Sample details: 2e25c80b1c762a857663659815d15599 --

Hashes
MD5: 2e25c80b1c762a857663659815d15599
SHA1: 2fb070f1552d554cbcfcebbdd6b437b6d65b79c7
SHA256: 0903708fdd086963efc84921148e57516dc7d11611bf380f2b5ea149ca990320
SSDEEP: 768:AcBqCgwZ7UFRZa9R0wHuOviegAoMT1TXxAxTDkn6W0rt5fLB8J6aL0vBYHixGyT/:0EgAoMT1zxCY6W0rtdB8JruBYHGGy7
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings |
Source
http://ih803741.myihor.ru/svhost.exe
http://ih803741.myihor.ru/svhost.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
kwhhbrmjbdv.exe
kwhhbrmjbdv
mscorlib
System
System.Xml
System.Management
System.Drawing
System.Windows.Forms
System.IO.Compression.FileSystem
System.Core
crypt32.dll
<Module>
<>f__AnonymousType0`2
Object
<InnerList>i__Field
DebuggerBrowsableAttribute
System.Diagnostics
DebuggerBrowsableState
<Protocol>i__Field
get_InnerList
get_Protocol
InnerList
Protocol
DebuggerHiddenAttribute
EqualityComparer`1
System.Collections.Generic
get_Default
Equals
GetHashCode
ToString
String
Format
IFormatProvider
CompilerGeneratedAttribute
System.Runtime.CompilerServices
<>f__AnonymousType1`2
<<>h__TransparentIdentifier0>i__Field
<Username>i__Field
get_<>h__TransparentIdentifier0
get_Username
<>h__TransparentIdentifier0
Username
<>f__AnonymousType2`2
<<>h__TransparentIdentifier1>i__Field
<Password>i__Field
get_<>h__TransparentIdentifier1
get_Password
<>h__TransparentIdentifier1
Password
Module
Evrial
Dictionary`2
CSharpCodeProvider
Microsoft.CSharp
CompilerParameters
System.CodeDom.Compiler
Concat
System.IO
GetTempPath
IDictionary`2
set_CompilerOptions
set_OutputAssembly
set_GenerateExecutable
get_ReferencedAssemblies
StringCollection
System.Collections.Specialized
CodeDomProvider
CompileAssemblyFromSource
CompilerResults
Process
ClipperThread
Network
Exception
WebClient
System.Net
UploadFile
Console
WriteLine
RawSettings
Version
SiteUrl
.cctor
CoinType
value__
Program
Application
Chromium
Evrial.Stealer
List`1
Environment
GetEnvironmentVariable
GetFolderPath
SpecialFolder
AddRange
IEnumerable`1
Initialise
CryptUnprotectData
pCipherText
pszDescription
pEntropy
pReserved
pPrompt
dwFlags
pPlainText
GetTypeFromHandle
RuntimeTypeHandle
Marshal
System.Runtime.InteropServices
SizeOf
IntPtr
AllocHGlobal
op_Inequality
FreeHGlobal
DecryptChromium
cipherTextBytes
entropyBytes
Exists
Contains
Delete
Encoding
System.Text
GetBytes
get_UTF8
GetString
Replace
basePath
CryptprotectPromptstruct
ValueType
cbSize
dwPromptFlags
hwndApp
szPrompt
DataBlob
cbData
pbData
FilezillaFTP
FileZilla
Helper
GetRandomFileName
GetRandomString
Messenger
Pidgin
XmlTextReader
XmlDocument
XmlReader
get_DocumentElement
XmlElement
XmlNode
get_ChildNodes
XmlNodeList
Enumerable
System.Linq
IEnumerable
System.Collections
Func`2
Select
ToList
<>9__0_0
<>9__0_1
<>9__0_2
<>9__0_3
<>9__0_4
<Initialise>b__0_0
objXmlNode
get_ItemOf
get_InnerText
<Initialise>b__0_1
<Initialise>b__0_2
<Initialise>b__0_3
<Initialise>b__0_4
<>h__TransparentIdentifier2
PassData
<Url>k__BackingField
<Login>k__BackingField
<Password>k__BackingField
<Program>k__BackingField
get_Url
set_Url
get_Login
set_Login
set_Password
get_Program
set_Program
Passwords
StreamWriter
IEnumerator`1
Enumerator
Directory
CreateDirectory
DirectoryInfo
DateTime
get_Now
get_UserName
TextWriter
GetEnumerator
get_Current
IEnumerator
MoveNext
IDisposable
Dispose
SendFile
ZipFile
System.IO.Compression
CreateFromDirectory
CompressionLevel
ManagementObjectSearcher
ManagementObjectCollection
ManagementObjectEnumerator
ManagementBaseObject
ManagementObject
get_Item
GetWindowsVersion
FileInfo
GetFiles
FileSystemInfo
get_Extension
get_Name
CopyTo
DesktopCopy
directorypath
GetDirectories
RemoveTempFiles
Bitmap
Graphics
Rectangle
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
FromImage
get_Size
CopyFromScreen
ImageFormat
System.Drawing.Imaging
get_Jpeg
GetJpegScreen
filepath
Sqlite
_dbEncoding
_fileBytes
_pageSize
_sqlDataTypeSize
_fieldNames
_masterTableEntries
_tableEntries
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
ReadAllBytes
fileName
GetValue
rowNum
GetRowCount
Resize
get_Unicode
get_BigEndianUnicode
Convert
ReadTableFromOffset
offset
ReadMasterTable
ToLower
Compare
StringComparison
IndexOf
Substring
TrimStart
ReadTable
tableName
ConvertToULong
startIndex
startIdx
BitConverter
ToInt64
endIdx
RecordHeaderField
TableEntry
Content
SqliteMasterEntry
ItemName
RootNum
SqlStatement
Wallet
RegistryKey
Microsoft.Win32
Registry
CurrentUser
OpenSubKey
BitcoinStealer
Evrial.Hardware
Random
Thread
System.Threading
SetAttributes
FileAttributes
CreateSubKey
SetValue
Autorun
Identification
OpenBaseKey
RegistryHive
RegistryView
KeyNotFoundException
IndexOutOfRangeException
ToUpper
Evrial.Cookies
op_Equality
get_Chars
ChromiumInitialise
Boolean
TryParse
GetCookies
Cookie
<domain>k__BackingField
<expirationDate>k__BackingField
<hostOnly>k__BackingField
<name>k__BackingField
<path>k__BackingField
<secure>k__BackingField
<value>k__BackingField
set_domain
get_domain
set_expirationDate
get_expirationDate
set_hostOnly
get_hostOnly
set_name
get_name
set_path
get_path
set_secure
get_secure
set_value
get_value
domain
expirationDate
hostOnly
secure
<PrivateImplementationDetails>
4D53392A6A24D5E801ADA14E79B43F9BEBB79150
__StaticArrayInitTypeSize=10
<InnerList>j__TPar
<Protocol>j__TPar
<<>h__TransparentIdentifier0>j__TPar
<Username>j__TPar
<<>h__TransparentIdentifier1>j__TPar
<Password>j__TPar
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
System.Reflection
ComVisibleAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
WrapNonExceptionThrows
Support Environment
$A87E4243-CD6E-4D63-BC38-D05725B083F2
1.0.3.4
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5T
_CorExeMain
mscoree.dll
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD