Due for disapproved I’ve move remove some of information. Thanks
The malware is keylogger and is assembly that is good so I can use dnspy. The code is obfuscated easily and I can will deobfuscate for you.
Here is Information:
Source Code: -
Obfuscation → Rename namespaces, to random strings. Stil code is readable.
Obfuscator Name: .NET Reactor
Connections Made: 220.127.116.11 (WHO.IS | VirusTotal)
- The IP (18.104.22.168) has similar files whoose also are stubs from RATS.