Sample details: 672a3fba476369ff78ca982969dbdef4 --

Hashes
MD5: 672a3fba476369ff78ca982969dbdef4
SHA1: 8e8596805bb406fe0d1d1b658c099ec3444043e4
SHA256: 8cebbfaf09dce741f57ffa81b139d6713a6d2e512614ac98a683aabe5ba7431d
SSDEEP: 384:56l+yw7BeAaXaEiVbzdmB0O4yUvNixgp+Z2v/RFJ/oM6IxrAF+rMRTyN/0L+Ecow:4cyw79POTUvNZBv64rM+rMRa8Nuw+t
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/Big_Numbers1 | YRP/Njrat | YRP/njrat1 | FlorianRoth/DragonFly_APT_Sep17_3 | BAMFDetect/njrat |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
	#	<	K	`	r	
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerNonUserCodeAttribute
Microsoft.VisualBasic.Devices
Computer
DebuggerHiddenAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
Microsoft.VisualBasic
HideModuleNameAttribute
MyGroupCollectionAttribute
RuntimeHelpers
GetObjectValue
Equals
GetHashCode
RuntimeTypeHandle
GetTypeFromHandle
ToString
Activator
CreateInstance
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
m_ThreadStaticValue
get_GetInstance
System.ComponentModel.Design
HelpKeywordAttribute
STAThreadAttribute
System.Net.Sockets
TcpClient
System.IO
FileStream
FileInfo
MemoryStream
Conversions
ToBoolean
System.Reflection
Assembly
GetEntryAssembly
get_Location
Microsoft.Win32
SessionEndingEventArgs
Exception
IntPtr
op_Equality
op_Explicit
Strings
String
get_Length
ProjectData
SetProjectError
ClearProjectError
System.Text
Encoding
get_UTF8
GetString
DirectoryInfo
get_Name
ToLower
Operators
CompareString
get_Directory
get_Parent
System.Threading
Thread
Monitor
Stream
Dispose
set_ReceiveBufferSize
set_SendBufferSize
Socket
get_Client
set_SendTimeout
set_ReceiveTimeout
ToInteger
NewLateBinding
LateCall
ConditionalCompareObjectEqual
Concat
Convert
FromBase64String
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
RegistryKey
get_CurrentUser
OpenSubKey
DeleteValue
ToBase64String
GetValue
Interaction
Environ
Conversion
CompareMethod
Registry
CurrentUser
SetValue
System.Net
WebClient
System.Windows.Forms
MessageBoxButtons
MessageBoxIcon
IPEndPoint
System.Drawing
Bitmap
Rectangle
Graphics
Process
AppWinStyle
DialogResult
MessageBox
CreateObject
Boolean
ChangeType
RegistryValueKind
Cursor
GetTempPath
WriteAllBytes
get_Audio
AudioPlayMode
IPAddress
AddressFamily
SocketType
ProtocolType
EndPoint
SendTo
Exists
DownloadFile
ReadAllText
ConcatenateObject
get_Chars
ToArray
DownloadData
GetTempFileName
get_Message
LateSet
LateGet
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
get_Position
Cursors
get_Default
DrawImage
ImageFormat
get_Jpeg
WriteByte
EndApp
FileSystemInfo
get_FullName
DateTime
Environment
get_MachineName
get_UserName
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
CreateSubKey
GetValueNames
FileAttributes
StreamWriter
Application
get_ExecutablePath
SetAttributes
Delete
get_LocalMachine
FileMode
FileSystemProxy
get_FileSystem
SpecialDirectoriesProxy
get_SpecialDirectories
get_ProgramFiles
Directory
GetLogicalDrives
TextWriter
WriteLine
Command
ThreadStart
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
GetCurrentProcess
set_MinWorkingSet
ConditionalCompareObjectNotEqual
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Module
GetModules
GetTypes
EndsWith
get_Assembly
get_Handle
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
SocketFlags
Receive
ParameterizedThreadStart
GetBytes
DeleteSubKey
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
ToInt32
GetProcessById
get_MainWindowTitle
DateAndTime
get_Now
get_ProcessName
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
StringBuilder
get_CtrlKeyDown
Remove
MulticastDelegate
IAsyncResult
AsyncCallback
System.Collections.Generic
List`1
get_Capacity
get_Count
get_Item
user32
user32.dll
winmm.dll
avicap32.dll
kernel32
KERNEL32.DLL
mscorlib
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
EnumWindProc
EnumChildWindProc
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_Application
get_User
get_WebServices
GetType
Create__Instance__
instance
Dispose__Instance__
lastcap
GetForegroundWindow
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
CompDir
connect
apiBlockInput
BlockInput
fBlock
SwapMouseButton
SendMessage
wParam
lparam
SetWindowPos
hWndInsertAfter
wFlags
mciSendString
mciSendStringA
lpCommandString
lpReturnString
uReturnLength
hwndCallback
AddHome
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
Plugin
LastAS
LastAV
lastKey
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
GetWindowThreadProcessId
MapVirtualKey
ToUnicodeEx
VKCodeToUnicode
EnableWindow
bEnable
lpdwProcessID
GetClassName
GetClassNameA
lpClassName
nMaxCount
SendMessageA
lParam
lpString
EnumChildWindows
lpEnumFunc
EnumChild
protect
GetChild
TargetObject
TargetMethod
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
WebServices
GetInstance
MyTemplate
8.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Computer
My.Application
My.User
My.WebServices
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING