Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9bc8b0d07c7536621139bdac4f8c28b2 --

Hashes
MD5: 9bc8b0d07c7536621139bdac4f8c28b2
SHA1: 0ccd706422df1d518c4c121aabef8bc98b41ecb4
SHA256: 801c5d2fe872de0ebdf9b23af32ea4097c2f68622a6675d8378186e5fce8e7cb
SSDEEP: 1536:GL7Z3hdye1LzYPqVup5uqcs+YNaQNsLEkI7YylhG2GbdUKhiatwAvKJY0:GR3fye1LzYxh+Y8Q4EkI8yedsMHg1
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/cred_local | YRP/win_registry | YRP/win_hook | YRP/Advapi_Hash_API | YRP/Njrat | YRP/win_exe_njRAT | YRP/Str_Win32_Wininet_Library | YRP/SpyGate | YRP/CAP_HookExKeylogger | FlorianRoth/RAT_SpyGate | KevTheHermit/SpyGate |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
oSN;<	
l#ffffff
l#ffffff
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v2.0.50727
#Strings
mscorlib
Microsoft.VisualBasic
System.Windows.Forms
System
System.Drawing
System.ServiceProcess
user32
user32.dll
winmm.dll
kernel32
kernel32.dll
avicap32.dll
KERNEL32.DLL
User32.dll
wininet.dll
advapi32.dll
crypt32.dll
oleaut32.dll
O.A.resources
O.B.resources
O.Resources.resources
EyIcVuC
taskBar
country
culture
CompDir
AccessedThroughPropertyAttribute
System.Runtime.CompilerServices
CompilerGeneratedAttribute
PersistThread
Thread
System.Threading
Hideme
Usname
RegStr
Sleepd
Documents
appdata
Devices
Grafikadapter
RegionA
regPID
RegistryKey
Microsoft.Win32
SETDESKWALLPAPER
UPDATEINIFILE
startupkey
components
IContainer
System.ComponentModel
_Lambda$__R44-2
EventArgs
_Lambda$__R37-1
SessionEndingEventArgs
EventHandler
remove_Tick
add_Tick
set_TR1
WithEventsValue
get_TR1
Container
Control
SuspendLayout
set_Enabled
set_Interval
ContainerControl
set_AutoScaleDimensions
set_AutoScaleMode
AutoScaleMode
set_ClientSize
set_ControlBox
set_FormBorderStyle
FormBorderStyle
set_MaximizeBox
set_MinimizeBox
set_Name
set_Opacity
set_ShowIcon
set_ShowInTaskbar
set_WindowState
FormWindowState
ResumeLayout
InitializeComponent
DebuggerStepThroughAttribute
System.Diagnostics
IDisposable
Dispose
disposing
DebuggerNonUserCodeAttribute
DirectoryInfo
System.IO
FileInfo
get_Name
String
ToLower
Operators
Microsoft.VisualBasic.CompilerServices
CompareString
get_Directory
get_Parent
Conversions
ToString
_Lambda$__R44-3
Exception
GetTempPath
Concat
Delete
ProjectData
SetProjectError
ClearProjectError
Replace
Registry
CurrentUser
OpenSubKey
Application
get_ExecutablePath
SetValue
RegistryValueKind
DeleteValue
Environment
GetFolderPath
SpecialFolder
DeleteSubKey
Object
NewLateBinding
LateGet
ConcatenateObject
Interaction
AppWinStyle
EndApp
Convert
FromBase64String
Encoding
System.Text
get_UTF8
GetString
GetBytes
ToBase64String
Uacode
IEnumerator
System.Collections
ProcessThread
Process
get_Threads
ProcessThreadCollection
ReadOnlyCollectionBase
GetEnumerator
get_Current
get_Id
IntPtr
op_Inequality
MoveNext
SuspendProcess
process
