Sample details: 9fe5986f0f1949559d06eb9151c982c9 --

Hashes
MD5: 9fe5986f0f1949559d06eb9151c982c9
SHA1: 34733c55af9b25086fd75c0991ea0e1c83d2a6c0
SHA256: 7cda9f48254cd2364b5caca28fa828e397e484cd1c464cfa8bbf487b8bab8688
SSDEEP: 1536:Ed+mesQkiG5WtmHwh6oKrYSrCyJA0BWZltwwizR59YSp1LPPb9tQutT:A+mesQkiGYtmHu6oKrYS5JA0BWZltKfx
Details
File Type: PE32
Added: 2018-06-23 01:58:28
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Browsers | YRP/VirtualBox_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/android_meterpreter | YRP/Njrat | YRP/njrat1 | BAMFDetect/njrat |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
	*	9	H	r	x	
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
System.Runtime.InteropServices
ComVisibleAttribute
GuidAttribute
AssemblyFileVersionAttribute
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
System.CodeDom.Compiler
GeneratedCodeAttribute
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
Microsoft.VisualBasic.Devices
Computer
System.Diagnostics
DebuggerHiddenAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
Microsoft.VisualBasic
HideModuleNameAttribute
MyGroupCollectionAttribute
RuntimeHelpers
GetObjectValue
Equals
GetHashCode
RuntimeTypeHandle
GetTypeFromHandle
ToString
Activator
CreateInstance
CompilerGeneratedAttribute
ThreadStaticAttribute
m_ThreadStaticValue
get_GetInstance
System.ComponentModel.Design
HelpKeywordAttribute
System.Threading
ParameterizedThreadStart
Conversions
System.Windows.Forms
Clipboard
SetText
System.Timers
ElapsedEventArgs
Process
Thread
GetProcesses
get_MainWindowTitle
String
ToLower
Contains
ApartmentState
SetApartmentState
Exception
ProjectData
SetProjectError
ClearProjectError
ElapsedEventHandler
add_Elapsed
set_Enabled
Environment
SpecialFolder
GetFolderPath
Concat
CreateProjectError
StringComparison
LastIndexOf
Substring
System.IO
Exists
ProcessStartInfo
set_FileName
set_Arguments
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
set_ErrorDialog
GetProcessesByName
get_MainWindowHandle
IntPtr
ToInt32
EndApp
Application
get_ExecutablePath
Operators
ConcatenateObject
Interaction
AppWinStyle
FlagsAttribute
Marshal
SizeOf
StringToCoTaskMemAuto
FreeCoTaskMem
Finalize
AllocCoTaskMem
StructureToPtr
ProcessModule
get_MainModule
get_FileName
GetFullPath
get_Id
FileAttributes
RuntimeEnvironment
GetRuntimeDirectory
GetEnvironmentVariable
GetAttributes
DirectoryInfo
System.Security.AccessControl
DirectorySecurity
ObjectSecurity
SetAccessRuleProtection
SetAccessControl
System.Collections.Generic
IEnumerator`1
GetFileNameWithoutExtension
Microsoft.VisualBasic.MyServices
FileSystemProxy
ServerComputer
get_FileSystem
SpecialDirectoriesProxy
get_SpecialDirectories
get_Programs
System.Collections.ObjectModel
ReadOnlyCollection`1
GetFiles
GetEnumerator
get_Current
System.Collections
IEnumerator
MoveNext
IDisposable
Dispose
Microsoft.Win32
RegistryKey
Registry
CurrentUser
OpenSubKey
LocalMachine
GetValueNames
GetValue
Replace
Strings
CompareMethod
DeleteValue
Random
GetTempPath
MoveFile
WriteAllText
FileSystem
FreeFile
OpenMode
OpenAccess
OpenShare
FileOpen
System.Security.Principal
WindowsIdentity
WindowsPrincipal
GetCurrent
WindowsBuiltInRole
IsInRole
GetCurrentProcess
get_ProcessName
ProcessThread
GetProcessById
CompareString
ProcessThreadCollection
get_Threads
ReadOnlyCollectionBase
op_Inequality
System.Net.Sockets
TcpClient
FileStream
FileInfo
MemoryStream
ToBoolean
Assembly
GetEntryAssembly
get_Location
DebuggerStepThroughAttribute
SessionEndingEventArgs
op_Equality
op_Explicit
get_Length
System.Text
Encoding
get_UTF8
GetString
get_Name
get_Directory
get_Parent
Monitor
ToDouble
Stream
set_ReceiveBufferSize
set_SendBufferSize
Socket
get_Client
set_SendTimeout
set_ReceiveTimeout
ToInteger
Connect
ConditionalCompareObjectEqual
Convert
FromBase64String
RegistryProxy
get_Registry
get_CurrentUser
ToBase64String
Environ
Conversion
System.Net
WebClient
EventLog
System.Drawing
Rectangle
Bitmap
Graphics
Delete
CreateSubKey
RegistryValueKind
SetValue
NewLateBinding
LateGet
GetEventLogs
ThreadStart
MsgBoxResult
MsgBoxStyle
MsgBox
get_ProgramFiles
Directory
GetLogicalDrives
GetExecutingAssembly
CreateObject
Boolean
LateCall
ChangeType
get_Chars
ToArray
DownloadData
GetTempFileName
WriteAllBytes
get_Message
LateSet
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
get_Position
Cursors
get_Default
DrawImage
ImageFormat
get_Jpeg
WriteByte
FileSystemInfo
get_FullName
DateTime
get_MachineName
get_UserName
get_LastWriteTime
get_Date
ComputerInfo
get_Info
get_OSFullName
OperatingSystem
get_OSVersion
get_ServicePack
RegistryKeyPermissionCheck
FileMode
ReadAllBytes
EnvironmentVariableTarget
SetEnvironmentVariable
get_LocalMachine
StreamWriter
SetAttributes
Command
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
set_MinWorkingSet
ConditionalCompareObjectNotEqual
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Module
GetModules
GetTypes
EndsWith
get_Assembly
get_Handle
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
SocketFlags
Receive
GetBytes
DeleteSubKey
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
DateAndTime
get_Now
Keyboard
get_Keyboard
get_ShiftKeyDown
get_CapsLock
ToUpper
StringBuilder
get_CtrlKeyDown
Remove
STAThreadAttribute
Stub.exe
user32.dll
kernel32
kernel32.dll
wintrust.dll
avicap32.dll
user32
mscorlib
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
CallEveryXSeconds
_Closure$__
Torrent
MyAntiProcess
BotKillers
ThreadAccess
WinTrustDataUIChoice
WinTrustDataRevocationChecks
WinTrustDataChoice
WinTrustDataStateAction
WinTrustDataProvFlags
WinTrustDataUIContext
WinTrustFileInfo
WinTrustData
WinVerifyTrustResult
WinTrust
<PrivateImplementationDetails>
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_Application
get_User
get_WebServices
GetType
Create__Instance__
instance
Dispose__Instance__
Handler
sender
stopme
$IR2-1
_Lambda$__R2-1
BTC_ADD
BTC_EN
Anti_CH
USB_SP
lastcap
BOT_KILL
HIDE_ME
Persis
_Lambda__1
_Lambda__2
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
CompDir
connect
GetForegroundWindow
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetAntiVirus
GetWindowTextLength
GetWindowTextLengthA
SwapMouseButton
SendMessage
wParam
lparam
SetWindowPos
hWndInsertAfter
wFlags
FindWindow
FindWindowA
lpClassName
lpWindowName
ShowWindow
nCmdShow
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
Plugin
UTorrentLocalPath
BitLocalPath
SeedTorrent
GetFileNameFromURL
IsUtorrent
IsBitTorrent
SeedIt
ClientPath
LocalPath
TorrentPath
HideIt
TorrentClient
GetModuleHandle
GetModuleHandleA
lpModuleName
AutoAnti
ProccessKilled
Startupkilled
IsWindowVisible
RunStandardBotKiller
ScanProcess
IsFileMalicious
fileloc
KillFile
location
WindowIsVisible
RunStartupKiller
StartupFucker
regkey
RemoveKey
reglocation
FileLocation
DestroyFile
IsAdmin
AllowAccess
TerminateProcessPath
TerminateProcess
CloseHandle
hHandle
OpenThread
dwDesiredAccess
bInheritHandle
dwThreadId
SuspendThread
hThread
TerminateThread
dwExitCode
value__
DIRECT_IMPERSONATION
GET_CONTEXT
IMPERSONATE
QUERY_INFORMATION
SET_CONTEXT
SET_INFORMATION
SET_THREAD_TOKEN
SUSPEND_RESUME
TERMINATE
NoGood
WholeChain
Catalog
Signer
Certificate
Ignore
Verify
AutoCache
AutoCacheFlush
UseIe4TrustFlag
NoIe4ChainFlag
NoPolicyUsageFlag
RevocationCheckNone
RevocationCheckEndCert
RevocationCheckChain
RevocationCheckChainExcludeRoot
SaferFlag
HashOnlyFlag
UseDefaultOsverCheck
LifetimeSigningFlag
CacheOnlyUrlRetrieval
Execute
Install
StructSize
pszFilePath
pgKnownSubject
_filePath
PolicyCallbackData
SIPClientData
UIChoice
RevocationChecks
UnionChoice
FileInfoPtr
StateAction
StateData
URLReference
ProvFlags
UIContext
_fileName
Success
ProviderUnknown
ActionUnknown
SubjectFormUnknown
SubjectNotTrusted
INVALID_HANDLE_VALUE
WINTRUST_ACTION_GENERIC_VERIFY_V2
WinVerifyTrust
pgActionID
pWVTData
VerifyEmbeddedSignature
fileName
$IR26-1
_Lambda$__R26-1
LastAS
LastAV
lastKey
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
GetWindowThreadProcessId
MapVirtualKey
ToUnicodeEx
VKCodeToUnicode
ComputeStringHash
WebServices
GetInstance
MyTemplate
11.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Computer
My.Application
My.User
My.WebServices
WrapNonExceptionThrows
Copyright 
  2017
$1F8B2271-7303-4F2F-8B4B-556A5FCB3C86
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING