f162419fce4eb4dff92be342c47662c2
PE Executable | MD5: f162419fce4eb4dff92be342c47662c2 | Size: 2.18 MB | application/x-dosexec
Symbol Obfuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | f162419fce4eb4dff92be342c47662c2
|
| Sha1 | ad4e81b84f3c6f8b30863f90e8a09631112b0f5b
|
| Sha256 | 3a4b0f50ea3eac55e22cbf24d873f9a1632d8f71e1fba91178c539030626ab32
|
| Sha384 | f93b438f7dfd6006610cba19e20386a2047ddbcb422adca4673d0ab27274c8474e8ee92470dd6d38caf1c01db17143a1
|
| Sha512 | c6f1cb9ff62449d1d53fb4b9c516637d8f9f2e2e6f3b90d6b18b6ae12526824c66b094c230a564c7946e45739149abacb46e71eae9dd0d8a7b32cf160bc8d3f8
|
| SSDeep | 49152:VqW97wRPirm2NnPTKKm77LrwCB6uan3Z:VqWCoZNn2Km77LrwkFW
|
| TLSH | 0EA5F191B3F5821AF1FF1BB9A87205590B73F8429A7AD34E458CA49D1FB37408E107A7
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | ObjectLength |
| Port | ChainingModeGCM |
| Host | ChainingModeGCM |
| ReconnectDelay | AuthTagLength |
| Key | ChainingMode |
| SubDirectory | KeyDataBlob |
| InstallName | AES |
| Install | Microsoft Primitive Provider |
| Startup | 1 |
| Mutex | 1 |
| StartupKey | -1073700862 |
| HideFile | exi+lsxg1h8awLFj0IlTC13ubeAIIGmpsbDokFvXCAvAiDlY11tRFLv53Gjc2pSUfGS4ipm18eyR9iXREbIcHw== |
| EnableLogger | sJdvnxVQLei4hTE1+v3lV81eIwpgpYpiC5WAmADtNesGF3sXL03NGkNHifq8u/mcWiDKMrymKtCzxZa21ssqPPsETRxPJR06wX5Rf74bRN8= |
| EncryptionKey | 3000 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: ? |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 2.6.4.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 2756 |
| Main Method | System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::Main(System.String[]) |
| Main IL Instruction Count | 13 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::QwDUUnNTd0t() call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::MohvymdtF7() call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::UbNsyes1TwqggpSnHERugShqd7TR() newobj System.Void mzugzeoqhnabysgpche.z2ffVMymroGgYVzE3pe::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 2.6.4.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.7.2 |
| Total Strings | 2756 |
| Main Method | System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::Main(System.String[]) |
| Main IL Instruction Count | 13 |
| Main IL | ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::QwDUUnNTd0t() call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::MohvymdtF7() call System.Void mzugzeoqhnabysgpche.KOwpTYUq38OZkEm4OsqXZ8pyS7Gu::UbNsyes1TwqggpSnHERugShqd7TR() newobj System.Void mzugzeoqhnabysgpche.z2ffVMymroGgYVzE3pe::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null> |
|
Name0 | Value |
|---|---|
| CnC | ChainingModeGCM |
| Port | ChainingModeGCM |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | |
| Version | ObjectLength |
| Port | ChainingModeGCM |
| Host | ChainingModeGCM |
| ReconnectDelay | AuthTagLength |
| Key | ChainingMode |
| SubDirectory | KeyDataBlob |
| InstallName | AES |
| Install | Microsoft Primitive Provider |
| Startup | 1 |
| Mutex | 1 |
| StartupKey | -1073700862 |
| HideFile | exi+lsxg1h8awLFj0IlTC13ubeAIIGmpsbDokFvXCAvAiDlY11tRFLv53Gjc2pSUfGS4ipm18eyR9iXREbIcHw== |
| EnableLogger | sJdvnxVQLei4hTE1+v3lV81eIwpgpYpiC5WAmADtNesGF3sXL03NGkNHifq8u/mcWiDKMrymKtCzxZa21ssqPPsETRxPJR06wX5Rf74bRN8= |
| EncryptionKey | 3000 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | ChainingModeGCM Malicious |
f162419fce4eb4dff92be342c47662c2 |
| Port | ChainingModeGCM Malicious |
f162419fce4eb4dff92be342c47662c2 |