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
GetWindowThreadProcessId
lpdwProcessID
dwMilliseconds
GetVolumeInformation
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetVolumeInformationA
GetAsyncKeyState
GetWindowText
StringBuilder
lpString
_Lambda$__R44-4
mciSendString
lpCommandString
lpReturnString
uReturnLength
hwndCallback
mciSendStringA
FindWindow
lpClassName
lpWindowName
FindWindowA
SetWindowPos
hWndInsertAfter
wFlags
SendMessage
wParam
lparam
SwapMouseButton
apiBlockInput
fBlock
BlockInput
GetForegroundWindow
SystemParametersInfo
uAction
uParam
lpvParam
fuWinIni
SystemParametersInfoA
ClassesRoot
StartsWith
LocalMachine
GetKey
GetSubKeyNames
GetValue
xSTCWkAgg
_Lambda$__R44-5
ServiceController
GetServices
get_ServiceName
Strings
VGLcwppQ
ServiceName
dkGrWJGkB
Clipboard
Boolean
SetText
GetText
RichTextBox
get_Text
get_NewLine
set_Text
get_Length
TextBoxBase
set_SelectionStart
ScrollToCaret
WriteAllBytes
ReadAllBytes
Directory
Exists
CreateDirectory
GetFiles
GetFileName
Combine
GetDirectories
SDPKNl
sourcePath
destPath
_Lambda$__R44-6
GetAttributes
FileAttributes
TnexoOos
location
FileSystem
GetAttr
FileAttribute
QRhvlBW
DriveInfo
DriveType
IEnumerable
get_DriveType
get_RootDirectory
get_Exists
ToBoolean
get_VolumeLabel
get_TotalSize
nYekikJU
Rectangle
MemoryStream
ServiceControllerStatus
ServiceType
CompareMethod
get_MachineName
get_UserName
ServerComputer
Microsoft.VisualBasic.Devices
get_Info
ComputerInfo
get_OSFullName
Screen
get_PrimaryScreen
get_Bounds
get_Size
get_Width
get_Height
ToInteger
ToArray
Stream
SetAttributes
get_StartupPath
WebClient
System.Net
DownloadData
get_FileSystem
FileSystemProxy
Microsoft.VisualBasic.MyServices
LateCall
Cursor
set_Position
ToByte
ToInt32
get_Network
Network
DownloadFile
WriteAllText
GetProcesses
get_ProcessName
get_MainModule
ProcessModule
get_FileName
get_PrivateMemorySize64
get_StartTime
DateTime
GetFileNameWithoutExtension
GetProcessesByName
LateSetComplex
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
add_Exited
ProcessWindowStyle
LateSet
CreateObject
RuntimeHelpers
GetObjectValue
GetTypeFromHandle
RuntimeTypeHandle
ChangeType
get_Message
SetAttr
ParameterizedThreadStart
set_IsBackground
Invoke
Delegate
Contains
InitializeArray
RuntimeFieldHandle
get_DisplayName
get_Status
get_ServiceType
StreamReader
ReadToEnd
StreamWriter
TextWriter
WriteLine
ReadAllText
Disconnected
Connected
set_CheckForIllegalCrossThreadCalls
GetCurrentProcess
OpenExisting
ThreadStart
CopyFile
SessionEndingEventHandler
SystemEvents
add_SessionEnding
A_Load
sender
A_FormClosing
FormClosingEventArgs
A_FormClosed
FormClosedEventArgs
TR1_Tick
_Lambda$__R44-7
get_Handle
Environ
Conversion
CreateSubKey
get_Capacity
GetCaption
Random
VBMath
get_Chars
RandomVariable
minamount
maxamount
STAThreadAttribute
FormClosedEventHandler
add_FormClosed
FormClosingEventHandler
