Sample details: 47b07f5b18c6c84d3979de013218dcbc --

Hashes
MD5: 47b07f5b18c6c84d3979de013218dcbc
SHA1: 79a37cd86e1f5c8d9f4cfc5ea17380918129626e
SHA256: a3d8a4a37ef10ae2df55d29d7acd73cd590d814fda995be43e7bbd2a8a091f85
SSDEEP: 384:MCjvSPlZH19GTXjdhlyuujYcV6AUwJFZb:M+wnV9AhwfYcV6Dw9b
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://109.234.36.233/bot/Miner/bin/Release/LoaderBot.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
<Module>
LoaderBot.exe
Program
LoaderBot
Loader
Logger
Config
Resources
LoaderBot.Properties
mscorlib
System
Object
tmgrCheck
setConnection
downloadAndExcecute
update
getTasks
getTimeout
installed
minername
loadUrl
is64bit
IsWow64Process
Is64Bit
checkInstall
connect
currFilename
SetStartup
appShortcutToStartup
createDir
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
Culture
filename
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
hProcess
InAttribute
lpSystemInfo
OutAttribute
logger
linkName
System.Runtime.Versioning
TargetFrameworkAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Environment
get_SystemDirectory
String
get_UserName
Concat
System.Threading
ThreadStart
Thread
Process
GetProcesses
get_ProcessName
Contains
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
Replace
Equals
Exception
SpecialFolder
GetFolderPath
Substring
System.Management
ManagementObject
ManagementBaseObject
get_Item
ToString
System.Net
WebRequest
Create
CredentialCache
ICredentials
get_DefaultCredentials
set_Credentials
HttpWebRequest
set_UserAgent
WebResponse
GetResponse
System.IO
Stream
GetResponseStream
StreamReader
TextReader
ReadToEnd
WebClient
FileInfo
FileSystemInfo
get_FullName
DownloadFile
IDisposable
Dispose
ProcessStartInfo
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
set_FileName
Convert
ToInt32
.cctor
DllImportAttribute
kernel32.dll
get_Handle
Exists
set_StartInfo
get_StartInfo
set_RedirectStandardOutput
set_UseShellExecute
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
StreamWriter
TextWriter
WriteLine
Directory
DirectoryInfo
CreateDirectory
get_CurrentDirectory
GetFiles
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
ReferenceEquals
RuntimeTypeHandle
GetTypeFromHandle
Assembly
get_Assembly
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
LoaderBot.Properties.Resources.resources
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
$dbef210c-c47a-46c6-8513-0c25e68637b1
2.6.1.2
WrapNonExceptionThrows
c:\inetpub\wwwroot\Bot\Miner\obj\Release\LoaderBot.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!--
             
             requestedExecutionLevel 
        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />
            
 requestedExecutionLevel 
            
            
        -->
          <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- 
 Windows, 
           
 Windows 
           
      <!-- Windows Vista -->
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
      <!-- Windows 7 -->
      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
      <!-- Windows 8 -->
      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
      <!-- Windows 8.1 -->
      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
      <!-- Windows 10 -->
      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
    </application>
  </compatibility>
  <!-- 
 Windows 
       
 DPI. 
 Windows Presentation Foundation (WPF) 
 DPI, 
       
 Windows Forms 
 .NET Framework 4.6, 
       
 "EnableWindowsFormsHighDpiAutoResizing" 
 "true" 
 app.config.-->
  <!--
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
  </application>
  <!-- 
 Windows (Windows XP 
  <!--
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>
</assembly>