Sample details: 987d46def142dc455f32e3c8ea052edb --

Hashes
MD5: 987d46def142dc455f32e3c8ea052edb
SHA1: 3387fe109ac838e42efba3d2f034c4df103d60f7
SHA256: 5da352995ac1689495cbf5987bc42b30843ae92361254624d602d19c84ef9a94
SSDEEP: 384:FV5TmXEC9DMFczNOXf6Jy0gjGlHUB2PTTlD8iZwut9MNouzjCwJ:FVLCuFczNciU5jGSB218I9MJywJ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/ThreadControl__Context | YRP/Big_Numbers1 | YRP/BlackShades_4 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
<Module>
taskmtr.exe
Settings
LiteHTTP
Identification
Communication
Removal
PossibleThreat
JudgedAs
Program
mscorlib
System
Object
ValueType
panelurl
reqinterval
startupkey
getHardwareID
identifier
osName
makeRequest
encrypt
decrypt
System.Threading
Thread
bkillThread
surrogates
Random
getLocation
isAdmin
lastReboot
randomString
keyExists
processTask
update
viewhidden
bkillp
uninstall
NtUnmapViewOfSection
ReadProcessMemory
ResumeThread
System.Text
StringBuilder
CreateProcess
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
applocal
startup
appdata
split1
split2
keylogger
injector
ircbot
generic
crypter
System.Collections.Generic
List`1
ScanThread
scanFile
removeThreat
usepath
returnHKCU
returnHKLM
returnDirs
isRunning
fullpath
running
regkey
exename
value__
Unknown
Keylogger
GenericBot
Injector
IRC_Bot
mainthread
startthread
System.Reflection
AssemblyVersionAttribute
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
taskmtr
.cctor
String
Concat
wmiClass
wmiProperty
System.Management
ManagementClass
ManagementObjectCollection
GetInstances
ManagementObjectEnumerator
GetEnumerator
ManagementBaseObject
get_Current
ManagementObject
op_Equality
get_Item
ToString
MoveNext
IDisposable
Dispose
Microsoft.VisualBasic
Microsoft.VisualBasic.Devices
ComputerInfo
get_OSFullName
Replace
Environment
GetEnvironmentVariable
parameters
Encoding
get_UTF8
GetBytes
System.Net
WebRequest
Create
set_Method
HttpWebRequest
set_UserAgent
set_ContentType
set_ContentLength
System.IO
Stream
GetRequestStream
WebResponse
GetResponse
GetResponseStream
StreamReader
TextReader
ReadToEnd
System.Security.Cryptography
RijndaelManaged
SymmetricAlgorithm
PaddingMode
set_Padding
CipherMode
set_Mode
set_KeySize
set_BlockSize
get_ASCII
ICryptoTransform
CreateEncryptor
MemoryStream
CryptoStream
CryptoStreamMode
FlushFinalBlock
ToArray
Convert
ToBase64String
FromBase64String
CreateDecryptor
GetString
Exception
get_Message
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Append
ToUpper
Assembly
GetExecutingAssembly
get_Location
GetEntryAssembly
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
Computer
ServerComputer
get_Clock
get_TickCount
length
ToCharArray
VBMath
Randomize
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
GetValueNames
<PrivateImplementationDetails>{18AD9D2E-E5A5-4430-AC72-6295F31FAF74}
CompilerGeneratedAttribute
Dictionary`2
$$method0x6000010-1
TryGetValue
ThreadStart
cmdline
inject
WebClient
IWebProxy
set_Proxy
SpecialFolder
GetFolderPath
DownloadFile
System.Diagnostics
ProcessStartInfo
set_FileName
set_Arguments
Process
DownloadData
DeleteValue
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
ParameterizedThreadStart
ApartmentState
SetApartmentState
System.Windows.Forms
WebBrowser
set_ScriptErrorsSuppressed
Navigate
Application
System.Runtime.InteropServices
DllImportAttribute
baseAddr
kernel32
MarshalAsAttribute
UnmanagedType
bufrSize
numRead
kernel32.dll
hThread
appName
commandLine
procAttr
thrAttr
inherit
creation
curDir
allocType
hProcess
lpBaseAddress
lpBuffer
lpNumberOfBytesWritten
surrogate
IntPtr
BitConverter
ToInt32
ToInt16
UInt32
op_Explicit
Buffer
BlockCopy
Collect
Enumerator
get_Count
Exists
GetFileName
ReadAllBytes
Contains
GetProcesses
ProcessModule
get_MainModule
get_FileName
Delete
op_Inequality
StringComparison
IndexOf
Remove
LastIndexOf
Substring
LocalMachine
GetValue
DirectoryInfo
FileInfo
GetFiles
FileSystemInfo
get_FullName
StructLayoutAttribute
LayoutKind
get_Name
RegistryValueKind
SetValue
1.0.0.0
WrapNonExceptionThrows
_CorExeMain
mscoree.dll