Malicious
Malicious

fc866701a8a70a24a4eed5303f66599c

Share on LinkedIn Add to favorites
Re-Scan
Delete
PE Executable
MD5: fc866701a8a70a24a4eed5303f66599c
Size: 56.32 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Very high

Hash
 Hash Value
MD5
fc866701a8a70a24a4eed5303f66599c
Sha1
6c9082fd573ee7ed2751b97edd01f7453149d361
Sha256
364e7cc930ff193dcd65548699117331d76e9f754218c4030c8fcf314cda7180
Sha384
f9af426301079cee4b3f355c82d8afc03fc62677c2cfaeeca42c26ac2c8f2518c2287461e2a4d10bd30786c8ffe67381
Sha512
b6d28b84fb7c9a0fc6103059c3a722bec189944ed9d26ba45505751245a727b32375d39d30e0324021dede547ac1f8da5df8b12ca565549db8acdcb5b9543ebf
SSDeep
1536:TuhuJTPOY2k7533YsPhJbfWMQcmslafVTzdaujnCa:TuhOTPOY2k75HYs5JbfW+Xa9Tz4ujnCa
TLSH
B2433C0037E9C227F27E4F7899F22246867BB2277603D65E2CC4519B5A23FC685425FA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
fc866701a8a70a24a4eed5303f66599c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

UmdFZExHTEtnWURQUGk4bWpVNlZUYjJjNzJCQkNqbEI=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAMs/IBQxQzBb0elhe5TikTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMjE4MDg0NzM4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANDbh/DQnVEwmdMIdY564kXWajsnPqlbMyyzJHPQl3L5fzMmhC2vLuhTKbRv3bwKsKKoTx8gBTxvf+4sgUtMG4vT3jtZaLueSnxbobvPlY+hIGcLuNNl16+gMdSmbdnaIuuzaXfmE8VAPC7UofQG4/G2SiCoMsWLBsWwPoOhNhiM3jxba6teJ4A+/Mu8SqBIgJdqPwzMs/iYQDHRwMnGOlauH721c6oNrFJUeWPYnisqNk7V4v0t/w9HZ7zB15ZrEWLw4PfrtAxuVoqBKwxhGBiRfypFKlxeNuQN9NytKC1BCoNluxflBzIQ2GG6SdMsgn77w7OC4t37+a/2WuX+XPb8gOQpWNrBeBG54+HBCXPol9prAehohmzmCk5MvWcs73FqxDhJGJYQOVZ0s1k0ph4xr50dUVWhvkISSvLVmr2M/nBejMOPE8PWO0Nys6rEB1KY2FQETG13Q1iy/SZPDoK6SqHbA1+STk/fmOMwlUGgQxaTGMqnDVdXWisut6Kt+nTwblpqzl4z2aPqzUlYj4nyKWqzQjFwMU6g6xpwO//pHzEjVFUV+VJQc9MbT0YOksFg6h+3wKO9C0txCO9HxSAs8OCTgHv8kteQXhETHiRhjztj8S6NA3BwaIXlrjvNtTeUDa+lz0qQcbkP9bxi1KfXCDkkDxBwT0Izg0qV3qkTAgMBAAGjMjAwMB0GA1UdDgQWBBTLzujrLEUTA8TK+iMCChyB3wIcuzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQB9thVapsdu/YIyMUgHbfPRRlnijVH7NrCWZ2bk3M5+Zi4+j114pkYWCdYFlUu/vVZx565h92KjvkJ81xo2qUuIkcVo2DA1gP3Vt7CsHJ1XHl9a/v31vyCPp5T50gb/3RGyee2hysGs/D2BHcLpWCp7lmGO3GrvFoC/Sh1BTd5Nqg8bNLYkrPkTZ55VftKwRbBGJGEAhfKYT0vEyGXzIDeEmq61mXRVJ5Exl9D4XdQRdx+WnyKEhEQjzsKLuqBe18/oznYkvuLuFtlw3ybGVAMosF1KbWd18WZ3KynjlaBy1dnfh5xIKYGJJsSWnd+vIsKx4ZlwTOcAm/xcfNUIaq+qKaSDyCGd9ciCsybjEAg/FkdNT/KNooRtFTP5jx3P3+v5LvfChG1OigWtjxAoOYcay5rJRKq6v3nx1nZOX8WfS2RUz34IR3XRYZ2TGGHZjU6eJvgIPbuH3hd6pqCzdaICTd2jcjrvnbHkxWMbNeYEjYsmoIF3MRJloEwlG5CDGURvqdmWBwTVPfFyEjuKRenyg7jO6qjzkKnE3ymM31W6ZnqXxtqgVmP2hFmMQX8+ZIVaBN0WN4t2LOWmSbIjSAP50/QnJd1FjEWV+zPwbwYV7EfpsdVGsBjRP32PmFFFk8d/ad54VA6E8AE97aPEj5507e2jDbMLSQBDUBDidieD+g==
ServerSignature

