Malicious
Malicious

eb5b9851a5f059a3028156b9db09e1b3

PE Executable
|
MD5: eb5b9851a5f059a3028156b9db09e1b3
|
Size: 46.59 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
eb5b9851a5f059a3028156b9db09e1b3
Sha1
63349dfa9c38feec4e3ea32f899a3c7e39dcf70d
Sha256
299352c3e6ced2be1edca855106b23c96ba5168b702239c603f8474ca9d50413
Sha384
ca5849a04558a85f51cd355012d22da0f0decf5818d24531d410c74e809b7a6797c560a6b903f0a4d016657ab5a9c5d8
Sha512
ee38e9b7a4fb03eca3484ea0e7cbeffc97f6757bf89849d14e86561f9d80924afb25ee195bc0f5305e1b286354808a0f5e8334249f270569aafd22f4e91159a6
SSDeep
768:3ues1TYQZ3VWU1ymhbvmo2qjVw43s+xIUPIMhjbGgX3iwSrBlEzQm1mBDZFSr:3ues1TYiFhN2CwTtMxbZXS3QMVd4r
TLSH
1F233B003BE9812BF2BE4FB4A9F261458A7AF6633603D54E1CC451D71613FC69A426FE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
eb5b9851a5f059a3028156b9db09e1b3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

R3AzMmJiT09PMzVmZGFEbXRiaXhmQkhPWnpFVDJaOGQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAN2xrdVOwvtSIepKvvmsVzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjE4MTMyNDI0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJjaRa5Hs6nxH+3cdTupHksR+Q48WsyeiUrxZVa/QMltY+1EhSC3nQoTXDwwx5L2OFiDI2dptS9QbjQHOSbQ9Dpfe3NkzdYCJNo9h5sjzrXNHa+sC3S79TnmMoGug9tI4mtEX7/xMKtbXleSTV0Y/C2DYw/sYHEXOpjBHuGQTUibAlCP9RwdoxVr202scd0HaTErk9Bf2tw0kX62iOs5Xt0egd0Mc/Tzli3bSSpG0MNWc58rYdWYZSqBODiWRDSi9bJBSDdac+NNosa2L6KmDrlA1bpEY6dR/EnIn+bNgm8q3nCqoF8Hl5HxssdeB2cl2Aec3KgUaVfwItJH7as07gbW1n7peG3r8DeWucVODHOOK2LUPmNvrrs2KBbMX6qeU70Zswtom8H++7cmlHE1wi5mpgAfBhqgtnuP/NbROPIg3VEcZAAOWAAPe+7XAhESXEgxnKXLMoIOXSX7l+37OtcJB3tJcnSWI/QLYltK1iV8YltRwpNMPC4rdAT2UmOKkpZiuLZcGL+Z6b2KR6Iyar6YGOKh8z+xR08DXxEs0MJ9VktnoP0A5dMnwTUfs18c3kVvozfId86fwdsgMMqRTYvXdsOLyi6NGrYPwRb5pPu33fp+VKwh9n6azfh216ZbRFNY1OBUJOZm4GQks+ygzOCjHkqZLqpecJcSXYI8u9ztAgMBAAGjMjAwMB0GA1UdDgQWBBQpiOlMEUzlCotVDcCWs4U/jF6TbDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAkcW9KcZUqILeoRYgWg6OzvZHSmDtp17uH9+TI4EJpozASN53gwcBcASX15k3s3IaELck93KX/R+B1l6XlFYzfd5POToC8oapL5R+Yb2a5edlyWm22qsc3TI6IoI4yf+0KqY4eYfDplt6/PfW6QWLYEuC13L3teF6jbiApsJB1aUq+vLgN+N3YbpzNKJkPopQTtVvwskLeO6xNeADF3EL5RE7tpKT7AGA4dxEpMB9uRY0Ty+hQwNh8fTaOcdqicNs9c2YP4X6RYE+35iSoIkqPtLb251tAoM/zPkqJwt3GJvJpTDeFcpbpUseEKWh1KSdhD5aYbJC9wgRv8VKmbCocKpUhCgNEJwLqXT2gVxKmkoi/OCmRYKniheku691eUwxJl7/3GjskOiOCIWO+ujT9Ma7OzGhzVcS0u4mxeTnHqi2b1lTIVosqFMcOdSa7csdfeedzx8tJqceHGXC4UTYnZwjdd5Z0cYUPj/y9nc6i67oIezxcqazGnSD/sSaguvSq9f1ej6EE+MQJ+5QLJEguu0YM+SDnSf5Kjm6Htz2nnWtVs8TQGrHz+f/eIrurdYvlY8za1KV1qSjRGLGwbXW1jQdnf3r2ZhF/zHl+/i9munZbX8FNFvu7KgmzrYo5Lz+f7KBk5W4LFMRUQ3eF9zlTxKHVJjIQuCcLw5rfhSnA6A==
ServerSignature