add_FormClosing
add_Load
ToDouble
Computer
GetEnvironmentVariable
EnvironmentVariableTarget
CultureInfo
System.Globalization
get_CurrentCulture
get_EnglishName
IndexOf
LastIndexOf
Substring
DesignerGeneratedAttribute
MulticastDelegate
TargetObject
TargetMethod
BeginInvoke
IAsyncResult
AsyncCallback
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
CP_NOCLOSE_BUTTON
_Sendbox
TextBox
get_CreateParams
CreateParams
get_ClassStyle
set_ClassStyle
KeyPressEventArgs
get_KeyChar
Sendbox_KeyPress
B_Load
KeyPressEventHandler
remove_KeyPress
add_KeyPress
set_Sendbox
B_Resize
get_Sendbox
set_Recv
get_Recv
get_Black
set_BackColor
set_BorderStyle
BorderStyle
set_Dock
DockStyle
FontStyle
GraphicsUnit
set_Font
get_LimeGreen
set_ForeColor
set_Location
set_ReadOnly
set_Size
set_TabIndex
set_AcceptsReturn
set_AcceptsTab
get_White
set_MaxLength
get_Controls
ControlCollection
set_StartPosition
FormStartPosition
set_TopMost
PerformLayout
add_Resize
checkcam
op_Equality
op_Explicit
StrDup
GetProcessById
get_MainWindowTitle
FileSystemInfo
get_LastWriteTime
get_TotalPhysicalMemory
UInt64
Double
Remove
get_OSVersion
OperatingSystem
get_ServicePack
GenerateOperatingSystem
GZipStream
System.IO.Compression
CompressionMode
SubtractObject
BitConverter
List`1
System.Collections.Generic
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
AddHome
CloseHandle
hHandle
ResumeThread
hThread
SuspendThread
OpenThread
dwDesiredAccess
bInheritHandle
dwThreadId
GetWindowTextLength
GetWindowTextLengthA
WinTitle
MaxLength
GetWindowTextA
get_Default
MapVirtualKey
wMapType
MapVirtualKeyA
keybd_event
dwFlags
dwExtraInfo
mouse_event
cButtons
.cctor
StandardModuleAttribute
ThreadAccess
value__
TERMINATE
SUSPEND_RESUME
GET_CONTEXT
SET_CONTEXT
SET_INFORMATION
QUERY_INFORMATION
SET_THREAD_TOKEN
IMPERSONATE
DIRECT_IMPERSONATION
DataEvent
DisconnectedEvent
boBULuYAcHNsKPdDOpFRFCN
ConnectedEvent
TcpClient
System.Net.Sockets
WdDbJoANHQWlGVfoQLLaMRJ
DisConnect
get_Client
Socket
SocketFlags
Connect
get_Connected
Statconnected
Interlocked
CompareExchange
remove_Data
SelectMode
get_Available
Receive
LateIndexGet
add_Data
remove_Disconnected
add_Disconnected
etAQkwMSOCivMLEimGClaTP
JlEmdtjbTTDIgucfB
MQwFMQgTYMefKbgUR
remove_Connected
add_Connected
ConnectedEventHandler
DisconnectedEventHandler
DataEventHandler
Bitmap
set_Width
set_Height
Graphics
FromImage
set_CompositingQuality
CompositingQuality
System.Drawing.Drawing2D
CopyFromScreen
CopyPixelOperation
Cursors
get_Position
GetThumbnailImage
GetThumbnailImageAbort
MD5CryptoServiceProvider
System.Security.Cryptography
HashAlgorithm
ComputeHash
ImageCodecInfo
System.Drawing.Imaging
GetImageEncoders
get_MimeType
GetEncoderInfo
EncoderParameters
Enumerator
get_Count
AddRange
IEnumerable`1
get_PixelFormat
PixelFormat
ImageFormat
get_Jpeg
get_Item
DrawImage
get_Param
EncoderParameter
Encoder
