Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | f1e932a91ae6248fe628b5fc303b84e6
|
| Sha1 | 35110411492f8121ed1877903b966051bd9f1525
|
| Sha256 | 58f75e02032fb21bbd4bcc72ed18edd24b986b206e51e7ec57003eabdf2883a4
|
| Sha384 | d995276d1498e387285e2d50a205e0e57f1df87ac9fa45095e94506e0b7bf323b3ca89548230483e8174be64d14fac48
|
| Sha512 | 547d5ffb3a0665bcfbdbc516441f9d883ac5c6cf06480cc15fc73bc4bd4f4901963be15dac64b9266f58defb621f337d91a71b23019ec0edaf09c06e508ae728
|
| SSDeep | 768:5qmsOpXjv6P1bv5eykDlfVMVoJVpIsSgzbYTyBd19KVuuJTF6eFOwhUvxBB:5FDydzYltMVoJVlzbY2HsJ56eFOwyBB
|
| TLSH | F0537C1C77F1422AD6FF5FB528F36152D336E3239503972F28C4169A6617E888E413EA
|
PeID
|
Config. Field0 | Value |
|---|---|
| Mutex | SEb72SlnWovGeg7m |
| Hosts | 127.0.0.1 |
| Port | 7000 |
| KEY | <123456789> |
| USBNM | <Xwormmm> |
| family | xworm |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader FAIL, AsmResolver Mapped OK |
| Info | Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_a3c12665.exe |
| Module Name | amongus.exe |
| Full Name | amongus.exe |
| EntryPoint | System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::wmQQFi4WwboSEHYYLePIlblzeqBn8rShsb68eavVI5OKq4gk9kcTU6un8qXtAqEzYWkfw6E4IOVW7hx8uc() |
| Scope Name | amongus.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | amongus |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 210 |
| Main Method | System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::wmQQFi4WwboSEHYYLePIlblzeqBn8rShsb68eavVI5OKq4gk9kcTU6un8qXtAqEzYWkfw6E4IOVW7hx8uc() |
| Main IL Instruction Count | 54 |
| Main IL | ldsfld System.Int32 OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::LUkYcfiLBKaXsF9prizvqfb3fuFHI9YLiy0NcYIGmSMOz0YUcxyoPjpWSo3WZczTr1uOMuRE9ldmTzHfQM ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::WsxLoadbg6FItF3nozleUhpNGZfkMuqs3YjiVkmHJzYNdMDvDuV67fZnUywboH8D0IMex0XXjPabDldEhdBPayalaKTyWcaHq call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::WsxLoadbg6FItF3nozleUhpNGZfkMuqs3YjiVkmHJzYNdMDvDuV67fZnUywboH8D0IMex0XXjPabDldEhdBPayalaKTyWcaHq ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::jTCPOnuKWwG1Av5KwXTIVWE8GuYs8HcCzzuO7FJ0MGzPbe3Ae92btrFHrkjyX637f3BCNEdyQ8P9Ksw0XNLokKAv5Yw5fFqUP call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::jTCPOnuKWwG1Av5KwXTIVWE8GuYs8HcCzzuO7FJ0MGzPbe3Ae92btrFHrkjyX637f3BCNEdyQ8P9Ksw0XNLokKAv5Yw5fFqUP ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::QO4g2QR8f6qjdpn5MGpSBf3jyWAG47t4qyPA6pE8B38XDqieEeyH2ctsN8imL0I632V3eLLYJfssFYadCQSxciR2eiUuFQr78 call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::QO4g2QR8f6qjdpn5MGpSBf3jyWAG47t4qyPA6pE8B38XDqieEeyH2ctsN8imL0I632V3eLLYJfssFYadCQSxciR2eiUuFQr78 ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::MGZrBV5s9vPaxDxyliqLdr8spzjvxITIHnhu9uV0MLqDJOJSIrlqYtoAQ4RJYQSdGU7q0GI8wBNCqH7Znu call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::MGZrBV5s9vPaxDxyliqLdr8spzjvxITIHnhu9uV0MLqDJOJSIrlqYtoAQ4RJYQSdGU7q0GI8wBNCqH7Znu ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::9GtOTsXNzpdkN7hJOQoSciB4SgdahTRy4nqGQiKEBPT3Kye4dCfkSM3AFGQqmXUOcoYVP2IIIKB6H15fN5 call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::9GtOTsXNzpdkN7hJOQoSciB4SgdahTRy4nqGQiKEBPT3Kye4dCfkSM3AFGQqmXUOcoYVP2IIIKB6H15fN5 leave.s IL_008A: call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_008A: call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() brtrue.s IL_0097: call System.Void Stub.HV9f0NQ0CbUN9bT10YyDgYk6::OUUkAQehxR4fQEuTKxrVGrTv() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.HV9f0NQ0CbUN9bT10YyDgYk6::OUUkAQehxR4fQEuTKxrVGrTv() ldnull <null> ldftn System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::M7Ip37mJunbgq2myrqxzA6wHKa1je95TXhyvAWXcobjMo4cLTYTyYxXQeQEzkkYEhsPpPQyTGc7xJMjWwm() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::TgBFFlqwGWsajEOnOCL7GILjwaSiqmUdydxrWsVnPamjkSzw6ViHztSckMy65ptg5fPB2OV60713i4D6Mt() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
| Module Name | amongus.exe |
| Full Name | amongus.exe |
| EntryPoint | System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::wmQQFi4WwboSEHYYLePIlblzeqBn8rShsb68eavVI5OKq4gk9kcTU6un8qXtAqEzYWkfw6E4IOVW7hx8uc() |
| Scope Name | amongus.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | amongus |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 210 |
| Main Method | System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::wmQQFi4WwboSEHYYLePIlblzeqBn8rShsb68eavVI5OKq4gk9kcTU6un8qXtAqEzYWkfw6E4IOVW7hx8uc() |
| Main IL Instruction Count | 54 |
| Main IL | ldsfld System.Int32 OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::LUkYcfiLBKaXsF9prizvqfb3fuFHI9YLiy0NcYIGmSMOz0YUcxyoPjpWSo3WZczTr1uOMuRE9ldmTzHfQM ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::WsxLoadbg6FItF3nozleUhpNGZfkMuqs3YjiVkmHJzYNdMDvDuV67fZnUywboH8D0IMex0XXjPabDldEhdBPayalaKTyWcaHq call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::WsxLoadbg6FItF3nozleUhpNGZfkMuqs3YjiVkmHJzYNdMDvDuV67fZnUywboH8D0IMex0XXjPabDldEhdBPayalaKTyWcaHq ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::jTCPOnuKWwG1Av5KwXTIVWE8GuYs8HcCzzuO7FJ0MGzPbe3Ae92btrFHrkjyX637f3BCNEdyQ8P9Ksw0XNLokKAv5Yw5fFqUP call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::jTCPOnuKWwG1Av5KwXTIVWE8GuYs8HcCzzuO7FJ0MGzPbe3Ae92btrFHrkjyX637f3BCNEdyQ8P9Ksw0XNLokKAv5Yw5fFqUP ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::QO4g2QR8f6qjdpn5MGpSBf3jyWAG47t4qyPA6pE8B38XDqieEeyH2ctsN8imL0I632V3eLLYJfssFYadCQSxciR2eiUuFQr78 call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::QO4g2QR8f6qjdpn5MGpSBf3jyWAG47t4qyPA6pE8B38XDqieEeyH2ctsN8imL0I632V3eLLYJfssFYadCQSxciR2eiUuFQr78 ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::MGZrBV5s9vPaxDxyliqLdr8spzjvxITIHnhu9uV0MLqDJOJSIrlqYtoAQ4RJYQSdGU7q0GI8wBNCqH7Znu call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::MGZrBV5s9vPaxDxyliqLdr8spzjvxITIHnhu9uV0MLqDJOJSIrlqYtoAQ4RJYQSdGU7q0GI8wBNCqH7Znu ldsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::9GtOTsXNzpdkN7hJOQoSciB4SgdahTRy4nqGQiKEBPT3Kye4dCfkSM3AFGQqmXUOcoYVP2IIIKB6H15fN5 call System.Object Stub.T0SK3KiiLmB2D31TuTzI1gb9::YPT7HPW9XQgk4bX5HwJgDCla(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String OmYwI1EDqCZNPpF5yRzqYSS0ylR8K2f6dMMROgc6eT389zTC13ccInK2VcuEZv92hTARDV4Fu89SHFrRwLkwDfze5ASE3Tj7n::9GtOTsXNzpdkN7hJOQoSciB4SgdahTRy4nqGQiKEBPT3Kye4dCfkSM3AFGQqmXUOcoYVP2IIIKB6H15fN5 leave.s IL_008A: call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_008A: call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() call System.Boolean Stub.HV9f0NQ0CbUN9bT10YyDgYk6::KEpc9RLgWCiQOPdixDUFg4Os() brtrue.s IL_0097: call System.Void Stub.HV9f0NQ0CbUN9bT10YyDgYk6::OUUkAQehxR4fQEuTKxrVGrTv() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.HV9f0NQ0CbUN9bT10YyDgYk6::OUUkAQehxR4fQEuTKxrVGrTv() ldnull <null> ldftn System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::M7Ip37mJunbgq2myrqxzA6wHKa1je95TXhyvAWXcobjMo4cLTYTyYxXQeQEzkkYEhsPpPQyTGc7xJMjWwm() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.C5SJZtT4FfkGQQXYeeYsuI7cgqPgjr2wgeYhRdQntH9weD525yxYBVfPXG7GWQpGXkSt0PvMenMBOKYy2H::TgBFFlqwGWsajEOnOCL7GILjwaSiqmUdydxrWsVnPamjkSzw6ViHztSckMy65ptg5fPB2OV60713i4D6Mt() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null> |
|
Name0 | Value |
|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
| Mutex | SEb72SlnWovGeg7m |
| CnC | 127.0.0.1 |
| Port | 7000 |
| PE Layout | MemoryMapped (process dump suspected) |
| Mutex | SEb72SlnWovGeg7m |
| CnC | 127.0.0.1 |
| Port | 7000 |
|
Config. Field0 | Value |
|---|---|
| Mutex | SEb72SlnWovGeg7m |
| Hosts | 127.0.0.1 |
| Port | 7000 |
| KEY | <123456789> |
| USBNM | <Xwormmm> |
| family | xworm |
|
Name0 | Value | Location |
|---|---|---|
| PE Layout | MemoryMapped (process dump suspected) |
f1e932a91ae6248fe628b5fc303b84e6 |
| Mutex | SEb72SlnWovGeg7m Malicious |
f1e932a91ae6248fe628b5fc303b84e6 |
| CnC | 127.0.0.1 Malicious |
f1e932a91ae6248fe628b5fc303b84e6 |
| Port | 7000 Malicious |
f1e932a91ae6248fe628b5fc303b84e6 |
| PE Layout | MemoryMapped (process dump suspected) |
f1e932a91ae6248fe628b5fc303b84e6 > [Rebuild from dump]_a3c12665.exe |
| Mutex | SEb72SlnWovGeg7m Malicious |
f1e932a91ae6248fe628b5fc303b84e6 > [Rebuild from dump]_a3c12665.exe |
| CnC | 127.0.0.1 Malicious |
f1e932a91ae6248fe628b5fc303b84e6 > [Rebuild from dump]_a3c12665.exe |
| Port | 7000 Malicious |
f1e932a91ae6248fe628b5fc303b84e6 > [Rebuild from dump]_a3c12665.exe |