Analysis Date2015-05-07 09:01:55
MD510c7c3e3130102ff7211bb7c0758ebc5
SHA179e5bd43126271f3ca022357caf4a5cacd4749bf

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: 2f9e16b654d810b524465638d73c8944 sha1: 301ec1b3524fe3cbd8427c41327af4a4d607a9fa size: 48128
Section.rsrc md5: 2e9d98e2ff0aedd55b600abac98daa01 sha1: 286a1184bb6c8988961493769a80c95e411414de size: 1536
Section.reloc md5: fd04313ea272e7aa0c7730f02678de8a sha1: 626643e7a27bd2650f8b2ad6179cf6ceec5da12c size: 512
Timestamp2015-04-12 23:00:45
VersionLegalCopyright:
Assembly Version: 0.0.0.0
InternalName: sese.exe
FileVersion: 0.0.0.0
Comments: RPX 1.3.4400.61
ProductVersion: 0.0.0.0
FileDescription:
OriginalFilename: sese.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhash92fda9319ad56f36f6c3aea2fb3add9abf935d0e
IMPhashf34d5f2d4577ed6d9ceec516c1f5a744
AVAd-AwareGen:Variant.Kazy.517354
AVAlwil (avast)GenMalicious-BTU [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.517354
AVAuthentiumW32/Trojan.KWNJ-1828
AVAvira (antivir)TR/Dropper.MSIL.Gen
AVBitDefenderGen:Variant.Kazy.517354
AVBullGuardGen:Variant.Kazy.517354
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Trojan.Dotfus.A
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Kazy.517354
AVEset (nod32)MSIL/Kryptik.JB
AVFortinetW32/Generic.JB!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.517354
AVGrisoft (avg)Atros.QHG
AVIkarusTrojan.MSIL.Crypt
AVK7Trojan ( 700000121 )
AVKasperskyno_virus
AVMalwareBytesTrojan.Ransom.MSIL
AVMcafeeRDN/Generic.dx!dql
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Kazy.517354
AVPadvishno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVTwisterSuspicious.4000000000000.mg
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Network Details:


Raw Pcap

Strings
CF
.-..f
0.0.0.0
000004b0
2015-04-19T23:00:44
6.9.0.114
Assembly Version
Comments
df4fbbbd-d1a2-4b6f-a82b-3303b6e92f7c
EnableVisualStyles
FileDescription
FileVersion
InternalName
LegalCopyright
OriginalFilename
Path
.png
ProductVersion
RPX 1.3.4400.61
sese.exe
SmartAssembly
SmartAssembly Evaluation Version
SmartAssembly.License.Resources.
Software\Red Gate\
Software\Wow6432Node\Red Gate\
StringFileInfo
This application has been built with an evaluation version of SmartAssembly, and therefore cannot be distributed. You can install SmartAssembly on this computer to be able to run this application.
This application will now quit.
Translation
VarFileInfo
VS_VERSION_INFO
066JwWW^K
!:2BL\O
?2@y}\
3Gx;{]
 3<!>l
,;&+,+9
add_Click
AddDays
AddRange
add_ResourceResolve
Adobe ImageReadyq
AppDomain
Append
Application
AP*,T*
ArgumentException
</assembly>
Assembly
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
AssemblyName
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
Attribute
B B#$%
Binder
BindingFlags
Bitmap
Button
ButtonBase
.cctor
CompilationRelaxationsAttribute
CompressionMode
Concat
ContainsKey
Control
ControlCollection
_CorExeMain
DateTime
DeflateStream
DialogResult
Dictionary`2
Dispose
DoEvents
DoNotDistributeAttribute
E G>v*
Environment
E%o13&
EventArgs
EventHandler
Exception
_Exception
FileAccess
FileMode
FlatStyle
Format
FormBorderStyle
FormStartPosition
g"73ZW"
G|818)
get_Assembly
get_Controls
get_CurrentDomain
GetData
get_EntryPoint
GetExecutingAssembly
get_Length
get_Major
GetManifestResourceNames
GetManifestResourceStream
get_Message
get_Name
GetName
get_NewLine
get_Now
GetPart
get_RequestingAssembly
get_StackTrace
GetStream
GetType
GetTypeFromHandle
GetValue
get_White
+$_g>u
H%0Xl_
IButtonControl
ICloneable
IComparable
IComparable`1
ICustomAttributeProvider
IDATx^
IDisposable
IEquatable`1
IEvidenceFactory
InitializeArray
Intern
Invoke
InvokeMember
IReflect
ISerializable
+J05Y"8
JBuilt using an evaluation version of SmartAssembly. Cannot be distributed.
JFSFHF
+J+O+W+[-
*Jumhn
j"].X,@
LF'&X%V
LocalMachine
MarshalByRefObject
MemberInfo
MemoryStream
MessageBox
MethodBase
MethodInfo
M_f9g%
Microsoft.Win32
MissingMethodException
<Module>
Monitor
|=mqe@
mscoree.dll
mscorlib
Object
OpenSubKey
op_Equality
op_GreaterThan
op_Inequality
op_LessThan
P6<5f=
Package
PackagePart
PictureBox
PoweredByAttribute
"Powered by SmartAssembly 6.9.0.114
p[%qT.t
Registry
RegistryKey
@.reloc
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
ResolveEventArgs
ResolveEventHandler
ResumeLayout
,#+#ro
RPX 1.3.4400.61
`.rsrc
RuntimeCompatibilityAttribute
RuntimeFieldHandle
RuntimeHelpers
RuntimeTypeHandle
S.8%Fi
s9,TTNo
    </security>
    <security>
SecurityContextSource
SecuritySafeCriticalAttribute
sese.exe
set_AcceptButton
set_AutoScaleBaseSize
set_BackColor
set_CancelButton
set_ClientSize
SetData
set_FlatStyle
set_FormBorderStyle
set_Image
set_Item
set_Location
set_MaximizeBox
set_MinimizeBox
set_Size
set_StartPosition
set_TabIndex
set_TabStop
set_Text
set_TopMost
ShowDialog
SmartAssembly.Attributes
SmartAssembly.License.Resources.error.png
SmartAssembly.License.Resources.logo.png
STAThreadAttribute
Stream
String
StringBuilder
#Strings
SuppressIldasmAttribute
SuspendLayout
System
System.Collections.Generic
System.Drawing
System.IO
System.IO.Compression
System.IO.Packaging
System.Reflection
System.Runtime.CompilerServices
System.Runtime.InteropServices
System.Runtime.Serialization
System.Security
System.Text
System.Threading
System.Windows.Forms
T_]29g
tEXtSoftware
!This program cannot be run in DOS mode.
ToArray
ToCharArray
ToString
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
'TT$	x
ul}qax
:)#UQF@
UriKind
v4.0.30319
ValueType
Version
.+v-Ql 
WindowsBase
WrapNonExceptionThrows
+X+]8b
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Y"oQ\+
ZH0ZeB=3