Quality
O.My.Resources
resourceMan
ResourceManager
System.Resources
resourceCulture
get_Culture
ReferenceEquals
get_Assembly
Assembly
System.Reflection
get_ResourceManager
set_Culture
EditorBrowsableAttribute
EditorBrowsableState
HideModuleNameAttribute
GeneratedCodeAttribute
System.CodeDom.Compiler
ApplicationSettingsBase
System.Configuration
defaultInstance
SettingsBase
Synchronized
get_Settings
HelpKeywordAttribute
System.ComponentModel.Design
ConsoleApplicationBase
Microsoft.VisualBasic.ApplicationServices
DebuggerHiddenAttribute
m_AppObjectProvider
m_UserObjectProvider
m_MyFormsObjectProvider
m_ComputerObjectProvider
m_MyWebServicesObjectProvider
get_GetInstance
get_User
get_Application
get_Forms
get_WebServices
get_Computer
MyForms
m_FormBeingCreated
Hashtable
ThreadStaticAttribute
TargetInvocationException
get_IsDisposed
ContainsKey
GetResourceString
InvalidOperationException
Activator
CreateInstance
get_InnerException
Create__Instance__
Instance
Component
Dispose__Instance__
instance
Equals
GetHashCode
GetType
ArgumentException
MyGroupCollectionAttribute
MyWebServices
ThreadSafeObjectProvider`1
m_ThreadStaticValue
GetInstance
ComVisibleAttribute
System.Runtime.InteropServices
WM_KEYUP
WM_KEYDOWN
HHookID
KBDLLHookProcDelegate
WM_SYSKEYUP
WM_SYSKEYDOWN
HC_ACTION
WH_KEYBOARD_LL
lastKey
LastAS
LastAV
Isdown
TNIeSkTiKSewKwVSUFJtudX
QIJiphfQYXKtICuktoMZZMV
ODKmQfrvmbnqGFWFWZPFErT
MuLpocHdDgSmEJvYvKShgaS
JpMtPZTLRlvjCMYqXtVNLJQ
Marshal
PtrToStructure
KeyboardProc
lParam
GetKeyboardLayout
dwLayout
uMapType
GetKeyboardState
lpKeyState
ToUnicodeEx
wVirtKey
wScanCode
pwszBuff
cchBuff
get_Clock
get_LocalTime
get_Day
get_Month
get_Year
get_Hour
get_Minute
get_Second
VKCodeToUnicode
VKCode
get_Keyboard
Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
UnhookWindowsHookEx
idHook
CallNextHookEx
SetWindowsHookEx
HookProc
hInstance
DeleteJpMtPZTLRlvjCMYqXtVNLJQ
tEWQVticntPNbTKSXnFuLiR
BLLwkkdMBfUMgeUtH
DmGPTGbEHYvkKLYiX
AppendText
set_AutoFlush
GetExecutingAssembly
GetModules
Module
GetHINSTANCE
KBDLLHOOKSTRUCT
ValueType
vkCode
scanCode
KBDLLHOOKSTRUCTFlags
LLKHF_EXTENDED
LLKHF_INJECTED
LLKHF_ALTDOWN
LLKHF_UP
FlagsAttribute
KBDLLHookProc
ALG_CLASS_HASH
ALG_TYPE_ANY
ALG_SID_SHA
PROV_RSA_FULL
CALG_SHA
AT_SIGNATURE
URLHISTORY_CACHE_ENTRY
HP_HASHVAL
READ_CONTROL
NORMAL_CACHE_ENTRY
STANDARD_RIGHTS_READ
KEY_QUERY_VALUE
MAX_CACHE_ENTRY_INFO_SIZE
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
SYNCHRONIZE
MAX_PATH
STANDARD_RIGHTS_WRITE
KEY_SET_VALUE
ERROR_CACHE_FIND_SUCCESS
KEY_CREATE_SUB_KEY
KEY_READ
ERROR_CACHE_FIND_FAIL
KEY_WRITE
HKEY_CURRENT_USER
CryptGetHashParam
dwParam
pdwDataLen
CryptSignHash
dwKeySpec
sDescription
pbSignature
pdwSigLen
CryptSignHashA
CryptHashData
pbData
dwDataLen
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
phHash
RegOpenKeyEx
lpSubKey
ulOptions
samDesired
