Sample details: 7850feaa999124454c7b1c9a6a80289c --

Hashes
MD5: 7850feaa999124454c7b1c9a6a80289c
SHA1: 9f58aba105011c8dae7b1e03f8d9152045aff272
SHA256: 623c26776e69954af0e99704281ead9358f64dcdc915b38a0b2c532593441ea3
SSDEEP: 1536:+fJwsHslhVsETri9gF8CI3PHpL2lwvgECZf1G6ToCkgXgY2e:qJwNToCI3P4lGgECZf1G6T5kgXgY2e
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/keylogger | YRP/cred_local | YRP/win_registry | YRP/win_hook | YRP/Advapi_Hash_API | YRP/Str_Win32_Wininet_Library | YRP/CAP_HookExKeylogger |
Source
http://103.68.190.250/Sources//ActiveMalwares/VRT/Stub/Client/obj/Debug/Stub.exe
Strings
		!This program cannot be run in DOS mode.
`.sdata
@.reloc
l#ffffff
l#ffffff
l#ffffff
l#ffffff
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
Stub.My
MyComputer
MyProject
MyForms
MyWebServices
ThreadSafeObjectProvider`1
njLogger
KBDLLHOOKSTRUCT
KBDLLHOOKSTRUCTFlags
KBDLLHookProc
firefox5
Chrome
SQLiteHandler
CIE7Passwords
CREDENTIAL
SHITEMID
TSECItem
DLLFunctionDelegate
DLLFunctionDelegate2
DLLFunctionDelegate3
DLLFunctionDelegate4
DLLFunctionDelegate5
SQLiteBase5
CryptProtectPromptFlags
CRYPTPROTECT_PROMPTSTRUCT
DATA_BLOB
record_header_field
table_entry
sqlite_master_entry
SYSTEMTIME
INTERNET_CACHE_ENTRY_INFO
StringIndexHeader
StringIndexEntry
CRED_TYPE
CREDENTIAL_ATTRIBUTE
SQLiteDataTypes
Resources
Stub.My.Resources
MySettings
MySettingsProperty
SocketClient
ConnectedEventHandler
DisconnectedEventHandler
DataEventHandler
Microsoft.VisualBasic.ApplicationServices
WindowsFormsApplicationBase
.cctor
__ENCAddToList
System.Collections.Generic
List`1
System
WeakReference
__ENCList
OnCreateMainForm
Microsoft.VisualBasic.Devices
Computer
Object
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_Forms
m_MyFormsObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
get_Form1
m_Form1
set_Form1
Create__Instance__
System.Windows.Forms
Instance
Dispose__Instance__
instance
System.Collections
Hashtable
m_FormBeingCreated
Equals
GetHashCode
GetType
ToString
get_GetInstance
m_ThreadStaticValue
GetInstance
System.Drawing
Bitmap
System.Drawing.Imaging
ImageCodecInfo
GetEncoderInfo
isRunning
MaxLength
System.IO
StreamWriter
Stream
LogsPath
DeleteLogs
LastAV
LastAS
lastKey
System.Text
StringBuilder
ToUnicodeEx
wVirtKey
wScanCode
lpKeyState
pwszBuff
cchBuff
wFlags
GetKeyboardState
MapVirtualKey
uMapType
SetWindowsHookEx
idHook
HookProc
hInstance
wParam
CallNextHookEx
lParam
UnhookWindowsHookEx
GetWindowThreadProcessId
lpdwProcessID
user32.dll
GetKeyboardLayout
dwLayout
user32
GetForegroundWindow
Isdown
VKCodeToUnicode
VKCode
WH_KEYBOARD_LL
HC_ACTION
WM_SYSKEYDOWN
WM_SYSKEYUP
KBDLLHookProcDelegate
HHookID
WM_KEYDOWN
WM_KEYUP
KeyboardProc
ValueType
vkCode
scanCode
dwExtraInfo
value__
LLKHF_EXTENDED
LLKHF_INJECTED
LLKHF_ALTDOWN
LLKHF_UP
MulticastDelegate
TargetObject
TargetMethod
IAsyncResult
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
Dispose
disposing
System.ComponentModel
IContainer
components
InitializeComponent
_Timer1
get_Timer1
set_Timer1
WithEventsValue
_Timer2
get_Timer2
set_Timer2
System.Threading
Thread
PersistThread
copyse
sernam
addtos
StartupKey
culture
country
apiBlockInput
fBlock
BlockInput
SwapMouseButton
SendMessage
lparam
SetWindowPos
hWndInsertAfter
taskBar
FindWindow
lpClassName
lpWindowName
FindWindowA
mciSendString
lpCommandString
lpReturnString
uReturnLength
hwndCallback
winmm.dll
mciSendStringA
GetWindowText
lpString
