e835e628e0f8377badfed5cb7fc3e6b3
PE Executable | MD5: e835e628e0f8377badfed5cb7fc3e6b3 | Size: 646.66 KB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | e835e628e0f8377badfed5cb7fc3e6b3
|
| Sha1 | c8b29f38ac1a121ef79b4eebd120ff76185eb04a
|
| Sha256 | 102b0010ff82572936b26dda6f3f9c13d61386f653c1759036b3d5258ad086ec
|
| Sha384 | 83f6b8d3bd922b47e7edd745ed012e4b940530775ca4f006339550234e65ced2f2dff5e3f6cc9918dd5431c57d5561c8
|
| Sha512 | ca3ca2633811a8eb84a5325a1b8b622223526ead38aa0b9adee04de921f5d60a9954d7ee4df7de84880fb1169311d8a9627f3def3f8a4b8ea038c6b8d18187f1
|
| SSDeep | 12288:EPRb90ASjkqjVnl36ud0zR/6CtQ9PUHIG8Dl8gSD+37PWY1Y1+f7LfNT2X3Yp/66:EJ9QjkqjVnlqud+/2P+AlUDcPt1aKFKs
|
| TLSH | CED4022037FD8147E1BF6AB999F122006675F663A523EB4C1C4462BD4533781E9D23BA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | ziQvlT0dbqFZmClWJjq3L41Iy4tHrwAWuSmbQiVzIkam8gmRsYcaNv8tf/IX1kMjlrJ0sTXeaEySXlZzUfxwfQ== |
| Port | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
| Host | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
| ReconnectDelay | 3000 |
| Key | oovmzObUflrmQ1aSXb92NO9Islmj3Ki9jVc2BqHY+49Ua2QK+c6kzf2keIPJC8GcfI0qrt1xEL5sFYggt7Zxmg== |
| SubDirectory | KapW/rW/1APwyXXQhGpcV0+PnDCK/4q04doSKV/ezpzwKR6m8kWuDybAKeF4VQ2cMtX2GwBiFQuQ6yBasAOuSQ== |
| InstallName | 1 |
| Install | 1 |
| Startup | 67Cywgt0qGVA4BDyCjVpO407L6d0c6Rf/dJ/P8tbkBFzFidfJTCfG+OaaZ5KNduPVaZoVWwgW5ztKHVCasXSZFhD5KMzusQv/uvqq/mMA/3ww3Tg/Lb1MGVizZRJy2Ju |
| Mutex | /Ph+Fm3JUqsxmh31FdeDospFYLCpvyLk/escWOxN72IynEJ9BLcdk4ex3SJuw5EYbAtvOrTrpk50i0U447Dx4l0yIVt8az7uRpfViKXI4Ls= |
| StartupKey | 0 |
| HideFile | 1 |
| EnableLogger | D9FA0EA682B5E53C1FCAD5EDFC64B89FBFD468DA |
| EncryptionKey | X1m+bq2yu0uRDCqj/jaFQd1OhUoF8xPtVJPbnXYLI/oA65MgWfDTjcKDXxlR5r/16IQ0jEMvFISoAk2smhILPw== |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::Main() |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 613 |
| Main Method | System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::Main() |
| Main IL Instruction Count | 21 |
| Main IL | call System.Boolean ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::ᇜ飭늛䠲Ћ恀辢เ뭺溪䭝싑㽸⏧ᅱ⩪釃̇() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::�덬ⷲ探奨�㈰檱籐뺑홠帓ꎾ⫭栟큝卿⽶ᢌ(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::졺剠샫绤ﭪ偊胳㚊邰છ䐫궕㴺踰絵撕詷䝌(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 쇥衾㷅퐎톭鹁潛㢵渠䨋쫟�疞ெ綜몈::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client |
| Full Name | Client |
| EntryPoint | System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::Main() |
| Scope Name | Client |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 613 |
| Main Method | System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::Main() |
| Main IL Instruction Count | 21 |
| Main IL | call System.Boolean ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::ᇜ飭늛䠲Ћ恀辢เ뭺溪䭝싑㽸⏧ᅱ⩪釃̇() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::�덬ⷲ探奨�㈰檱籐뺑홠帓ꎾ⫭栟큝卿⽶ᢌ(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ൄ茓卉昴ἦꓴಝꯖ╖㵊㭇钶ꦄ䥙⃓爺::졺剠샫绤ﭪ偊胳㚊邰છ䐫궕㴺踰絵撕詷䝌(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 쇥衾㷅퐎톭鹁潛㢵渠䨋쫟�疞ெ綜몈::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
|
Name0 | Value |
|---|---|
| CnC | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
| Port | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | ziQvlT0dbqFZmClWJjq3L41Iy4tHrwAWuSmbQiVzIkam8gmRsYcaNv8tf/IX1kMjlrJ0sTXeaEySXlZzUfxwfQ== |
| Port | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
| Host | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= |
| ReconnectDelay | 3000 |
| Key | oovmzObUflrmQ1aSXb92NO9Islmj3Ki9jVc2BqHY+49Ua2QK+c6kzf2keIPJC8GcfI0qrt1xEL5sFYggt7Zxmg== |
| SubDirectory | KapW/rW/1APwyXXQhGpcV0+PnDCK/4q04doSKV/ezpzwKR6m8kWuDybAKeF4VQ2cMtX2GwBiFQuQ6yBasAOuSQ== |
| InstallName | 1 |
| Install | 1 |
| Startup | 67Cywgt0qGVA4BDyCjVpO407L6d0c6Rf/dJ/P8tbkBFzFidfJTCfG+OaaZ5KNduPVaZoVWwgW5ztKHVCasXSZFhD5KMzusQv/uvqq/mMA/3ww3Tg/Lb1MGVizZRJy2Ju |
| Mutex | /Ph+Fm3JUqsxmh31FdeDospFYLCpvyLk/escWOxN72IynEJ9BLcdk4ex3SJuw5EYbAtvOrTrpk50i0U447Dx4l0yIVt8az7uRpfViKXI4Ls= |
| StartupKey | 0 |
| HideFile | 1 |
| EnableLogger | D9FA0EA682B5E53C1FCAD5EDFC64B89FBFD468DA |
| EncryptionKey | X1m+bq2yu0uRDCqj/jaFQd1OhUoF8xPtVJPbnXYLI/oA65MgWfDTjcKDXxlR5r/16IQ0jEMvFISoAk2smhILPw== |
|
Name0 | Value | Location |
|---|---|---|
| CnC | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= Malicious |
e835e628e0f8377badfed5cb7fc3e6b3 |
| Port | OwpPV7Y0WqqPSV87777ht9PZAthP3X/HhUhWM+354tGj3NxMJVuMA3Ce8x7wZz3IWPgzmLUxIXhOInGA7CJG5SnO7t/iNxOJfb/FbIlAS8k= Malicious |
e835e628e0f8377badfed5cb7fc3e6b3 |