Sample details: b63c8c3e7541bdab4ebe08b25ad96324 --

Hashes
MD5: b63c8c3e7541bdab4ebe08b25ad96324
SHA1: c8fdcee8cbcb81738cdf010dc4b299de07b104d4
SHA256: ef94e148a3a6c122113545a94e8b6eb763d6a0ad4f442c8553cb8e6bba1a2858
SSDEEP: 768:rnppgdabNLUCG3E1boTMfnZXVWgMMuIJe0:rnppgduCCGU1sT6nZX00BJe0
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://103.68.190.250/Sources//Advance/WndRec/Server/obj/Release/Server.exe
http://103.68.190.250/Sources//Advance/WndRec/Server_old.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v2.0.50727
#Strings
<Module>
Server.exe
Sender
Server
StateLZW
Resources
Server.Properties
Settings
LogBot
FormMain
Program
Config
ServerBot
AddBot
DelBot
ClientBot
SocketTunnel
mscorlib
System
Object
ValueType
System.Configuration
ApplicationSettingsBase
System.Windows.Forms
MulticastDelegate
ID_VIDEO
ID_FILE_ADD
ID_FILE_NEW
ID_SIZE_FILE
ID_LIST_UIDS
ID_VNC_CONNECT
ID_PORT_FORWARD
ID_SET_UID
ID_PING
ID_INFO
ID_OPEN_PORTFORWARD
ID_REG
ID_CLOSE
ID_GET_PORTFORWARD
ID_START_PORTFORWARD
ID_BREAK_VIDEO
ID_EXIT
ID_LOG
System.Net.Sockets
Socket
buffer
buffer2
bufferLzw
readedBuf
recvBytes
sendBytes
ReadData
WriteData
ReadPacket
WritePacket
ResetBuffer
GenUID
GetCString
PutCString
SetSocket
System.Net
IPEndPoint
get_RemoteEndPoint
get_Buffer
get_ReadedBuf
get_RecvBytes
get_SendBytes
get_Socket
set_Socket
get_Connected
RemoteEndPoint
Buffer
ReadedBuf
RecvBytes
SendBytes
Connected
CODE_END
CODE_CLEAN
CODE_BEG
output_code
input_code
to_lzw
from_lzw
prefix
maxCode
System.Resources
ResourceManager
resourceMan
System.Globalization
CultureInfo
resourceCulture
get_ResourceManager
get_Culture
set_Culture
Culture
defaultInstance
get_Default
Default
nameFile
lockObj
mainFolder
currNameFile
System.IO
StreamWriter
DateTime
server
System.Threading
Thread
serverThread
System.Collections.Generic
List`1
addBots
delBots
recvKb
sendKb
lockAddBot
lockDelBot
server_AddBotEvent
server_DelBotEvent
UpdateCount
ListViewItem
IsFilter
UpdateElapsedServer
EventArgs
timer_Tick
FormClosedEventArgs
FormMain_FormClosed
btOpenPort_Click
btOpenPortRDP_Click
btClosePortForward_Click
btOffBot_Click
System.ComponentModel
IContainer
components
Dispose
InitializeComponent
TableLayoutPanel
tableLayoutPanel1
ListView
lvBots
ColumnHeader
clnUid
clnDateBeg
clnElapsed
clnRecv
panel1
TextBox
tbCountBots
label1
tbElapsedServer
label2
clnType
clnPorts
Button
btOpenPort
panel2
GroupBox
groupBox1
tbFilterUID
label3
tbFilterIP
label4
clnSend
tbFilterType
label5
tbSendKb
label7
tbRecvKb
label6
btOpenPortRDP
btClosePortForward
btOffBot
GetNameFile
lockBots
AddBotEvent
add_AddBotEvent
remove_AddBotEvent
DelBotEvent
add_DelBotEvent
remove_DelBotEvent
DeleteBot
get_ArrayBots
GetClientBot
GetClientBotObject
PrintLog
ArrayBots
Invoke
IAsyncResult
AsyncCallback
BeginInvoke
EndInvoke
lastId
dateStart
connected
logText
tunnels
lastPort
lockTunnels
Record
GetFolder
get_IsWork
FileStream
CreateVideoFile
RecreateVideoFile
CmdListUids
CmdInfo
CmdStartPortForward
CmdGetPortForward
CmdOpenForward
DateTimeToBytes
GetDateTime
GetShort
OpenPortForward
ClosePortForward
OffBot
RegBot
SaveTextToLog
GetObject
CreateTunnel
DelTunnel
get_PortForward
get_ID
get_IP
get_UID
get_DateStart
get_RecvKBytes
get_SendKBytes
get_VNC
get_IsReg
IsWork
PortForward
DateStart
RecvKBytes
SendKBytes
scListen
portForw
idPort
UpdateSc1
get_Port
get_PortForw
get_IdPort
PortForw
IdPort
c_data
