Malicious
Malicious

e2c774b042972a5743d5a85987ba2fdf

PE Executable
MD5: e2c774b042972a5743d5a85987ba2fdf
Size: 47.1 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
e2c774b042972a5743d5a85987ba2fdf
Sha1
49b3c4b87d7343d1863bc03d66e43061c4c2c916
Sha256
5ea18c043cab9c3b175789bac804573f11c984e3625a54a2f452a3d3383527f1
Sha384
75df84733985a66fa899878b936d8849a6904355594d05dfc7687e811c636370a504258045477a48f338704c5dc96e2c
Sha512
9d59838bde392e9c0dc2fe7dc36694ccdc8fbcd17cb5f284b0292c6a166ffaf6f3e2a3f9a1b52654bac18f7ac11fe4004a14000c83c8a9159954c7e83db54008
SSDeep
768:YCq/z5bX/wPLsekOicvHk3eHlWMPbPgF0qVM7UuxW1DyJsPNYI6OC22tYcFmVc6K:YC7seXvZH0ub4FrVMIux6P76O7KmVcl
TLSH
47233B003BE98126E2BE5F78ACF1614187B6E6633603D65E3CC841D75B137C6CA52AF6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e2c774b042972a5743d5a85987ba2fdf
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ZnhlaHRtS0YxeElxa09UWUJmZ2dKbVFkdEJVRWc0Q2U=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

ZWxZ/L+O1jG8HhBzMOywdrSrg+vrD02Qzpi/rJxmZYyEupQ/iLCyFAJk+VTnlqjDX1KzIzJmQcmqqr/B+wiww6EAnm4w7GOvcO7vh0OLFZmPPpdxkaFR1m+tfmOUXQAQvaleCpc9wCf2LQrDZuNamFF5hYb0IbAb5Vy/4op8S+Kx2G/HfZot0Qy/HDsJgBTbmnqUzzcite3VkzK9Rhpp0FHUztZ397MF3qD5R0puyRJ0v3DeukvkYZu3zJAbKrIQ8s6jvOc1k6ADGmBZWMAy6g68k8kOKNb9amkI0eoJpgv0p8yVdsq8kMo1aEFqjWH/vIafpsgYk2ORMU6Er83cciI6Z0zlo4ovgiTCUSGzCRjPBToC1P2FDbGQBaYpCjJ/nLFHqRm4p5200pw2sB9l5s7SOCHtRmVhBK77iSFCaoEiAznf3EUW3rTFZ4Qol3uY8k0IGGpVhnl0g+Xtkl8yKKDG/OPC5ErjdRHcJjSSlAV6wiBtwmWMSMS04SxR3AcQSRLUHdmnhZLZa/pJYX+L4mkzrh2nwbHwtAT6vyDoRK0S2M9N3VgORkqV/4zMppSIz4LmyWWiikyvzfUt4aDXt0vrcMy2MBHlJYmJAkLblx0VaKwSXUqGBpupfp3JHkpcyvkD6nNSHyu9uX0UQUdIefrlPFlNLu+F+uOJjBmU4AE=
Install

false
BDOS

false
Anti-VM

false
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

baostar.pro
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

ZnhlaHRtS0YxeElxa09UWUJmZ2dKbVFkdEJVRWc0Q2U=
CnC

baostar.pro
Ports

80
Ports

443
Ports

6606
Ports

7707
Ports

8080
Ports

8808
Mutex

mestizo.co.com
e2c774b042972a5743d5a85987ba2fdf (47.1 KB)
File Structure
e2c774b042972a5743d5a85987ba2fdf
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ZnhlaHRtS0YxeElxa09UWUJmZ2dKbVFkdEJVRWc0Q2U=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

ZWxZ/L+O1jG8HhBzMOywdrSrg+vrD02Qzpi/rJxmZYyEupQ/iLCyFAJk+VTnlqjDX1KzIzJmQcmqqr/B+wiww6EAnm4w7GOvcO7vh0OLFZmPPpdxkaFR1m+tfmOUXQAQvaleCpc9wCf2LQrDZuNamFF5hYb0IbAb5Vy/4op8S+Kx2G/HfZot0Qy/HDsJgBTbmnqUzzcite3VkzK9Rhpp0FHUztZ397MF3qD5R0puyRJ0v3DeukvkYZu3zJAbKrIQ8s6jvOc1k6ADGmBZWMAy6g68k8kOKNb9amkI0eoJpgv0p8yVdsq8kMo1aEFqjWH/vIafpsgYk2ORMU6Er83cciI6Z0zlo4ovgiTCUSGzCRjPBToC1P2FDbGQBaYpCjJ/nLFHqRm4p5200pw2sB9l5s7SOCHtRmVhBK77iSFCaoEiAznf3EUW3rTFZ4Qol3uY8k0IGGpVhnl0g+Xtkl8yKKDG/OPC5ErjdRHcJjSSlAV6wiBtwmWMSMS04SxR3AcQSRLUHdmnhZLZa/pJYX+L4mkzrh2nwbHwtAT6vyDoRK0S2M9N3VgORkqV/4zMppSIz4LmyWWiikyvzfUt4aDXt0vrcMy2MBHlJYmJAkLblx0VaKwSXUqGBpupfp3JHkpcyvkD6nNSHyu9uX0UQUdIefrlPFlNLu+F+uOJjBmU4AE=
Install

false
BDOS

false
Anti-VM

false
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

baostar.pro
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Artefacts
Name
 Value Location
Key (AES_256)

ZnhlaHRtS0YxeElxa09UWUJmZ2dKbVFkdEJVRWc0Q2U=

Malicious

e2c774b042972a5743d5a85987ba2fdf
CnC

baostar.pro

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

80

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

443

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

6606

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

7707

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

8080

Malicious

e2c774b042972a5743d5a85987ba2fdf
Ports

8808

Malicious

e2c774b042972a5743d5a85987ba2fdf
Mutex

mestizo.co.com

Malicious

e2c774b042972a5743d5a85987ba2fdf
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