phkResult
RegOpenKeyExA
RegQueryValueEx
lpValueName
lpReserved
lpType
lpData
lpcbData
RegQueryValueExA
RegDeleteValue
RegDeleteValueA
CryptAcquireContext
phProv
pszContainer
pszProvider
dwProvType
CryptAcquireContextA
LocalFree
RegCloseKey
lstrcpyA
RetVal
CryptUnprotectData
pDataIn
ppszDataDescr
pOptionalEntropy
pvReserved
pPromptStruct
pDataOut
lstrlenA
CredEnumerate
lpszFilter
lFlags
pCount
lppCredentials
CredEnumerateW
CredDelete
lpwstrTargetName
dwType
CredDeleteW
FindCloseUrlCache
hEnumHandle
CredFree
pBuffer
SysAllocString
pOlechar
PtrToStringAnsi
GetStrFromPtrA
FindNextUrlCacheEntry
lpFirstCacheEntryInfo
lpdwFirstCacheEntryInfoBufferSize
FindNextUrlCacheEntryA
CheckSum
CopyArray
Create
GetSHA1Hash
FindFirstUrlCacheEntry
lpszUrlSearchPattern
FindFirstUrlCacheEntryA
ReadByte
PtrToStringUni
ProcessIEPass
strURL
strHash
dataOut
get_Unicode
AllocHGlobal
StringToHGlobalUni
FreeHGlobal
AddPasswdInfo
strRess
CopyString
System.Text.RegularExpressions
GCHandle
RegexOptions
WriteInt32
IsNullOrEmpty
Matches
MatchCollection
get_Groups
GroupCollection
Capture
get_Value
ReadIntPtr
WriteInt16
GCHandleType
AddrOfPinnedObject
Format
Refresh
SYSTEMTIME
wMonth
wDayOfWeek
wMinute
wSecond
wMilliseconds
INTERNET_CACHE_ENTRY_INFO
dwStructSize
lpszSourceUrlName
lpszLocalFileName
CacheEntryType
dwUseCount
dwHitRate
dwSizeLow
dwSizeHigh
LastModifiedTime
FILETIME
System.Runtime.InteropServices.ComTypes
ExpireTime
LastAccessTime
LastSyncTime
lpHeaderInfo
dwHeaderInfoSize
lpszFileExtension
dwExemptDelta
DATA_BLOB
cbData
StringIndexHeader
dwWICK
dwEntriesCount
dwUnkId
StringIndexEntry
dwDataOffset
ftInsertDateTime
dwDataSize
CRED_TYPE
GENERIC
DOMAIN_PASSWORD
DOMAIN_CERTIFICATE
DOMAIN_VISIBLE_PASSWORD
MAXIMUM
CREDENTIAL_ATTRIBUTE
lpstrKeyword
dwValueSize
lpbValue
CREDENTIAL
lpstrTargetName
lpstrComment
ftLastWritten
dwCredentialBlobSize
lpbCredentialBlob
dwPersist
dwAttributeCount
lpAttributes
lpstrTargetAlias
lpUserName
Collection
BHuEglLFLdbBahildFLDwVj
thread
YQhSdctLfDrkJMtlZUPBiQq
SgOUgMenYdpdOrNmkCgmAXK
pXMYJBiZiKkDTVgQG
SlWeSbJphibmNaCYC
kJsOQUHhrBXGVGUsmbRsMlG
PBAkIQdqASpPppspB
SdsDokbiFLTnTWweR
EhoDdRAJKSHhRTYBiVOhUdT
BKFthNfTOePSlVJuh
ElAMPgdLTXqpQCNjA
GetIcon
get_CurrentThread
GetDrives
get_IsReady
get_TotalFreeSpace
GetExtension
CompareObjectNotEqual
AndObject
EndsWith
set_Attributes
28D86C56B3BF26D236569B8DC8C3F91F32F47BC7
ComputeStringHash
__StaticArrayInitTypeSize=3
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyProductAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
Sendbox
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
My.Settings
MyTemplate
11.0.0.0
My.Application
My.User
My.Forms
My.Computer
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
$3624e79c-c7fd-405e-b70b-a25ed8bb6615
3.2.0.0
_CorExeMain
mscoree.dll
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD