Symbol Ofbuscation Score
Hash | Hash Value |
---|---|
MD5 | f068b84fda2e74c3c62c929bb092f280
|
Sha1 | 5e39b58a80bb2ef65d152a7d00dd0e02f45af2b9
|
Sha256 | fca400630d230f655c956eb8eaa44d8cac3953386743def05a81c97d769ace10
|
Sha384 | 52819d70fd199d5f25d9cfdd0a5f6e787e6c0d2e0808d4777f11eef2f569963eddd1f02657a8e567e81318cd32a5146a
|
Sha512 | 136c696565142ff2fe6b0e94af1892f06b55896462fca20c741445751fde9d2cd1d8cba5885367feea75d6d584d4eb233ee54dfe8fbc53e0de98db3a1564dc2f
|
SSDeep | 384:koWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZa1:TJuk9pHRpcnuJ
|
TLSH | 36B22A4E3FA98852D5BC1B7486A5965003B4D1874423EE2FCCC560CBAFB3BD91D48AF9
|
PeID
Config. Field0 | Value |
---|---|
victim_name [VN] | VIP@2025 |
version [VR] | 0.7d |
executable_name [EXE] | winheP.bat |
directory [DR] | AppData |
reg_key [RG] | 1d65de03b06fa0914dd0c3c9d751766e |
cnc_host [H] | volkatv500.sytes.net |
cnc_port [P] | 999 |
splitter [Y] | |'|'| |
BD [BD] | False |
is_dir_defined [Idr] | True |
is_startup_folder [IsF] | True |
is_user_reg [Isu] | True |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
packet_size [b] | 5121 |
Name0 | Value |
---|---|
Module Name | j.exe |
Full Name | j.exe |
EntryPoint | System.Void j.A::main() |
Scope Name | j.exe |
Scope Type | ModuleDef |
Kind | Windows |
Runtime Version | v2.0.50727 |
Tables Header Version | 512 |
WinMD Version | <null> |
Assembly Name | j |
Assembly Version | 0.0.0.0 |
Assembly Culture | <null> |
Has PublicKey | False |
PublicKey Token | <null> |
Target Framework | <null> |
Total Strings | 214 |
Main Method | System.Void j.A::main() |
Main IL Instruction Count | 2 |
Main IL | call System.Void j.OK::ko() ret <null> |
Module Name | j.exe |
Full Name | j.exe |
EntryPoint | System.Void j.A::main() |
Scope Name | j.exe |
Scope Type | ModuleDef |
Kind | Windows |
Runtime Version | v2.0.50727 |
Tables Header Version | 512 |
WinMD Version | <null> |
Assembly Name | j |
Assembly Version | 0.0.0.0 |
Assembly Culture | <null> |
Has PublicKey | False |
PublicKey Token | <null> |
Target Framework | <null> |
Total Strings | 214 |
Main Method | System.Void j.A::main() |
Main IL Instruction Count | 2 |
Main IL | call System.Void j.OK::ko() ret <null> |
Name0 | Value |
---|---|
CnC | volkatv500.sytes.net |
Port | 999 |
Config. Field0 | Value |
---|---|
victim_name [VN] | VIP@2025 |
version [VR] | 0.7d |
executable_name [EXE] | winheP.bat |
directory [DR] | AppData |
reg_key [RG] | 1d65de03b06fa0914dd0c3c9d751766e |
cnc_host [H] | volkatv500.sytes.net |
cnc_port [P] | 999 |
splitter [Y] | |'|'| |
BD [BD] | False |
is_dir_defined [Idr] | True |
is_startup_folder [IsF] | True |
is_user_reg [Isu] | True |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
packet_size [b] | 5121 |
Name0 | Value | Location |
---|---|---|
CnC | volkatv500.sytes.net Malicious |
f068b84fda2e74c3c62c929bb092f280 |
Port | 999 Malicious |
f068b84fda2e74c3c62c929bb092f280 |