Sample details: e17b328b6336e8040e2d5f8983d4a055 --

Hashes
MD5: e17b328b6336e8040e2d5f8983d4a055
SHA1: e5f1310ac9c5ae42a202b3cce159fa1ee003fbfd
SHA256: fdfc3ea2847b9a416459faaae380aa35711a41094c281b6813af6ca399a820d6
SSDEEP: 768:+ow7xbiO3EwujzCKQuIQt21RCdoZHJoaot9uudS:+owZ8rtcRaoJJSt9vM
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/disable_dep | YRP/keylogger | YRP/Njrat | YRP/njrat1 | FlorianRoth/RAT_njRat | FlorianRoth/DragonFly_APT_Sep17_3 | KevTheHermit/njRat | BAMFDetect/njrat |
Source
http://103.68.190.250/Sources//ActiveMalwares/njRAT/stub%206/bin/Debug/ClassLibrary1.exe
http://103.68.190.250/Sources//ActiveMalwares/njRAT/stub%206/obj/x86/Debug/ClassLibrary1.exe
Strings
		!This program cannot be run in DOS mode.
`.sdata
@.reloc
v2.0.50727
#Strings
	#	0	{
5	M	X	
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
ClassLibrary1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
Microsoft.Win32
SessionEndingEventArgs
_Lambda__4
System.Windows.Forms
GetAsyncKeyState
GetForegroundWindow
GetKeyboardLayout
dwLayout
GetKeyboardState
lpKeyState
GetWindowThreadProcessId
lpdwProcessID
MapVirtualKey
uMapType
System.Text
StringBuilder
ToUnicodeEx
wVirtKey
wScanCode
pwszBuff
cchBuff
wFlags
VKCodeToUnicode
VKCode
Keyboard
keyboard
LastAS
LastAV
lastKey
LogsPath
_Lambda__1
EventArgs
_Lambda__2
_Lambda__3
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
System.IO
FileInfo
CompDir
connect
EmptyWorkingSet
hProcess
RegistryKey
GetKey
getMD5Hash
GetVolumeInformation
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
WinTitle
MaxLength
GetWindowTextLength
NtSetInformationProcess
processInformationClass
processInformation
processInformationLength
Plugin
ByteOfPlugin
ClassName
System.Net.Sockets
TcpClient
FileStream
lastcap
MemoryStream
System.Threading
System.Diagnostics
Process
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Thread
Exception
Interaction
Command
String
get_Length
Strings
CompareMethod
Operators
CompareString
ServerComputer
Microsoft.VisualBasic.MyServices
RegistryProxy
get_Registry
get_CurrentUser
SetValue
ProjectData
SetProjectError
ClearProjectError
Conversions
ToInteger
GetProcessById
WaitForExit
Component
Dispose
OpenExisting
EndApp
ThreadStart
SessionEndingEventHandler
SystemEvents
add_SessionEnding
DoEvents
GetCurrentProcess
get_Handle
IntPtr
op_Explicit
Concat
GetValue
FileSystemInfo
get_FullName
ConditionalCompareObjectNotEqual
OpenSubKey
get_LocalMachine
DebuggerStepThroughAttribute
STAThreadAttribute
GetTempPath
ToInt32
get_MainWindowTitle
get_ProcessName
get_ShiftKeyDown
get_CapsLock
EndsWith
ToUpper
ToLower
DateTime
get_LocalTime
ReadAllText
Remove
WriteAllText
DllImportAttribute
user32.dll
user32
MarshalAsAttribute
UnmanagedType
OutAttribute
ToBoolean
get_ExecutablePath
op_Equality
StrDup
Encoding
get_Default
GetString
DirectoryInfo
get_Name
get_Directory
get_Parent
Monitor
Socket
get_Client
Disconnect
Stream
Connect
Convert
FromBase64String
get_UTF8
DeleteValue
GetBytes
ToBase64String
get_LastWriteTime
System.Collections.Generic
List`1
ToArray
get_ClassesRoot
StartsWith
Replace
get_Users
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Environ
Conversion
System.Net
WebClient
System.Drawing
Rectangle
Graphics
Bitmap
get_Id
GetProcesses
ProcessModule
get_MainModule
FileVersionInfo
get_FileVersionInfo
get_FileDescription
get_FileName
GetVersionInfo
Exists
ParameterizedThreadStart
get_Message
Delete
ProcessStartInfo
get_StartInfo
set_RedirectStandardOutput
set_RedirectStandardInput
set_RedirectStandardError
set_FileName
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
EventHandler
add_Exited
set_UseShellExecute
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
set_EnableRaisingEvents
BeginErrorReadLine
BeginOutputReadLine
StreamWriter
get_StandardInput
TextWriter
WriteLine
DownloadData
WriteAllBytes
NewLateBinding
LateSet
LateCall
Boolean
LateGet
CompareObjectEqual
OrObject
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
FromImage
CopyPixelOperation
CopyFromScreen
Cursor
get_Position
Cursors
GetThumbnailImageAbort
GetThumbnailImage
System.Drawing.Imaging
ImageFormat
get_Jpeg
WriteByte
ConditionalCompareObjectEqual
GetSubKeyNames
Contains
GetValueNames
RegistryValueKind
GetValueKind
CreateSubKey
DeleteSubKeyTree
Environment
get_MachineName
get_UserName
ComputerInfo
get_Info
get_OSFullName
OperatingSystem
get_OSVersion
get_ServicePack
SpecialFolder
GetFolderPath
RegistryKeyPermissionCheck
EnvironmentVariableTarget
SetEnvironmentVariable
AppWinStyle
FileMode
System.Reflection
Module
Assembly
GetModules
GetTypes
get_Assembly
get_Available
SocketFlags
Receive
LateIndexGet
NetworkStream
GetStream
ReadByte
Random
VBMath
Randomize
get_Chars
LateSetComplex
DeleteSubKey
System.IO.Compression
GZipStream
CompressionMode
set_Position
BitConverter
avicap32.dll
kernel32
GetVolumeInformationA
GetWindowTextLengthA
GetWindowTextA
DebuggableAttribute
DebuggingModes
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
ClassLibrary1.exe
MyTemplate
8.0.0.0
My.WebServices
My.User
My.Application
My.Computer
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
\stub 6\obj\x86\Debug\ClassLibrary1.pdb
wwwwwwwwwwwwwwp
DDDDDDDDDDDDDDp
DDDDDDDDDDDDDDp
LLLLLLLLLN
DDDDDDDDDDDDD@
wwwwwwwDDDDDDDGO
DDDDDD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>