Sample details: 4cc28c259442907b9dfaf2b4d820d3be --

Hashes
MD5: 4cc28c259442907b9dfaf2b4d820d3be
SHA1: a42a8eeb7e31d5ddabc86836af2440f402feb107
SHA256: 9c1747c221fc6ee7f33640198cf95f0d97b528c077f45258932f02c58a596f0f
SSDEEP: 384:38aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZT1f:M589tXvRpcnuy
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/Big_Numbers1 | YRP/Njrat | YRP/njrat1 | FlorianRoth/DragonFly_APT_Sep17_3 | BAMFDetect/njrat |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
System.IO
FileInfo
FileStream
Microsoft.VisualBasic.Devices
Computer
System.Net.Sockets
TcpClient
MemoryStream
Conversions
ToBoolean
System.Reflection
Assembly
GetEntryAssembly
get_Location
Exception
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
String
Concat
OpenSubKey
DeleteValue
ProjectData
SetProjectError
ClearProjectError
RuntimeHelpers
GetObjectValue
GetValue
RegistryValueKind
CreateSubKey
SetValue
DateTime
Operators
ConditionalCompareObjectEqual
ToString
Environment
get_MachineName
get_UserName
FileSystemInfo
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
Microsoft.VisualBasic
Strings
CompareMethod
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
GetValueNames
get_Length
Convert
ToBase64String
FromBase64String
System.Text
Encoding
get_UTF8
GetBytes
GetString
System.IO.Compression
GZipStream
Stream
CompressionMode
set_Position
BitConverter
ToInt32
Dispose
IntPtr
op_Equality
op_Explicit
Interaction
Environ
Conversion
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
DirectoryInfo
get_Name
ToLower
CompareString
get_Directory
get_Parent
get_LocalMachine
AppWinStyle
Delete
DeleteSubKey
EndApp
System.Threading
Thread
Exists
FileMode
ReadAllBytes
System.Diagnostics
Process
EnvironmentVariableTarget
SetEnvironmentVariable
System.Net
WebClient
System.Drawing
Graphics
Bitmap
Rectangle
ConcatenateObject
get_Chars
ToArray
DownloadData
GetTempFileName
WriteAllBytes
get_Message
NewLateBinding
LateSet
LateCall
Boolean
LateGet
CompareObjectEqual
OrObject
System.Windows.Forms
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
Cursors
get_Default
get_Position
ToInteger
DrawImage
ImageFormat
get_Jpeg
WriteByte
RuntimeTypeHandle
GetTypeFromHandle
ChangeType
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
GetCurrentProcess
get_Handle
Monitor
Socket
get_Client
SocketFlags
set_ReceiveBufferSize
set_SendBufferSize
set_SendTimeout
set_ReceiveTimeout
Connect
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
Receive
ParameterizedThreadStart
Command
ThreadStart
SessionEndingEventArgs
SessionEndingEventHandler
SystemEvents
add_SessionEnding
Application
DoEvents
set_MinWorkingSet
ConditionalCompareObjectNotEqual
CompilerGeneratedAttribute
DebuggerStepThroughAttribute
STAThreadAttribute
StringBuilder
GetProcessById
get_MainWindowTitle
DateAndTime
get_Now
get_ProcessName
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
get_CtrlKeyDown
Remove
avicap32.dll
kernel32
user32.dll
user32
mscorlib
lastcap
.cctor
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetForegroundWindow
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
Plugin
CompDir
connect
_Lambda$__1
_Lambda$__2
LastAV
LastAS
lastKey
ToUnicodeEx
GetKeyboardState
MapVirtualKey
GetWindowThreadProcessId
GetKeyboardLayout
GetAsyncKeyState
VKCodeToUnicode
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING