Sample details: 0fe981884efec833e285d6911e6edde9 --

Hashes
MD5: 0fe981884efec833e285d6911e6edde9
SHA1: 1a8915fe8ef43cf6896406c48224f454b0af34c3
SHA256: 6c163bee10e7a3b0c3ca2174f9875841fe26815c52d63cdfc4553ef422493d98
SSDEEP: 1536:mNBLyLALww8dBfZ57qs0/eyvGg9P/BGpiOO:mNB4JS/eq9PJAI
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/network_smtp_dotNet | YRP/keylogger | YRP/win_hook | YRP/Big_Numbers1 | YRP/CAP_HookExKeylogger |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
SyEKUJ
FirefoxPassReader
FFDecryptor
Program
kjdshfi23ur9fjsdfmiowuf9sods
CryptProtectPromptFlags
CRYPTPROTECT_PROMPTSTRUCT
DATA_BLOB
record_header_field
table_entry
sqlite_master_entry
FFLogins
LoginData
TSECItem
DLLFunctionDelegate
DLLFunctionDelegate2
DLLFunctionDelegate3
DLLFunctionDelegate4
DLLFunctionDelegate5
DLLFunctionDelegate6
sadfgbui32yur89usjdf8934rtf
KeyboardProcDelegateee
KDEventHandler
KUEventHandler
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.Windows.Forms
WithEventsValue
VFWHTMTWN
VFWHTMTWN
VFWHTMTWN
MZDAZW
MZDAZW
MZDAZW
QPJSWHXY
logagas
System.Diagnostics
Process
BUBWJSK
ETVALWE
EventArgs
sender
ensnwe
hProcess
processInformationClass
processInformation
processInformationLength
IBPSAQI
Enable
TZHZPuCy
scrsht
uuDHENAW
cipherText23
RSA_qDecrypt
Killme
GetModuleFileNameqwq
hModule
lpFileName
kernel32
GetModuleFileNameA
ExitProcess23
uExitCode
ExitProcess
MoveFile232
lpExistingFileName
lpNewFileName
dwdvsdfdbdtyd
MoveFileExW
Command
ReturnString
ReturnLength
winmm.dll
mciSendStringA
WSHWHEAAHSHWH
IpOperation
Ipfile
IpParameters
IpDirectory
nShowCmd
shell32.dll
ShellExecuteA
IWSIKAsWQWS
IpClassName
IpWindowName
user32.dll
FindWindowA
LALSKWKDKAK
user32
SetForegroundWindow
smtpppp
subject
get_HKB
set_HKB
GetForegroundWindow
GetWindowText
lpString
GetWindowTextA
shiftandcaps
VKCodeToUnicode
VKCode
GetWindowThreadProcessId
lpdwProcessID
GetKeyboardLayout
dwLayout
System.Text
StringBuilder
ToUnicodeEx
wVirtKey
wScanCode
lpKeyState
pwszBuff
cchBuff
wFlags
GetKeyboardState
MapVirtualKey
uMapType
VFWHTMTWN
MZDAZW
GetExternalIP
llpass
ggggttt
coeecoc
Vvpass
BBBpass
bbbbpass
orbewa
Slimaa
pathsss
OTPASS
CryptUnprotectData
pDataIn
szDataDescr
pOptionalEntropy
pvReserved
pPromptStruct
dwFlags
pDataOut
decryptot
encryptedData
WuCXAWU
FyIFCB
Offset
ReadTable
TableName
GetRowCount
GetValue
row_num
GetTableNames
baseName
ReadPasswords
SeaMonkey
Thread
System.Collections.Generic
List`1
hModuleList
PK11SDR_Decrypt
result
NSS_Shutdown
LoadLibrary
dllFilePath
FreeLibrary
GetProcAddress
procName
CreateAPI
method
NSS_Inite
configdir
Decrypt
cypherText
accountWriter
decodePW
HC_ACTION
WH_KEYBOARD_LL
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
SetWindowsHookExee
idHook
dwThreadId
SetWindowsHookExA
CallNextHookEx
wParam
lParam
UnhookWindowsHookEx
add_KD
KDEvent
remove_KD
add_KU
KUEvent
remove_KU
KeyboardProcwew
Finalize
value__
CRYPTPROTECT_PROMPT_ON_UNPROTECT
CRYPTPROTECT_PROMPT_ON_PROTECT
ValueType
cbSize
dwPromptFlags
hwndApp
szPrompt
cbData
pbData
astable_name
_nextId
get_nextId
set_nextId
AutoPropertyValue
_logins
get_logins
set_logins
_disabledHosts
get_disabledHosts
set_disabledHosts
_version
get_version
set_version
nextId
logins
disabledHosts
version
get_id
set_id
_hostname
get_hostname
set_hostname
get_url
set_url
_httprealm
get_httprealm
set_httprealm
_formSubmitURL
get_formSubmitURL
set_formSubmitURL
_usernameField
get_usernameField
set_usernameField
_passwordField
get_passwordField
set_passwordField
_encryptedUsername
get_encryptedUsername
set_encryptedUsername
_encryptedPassword
get_encryptedPassword
set_encryptedPassword
get_guid
set_guid
_encType
get_encType
set_encType
_timeCreated
get_timeCreated
set_timeCreated
_timeLastUsed
get_timeLastUsed
set_timeLastUsed
_timePasswordChanged
get_timePasswordChanged
set_timePasswordChanged
_timesUsed
get_timesUsed
set_timesUsed
hostname
httprealm
formSubmitURL
usernameField
passwordField
encryptedUsername
encryptedPassword
encType
timeCreated
timeLastUsed
timePasswordChanged
timesUsed
SECItemType
SECItemData
SECItemLen
MulticastDelegate
TargetObject
TargetMethod
IAsyncResult
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
loadCerts
arenaOpt
outItemOpt
sdicyhsjcjsdnc
scancode
dwExtraInfo
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Operators
ConcatenateObject