Kiv48pPgLb5vyRE/RUG+oS4fmaH7i0l9G0xutv0Tgng9y2r9I9Q/mZE1X9PAhmhOvHFWqgunvm8+pWdSGOIX2nGgS5XXC/WQHGM5dMunWRQG/ToGYLcVMDNWeSj8Cpr2YQEtPpNcCg/A09+1Lh6AfT4ApHlOuH+bwR8iggqAMMhsKEcKJsGlVmS2WpiGNO+Qr3Zrh1NYqrEn/LV/f5Srx73M6Y0gjix0quEPiE2XHA0BU39rRfg8SFyKRt8hU/PKqiSzU4j12MMheGQ+sA01jNsbo8RBwlfBqufTOmujrkxR0WjpZOL3mQNLMD+KZ/rtFneZYEXBD4Il2rCe+VDpOTqCjwATmol2Dq5CIqmKvBqg3SBhOsvuJZ96O0Ilz5bn2wbz/KchLyz5K8+x8sAzopExZKfFLH6oNUlJgG2eG8sPS/AINWlZ+IohiIVABbcWmE43x0SYQtQSQRJqxmlbCg7ni2n2BOpmdxCL72G2ZvKuw1Vj0RMusGaoL43kIqaHtpMLpl4A6scQ/xWD7PEx0u+gWZUFqPTUEEE8BO0TinPgGLgiJFN7Nei8bTveYdyz1NidenXfWFpUQbU4K+mImylW1x0V5VPA2H5X4Svj5tJO8MB9PLQNP0Xw3vbX5QffQf00UT/vfuCDTmawlD41gJ7z48gY9hMS
Install

true
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

1.0.1.124.exe
Ports

80,443,8080,8848
Mutex

VYtge195Xm6H
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

installservice.exe
Full Name

installservice.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

installservice.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

installservice
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

installservice.exe
Full Name

installservice.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

installservice.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

installservice
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

R3AzMmJiT09PMzVmZGFEbXRiaXhmQkhPWnpFVDJaOGQ=
CnC

1.0.1.124.exe
Ports

80
Ports

443
Ports

8080
Ports

8848
Mutex

VYtge195Xm6H
eb5b9851a5f059a3028156b9db09e1b3 (46.59 KB)
File Structure
eb5b9851a5f059a3028156b9db09e1b3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