System.Runtime.InteropServices
OutAttribute
c_from
nameLog
dateBot
sender
disposing
object
method
callback
result
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyCultureAttribute
ComVisibleAttribute
GuidAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Diagnostics
DebuggableAttribute
DebuggingModes
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Collections
Select
get_Count
SocketFlags
Receive
BitConverter
ToInt16
GetBytes
String
System.Net.NetworkInformation
NetworkInterface
GetAllNetworkInterfaces
PhysicalAddress
GetPhysicalAddress
GetAddressBytes
Random
ToString
Concat
System.Text
Encoding
get_ASCII
GetString
EndPoint
StructLayoutAttribute
LayoutKind
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
CompilerGeneratedAttribute
RuntimeTypeHandle
GetTypeFromHandle
Assembly
get_Assembly
EditorBrowsableAttribute
EditorBrowsableState
.cctor
SettingsBase
Synchronized
Application
get_StartupPath
get_Now
Monitor
GetEncoding
TextWriter
WriteLine
Combine
Directory
Exists
DirectoryInfo
CreateDirectory
get_Today
op_Inequality
ThreadStart
ListViewItemCollection
get_Items
Control
set_Text
get_Text
get_Length
ListViewSubItemCollection
get_SubItems
ListViewSubItem
get_Item
Contains
TimeSpan
Subtract
get_Hours
get_Minutes
get_Seconds
get_Tag
RemoveAt
System.Drawing
get_LightCoral
set_BackColor
get_BackColor
Enumerator
GetEnumerator
get_Current
set_Tag
MoveNext
IDisposable
SelectedListViewItemCollection
get_SelectedItems
Container
SuspendLayout
set_ColumnCount
TableLayoutColumnStyleCollection
get_ColumnStyles
ColumnStyle
SizeType
TableLayoutControlCollection
get_Controls
DockStyle
set_Dock
set_Location
set_Name
set_RowCount
TableLayoutRowStyleCollection
get_RowStyles
RowStyle
set_Size
set_TabIndex
ColumnHeaderCollection
get_Columns
AddRange
SetColumnSpan
set_FullRowSelect
set_HideSelection
Padding
set_Margin
set_UseCompatibleStateImageBehavior
set_View
set_Width
set_AutoSize
ControlCollection
ButtonBase
set_UseVisualStyleBackColor
EventHandler
add_Click
set_TabStop
TextBoxBase
set_ReadOnly
set_Interval
add_Tick
ContainerControl
set_AutoScaleDimensions
AutoScaleMode
set_AutoScaleMode
set_ClientSize
set_ShowIcon
FormClosedEventHandler
add_FormClosed
ResumeLayout
PerformLayout
STAThreadAttribute
EnableVisualStyles
SetCompatibleTextRenderingDefault
MessageBox
DialogResult
Exception
System.Xml
XmlTextReader
XmlReader
XmlNodeType
get_NodeType
get_Name
op_Equality
get_Value
TryParse
XmlTextWriter
Formatting
set_Formatting
XmlWriter
WriteStartDocument
WriteStartElement
WriteString
WriteEndElement
WriteEndDocument
Delegate
Remove
AddressFamily
SocketType
ProtocolType
IPAddress
Listen
Accept
ToArray
<>c__DisplayClass2
<GetClientBot>b__0
Predicate`1
<>c__DisplayClass6
<GetClientBot>b__4
GetInvalidFileNameChars
Replace
Stream
GetDirectoryName
FileMode
FileInfo
WriteByte
get_Address
SeekOrigin
AddDays
SearchOption
GetDirectories
GetFiles
GetCreationTime
op_GreaterThanOrEqual
ToInt32
get_Year
get_Month
get_Day
get_Hour
get_Minute
get_Second
<GetObject>b__0
Server.FormMain.resources
Server.Properties.Resources.resources
3System.Resources.Tools.StronglyTypedResourceBuilder
2.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
9.0.0.0
Server
Copyright 
 2 2011
$f27dfba0-391d-40a4-9ef1-10346eb3f842
1.0.0.0
WrapNonExceptionThrows
E:\Projects\progs\Petrosjan\WndRec\Server\obj\Release\Server.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>