Sample details: 80266a09083ca70197543a3afb5c2c25 --

Hashes
MD5: 80266a09083ca70197543a3afb5c2c25
SHA1: 6ae87f1f61aa1c7f8fd59f46cdb7c8015dba8311
SHA256: 0f9de9d634eaf0606b62b6fb462a7c0f0d8ccb58b6a098227d951b7e8cf2c948
SSDEEP: 384:oMYPZ8VWgXWC/zX0GftpBjJF+ILKHRN791laytn:PAmGiNm9yyZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Big_Numbers5 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://103.68.190.250/Sources//ActiveMalwares/DesckVBRAT/Stub/Server/bin/Debug/Svchost.vshost.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
vshost32
<Module>
mscorlib
Microsoft.VisualStudio.HostingProcess.Utilities.Sync
get_HostingProcessInitialized
Invoke
EventWaitHandle
DebuggerNonUserCodeAttribute
NeutralResourcesLanguageAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyKeyFileAttribute
AssemblyTitleAttribute
TargetFrameworkAttribute
AssemblyDelaySignAttribute
AssemblyFileVersionAttribute
AssemblyInformationalVersionAttribute
SatelliteContractVersionAttribute
AssemblyDescriptionAttribute
AssemblyDefaultAliasAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
CLSCompliantAttribute
AssemblySignatureKeyAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
vshost32.exe
Synchronize
System.Threading
System.Runtime.Versioning
System
ShutdownAction
System.Reflection
get_Shutdown
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
DebuggingModes
Microsoft.VisualStudio.HostingProcess
Object
get_ShutdownProcessEvent
ManualResetEvent
EntryPoint
get_StartRunningUsersAssembly
WaitAny
vshost32.exe
Microsoft Corporation
(Microsoft
 Visual Studio
 2015 Preview
 Microsoft Corporation. All rights reserved.
14.0.22310.1
14.0.0.0
%f:\dd\tools\devdiv\FinalPublicKey.snk
@002400000c800000140100000602000000240000525341310008000001000100613399aff18ef1a2c2514a273a42d9042b72321f1757102df9ebada69923e2738406c21e5b801552ab8d200a65a235e001ac9adc25f2d811eb09496a4c6a59d4619589c69f5baf0c4179a47311d92555cd006acc8b5959f2bd6e10e360c34537a1d266da8085856583c85d81da7f3ec01ed9564c58d93d713cd0172c8e23a10f0239b80c96b07736f5d8b022542a4e74251a5f432824318b3539a5a087f8e53d2f135f9ca47f3bb2e10aff0af0849504fb7cea3ff192dc8de0edad64c68efde34c56d302ad55fd6e80f302d5efcdeae953658d3452561b5f36c542efdbdd9f888538d374cef106acf7d93a4445c3c73cd911f0571aaf3d54da12b11ddec375b3
a5a866e1ee186f807668209f3b11236ace5e21f117803a3143abb126dd035d7d2f876b6938aaf2ee3414d5420d753621400db44a49c486ce134300a2106adb6bdb433590fef8ad5c43cba82290dc49530effd86523d9483c00f458af46890036b0e2c61d077d7fbac467a506eba29e467a87198b053c749aa2a4d2840c784e6d
WrapNonExceptionThrows
.NETFramework,Version=v4.5
FrameworkDisplayName
:g6}@?:
RSDS><
f:\binaries\Intermediate\vsproject\vshost32.csproj__1853760103\objr\x86\vshost32.pdb
_CorExeMain
mscoree.dll
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
131111221131Z
150211221131Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:C0F4-3086-DEF81%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
140422173900Z
150722173900Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
pI'^|g
MOPR1301
*31595+b4218f13-6fca-490f-9c47-3fc557dfc4400
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
	microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
	microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
	microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://microsoft.com0
$~	("~
H$}oga
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
141110105213Z0#
^{~.qa:
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
141001181116Z
160101181116Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31642+c22c9936-b3c7-4271-a4bd-fe03fa72c3f00
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
uVGMtk
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://microsoft.com0
[wnb;G->o<
20141110105214.966Z0
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:F528-3777-8A761%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
140523172007Z
150823172007Z0
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:F528-3777-8A761%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:F528-3777-8A761%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:57F6-C1E0-554C1+0)
"Microsoft Time Source Master Clock0
20141110002128Z
20141111002128Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010