Sample details: c1e8dfad2f325fd08778ca47118e6b40 --

Hashes
MD5: c1e8dfad2f325fd08778ca47118e6b40
SHA1: a3e2dcba398e7100540ff1e3bd61d58e4ae95365
SHA256: a87e3b5dfe387b7ec8987c00b9ec2f0c8fd87863286c303493ec72b1b1489059
SSDEEP: 96:aP7kz8xH7ztj8mbsx3GxT7xQEf6Utvz/W7lX+37zE+Elk2VgbgzNt:sbBfQWl1j6Ut7W7lX+3XE9Vai
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/NETexecutableMicrosoft | YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData |
Source
http://95.215.1.100/dosemu.exe
http://95.215.1.100/dosemu.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
DOSEMU
mscorlib
Replace
set_WindowStyle
ProcessWindowStyle
set_FileName
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
DOSEMU.exe
System.Runtime.Versioning
String
System
System.Reflection
ProcessStartInfo
Win32WordEmulator
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
Process
get_Arguments
set_Arguments
Concat
Object
set_CreateNoWindow
WrapNonExceptionThrows
DOS16BIT
16BIT ASSEMBLY EMULATOR
RETROPUNKS.CC
DOSEMU
Copyright 
  2015
DOS16BIT COPYLEFT
$5fbcb685-6796-41ac-a2b7-b8dd142082c9
2.1.11.4
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
E:\lance\lance\obj\Release\DOSEMU.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>