ServerComputer
get_Name
ComputerInfo
get_Info
get_OSFullName
get_OSPlatform
get_OSVersion
SystemInformation
BootMode
get_BootMode
get_AvailablePhysicalMemory
Double
String
Substring
get_TotalPhysicalMemory
get_AvailableVirtualMemory
get_TotalVirtualMemory
Conversions
Strings
StrReverse
GetProcesses
EventHandler
remove_Tick
add_Tick
System.Drawing
Graphics
Bitmap
Exception
Rectangle
set_Interval
Microsoft.VisualBasic.MyServices
FileSystemProxy
get_FileSystem
SpecialDirectoriesProxy
get_SpecialDirectories
get_MyDocuments
Concat
System.IO
Directory
Exists
Screen
get_Screen
get_Bounds
get_Width
get_Height
FromImage
CopyFromScreen
DirectoryInfo
CreateDirectory
ProjectData
SetProjectError
ClearProjectError
GetCurrentProcess
Debugger
get_IsAttached
Environment
CreateProjectError
get_Handle
System.Net
WebClient
DownloadString
NewLateBinding
LateGet
ConditionalCompareObjectEqual
LateIndexGet
CompareObjectEqual
CompareString
Boolean
AndObject
ToBoolean
Cursor
set_Position
System.Net.Mail
Attachment
SmtpClient
MailMessage
MailAddress
set_From
MailAddressCollection
get_To
get_UserName
set_Subject
set_Body
AttachmentCollection
get_Attachments
System.Collections.ObjectModel
Collection`1
set_EnableSsl
ToInteger
set_Port
NetworkCredential
ICredentialsByHost
set_Credentials
Dispose
Delete
StreamReader
FtpWebRequest
Encoding
get_UTF8
ReadToEnd
GetBytes
WebRequest
Create
ICredentials
set_Method
IWebProxy
set_Proxy
set_KeepAlive
Stream
GetRequestStream
ClipboardProxy
get_Clipboard
GetText
Replace
Contains
DateTime
get_Now
ToShortDateString
ToDate
Compare
ProcessStartInfo
get_ExecutablePath
set_Arguments
ProcessWindowStyle
set_WindowStyle
set_CreateNoWindow
set_FileName
System.Management
ManagementObjectCollection
ManagementClass
ManagementObject
ManagementObjectEnumerator
GetInstances
GetEnumerator
ManagementBaseObject
get_Current
PropertyDataCollection
get_Properties
PropertyData
get_Item
get_Value
MoveNext
IDisposable
System.Threading
WaitHandle
WaitOne
EndApp
System.Security.Cryptography
CryptoStream
ICryptoTransform
MemoryStream
Rfc2898DeriveBytes
RijndaelManaged
get_ASCII
Convert
FromBase64String
SymmetricAlgorithm
CipherMode
set_Mode
CreateDecryptor
CryptoStreamMode
GetString
CompareMethod
ToDouble
Append
get_ProcessName
GetProcessesByName
GetTempPath
get_Millisecond
System.Collections.Specialized
StringCollection
SpecialFolder
GetFolderPath
GetFileName
Clipboard
SetFileDropList
SendKeys
SendWait
WebResponse
GetResponse
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
ToLower
IntPtr
op_Explicit
AccessedThroughPropertyAttribute
STAThreadAttribute
DllImportAttribute
ntdll.dll
MarshalAsAttribute
UnmanagedType
InAttribute
OutAttribute
Delegate
Combine
Remove
System.Reflection
Assembly
GetExecutingAssembly
Module
GetModules
Marshal
GetHINSTANCE
ToInt32
LateCall
SubtractObject
ChangeType
get_Default
LateSetComplex
System.Xml
XmlDocument
XmlNodeList
Interaction
Environ
GetElementsByTagName
get_Count
XmlNode
get_ItemOf
get_InnerText
AddObject
XmlReader
OpenTextFileReader
XmlTextReader
XmlNodeType
get_NodeType
ReadInnerXml
Microsoft.Win32
RegistryKey
UTF8Encoding
Registry
CurrentUser
OpenSubKey
GetSubKeyNames
ToChar
GCHandle
GCHandleType
AddrOfPinnedObject
get_Length
Buffer
BlockCopy
System.Security
ProtectedData
DataProtectionScope
Unprotect
Crypt32.dll
FlagsAttribute
StructLayoutAttribute
LayoutKind
CompareObjectGreater
OrObject
BitConverter
ToInt64
Decimal
Subtract
ToUInt16
CopyArray
UInt64
ToULong
get_Unicode
get_BigEndianUnicode
Multiply
ToUInt64
ToLong
CompareTo
IndexOf
ConditionalCompareObjectGreater
FileSystem
OpenMode
OpenAccess
OpenShare
FileOpen
FileGet
FileClose
System.Web.Extensions
System.Web.Script.Serialization
JavaScriptSerializer
Enumerator
GetDirectories
GetFiles
Deserialize
GetDelegateForFunctionPointer
GetEnvironmentVariable
AllocHGlobal
op_Inequality
FreeHGlobal
kernel32.dll
UnmanagedFunctionPointerAttribute
CallingConvention
LocalMachine
SearchOption
LastIndexOf
FileStream
FileMode
ConditionalCompareObjectLess
ConditionalCompareObjectNotEqual
Format
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
pxpxpxpx
pxpxpxpx.exe
MyTemplate
14.0.0.0
My.Application
My.Computer
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
MZDAZW
VFWHTMTWN
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>