Sample details: ae7d3563e35ad294eb440d968ac05bf3 --

Hashes
MD5: ae7d3563e35ad294eb440d968ac05bf3
SHA1: c074ce0c780d698eee7cada451c0fd2dd4e95222
SHA256: b9cc68212aeb61d5bbdde4c332081182197326c3c1615ecec32057f151a8d118
SSDEEP: 1536:6rxltx//VeJLPxnf6Q6168Ol6/6IDOqkKN7doxmiD6s+xcwYcaYwYKANrsE8oUBr:6rvtJd6dSLM8O8yIDTL1s+AqwiNrstoW
Details
File Type: PE32
Added: 2018-03-06 21:22:38
Yara Hits
YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/keylogger | YRP/cred_local | YRP/win_registry | YRP/win_hook | YRP/Advapi_Hash_API | YRP/Njrat | YRP/Str_Win32_Wininet_Library | YRP/CAP_HookExKeylogger | YRP/BlackWorm | BAMFDetect/BlackWorm |
Source
http://103.68.190.250/Sources//ActiveMalwares/DesckVBRAT/Cliente/Cleint/bin/Debug/1
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
l#ffffff
l#ffffff
l#ffffff
l#ffffff
v4.0.30319
#Strings
	J	b	p	
__StaticArrayInitTypeSize=10
$$method0x6000001-4D53392A6A24D5E801ADA14E79B43F9BEBB79150
$$method0x6000001-618DBF6F3AD1478CB89DCEF3869087F7F55EFBB0
__StaticArrayInitTypeSize=11
IEnumerable`1
ReadOnlyCollection`1
ThreadSafeObjectProvider`1
IEnumerator`1
List`1
Module1
get_Timer1
set_Timer1
kernel32
Microsoft.Win32
user32
WriteInt32
ToInt32
DLLFunctionDelegate2
get_Timer2
set_Timer2
addwindows2
sqlite3_prepare_v2
DLLFunctionDelegate3
mozsqlite3
ToUInt64
ToInt64
DLLFunctionDelegate4
SQLiteBase5
DLLFunctionDelegate5
firefox5
ToUInt16
WriteInt16
get_UTF8
<Module>
<PrivateImplementationDetails>
ALG_SID_SHA
CALG_SHA
RegDeleteValueA
CryptSignHashA
lstrlenA
GetVolumeInformationA
GetStrFromPtrA
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
lstrcpyA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DATA_BLOB
GENERIC
System.Drawing.Drawing2D
STANDARD_RIGHTS_READ
KEY_READ
LLKHF_EXTENDED
LLKHF_INJECTED
SHITEMID
HHookID
lpdwProcessID
DOMAIN_VISIBLE_PASSWORD
DOMAIN_PASSWORD
GetHINSTANCE
FILETIME
SYSTEMTIME
SUSPEND_RESUME
SQL_DONE
CRED_TYPE
AT_SIGNATURE
DOMAIN_CERTIFICATE
TERMINATE
IMPERSONATE
STANDARD_RIGHTS_WRITE
KEY_WRITE
CREDENTIAL_ATTRIBUTE
KEY_SET_VALUE
KEY_QUERY_VALUE
SYNCHRONIZE
MAX_CACHE_ENTRY_INFO_SIZE
ALG_CLASS_HASH
MAX_PATH
dwWICK
SQL_OK
CREDENTIAL
HP_HASHVAL
ERROR_CACHE_FIND_FAIL
PROV_RSA_FULL
WH_KEYBOARD_LL
READ_CONTROL
strURL
MAXIMUM
SET_THREAD_TOKEN
SET_INFORMATION
QUERY_INFORMATION
DIRECT_IMPERSONATION
HC_ACTION
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
INTERNET_CACHE_ENTRY_INFO
System.IO
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
HKEY_CURRENT_USER
PtrToStringBSTR
LastAS
TripleDES
ERROR_CACHE_FIND_SUCCESS
KEY_ENUMERATE_SUB_KEYS
CRYPTPROTECT_PROMPT_ON_UNPROTECT
CRYPTPROTECT_PROMPT_ON_PROTECT
KBDLLHOOKSTRUCT
CRYPTPROTECT_PROMPTSTRUCT
GET_CONTEXT
SET_CONTEXT
LastAV
set_IV
SQL_ROW
CredEnumerateW
CredDeleteW
KEY_CREATE_SUB_KEY
KEY_NOTIFY
ALG_TYPE_ANY
NORMAL_CACHE_ENTRY
URLHISTORY_CACHE_ENTRY
Dispose__Instance__
Create__Instance__
value__
GetOpera
System.Data
add_Data
remove_Data
lpcbData
pbData
CryptHashData
SECItemData
lpData
ProjectData
CryptUnprotectData
encrypt_data
dwExemptDelta
mscorlib
lpbCredentialBlob
sqlite3_column_blob
dwKeySpec
sqlite3_exec
System.Collections.Generic
Microsoft.VisualBasic
HeapAlloc
KeyboardProc
KBDLLHookProc
get_Id
dwThreadId
dwUnkId
get_SessionId
GetWindowThreadProcessId
GetProcessById
SuspendThread
ResumeThread
hThread
OpenThread
ProcessThread
PersistThread
add_Load
Svchost_Load
Interlocked
samDesired
add_FormClosed
Svchost_FormClosed
get_IsDisposed
m_FormBeingCreated
add_Connected
remove_Connected
get_Connected
add_Disconnected
remove_Disconnected
Statconnected
lpReserved
pvReserved
Synchronized
row_id
record_header_field
RegistryValueKind
wSecond
UBound
CompareMethod
TargetMethod
decrypt2_method
get_Keyboard
lpstrKeyword
Replace
set_IsSingleInstance
CreateInstance
hInstance
get_GetInstance
defaultInstance
instance
VKCode
GetHashCode
vkCode
wScanCode
scanCode
set_Mode
set_AutoScaleMode
set_AutoSizeMode
PaddingMode
OpenMode
AuthenticationMode
ShutdownMode
CipherMode
SelectMode
get_Unicode
get_BigEndianUnicode
VKCodeToUnicode
CredFree
LocalFree
GetThumbnailImage
FromImage
DrawImage
get_Message
AddRange
CompareExchange
FindCloseUrlCache
EndInvoke
BeginInvoke
DataTable
ReadTable
ReadMasterTable
GetEnvironmentVariable
get_Available
IDisposable
Hashtable
set_Visible
ToDouble
sqlite3_column_double
GCHandle
RuntimeFieldHandle
RuntimeTypeHandle
CloseHandle
hHandle
GetTypeFromHandle
hEnumHandle
bInheritHandle
handle
Rectangle
DownloadFile
RenameFile
get_MainWindowTitle
hModule
AppWinStyle
set_ShutdownStyle
set_FormBorderStyle
get_Name
set_Name
procName
TableName
lpszLocalFileName
fileName
get_MachineName
baseName
lpValueName
get_EnglishName
lpRootPathName
get_OSFullName
lpszSourceUrlName
get_UserName
lpUserName
get_ProcessName
lpstrTargetName
lpwstrTargetName
GetProcessesByName
sqlite3_column_table_name
astable_name
item_name
sqlite3_column_name
LastSyncTime
LastModifiedTime
ExpireTime
ftInsertDateTime
get_LastWriteTime
get_LocalTime
LastAccessTime
Chrome
Gchrome
Combine
keylogeroffine
LocalMachine
GCHandleType
get_MimeType
CheckForSyncLockOnValueType
get_DriveType
StringType
SECItemType
uMapType
lpType
GetType
dwProvType
dwType
CacheEntryType
item_type
sqlite3_column_type
OpenShare
Compare
GetFire
pbSignature
PtrToStructure
get_Culture
set_Culture
resourceCulture
get_CurrentCulture
culture
Capture
WindowsFormsApplicationBase
ReadOnlyCollectionBase
ApplicationSettingsBase
CloseDatabase
OpenDatabase
database
FileClose
sqlite3_close
Dispose
dwHitRate
PK11_Authenticate
Create
KBDLLHookProcDelegate
DLLFunctionDelegate
MulticastDelegate
CredEnumerate
DelegateAsyncState
GetKeyboardState
DebuggerBrowsableState
EditorBrowsableState
lpKeyState
CredDelete
delete
get_White
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
FileAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
UnmanagedFunctionPointerAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
wMinute
ReadByte
WriteByte
get_Value
lpbValue
m_ThreadStaticValue
RegDeleteValue
WithEventsValue
GetObjectValue
GetValue
SetValue
Receive
Remove
Microsoft.exe
get_Size
dwDataSize
cbSize
dwCredentialBlobSize
nVolumeNameSize
nFileSystemNameSize
SQLDataTypeSize
dwValueSize
dwHeaderInfoSize
lpdwFirstCacheEntryInfoBufferSize
dwStructSize
set_ClientSize
Initialize
sqlite3_finalize
page_size
key_size
LastIndexOf
cchBuff
pwszBuff
get_Jpeg
System.Threading
set_Padding
NewLateBinding
Encoding
encoding
System.Drawing.Imaging
isRunning
System.Runtime.Versioning
get_UseCompatibleTextRendering
FromBase64String
ToBase64String
SysAllocString
GetResourceString
CompareString
PointerToString
lpString
GetString
CopyString
Substring
add_FormClosing
Svchost_FormClosing
disposing
System.Drawing
sqlite3_errmsg
IsMatch
dwSizeHigh
GetSHA1Hash
CryptCreateHash
ComputeHash
$$method0x6000001-ComputeStringHash
phHash
CryptSignHash
strHash
CryptDestroyHash
Refresh
set_AutoFlush
get_ExecutablePath
dllFilePath
GetTempPath
GetFolderPath
LogsPath
get_Width
set_Width
get_Length
lpMaximumComponentLength
MaxLength
length
StartsWith
get_Month
wMonth
PtrToStringUni
StringToHGlobalUni
PtrToStringAnsi
getanti
get_ServicePack
AsyncCallback
DelegateCallback
callback
Timer1_Tick
Timer2_Tick
add_Tick
remove_Tick
get_CapsLock
TransformFinalBlock
get_Clock
wDayOfWeek
paltalk
idHook
get_Network
RetVal
AllocHGlobal
FreeHGlobal
Marshal
Decimal
ConditionalCompareObjectEqual
set_Interval
System.Collections.ObjectModel
System.ComponentModel
LateCall
advapi32.dll
kernel32.dll
User32.dll
user32.dll
Crypt32.dll
crypt32.dll
oleaut32.dll
wininet.dll
ContainerControl
ObjectFlowControl
MemoryStream
get_Param
CryptGetHashParam
lParam
dwParam
TSECItem
get_Item
get_FileSystem
OperatingSystem
SymmetricAlgorithm
HashAlgorithm
set_MainForm
OnCreateMainForm
ICryptoTransform
CheckSum
root_num
row_num
pDataIn
resourceMan
ToBoolean
pdwDataLen
pdwSigLen
SECItemLen
CopyFromScreen
get_PrimaryScreen
lstrlen
FileOpen
sqlite3_open
ftLastWritten
System.ComponentModel.Design
DataColumn
set_ShowIcon
lpszFileExtension
get_OSVersion
Conversion
get_Application
MyApplication
location
GetVolumeInformation
CopyPixelOperation
System.Configuration
System.Globalization
Interaction
System.Reflection
ProcessThreadCollection
MatchCollection
DataColumnCollection
GroupCollection
DataRowCollection
get_Position
set_Position
set_StartPosition
FormStartPosition
CallingConvention
TargetInvocationException
InvalidOperationException
get_InnerException
ArgumentException
sDescription
signon
Environ
lpszUrlSearchPattern
get_ShiftKeyDown
Isdown
add_Shutdown
CompareTo
get_Info
dwExtraInfo
ImageCodecInfo
AddPasswdInfo
FileInfo
CultureInfo
DriveInfo
FileSystemInfo
lpHeaderInfo
GetEncoderInfo
ComputerInfo
DirectoryInfo
lpFirstCacheEntryInfo
GetProcessHeap
Bitmap
sqlite3_step
EndApp
hwndApp
cmdhideapp
set_ShowInTaskbar
get_Year
pOlechar
ppszDataDescr
lpVolumeSerialNumber
columnNumber
StringIndexHeader
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
m_AppObjectProvider
m_UserObjectProvider
m_ComputerObjectProvider
m_MyWebServicesObjectProvider
m_MyFormsObjectProvider
pszProvider
StringBuilder
SpecialFolder
sender
Encoder
NSSBase64_DecodeBuffer
lpVolumeNameBuffer
lpFileSystemNameBuffer
pBuffer
get_ResourceManager
ConvertToInteger
njLogger
addedHandler
SQLiteHandler
DataEventHandler
FormClosedEventHandler
ConnectedEventHandler
DisconnectedEventHandler
FormClosingEventHandler
ShutdownEventHandler
System.CodeDom.Compiler
IContainer
pszContainer
ToUpper
get_User
CurrentUser
EncoderParameter
StreamWriter
TextWriter
lpszFilter
filter
GetDelegateForFunctionPointer
StringToPointer
BitConverter
get_Computer
ServerComputer
MyComputer
deleteserver
ToLower
configdir
set_ForeColor
set_BackColor
ClearProjectError
SetProjectError
set_Cursor
IEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
ReadIntPtr
MidStmtStr
SetAttr
lpstrTargetAlias
Graphics
System.Diagnostics
get_Threads
wMilliseconds
get_Bounds
CIE7Passwords
Microsoft.VisualBasic.Devices
get_WebServices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
System.Resources
Microsoft.My.Resources
Microsoft.Resources.resources
Microsoft.Svchost.resources
DebuggingModes
Matches
GetDirectories
master_table_entries
GetTables
GetFiles
getFiles
GetModules
set_EnableVisualStyles
GetTableNames
GetSubKeyNames
field_names
ReadAllLines
SQLiteDataTypes
GetProcesses
FileAttributes
lpAttributes
SetAttributes
ReadAllBytes
WriteAllBytes
GetBytes
db_bytes
get_Drives
getDrives
KBDLLHOOKSTRUCTFlags
lFlags
lpFileSystemFlags
SocketFlags
CryptProtectPromptFlags
dwPromptFlags
dwFlags
Strings
get_Settings
AutoSaveSettings
MySettings
DeleteLogs
FormClosedEventArgs
FormClosingEventArgs
lppCredentials
ReferenceEquals
System.Windows.Forms
get_Forms
MyForms
Contains
get_Columns
set_AutoScaleDimensions
Conversions
System.Text.RegularExpressions
System.Collections
ulOptions
RegexOptions
cButtons
get_Groups
get_Chars
getFolders
GetImageEncoders
RuntimeHelpers
EncoderParameters
Cursors
Operators
ProcessIEPass
strRess
ThreadAccess
dwDesiredAccess
OpenAccess
SuspendProcess
ResumeProcess
process
GetProcAddress
get_Cross
System.Net.Sockets
arguments
components
loadCerts
Exists
get_Rows
addwindows
Concat
ImageFormat
get_PixelFormat
Subtract
AddObject
AddrOfPinnedObject
ConcatenateObject
addedHandlerLockObject
TargetObject
MyProject
DisConnect
pPromptStruct
FileGet
LateGet
LateIndexGet
Socket
dwDataOffset
ReadTableFromOffset
Microsoft
get_Height
set_Height
GetPointerLenght
ToBigEndian32Bit
ToBigEndian64Bit
ToBigEndian16Bit
op_Explicit
NSS_Init
get_SaveMySettingsOnExit
set_SaveMySettingsOnExit
opera_salt
get_Default
SetCompatibleTextRenderingDefault
IAsyncResult
DelegateAsyncResult
phkResult
result
get_Client
TcpClient
SocketClient
sql_statement
lpstrComment
Environment
InitializeComponent
get_Current
content
DataEvent
ConnectedEvent
DisconnectedEvent
mouse_event
sqlite3_column_int
get_Count
dwUseCount
dwAttributeCount
pCount
dwEntriesCount
GetRowCount
sqlite3_column_count
PK11_GetInternalKeySlot
arenaOpt
outItemOpt
szPrompt
PK11SDR_Decrypt
ThreadStart
Restart
Convert
GetThumbnailImageAbort
ToShort
ArrayList
dwPersist
m_Svchost
get_Svchost
set_Svchost
pDataOut
dataOut
SuspendLayout
GetKeyboardLayout
set_BackgroundImageLayout
ResumeLayout
dwLayout
DOutput
MoveNext
System.Text
set_Text
AppendText
ReadAllText
WriteAllText
sqlite3_column_text
metext
CryptAcquireContext
CryptReleaseContext
phProv
dwSizeLow
DataRow
ReadFirstRow
ReadNextRow
GetForegroundWindow
ToUnicodeEx
RegQueryValueEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
RegOpenKeyEx
endIndex
startIndex
LateSetComplex
set_MinimizeBox
set_MaximizeBox
Microsoft.My
get_Day
InitializeArray
get_ItemArray
ToArray
ToCharArray
CopyArray
set_Key
OpenSubKey
lpSubKey
RegCloseKey
MapVirtualKey
StartupKey
ContainsKey
wVirtKey
lastKey
set_TransparencyKey
RegistryKey
System.Security.Cryptography
get_Assembly
GetExecutingAssembly
Multiply
pOptionalEntropy
LoadLibrary
ExecuteQuery
ExecuteNonQuery
get_TotalPhysicalMemory
RenameDirectory
CreateDirectory
FindFirstUrlCacheEntry
FindNextUrlCacheEntry
StringIndexEntry
table_entry
sqlite_master_entry
country
Registry
set_Opacity
set_CompositingQuality
op_Equality
op_Inequality
IsNullOrEmpty
MySettingsProperty
FileSystemProxy
IsBuzy
WrapNonExceptionThrows
Microsoft Corporation
$8c0a0be4-c2d9-43fd-8362-d331a08ed069
2.5.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
Timer1
Timer2
MyTemplate
11.0.0.0
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Settings
My.Computer
My.Application
My.User
My.Forms
My.WebServices
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
RSDSye|
C:\Users\Jo
o\Desktop\DesckVB Rat v2.5 Crc\Server\Server\obj\x86\Debug\Microsoft.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>