V7HQ7JVG/Zns0ptNVZoYpmO8OTGm882aQSmbyJMVURnW21NuR962fJpof96rvFxPugI2QuJKp390RgNWfVi8ueY2hjmvblllGpHdKx1tBqJzVCYqHGwIQpM5I1Ql0NF7oFwAiA92AOl2OKX3h/z1eD0qdI+LucKhBCJ3P+HgZE7lAOvX5QpEkxuJzmnXYgimaPPaJPREc+tG1qr4oUvb4hkjj8QrlSLkHvx+rf67OG77pKcGCqHu892QTzU9DwA4P0mI9l4cDjbxzN7ugRbLnf5FuH4wGHsC8Ezzm4ruUAhgoUzQEY+ZxWaDRdLZlJqVnj3zqSXsfmnAy9zzWw0CVueX0cCc7tbrJsEfMXij/uTHNv/jL45O3pOEqK2PV0rXTyAp2jUIzFeTChOI+p0wRHOKA0J4eOBvDDlKXfq3i+rk2+4c7YI1zFDp2NT72jHL40wLvenVH4l2Fwh9AqCO4btQof9cxbLhePlozgezEdmRnkwpLzdJJMz0qifHMxrnA0KNZmq6ZD3rB/xwhhM1/sEFFAmnxk9+dNnD49xr5FHXtpnrBqFgFIwK94lC6NJ6l5F/3D4dFrSgibgWk9KQlFT5ns8MO3iWHGv7Mf0xwAEtollQ2Y7eyynn4SbZcWhAwcMEOhD5qfbgQ5WQkAnKxn4OVk1SYotRKbWwSwmzMq8=
Install

true
BDOS

true
Anti-VM

true
Install File

playgamesonline.exe
Install-Folder

%Temp%
Ports

43,53,80,443,8080,8888
Mutex

P1zpJ2SWEJR7
Version

0.5.8
Delay

3
Group

playgamesonline
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

JNyiISTdMZXpPYIDJ
Full Name

JNyiISTdMZXpPYIDJ
EntryPoint

System.Void bkfpxNWCMIW.sguWeBQcNRvbCi::Main()
Scope Name

JNyiISTdMZXpPYIDJ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

playgamesonlinetogether
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void bkfpxNWCMIW.sguWeBQcNRvbCi::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String bkfpxNWCMIW.zamftgPRME::vESmoysrquuva call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean bkfpxNWCMIW.zamftgPRME::OYVjahhPVIdw() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean tqWHJJcttAKnzbhP.aRkktnXJDJd::skjJJuqCISDlw() brtrue IL_0043: ldsfld System.String bkfpxNWCMIW.zamftgPRME::zGrEwmNiYXz ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String bkfpxNWCMIW.zamftgPRME::zGrEwmNiYXz call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String bkfpxNWCMIW.zamftgPRME::OckFLgBKcW call System.Void tqWHJJcttAKnzbhP.azscORkMIgBd::XhNQPQZlOSTFwj() ldsfld System.String bkfpxNWCMIW.zamftgPRME::OckFLgBKcW call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String bkfpxNWCMIW.zamftgPRME::CdVObGoyMdaAk call System.Void SDoRVifKDVySiD.IUbwDefKkQywI::vneHRHAEHFRpO() ldsfld System.String bkfpxNWCMIW.zamftgPRME::CdVObGoyMdaAk call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() call System.Boolean tqWHJJcttAKnzbhP.oCeOWFmaZZ::MKkbUdxAdWzJlM() brfalse IL_0089: call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() call System.Void tqWHJJcttAKnzbhP.ESlVNqorVPjvcgo::MpOuyXWPwMeBFL() call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean GDpvFKOEocuT.CozcOLKkBo::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void GDpvFKOEocuT.CozcOLKkBo::hZXKWwryktdlRjL() call System.Void GDpvFKOEocuT.CozcOLKkBo::dciThuTdFEbGYH() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

JNyiISTdMZXpPYIDJ
Full Name

JNyiISTdMZXpPYIDJ
EntryPoint

System.Void bkfpxNWCMIW.sguWeBQcNRvbCi::Main()
Scope Name

JNyiISTdMZXpPYIDJ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

playgamesonlinetogether
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void bkfpxNWCMIW.sguWeBQcNRvbCi::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String bkfpxNWCMIW.zamftgPRME::vESmoysrquuva call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean bkfpxNWCMIW.zamftgPRME::OYVjahhPVIdw() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean tqWHJJcttAKnzbhP.aRkktnXJDJd::skjJJuqCISDlw() brtrue IL_0043: ldsfld System.String bkfpxNWCMIW.zamftgPRME::zGrEwmNiYXz ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String bkfpxNWCMIW.zamftgPRME::zGrEwmNiYXz call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String bkfpxNWCMIW.zamftgPRME::OckFLgBKcW call System.Void tqWHJJcttAKnzbhP.azscORkMIgBd::XhNQPQZlOSTFwj() ldsfld System.String bkfpxNWCMIW.zamftgPRME::OckFLgBKcW call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String bkfpxNWCMIW.zamftgPRME::CdVObGoyMdaAk call System.Void SDoRVifKDVySiD.IUbwDefKkQywI::vneHRHAEHFRpO() ldsfld System.String bkfpxNWCMIW.zamftgPRME::CdVObGoyMdaAk call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() call System.Boolean tqWHJJcttAKnzbhP.oCeOWFmaZZ::MKkbUdxAdWzJlM() brfalse IL_0089: call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() call System.Void tqWHJJcttAKnzbhP.ESlVNqorVPjvcgo::MpOuyXWPwMeBFL() call System.Void tqWHJJcttAKnzbhP.oCeOWFmaZZ::kViRXwMpjPnBO() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean GDpvFKOEocuT.CozcOLKkBo::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void GDpvFKOEocuT.CozcOLKkBo::hZXKWwryktdlRjL() call System.Void GDpvFKOEocuT.CozcOLKkBo::dciThuTdFEbGYH() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

UmdFZExHTEtnWURQUGk4bWpVNlZUYjJjNzJCQkNqbEI=
Ports

43
Ports

53
Ports

80
Ports

443
Ports

8080
Ports

8888
Mutex

P1zpJ2SWEJR7
fc866701a8a70a24a4eed5303f66599c (56.32 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