Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | d5667f11cdbbf53c3ae6ac100e99c65f
|
| Sha1 | 75e50a8d5aaae7fd784a64535b08d7cd8118521a
|
| Sha256 | f72a106408280d830c8c93d68dd82b281f605d17e571b8994d905272b3ea6c35
|
| Sha384 | 4474d6b671bae48bac4dfa26e755cca263e2cc85d038bfbfef1450e2b6a04e96a526942da53f36c87b667e85aa9a25f1
|
| Sha512 | 1e7d71a469a8b6b01a5ea211520eca040fc02750ae0089ceb3ac383d0ea5ae43f8b3600c8d18d64f618772b583a4c205d0c820cb52803e2fda236a2d41eca40c
|
| SSDeep | 384:MzycN89KiOVRgGaqA5YyVvn2xH/lX4Sel7GrAF+rMRTyN/0L+EcoinblneHQM3ef:Ey2Jxy5zVv2RRle1GrM+rMRa8NuYot
|
| TLSH | 13030A4D7FE18168C9FD157B06B2E41207BAE04B6E23D90E8EF5649A37636C18F50AF1
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | formul34a.exe |
| cnc_host [HH] | need-strengthening.gl.at.ply.gg |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 50048 |
| reg_key [RG] | 2d944bc2451e9b948f4213a9b68684bd |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 512 |
| victim_name [VN] | Сосо владик |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | False |
|
Name0 | Value |
|---|---|
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Port | 50048 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | False |
| directory [DR] | TEMP |
| executable_name [EXE] | formul34a.exe |
| cnc_host [HH] | need-strengthening.gl.at.ply.gg |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 50048 |
| reg_key [RG] | 2d944bc2451e9b948f4213a9b68684bd |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 512 |
| victim_name [VN] | Сосо владик |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | True |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | False |
| usbx [usbx] | svchost.exe |
| task [task] | False |
|
Name0 | Value | Location |
|---|---|---|
| Port | 50048 Malicious |
d5667f11cdbbf53c3ae6ac100e99c65f |