R3AzMmJiT09PMzVmZGFEbXRiaXhmQkhPWnpFVDJaOGQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAN2xrdVOwvtSIepKvvmsVzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjE4MTMyNDI0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJjaRa5Hs6nxH+3cdTupHksR+Q48WsyeiUrxZVa/QMltY+1EhSC3nQoTXDwwx5L2OFiDI2dptS9QbjQHOSbQ9Dpfe3NkzdYCJNo9h5sjzrXNHa+sC3S79TnmMoGug9tI4mtEX7/xMKtbXleSTV0Y/C2DYw/sYHEXOpjBHuGQTUibAlCP9RwdoxVr202scd0HaTErk9Bf2tw0kX62iOs5Xt0egd0Mc/Tzli3bSSpG0MNWc58rYdWYZSqBODiWRDSi9bJBSDdac+NNosa2L6KmDrlA1bpEY6dR/EnIn+bNgm8q3nCqoF8Hl5HxssdeB2cl2Aec3KgUaVfwItJH7as07gbW1n7peG3r8DeWucVODHOOK2LUPmNvrrs2KBbMX6qeU70Zswtom8H++7cmlHE1wi5mpgAfBhqgtnuP/NbROPIg3VEcZAAOWAAPe+7XAhESXEgxnKXLMoIOXSX7l+37OtcJB3tJcnSWI/QLYltK1iV8YltRwpNMPC4rdAT2UmOKkpZiuLZcGL+Z6b2KR6Iyar6YGOKh8z+xR08DXxEs0MJ9VktnoP0A5dMnwTUfs18c3kVvozfId86fwdsgMMqRTYvXdsOLyi6NGrYPwRb5pPu33fp+VKwh9n6azfh216ZbRFNY1OBUJOZm4GQks+ygzOCjHkqZLqpecJcSXYI8u9ztAgMBAAGjMjAwMB0GA1UdDgQWBBQpiOlMEUzlCotVDcCWs4U/jF6TbDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAkcW9KcZUqILeoRYgWg6OzvZHSmDtp17uH9+TI4EJpozASN53gwcBcASX15k3s3IaELck93KX/R+B1l6XlFYzfd5POToC8oapL5R+Yb2a5edlyWm22qsc3TI6IoI4yf+0KqY4eYfDplt6/PfW6QWLYEuC13L3teF6jbiApsJB1aUq+vLgN+N3YbpzNKJkPopQTtVvwskLeO6xNeADF3EL5RE7tpKT7AGA4dxEpMB9uRY0Ty+hQwNh8fTaOcdqicNs9c2YP4X6RYE+35iSoIkqPtLb251tAoM/zPkqJwt3GJvJpTDeFcpbpUseEKWh1KSdhD5aYbJC9wgRv8VKmbCocKpUhCgNEJwLqXT2gVxKmkoi/OCmRYKniheku691eUwxJl7/3GjskOiOCIWO+ujT9Ma7OzGhzVcS0u4mxeTnHqi2b1lTIVosqFMcOdSa7csdfeedzx8tJqceHGXC4UTYnZwjdd5Z0cYUPj/y9nc6i67oIezxcqazGnSD/sSaguvSq9f1ej6EE+MQJ+5QLJEguu0YM+SDnSf5Kjm6Htz2nnWtVs8TQGrHz+f/eIrurdYvlY8za1KV1qSjRGLGwbXW1jQdnf3r2ZhF/zHl+/i9munZbX8FNFvu7KgmzrYo5Lz+f7KBk5W4LFMRUQ3eF9zlTxKHVJjIQuCcLw5rfhSnA6A==
ServerSignature

Kiv48pPgLb5vyRE/RUG+oS4fmaH7i0l9G0xutv0Tgng9y2r9I9Q/mZE1X9PAhmhOvHFWqgunvm8+pWdSGOIX2nGgS5XXC/WQHGM5dMunWRQG/ToGYLcVMDNWeSj8Cpr2YQEtPpNcCg/A09+1Lh6AfT4ApHlOuH+bwR8iggqAMMhsKEcKJsGlVmS2WpiGNO+Qr3Zrh1NYqrEn/LV/f5Srx73M6Y0gjix0quEPiE2XHA0BU39rRfg8SFyKRt8hU/PKqiSzU4j12MMheGQ+sA01jNsbo8RBwlfBqufTOmujrkxR0WjpZOL3mQNLMD+KZ/rtFneZYEXBD4Il2rCe+VDpOTqCjwATmol2Dq5CIqmKvBqg3SBhOsvuJZ96O0Ilz5bn2wbz/KchLyz5K8+x8sAzopExZKfFLH6oNUlJgG2eG8sPS/AINWlZ+IohiIVABbcWmE43x0SYQtQSQRJqxmlbCg7ni2n2BOpmdxCL72G2ZvKuw1Vj0RMusGaoL43kIqaHtpMLpl4A6scQ/xWD7PEx0u+gWZUFqPTUEEE8BO0TinPgGLgiJFN7Nei8bTveYdyz1NidenXfWFpUQbU4K+mImylW1x0V5VPA2H5X4Svj5tJO8MB9PLQNP0Xw3vbX5QffQf00UT/vfuCDTmawlD41gJ7z48gY9hMS
Install

true
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

1.0.1.124.exe
Ports

80,443,8080,8848
Mutex

VYtge195Xm6H
Version

0.5.8
Delay

3
Group

Default
Artefacts
Name
 Value Location
Key (AES_256)

R3AzMmJiT09PMzVmZGFEbXRiaXhmQkhPWnpFVDJaOGQ=

Malicious

eb5b9851a5f059a3028156b9db09e1b3
CnC

1.0.1.124.exe

Malicious

eb5b9851a5f059a3028156b9db09e1b3
Ports

80

Malicious

eb5b9851a5f059a3028156b9db09e1b3
Ports

443

Malicious

eb5b9851a5f059a3028156b9db09e1b3
Ports

8080

Malicious

eb5b9851a5f059a3028156b9db09e1b3
Ports

8848

Malicious

eb5b9851a5f059a3028156b9db09e1b3
Mutex

VYtge195Xm6H

Malicious

eb5b9851a5f059a3028156b9db09e1b3
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