Sample details: b7556751228f3ca65a01240d992a1457 --

Hashes
MD5: b7556751228f3ca65a01240d992a1457
SHA1: de70008f70f9815bdfb3bd2640783faba7b4e266
SHA256: 46300720af3f1e740801c2f4ed8daae0092d2ff9bac6c9ce1a519bb2c9ffc967
SSDEEP: 384:7z8EBl7Bvgk4Xe0err5RhVNaemqDq9xrefTGBsbh0w4wlAokw9OhgOL1vYRGOZz2:7v7Kk4XeP/Fzsq+xre6BKh0p29SgRqR
Details
File Type: PE32
Added: 2018-06-22 21:49:19
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/Big_Numbers1 | YRP/Njrat | YRP/njrat1 | FlorianRoth/RAT_njRat | FlorianRoth/DragonFly_APT_Sep17_3 | KevTheHermit/njRat | BAMFDetect/njrat |
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
<Module>
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
System.Threading
System.IO
FileInfo
FileStream
Microsoft.VisualBasic.Devices
Computer
System.Diagnostics
Process
System.Net.Sockets
TcpClient
MemoryStream
Conversions
ToBoolean
System.Windows.Forms
Application
get_ExecutablePath
Exception
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
String
Concat
OpenSubKey
DeleteValue
ProjectData
SetProjectError
ClearProjectError
GetValue
ToString
CreateSubKey
SetValue
Boolean
Operators
CompareString
Environment
get_MachineName
get_UserName
ComputerInfo
get_Info
get_OSFullName
Replace
OperatingSystem
get_OSVersion
get_ServicePack
Microsoft.VisualBasic
Strings
CompareMethod
SpecialFolder
GetFolderPath
Contains
RegistryKeyPermissionCheck
GetValueNames
get_Length
DateTime
FileSystemInfo
get_LastWriteTime
System.Text
Encoding
get_UTF8
GetBytes
Convert
ToBase64String
FromBase64String
GetString
Random
VBMath
Randomize
get_Chars
get_Default
System.Collections.Generic
List`1
ToArray
Stream
Dispose
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
ToInt32
IntPtr
op_Equality
op_Explicit
StrDup
GetProcessById
get_MainWindowTitle
Interaction
Environ
Conversion
System.Reflection
Assembly
Module
GetModules
GetTypes
get_FullName
EndsWith
get_Assembly
CreateInstance
DirectoryInfo
get_Name
ToLower
get_Directory
get_Parent
Exists
Delete
EndApp
EnvironmentVariableTarget
SetEnvironmentVariable
AppWinStyle
get_LocalMachine
FileMode
Thread
NewLateBinding
LateGet
LateSetComplex
System.Net
WebClient
System.Drawing
Graphics
Bitmap
Rectangle
GetCurrentProcess
get_Id
GetProcesses
ProcessModule
get_MainModule
FileVersionInfo
get_FileVersionInfo
get_FileDescription
get_FileName
get_ProcessName
GetVersionInfo
ParameterizedThreadStart
ToInteger
get_Message
ProcessStartInfo
get_StartInfo
set_RedirectStandardOutput
set_RedirectStandardInput
set_RedirectStandardError
set_FileName
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
EventArgs
EventHandler
add_Exited
set_UseShellExecute
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
set_EnableRaisingEvents
BeginErrorReadLine
BeginOutputReadLine
StreamWriter
get_StandardInput
TextWriter
WriteLine
StartsWith
DownloadData
WriteAllBytes
RuntimeHelpers
GetObjectValue
LateSet
LateCall
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
Cursors
get_Position
GetThumbnailImageAbort
GetThumbnailImage
System.Drawing.Imaging
ImageFormat
get_Jpeg
WriteByte
ConditionalCompareObjectEqual
GetSubKeyNames
RegistryValueKind
GetValueKind
DeleteSubKeyTree
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
get_ClassesRoot
get_Users
get_Handle
Monitor
Socket
get_Client
SocketFlags
Disconnect
Connect
get_Available
Receive
LateIndexGet
NetworkStream
GetStream
ReadByte
DeleteSubKey
DebuggerStepThroughAttribute
CompilerGeneratedAttribute
STAThreadAttribute
Command
WaitForExit
System.ComponentModel
Component
OpenExisting
ThreadStart
SessionEndingEventArgs
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
ConditionalCompareObjectNotEqual
Keyboard
StringBuilder
get_LocalTime
get_ShiftKeyDown
get_CapsLock
ToUpper
ReadAllText
Remove
WriteAllText
ClassLibrary1.exe
avicap32.dll
kernel32
user32.dll
user32
mscorlib
ClassLibrary1
lastcap
.cctor
EmptyWorkingSet
hProcess
NtSetInformationProcess
processInformationClass
processInformation
processInformationLength
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
GetVolumeInformation
GetVolumeInformationA
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetForegroundWindow
GetWindowThreadProcessId
lpdwProcessID
GetWindowText
GetWindowTextA
WinTitle
MaxLength
GetWindowTextLength
GetWindowTextLengthA
Plugin
ByteOfPlugin
ClassName
CompDir
getMD5Hash
GetKey
connect
_Lambda$__1
_Lambda$__2
_Lambda$__3
LastAV
LastAS
lastKey
keyboard
LogsPath
ToUnicodeEx
wVirtKey
wScanCode
lpKeyState
pwszBuff
cchBuff
wFlags
GetKeyboardState
MapVirtualKey
uMapType
GetKeyboardLayout
dwLayout
GetAsyncKeyState
VKCodeToUnicode
VKCode
_Lambda$__4
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING