxlSlSPaFPcrXh() ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::MfLZmwNebLExV call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() call System.Boolean ZFFAThpWuRj.jwazPuTHQFBabP::JQRccEMKncBkKbsF() brfalse IL_0089: call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() call System.Void ZFFAThpWuRj.xACAhziPJVUGZ::GUpTwcDCfKmKxQH() call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean acDFBumvtH.ihQBBQHiuQ::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void acDFBumvtH.ihQBBQHiuQ::LWRatshRgdDd() call System.Void acDFBumvtH.ihQBBQHiuQ::lmoCryOtKvk() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

OyetuzncsiPIvBY
Full Name

OyetuzncsiPIvBY
EntryPoint

System.Void hzlhcdyMdpGx.rDcWLIhvafIDAocQ::Main()
Scope Name

OyetuzncsiPIvBY
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void hzlhcdyMdpGx.rDcWLIhvafIDAocQ::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::NoTshNArzEethfe call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean hzlhcdyMdpGx.sAbwgPwfPJTxVPw::ndlsGalGxQtP() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean ZFFAThpWuRj.zLCFVuKzGgK::NqTyrAPYFnHRafN() brtrue IL_0043: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::EPLHafGpIykDLfe ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::EPLHafGpIykDLfe call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::kRBNARzGajp call System.Void ZFFAThpWuRj.nJCpJBOxrb::cFUDeDvwPB() ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::kRBNARzGajp call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::MfLZmwNebLExV call System.Void WAvpqrrbJue.UmtxVkkZQwRYwaov::NxlSlSPaFPcrXh() ldsfld System.String hzlhcdyMdpGx.sAbwgPwfPJTxVPw::MfLZmwNebLExV call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() call System.Boolean ZFFAThpWuRj.jwazPuTHQFBabP::JQRccEMKncBkKbsF() brfalse IL_0089: call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() call System.Void ZFFAThpWuRj.xACAhziPJVUGZ::GUpTwcDCfKmKxQH() call System.Void ZFFAThpWuRj.jwazPuTHQFBabP::NjnASLLcSiSQmE() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean acDFBumvtH.ihQBBQHiuQ::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void acDFBumvtH.ihQBBQHiuQ::LWRatshRgdDd() call System.Void acDFBumvtH.ihQBBQHiuQ::lmoCryOtKvk() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

SDlycDhrTmM1RlQ5MlA0NjNoTjliU3dieURVemhHUmQ=
CnC

196.251.107.104
Ports

6606
Ports

7707
Ports

8808
Mutex

oCRV0EJhzwGf
d2e06641c01116b6bbb87c3e82354f58 (48.64 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