Sample details: 43553c43c0c637f4777d1300724b764c --

Hashes
MD5: 43553c43c0c637f4777d1300724b764c
SHA1: 6ec3e844aaba7e87c0cb842b3172af67c7583a51
SHA256: e28807efd5db65babe62d26967da7e0fb8ac53c562abc1db1bc02a2979b7bdc7
SSDEEP: 3072:iKYwKYZuVv8DoTC6BK5CCe6ryo47iq2xe555U7wtj6O9:nqZ7555v
Details
File Type: PE32
Yara Hits
YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/spreading_share | YRP/win_hook | YRP/CAP_HookExKeylogger |
Source
http://department-gov.com/chrome.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Keys100000
<>9__4_0
<SetText>b__4_0
<>9__19_0
<SetText>b__19_0
ACFC6DBCF1CA9B559DCE6A78E6F9F91DC58604B1
<>9__4_1
<SetText>b__4_1
<>9__19_1
<SetText>b__19_1
SHARE_INFO_1
IEnumerable`1
IEqualityComparer`1
IEnumerator`1
List`1
label1
button1
trackBar1
progressBar1
timer1
checkedListBox1
textBox1
crypt12
Microsoft.Win32
ReadInt32
Converter`2
label2
timer2
label3
button3
timer3
ToInt64
label4
label5
__StaticArrayInitTypeSize=16
label6
label7
get_UTF8
<Module>
<PrivateImplementationDetails>
STYPE_IPC
STYPE_DEVICE
STYPE_DISKTREE
SPIF_SENDWININICHANGE
SPIF_UPDATEINIFILE
SHARE_TYPE
NERR_BASE
RectangleF
MAX_PREFERRED_LENGTH
STYPE_SPECIAL
WH_KEYBOARD_LL
WM_KEYDOWN
System.IO
STYPE_PRINTQ
SPI_SETDESKWALLPAPER
KristinaCS
get_IV
set_IV
value__
originaldata
encryptdata
mscorlib
get_GenericTypographic
System.Collections.Generic
LowLevelKeyboardProc
hookProc
threadId
entriesread
Form1_Load
add_Load
get_Red
readed
curseed
checkedListBox1_SelectedIndexChanged
add_SelectedIndexChanged
Stretched
set_Enabled
set_FormattingEnabled
Centered
get_InvokeRequired
Form1_FormClosed
add_FormClosed
ctrlAPressed
ctrlPressed
Synchronized
<IncludePath>k__BackingField
<ExcludePath>k__BackingField
<IncludeExtension>k__BackingField
<ExcludeExtension>k__BackingField
ReadToEnd
method
hInstance
defaultInstance
set_AutoScaleMode
FileMode
PaddingMode
CryptoStreamMode
NetApiBufferFree
FromImage
AddRange
EndInvoke
BeginInvoke
IEnumerable
IDisposable
set_Visible
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
EventWaitHandle
resume_handle
FillRectangle
DecryptFile
fakeEncryptFile
inputFile
set_FormBorderStyle
FontStyle
get_Name
set_Name
set_FileName
lpFileName
GetFileName
ServerName
GetProcessesByName
sharename
shi1_netname
WaitOne
get_NewLine
Combine
set_Multiline
ValueType
CryType
shi1_type
sharetype
crypttype
FileShare
NERR_DuplicateShare
System.Core
PtrToStructure
get_Culture
set_Culture
resourceCulture
ButtonBase
ApplicationSettingsBase
TextBoxBase
get_OrdinalIgnoreCase
Dispose
Create
MulticastDelegate
EditorBrowsableState
get_White
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
get_Value
set_Value
SetValue
KeepAlive
KristinaCS.exe
GlobalBlock_Size
set_Size
set_AutoSize
set_ClientSize
ISupportInitialize
SizeOf
IndexOf
System.Threading
set_Padding
Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToString
GetString
DrawString
Substring
Form1_FormClosing
add_FormClosing
disposing
System.Drawing
dSearch
get_IncludePath
set_IncludePath
includePath
get_ExcludePath
set_ExcludePath
excludePath
get_ExecutablePath
GetTempPath
get_Length
fuWinIni
AsyncCallback
WaitCallback
SetTextCallback
callback
get_Black
timer1_Tick
timer2_Tick
timer3_Tick
add_Tick
label1_Click
button1_Click
label2_Click
button2_Click
label3_Click
button3_Click
add_Click
set_CheckOnClick
idHook
UnHook
SetHook
spisok
get_ControlDark
shi1_remark
Drives_to_work
Marshal
set_Interval
Rijndael
System.ComponentModel
ConvertAll
SetWall
NERR_BufTooSmall
Netapi32.dll
kernel32.dll
user32.dll
trackBar1_Scroll
add_Scroll
ThreadPool
ContainerControl
ListControl
FileStream
CryptoStream
MemoryStream
lParam
uParam
lpvParam
wParam
Program
get_Item
QueueUserWorkItem
System
SymmetricAlgorithm
Random
ShowForm
ICryptoTransform
set_Minimum
set_Maximum
NetShareEnum
resourceMan
prefmaxlen
set_Icon
get_Extension
get_IncludeExtension
set_IncludeExtension
includeExtension
get_ExcludeExtension
set_ExcludeExtension
excludeExtension
Application
set_Location
System.Configuration
System.Globalization
uAction
System.Reflection
ControlCollection
CheckedItemCollection
FormCollection
ObjectCollection
set_StartPosition
FormStartPosition
IOException
DirectoryNotFoundException
UnauthorizedAccessException
ArgumentException
Button
searchPattern
FileInfo
CultureInfo
DriveInfo
FileSystemInfo
SystemParametersInfo
get_StartInfo
ProcessStartInfo
Bitmap
get_Bmp
System.Linq
TrackBar
ProgressBar
GlobalVar
set_HorizontalScrollbar
StreamReader
TextReader
StringBuilder
sender
Buffer
get_ResourceManager
ComponentResourceManager
FileWalker
MethodInvoker
FormClosedEventHandler
FormClosingEventHandler
System.CodeDom.Compiler
IContainer
Wallpaper
StringComparer
CurrentUser
StreamWriter
TextWriter
BinaryWriter
cryptcounter
crypter
Server
NERR_UnknownDevDir
set_ForeColor
set_BackColor
set_UseVisualStyleBackColor
NetError
IEnumerator
GetEnumerator
.cctor
CreateDecryptor
CreateEncryptor
bufPtr
IntPtr
Graphics
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
crypt12.Form1.resources
KristinaCS.Properties.Resources.resources
DebuggingModes
Brushes
EnumerateDirectories
totalentries
KristinaCS.Properties
EnumerateFiles
GetFiles
EnableVisualStyles
GetShareNames
EnumNetShares
GetBytes
DecryptBytes
EncryptBytes
GetDrives
Settings
FormClosedEventArgs
FormClosingEventArgs
get_Controls
get_Items
get_CheckedItems
System.Windows.Forms
get_OpenForms
Contains
set_AutoScaleDimensions
System.Collections
set_ScrollBars
RuntimeHelpers
SystemColors
MaxPass
FileAccess
NERR_Success
Process
EmlBoss
set_Arguments
components
DoEvents
Concat
ImageFormat
StringFormat
PixelFormat
GetObject
object
ScrollToCaret
PadLeft
timeLeft
op_Implicit
op_Explicit
EndInit
BeginInit
GraphicsUnit
get_Default
SetCompatibleTextRenderingDefault
IAsyncResult
DialogResult
result
TextToClient
Environment
InitializeComponent
get_Transparent
get_Current
current
ManualResetEvent
resetEvent
set_Font
get_Count
threadCount
get_ProcessorCount
set_SelectionStart
Convert
ToList
SharesList
SuspendLayout
ResumeLayout
PerformLayout
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
get_Text
set_Text
WriteAllText
SetText
set_CreateNoWindow
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
set_TabIndex
MessageBox
CheckedListBox
TextBox
get_DarkSlateGray
InitializeArray
ToArray
get_Key
set_Key
OpenSubKey
RegistryKey
curkey
System.Security.Cryptography
get_Assembly
LoadLibrary
Directory
directory
Registry
op_Equality
WrapNonExceptionThrows
crypt12
Copyright 
  2017
$f0b3f7c0-5235-4e2d-9dfd-488a22de0e35
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4@
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ycc!ycc!ycc!ycc!ydd!zdd!zdd!zdd!zff!zff!zff!zff!zgg"{gg"{gg"{gg"{gg"{gg"{jj#{jj#{jj#{jj#{jj#{jj#{jj#{pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|pp%|jj#{jj#{jj#{jj#{jj#{jj#{jj#{gg"{gg"{gg"{gg"{gg"{gg"{ff!zff!zff!zff!zdd!zdd!zdd!zdd!zcc!ycc!ycc!ycc!y^^
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
C:\Projects\crypt12\crypt12\obj\Release\KristinaCS.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!--
             
             requestedExecutionLevel 
        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
            
 requestedExecutionLevel 
            
            
        -->
        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- 
 Windows, 
           
 Windows 
           
      <!-- Windows Vista -->
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
      <!-- Windows 7 -->
      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
      <!-- Windows 8 -->
      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
      <!-- Windows 8.1 -->
      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
      <!-- Windows 10 -->
      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
    </application>
  </compatibility>
  <!-- 
 Windows 
       
 DPI. 
 Windows Presentation Foundation (WPF) 
 DPI, 
       
 Windows Forms 
 .NET Framework 4.6, 
       
 "EnableWindowsFormsHighDpiAutoResizing" 
 "true" 
 app.config.-->
  <!--
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
  </application>
  <!-- 
 Windows (Windows XP 
  <!--
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>
</assembly>