Sample details: 461ed2b0c9849227064de735314d37eb --

Hashes
MD5: 461ed2b0c9849227064de735314d37eb
SHA1: 80f1c1a884bed6e6d2708602103a4eca30de3a62
SHA256: 9754d4642c288025f52f2fe939a53f7f0ef6458c8b2080b79ecc9ad9631aaa34
SSDEEP: 384:g0zUymQ6B+WihvX2pc5vsUbiLgGjjfXhZzEHWISqK:nzUFJ0xEc1fbi8cz8V1K
Details
File Type: PE32
Yara Hits
YRP/Dropper_Strings | YRP/contentis_base64 | YRP/url | YRP/domain | YRP/IP | YRP/NETexecutableMicrosoft | YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/win_mutex |
Source
http://185.58.206.45/arm.exe
http://185.58.206.45/arm.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
XmrUrlX32
Microsoft.Win32
ToInt32
Dictionary`2
XmrUrlX64
<Module>
System.IO
Costura
mscorlib
System.Collections.Generic
ARMsvc
get_HardwareId
Thread
isAttached
Interlocked
<name>k__BackingField
<MinerNameDcr>k__BackingField
<MinerNameXmr>k__BackingField
RemoveEnd
ReadToEnd
Append
Replace
CheckIstance
OnlyOneInstance
source
CompressionMode
Exchange
nullCache
DcrBlake
DcrEnable
IDisposable
DownloadFile
linkToFile
Console
set_WindowStyle
ProcessWindowStyle
get_Name
set_FileName
GetFileName
lpName
GetName
GetCpuName
GetGpuName
GetProcessesByName
requestedAssemblyName
old_version_name
dcr_name
xmr_name
get_name
set_name
fullname
DateTime
WriteLine
Combine
ARMsvc.Core
culture
WebResponse
GetResponse
Dispose
CheckIfMyselfIsUpdate
update
Create
Delete
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
TryGetValue
SetValue
pathToSave
get_IsActive
add_AssemblyResolve
Remove
nameExe
ARMsvc.exe
get_Size
System.Threading
Encoding
GetMd5String
CultureToString
Substring
Attach
ComputeHash
get_ExecutablePath
GetFolderPath
get_Length
EndsWith
nullCacheLock
kernel32.dll
DcrUrl
requestUrl
ReadStream
LoadStream
GetManifestResourceStream
GetResponseStream
DeflateStream
MemoryStream
stream
Program
get_Item
set_Item
System
HashAlgorithm
Boolean
AppDomain
get_CurrentDomain
FodyVersion
System.IO.Compression
Application
get_Location
SystemInformation
destination
System.Globalization
System.Reflection
ManagementObjectCollection
set_Position
Exception
StringComparison
CopyTo
SendInfo
get_CultureInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
StartUp
get_MinerNameDcr
set_MinerNameDcr
DirectoryWithDcr
RunDcr
DropMinerDcr
StreamReader
TextReader
AssemblyLoader
StringBuilder
SpecialFolder
sender
ManagementObjectSearcher
UpdateChecker
VersionChecker
checker
ResolveEventHandler
CancelController
cancelcontoller
bInitialOwner
CurrentUser
parameter
ExecutableDir
get_MinerNameXmr
set_MinerNameXmr
DirectoryWithXmr
RunXmr
DropMinerXmr
GetLastError
ManagementObjectEnumerator
GetEnumerator
.cctor
Monitor
IntPtr
System.Diagnostics
GetCommands
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
ReadFromEmbeddedResources
DebuggingModes
GetAssemblies
GetDirectories
GetFiles
resourceNames
symbolNames
assemblyNames
lpMutexAttributes
ReadAllBytes
WriteAllBytes
GetBytes
get_Flags
AssemblyNameFlags
Settings
DcrArgs
XmrArgs
ResolveEventArgs
Equals
System.Windows.Forms
Contains
Miners
detectors
ManagementClass
Process
set_Arguments
Exists
Concat
Format
ManagementBaseObject
ManagementObject
System.Net
get_Is64Bit
get_Default
ToLowerInvariant
WebClient
System.Management
Environment
get_Current
DirectoryToUpdAndBot
GetPathRoot
ThreadStart
DetectorIsStart
Convert
WebRequest
Timeout
MoveNext
System.Text
get_Now
CreateMutex
ProcessedByFody
CreateSubKey
OpenSubKey
ContainsKey
RegistryKey
System.Security.Cryptography
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
GetEntryAssembly
CreateDirectory
get_SystemDirectory
get_CurrentDirectory
Registry
op_Inequality
IsNullOrEmpty
WrapNonExceptionThrows
Copyright 
  2017
$6c748bd1-7967-470a-a0f9-d97429a03c9f
1.0.0.0
C:\Users\vzezj\Desktop\bn\2.0 work\zezin\obj\Release\ARMsvc.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>