Sample details: 6e1b49a289239c02820cdfd766e97f4d --

Hashes
MD5: 6e1b49a289239c02820cdfd766e97f4d
SHA1: c4806b993b759c08c5663f211cd08feee2d013c3
SHA256: f43a3f35db805da3bfcfee9afcb23651c1cfbb4f20c65a5ad79baa617203a0c4
SSDEEP: 384:q8RBjVTF99LBx+CP+COlSrEDT8rLkM4iPmIvXFpSXluZWpD65nBWmoHWW:X3jVT4bI4DQvRZEmns
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/BlackWorm | FlorianRoth/DragonFly_APT_Sep17_3 | BAMFDetect/BlackWorm |
Source
http://103.68.190.250/Sources//ActiveMalwares/DesckVBRAT/Stub%20DownloadFile/Svchost/bin/Debug/Svchost.exe
http://103.68.190.250/Sources//ActiveMalwares/DesckVBRAT/Stub%20DownloadFile/Svchost/obj/Debug/Svchost.exe
Strings
		!This program cannot be run in DOS mode.
`.sdata
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
Svchost.My
MyComputer
MyProject
MyForms
MyWebServices
ThreadSafeObjectProvider`1
Antikill
Svchost
EnumWindProc
EnumChildWindProc
Resources
Svchost.My.Resources
MySettings
MySettingsProperty
Microsoft.VisualBasic.ApplicationServices
WindowsFormsApplicationBase
.cctor
__ENCAddToList
System.Collections.Generic
List`1
System
WeakReference
__ENCList
OnCreateMainForm
Microsoft.VisualBasic.Devices
Computer
Object
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_Forms
m_MyFormsObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
get_URrL
m_URrL
set_URrL
Create__Instance__
System.Windows.Forms
Instance
Dispose__Instance__
instance
System.Collections
Hashtable
m_FormBeingCreated
Equals
GetHashCode
GetType
ToString
get_GetInstance
m_ThreadStaticValue
GetInstance
EnableWindow
bEnable
GetWindowThreadProcessId
lpdwProcessID
user32
GetForegroundWindow
GetClassName
lpClassName
nMaxCount
GetClassNameA
SendMessage
wParam
lParam
SendMessageA
System.Text
StringBuilder
GetWindowText
lpString
GetWindowTextLength
EnumChildWindows
lpEnumFunc
EnumChild
protect
GetChild
MulticastDelegate
TargetObject
TargetMethod
IAsyncResult
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
Dispose
disposing
System.ComponentModel
IContainer
components
InitializeComponent
_Timer1
get_Timer1
set_Timer1
WithEventsValue
check1
check2
hidemexe
pesist
Random
FileAttribute
System.Threading
Thread
EventArgs
Form1_Load
sender
Timer1_Tick
FormClosedEventArgs
Form1_FormClosed
FormClosingEventArgs
Form1_FormClosing
Timer1
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
Culture
System.Configuration
ApplicationSettingsBase
defaultInstance
addedHandler
addedHandlerLockObject
AutoSaveSettings
get_Default
Default
get_Settings
Settings
Monitor
get_Count
get_Capacity
get_Item
get_IsAlive
set_Item
RemoveRange
set_Capacity
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
get_UseCompatibleTextRendering
SetCompatibleTextRenderingDefault
AuthenticationMode
set_IsSingleInstance
set_EnableVisualStyles
set_SaveMySettingsOnExit
ShutdownMode
set_ShutdownStyle
set_MainForm
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
STAThreadAttribute
DebuggerNonUserCodeAttribute
DebuggerStepThroughAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
ArgumentException
System.Reflection
TargetInvocationException
Control
get_IsDisposed
RuntimeTypeHandle
GetTypeFromHandle
ContainsKey
String
GetResourceString
InvalidOperationException
Activator
CreateInstance
ProjectData
Exception
SetProjectError
get_InnerException
get_Message
ClearProjectError
Remove
Component
MyGroupCollectionAttribute
ThreadStaticAttribute
System.Runtime.InteropServices
ComVisibleAttribute
CompilerGeneratedAttribute
IntPtr
op_Explicit
Process
ToInt32
GetProcessById
get_ProcessName
ToLower
Operators
CompareString
Strings
ToArray
DllImportAttribute
EventHandler
add_Load
FormClosedEventHandler
add_FormClosed
FormClosingEventHandler
add_FormClosing
Conversions
get_ExecutablePath
System.IO
FileInfo
get_Name
ThreadStart
IDisposable
System.Drawing
Container
SuspendLayout
set_Interval
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
AutoSizeMode
set_AutoSizeMode
get_White
set_BackColor
set_ClientSize
set_ForeColor
FormBorderStyle
set_FormBorderStyle
set_MaximizeBox
set_MinimizeBox
set_Name
set_Opacity
set_ShowIcon
set_ShowInTaskbar
FormStartPosition
set_StartPosition
set_Text
set_TransparencyKey
ResumeLayout
remove_Tick
add_Tick
Microsoft.Win32
RegistryKey
FileSystem
OpenMode
OpenAccess
OpenShare
FileOpen
FileGet
FileClose
CompareMethod
ToBoolean
set_CheckForIllegalCrossThreadCalls
Cursor
set_Visible
EndApp
ServerComputer
Network
get_Network
GetTempPath
Concat
DownloadFile
FileAttributes
SetAttributes
ToInteger
Registry
CurrentUser
OpenSubKey
RegistryValueKind
SetValue
NewLateBinding
LateGet
Environment
SpecialFolder
GetFolderPath
set_Enabled
Boolean
LateCall
LateSetComplex
DesignerGeneratedAttribute
AccessedThroughPropertyAttribute
ReferenceEquals
Assembly
get_Assembly
SettingsBase
Synchronized
get_SaveMySettingsOnExit
ObjectFlowControl
CheckForSyncLockOnValueType
ShutdownEventHandler
add_Shutdown
DebuggableAttribute
DebuggingModes
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyFileVersionAttribute
GuidAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Svchost.exe
Svchost.URrL.resources
Svchost.Resources.resources
MyTemplate
8.0.0.0
My.Computer
My.User
My.Forms
My.WebServices
My.Application
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
Timer1
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
My.Settings
WrapNonExceptionThrows
2.6.0.0
$5069be2c-2660-4b0d-95aa-f941d0b47711
Microsoft Corporation
Copyright 
  2015
_CorExeMain
mscoree.dll
C:\Users\Pjoao1578\Desktop\Crc DesckVB Rat\Stub DownloadFile\Svchost\obj\Debug\Svchost.pdb
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwwwwwwwwwww
wwwwww
wwwwww
wwwwww
wwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>