PictureBox
PictureBox1
streamWebcam
SendCamMessage
SendMessageA
GetCaption
FormClosingEventArgs
Form1_FormClosing
sender
EventArgs
Form1_Load
Connected
Disconnected
Timer1_Tick
Timer2_Tick_1
Timer1
Timer2
mouse_event
dwFlags
cButtons
System.Diagnostics
Process
GetProcesses
getanti
getDrives
readtext
getFolders
location
getFiles
getlog
CredEnumerateW
filter
pCredentials
GetVolumeInformation
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
kernel32
GetVolumeInformationA
paltalk
opera_salt
key_size
DOutput
GetOpera
decrypt2_method
encrypt_data
GetFire
LoadLibrary
dllFilePath
GetProcAddress
hModule
procName
NSS_Init
configdir
PK11_GetInternalKeySlot
PK11_Authenticate
loadCerts
NSSBase64_DecodeBuffer
arenaOpt
outItemOpt
PK11SDR_Decrypt
result
signon
Gchrome
CryptUnprotectData
pDataIn
szDataDescr
pOptionalEntropy
pvReserved
pPromptStruct
pDataOut
Decrypt
db_bytes
page_size
encoding
master_table_entries
SQLDataTypeSize
table_entries
field_names
ToBigEndian16Bit
ToBigEndian32Bit
ToBigEndian64Bit
startIndex
endIndex
ConvertToInteger
ReadMasterTable
Offset
ReadTableFromOffset
ReadTable
TableName
GetRowCount
GetValue
row_num
GetTableNames
baseName
ERROR_CACHE_FIND_FAIL
ERROR_CACHE_FIND_SUCCESS
MAX_PATH
MAX_CACHE_ENTRY_INFO_SIZE
NORMAL_CACHE_ENTRY
URLHISTORY_CACHE_ENTRY
FindFirstUrlCacheEntry
lpszUrlSearchPattern
lpFirstCacheEntryInfo
lpdwFirstCacheEntryInfoBufferSize
wininet.dll
FindFirstUrlCacheEntryA
FindNextUrlCacheEntry
FindNextUrlCacheEntryA
FindCloseUrlCache
hEnumHandle
lstrlenA
kernel32.dll
lstrcpyA
RetVal
PROV_RSA_FULL
ALG_CLASS_HASH
ALG_TYPE_ANY
ALG_SID_SHA
CALG_SHA
AT_SIGNATURE
CryptAcquireContext
phProv
pszContainer
pszProvider
dwProvType
advapi32.dll
CryptAcquireContextA
CryptCreateHash
phHash
CryptHashData
pbData
dwDataLen
HP_HASHVAL
CryptGetHashParam
dwParam
pdwDataLen
CryptSignHash
dwKeySpec
sDescription
pbSignature
pdwSigLen
CryptSignHashA
CryptDestroyHash
CryptReleaseContext
READ_CONTROL
STANDARD_RIGHTS_READ
KEY_QUERY_VALUE
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
SYNCHRONIZE
STANDARD_RIGHTS_WRITE
KEY_SET_VALUE
KEY_CREATE_SUB_KEY
KEY_READ
KEY_WRITE
HKEY_CURRENT_USER
RegOpenKeyEx
lpSubKey
ulOptions
samDesired
phkResult
RegOpenKeyExA
RegQueryValueEx
lpValueName
lpReserved
lpType
lpData
lpcbData
RegQueryValueExA
RegDeleteValue
RegDeleteValueA
LocalFree
RegCloseKey
ppszDataDescr
crypt32.dll
CredEnumerate
lpszFilter
lFlags
pCount
lppCredentials
CredDelete
lpwstrTargetName
dwType
CredDeleteW
CredFree
pBuffer
SysAllocString
pOlechar
oleaut32.dll
GetStrFromPtrA
CheckSum
GetSHA1Hash
ProcessIEPass
strURL
strHash
dataOut
AddPasswdInfo
strRess
CopyString
Refresh
TargetName
Comment
LastWritten
CredentialBlobSize
CredentialBlob
Persist
AttributeCount
Attributes
TargetAlias
UserName
SECItemType
SECItemData
SECItemLen
HeapAlloc
GetProcessHeap
lstrlen
sqlite3_open
fileName
database
sqlite3_close
sqlite3_exec
callback
arguments
sqlite3_errmsg
sqlite3_prepare_v2
length
statement
sqlite3_step
sqlite3_column_count
sqlite3_column_name
columnNumber
sqlite3_column_type
sqlite3_column_int
sqlite3_column_double
sqlite3_column_text
sqlite3_column_blob
sqlite3_column_table_name
sqlite3_finalize
handle
SQL_OK
SQL_ROW
SQL_DONE
OpenDatabase
CloseDatabase
ArrayList
GetTables
ExecuteNonQuery
System.Data
DataTable
ExecuteQuery
ReadFirstRow
ReadNextRow
StringToPointer
PointerToString
GetPointerLenght
CRYPTPROTECT_PROMPT_ON_UNPROTECT
CRYPTPROTECT_PROMPT_ON_PROTECT
cbSize
dwPromptFlags
hwndApp
szPrompt
cbData
row_id
content
item_type
item_name
astable_name
root_num
sql_statement
wMonth
wDayOfWeek
wMinute
wSecond
wMilliseconds
dwStructSize
lpszSourceUrlName
lpszLocalFileName
CacheEntryType
dwUseCount
dwHitRate
dwSizeLow
dwSizeHigh
System.Runtime.InteropServices
FILETIME
LastModifiedTime
ExpireTime
LastAccessTime
LastSyncTime
lpHeaderInfo
dwHeaderInfoSize
lpszFileExtension
dwExemptDelta
dwWICK
dwEntriesCount
dwUnkId
dwDataOffset
ftInsertDateTime
dwDataSize
GENERIC
DOMAIN_PASSWORD
DOMAIN_CERTIFICATE
DOMAIN_VISIBLE_PASSWORD
MAXIMUM
lpstrKeyword
dwValueSize
lpbValue
lpstrTargetName
lpstrComment
ftLastWritten
dwCredentialBlobSize
lpbCredentialBlob
dwPersist
dwAttributeCount
lpAttributes
lpstrTargetAlias
lpUserName
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
Culture
System.Configuration
ApplicationSettingsBase
defaultInstance
addedHandler
addedHandlerLockObject
AutoSaveSettings
get_Default
Default
get_Settings
Settings
System.Net.Sockets
TcpClient
add_Connected
ConnectedEvent
remove_Connected
add_Disconnected
DisconnectedEvent
remove_Disconnected
add_Data
DataEvent
remove_Data
IsBuzy
Statconnected
Connect
DisConnect
Monitor
get_Count
get_Capacity
get_Item
get_IsAlive
set_Item
RemoveRange
set_Capacity
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
get_UseCompatibleTextRendering
SetCompatibleTextRenderingDefault
AuthenticationMode
set_IsSingleInstance
set_EnableVisualStyles
set_SaveMySettingsOnExit
ShutdownMode
set_ShutdownStyle
set_MainForm
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerHiddenAttribute
STAThreadAttribute
DebuggerNonUserCodeAttribute
DebuggerStepThroughAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
ArgumentException
System.Reflection
TargetInvocationException
Control
get_IsDisposed
RuntimeTypeHandle
GetTypeFromHandle
ContainsKey
String
GetResourceString
InvalidOperationException
Activator
CreateInstance
ProjectData
Exception
SetProjectError
get_InnerException
get_Message
ClearProjectError
Remove
Component
MyGroupCollectionAttribute
ThreadStaticAttribute
ComVisibleAttribute
CompilerGeneratedAttribute
Rectangle
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
set_Width
set_Height
get_Length
Strings
Conversions
Concat
ToInteger
Graphics
FromImage
System.Drawing.Drawing2D
CompositingQuality
set_CompositingQuality
CopyPixelOperation
CopyFromScreen
Cursors
Cursor
get_Position
GetThumbnailImageAbort
GetThumbnailImage
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Convert
ToBase64String
GetImageEncoders
get_MimeType
Operators
CompareString
EncoderParameters
MemoryStream
Enumerator
op_Explicit
get_Size
ToArray
IEnumerable`1
AddRange
Contains
CompareMethod
PixelFormat
get_PixelFormat
ImageFormat
get_Jpeg
GetEnumerator
get_Current
DrawImage
MoveNext
IDisposable
EncoderParameter
get_Param
Encoder
Quality
Encoding
GetBytes
ServerComputer
get_Clock
DateTime
get_LocalTime
GetTempPath
get_ExecutablePath
FileInfo
get_Name
Boolean
IntPtr
ReadAllText
AppendText
set_AutoFlush
Assembly
GetExecutingAssembly
Module
GetModules
Marshal
GetHINSTANCE
ToInt32
ThreadStart
Delete
GetProcessById
get_MainWindowTitle
get_Day
get_Month
get_Year
TextWriter
WriteAllText
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
ToLower
op_Equality
PtrToStructure
DllImportAttribute
User32.dll
MarshalAsAttribute
UnmanagedType
OutAttribute
StructLayoutAttribute
LayoutKind
FlagsAttribute
EventHandler
add_Load
FormClosingEventHandler
add_FormClosing
get_CurrentCulture
get_EnglishName
IndexOf
LastIndexOf
Substring
Container
SuspendLayout
set_Enabled
set_Interval
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
set_ClientSize
set_Text
ResumeLayout
remove_Tick
add_Tick
EndApp
Microsoft.Win32
RegistryKey
FileSystem
OpenMode
OpenAccess
OpenShare
FileOpen
FileGet
FileClose
ToBoolean
FormBorderStyle
set_FormBorderStyle
set_ShowInTaskbar
set_Visible
Directory
Exists
DirectoryInfo
CreateDirectory
Environment
SpecialFolder
GetFolderPath
Registry
CurrentUser
OpenSubKey
RegistryValueKind
SetValue
FileStream
FileMode
FileAccess
get_MachineName
get_UserName
ComputerInfo
get_Info
get_OSFullName
ConcatenateObject
NewLateBinding
LateCall
DeleteValue
set_Position
Interaction
AppWinStyle
Microsoft.VisualBasic.MyServices
FileSystemProxy
get_FileSystem
RenameDirectory
RenameFile
get_ProcessName
get_Id
get_SessionId
GetProcessesByName
Console
RegistryProxy
get_Registry
CreateObject
ChangeType
WriteAllBytes
DesignerGeneratedAttribute
AccessedThroughPropertyAttribute
GetString
DriveInfo
IEnumerator`1
DriveType
System.Collections.ObjectModel
ReadOnlyCollection`1
get_Drives
get_DriveType
IEnumerator
GetDirectories
GetFiles
GetSubKeyNames
ReadIntPtr
PtrToStringBSTR
Environ
Conversion
ToCharArray
Information
UBound
get_Chars
ToDouble
Replace
ReadAllLines
StringType
MidStmtStr
ReadAllBytes
AddObject
StartsWith
ICryptoTransform
TripleDESCryptoServiceProvider
Initialize
SymmetricAlgorithm
CipherMode
set_Mode
PaddingMode
set_Padding
TripleDES
set_Key
set_IV
CreateDecryptor
TransformFinalBlock
get_Unicode
DataRow
GetEnvironmentVariable
System.Text.RegularExpressions
IsMatch
DataRowCollection
get_Rows
get_UTF8
Delegate
GetDelegateForFunctionPointer
UnmanagedFunctionPointerAttribute
CallingConvention
op_Inequality
get_ItemArray
DataColumnCollection
get_Columns
DataColumn
Double
WriteByte
mozsqlite3
GCHandle
GCHandleType
AddrOfPinnedObject
Crypt32.dll
BitConverter
ToInt64
Decimal
ToUInt16
CopyArray
Compare
Subtract
ToUInt64
get_BigEndianUnicode
Multiply
CompareTo
PtrToStringAnsi
Create
ReadByte
PtrToStringUni
AllocHGlobal
StringToHGlobalUni
FreeHGlobal
RegexOptions
WriteInt32
IsNullOrEmpty
MatchCollection
Matches
GroupCollection
get_Groups
Capture
get_Value
WriteInt16
Format
ReferenceEquals
get_Assembly
SettingsBase
Synchronized
get_SaveMySettingsOnExit
ObjectFlowControl
CheckForSyncLockOnValueType
ShutdownEventHandler
add_Shutdown
Combine
Socket
get_Client
get_Connected
SocketFlags
SelectMode
get_Available
Receive
LateIndexGet
LateGet
DebuggableAttribute
DebuggingModes
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyFileVersionAttribute
GuidAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Stub.exe
Stub.Resources.resources
Stub.Form1.resources
MyTemplate
8.0.0.0
My.Forms
My.Computer
My.Application
My.WebServices
My.User
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
Timer1
Timer2
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
10.0.0.0
My.Settings
WrapNonExceptionThrows
1.0.0.0
$5a542c1b-2d36-4c31-b039-26a88d3967da
Copyright 
 Microsoft 2012
Client
	Microsoft
_CorExeMain
mscoree.dll
D:\VB.Net\VB.Net\VB.Net\Client\Client\obj\Debug\Stub.pdb
wwwwwwwwwwwwwwp
DDDDDDDDDDDDDDp
DDDDDDDDDDDDDDp
LLLLLLLLLN
DDDDDDDDDDDDD@
wwwwwwwDDDDDDDGO
DDDDDD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>