Sample details: 92a9685c06a7757f53b2e8a65ec93430 --

Hashes
MD5: 92a9685c06a7757f53b2e8a65ec93430
SHA1: e6c6e8569cf1c2cf42f5db38aa81e309c8ff6fd1
SHA256: 6161b390eba7ddfa17932ff458c21dbcf7841eae85d46f098a5dfb3c50992a47
SSDEEP: 768:78izSnrptjnQ8boAtx2Wh36iErbceET3i0L2ZMbNfnnnnnnn:7OQ8boAtJQiSEKubNnnnnnnn
Details
File Type: PE32
Added: 2018-06-22 23:25:03
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/Big_Numbers1 | YRP/Njrat | YRP/njrat1 | FlorianRoth/RAT_njRat | FlorianRoth/DragonFly_APT_Sep17_3 | KevTheHermit/njRat | BAMFDetect/njrat |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
ClassLibrary1.exe
ClassLibrary1
mscorlib
Microsoft.VisualBasic
System.Windows.Forms
System
System.Drawing
avicap32.dll
kernel32
user32.dll
user32
Object
GZipStream
System.IO.Compression
MemoryStream
System.IO
Stream
CompressionMode
Dispose
set_Position
get_Length
BitConverter
ToInt32
Exception
Strings
ProjectData
Microsoft.VisualBasic.CompilerServices
SetProjectError
ClearProjectError
List`1
System.Collections.Generic
CompareMethod
String
ToArray
IntPtr
op_Equality
op_Explicit
StrDup
Process
System.Diagnostics
GetProcessById
get_MainWindowTitle
Encoding
System.Text
get_Default
GetString
Interaction
Environ
Concat
Conversion
GetBytes
Assembly
System.Reflection
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
Random
VBMath
Randomize
get_Chars
Conversions
ToString
Convert
FromBase64String
get_UTF8
DirectoryInfo
FileInfo
get_Name
ToLower
Operators
CompareString
get_Directory
get_Parent
ToBase64String
Exists
Delete
FileSystemInfo
EndApp
Environment
SetEnvironmentVariable
EnvironmentVariableTarget
AppWinStyle
ServerComputer
Microsoft.VisualBasic.Devices
get_Registry
RegistryProxy
Microsoft.VisualBasic.MyServices
get_CurrentUser
RegistryKey
Microsoft.Win32
OpenSubKey
SetValue
get_LocalMachine
GetFolderPath
SpecialFolder
FileStream
FileMode
Thread
System.Threading
DateTime
get_LastWriteTime
NewLateBinding
LateGet
LateSetComplex
get_MachineName
get_UserName
get_Info
ComputerInfo
get_OSFullName
Replace
get_OSVersion
OperatingSystem
get_ServicePack
Contains
CreateSubKey
RegistryKeyPermissionCheck
GetValueNames
Boolean
WebClient
System.Net
Graphics
Bitmap
Rectangle
GetCurrentProcess
get_Id
GetProcesses
get_MainModule
ProcessModule
get_FileVersionInfo
FileVersionInfo
get_FileDescription
get_FileName
get_ProcessName
GetVersionInfo
ParameterizedThreadStart
ToInteger
get_Message
get_StartInfo
ProcessStartInfo
set_RedirectStandardOutput
set_RedirectStandardInput
set_RedirectStandardError
set_FileName
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
EventHandler
add_Exited
set_UseShellExecute
set_CreateNoWindow
set_WindowStyle
ProcessWindowStyle
set_EnableRaisingEvents
BeginErrorReadLine
BeginOutputReadLine
get_StandardInput
StreamWriter
TextWriter
WriteLine
StartsWith
DownloadData
WriteAllBytes
ToBoolean
RuntimeHelpers
System.Runtime.CompilerServices
GetObjectValue
LateSet
LateCall
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
FromImage
CopyFromScreen
CopyPixelOperation
Cursors
Cursor
get_Position
GetThumbnailImage
GetThumbnailImageAbort
ImageFormat
System.Drawing.Imaging
get_Jpeg
WriteByte
GetValue
ConditionalCompareObjectEqual
GetSubKeyNames
GetValueKind
RegistryValueKind
DeleteValue
DeleteSubKeyTree
MD5CryptoServiceProvider
System.Security.Cryptography
HashAlgorithm
ComputeHash
get_ClassesRoot
get_Users
GetWindowTextLengthA
get_Handle
GetWindowTextA
Monitor
TcpClient
System.Net.Sockets
get_Client
Socket
SocketFlags
GetWindowThreadProcessId
GetForegroundWindow
Disconnect
Connect
GetVolumeInformationA
get_Available
Receive
LateIndexGet
GetStream
NetworkStream
ReadByte
capGetDriverDescriptionA
DeleteSubKey
NtSetInformationProcess
CompilerGeneratedAttribute
DebuggerStepThroughAttribute
EmptyWorkingSet
EventArgs
Application
get_ExecutablePath
Computer
.cctor
StandardModuleAttribute
get_LocalTime
GetAsyncKeyState
StringBuilder
GetKeyboardLayout
Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
MapVirtualKey
GetKeyboardState
ReadAllText
Remove
WriteAllText
ToUnicodeEx
SessionEndingEventArgs
Command
WaitForExit
Component
System.ComponentModel
OpenExisting
ThreadStart
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
ConditionalCompareObjectNotEqual
STAThreadAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING