Analysis Date2018-05-02 04:06:32
MD5d8c0eea1a581677bf98dd0d67f747a4f
SHA18fbc9e61266be4979db953a19a2cb17e7a8cedbc

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly
Section.text md5: 6d2158bc79166ffbae15032bd0545dd3 sha1: 7864fc46684c788ba4a435a5d85bf48af06e498b size: 75264
Section.rsrc md5: 4ce47a02cb6eda23f2485c5b7db0d9c6 sha1: d236f3716fa73fdd4d4e964995c236348befca73 size: 1024
Section.reloc md5: 7b19d030f2d6114032178ed38707de9b sha1: 3c3c41daba00cde86815bcf9a5fde994d7db7c4c size: 512
Timestamp2014-10-10 09:49:22
VersionLegalCopyright:
Assembly Version: 0.0.0.0
InternalName: Moom.exe
FileVersion: 0.0.0.0
Comments: RPX 1.0.4219.33584
ProductVersion: 0.0.0.0
FileDescription:
OriginalFilename: Moom.exe
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)GenMalicious-HP [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.MSIL.Gen
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)MSIL/Kryptik.JB
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusno_virus
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesError Scanning File
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)no_virus
AVNormanno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe

Creates Mutex
Creates Mutex
Creates FileC:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe.config
Creates FileC:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
Creates FileC:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe.config
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch
Creates FileC:\Windows\assembly\NativeImages_v2.0.50727_64\indexbb.dat
Creates FileC:\Windows\System32\l_intl.nls
Creates FileC:\Users\Phil\AppData\Local\Temp\8fbc9e61266be4979db953a19a2cb17e7a8cedbc.exe
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config

Network Details:


Raw Pcap

Strings
sq9.
x
A
!]"]#]$
%}&]'
0.0.0.0
000004b0
293E4
5%6!7
+9,9-1.Y/
Assembly Version
Comments
:];e<
eqtk
FileDescription
FileVersion
InternalName
LegalCopyright
&),LU\_b
Moom.exe
OriginalFilename
ProductVersion
RPX 1.0.4219.33584
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
(**+,)./0
$11'SVt
3(m]Ty
6789:;<}>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`
69p=H9=
:;<<>?@ABCD
add_ResourceResolve
_AppDomain
Append
ArgumentException
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
_bnA)U
BsyI~%S
B!y@~8S
B$yN~!S
C|;?<;
.cctor
CompilationRelaxationsAttribute
CompressionMode
Concat
ContainsKey
_CorExeMain
C>x79s
DeflateStream
DialogResult
Dictionary`2
Dispose
eDcaqq
fGHYdKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstsXwx)1xxi~
FileAccess
FileMode
Ft^vYXb
get_Assembly
get_CurrentDomain
GetData
get_EntryPoint
get_Evidence
GetExecutingAssembly
get_Length
GetManifestResourceNames
GetManifestResourceStream
get_Message
get_Name
GetPart
get_StackTrace
GetStream
GetType
GetTypeFromHandle
iaNY|mEr
ICloneable
ICollection
IComparable
IComparable`1
ICustomAttributeProvider
IDisposable
i'()*+,e./03264Ux78
IEnumerable
IEnumerable`1
IEvidenceFactory
 !"#$ii'(f*+,-./0123456789:;<=>?@ABCDE&GHEJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}^
IIKJ0Oh
InitializeArray
Invoke
IReflect
ISerializable
]{,~Jd
@L"B~*Z
>lz	a.W
MarshalByRefObject
MemberInfo
MemoryStream
MessageBox
MethodBase
MethodInfo
}m+Ezq
M`Nt|o
Monitor
Moom.exe
mscoree.dll
mscorlib
N^t\;;97l
n,$whh
ObfuscationAttribute
OfJ*_BXv
Package
PackagePart
@.reloc
ResolveEventArgs
ResolveEventHandler
RPX 1.0.4219.33584
`.rsrc
RuntimeCompatibilityAttribute
RuntimeFieldHandle
RuntimeHelpers
RuntimeTypeHandle
SetData
set_Item
STAThreadAttribute
StringBuilder
#Strings
StripAfterObfuscation
SuppressIldasmAttribute
System
System.Collections
System.Collections.Generic
System.IO
System.IO.Compression
System.IO.Packaging
System.Reflection
System.Runtime.CompilerServices
System.Runtime.Serialization
System.Security
System.Security.Policy
System.Text
System.Threading
System.Windows.Forms
T1&iS$
!This program cannot be run in DOS mode.
ToArray
ToString
uleo8`
UriKind
v2.0.50727
ValueType
Version
&v?[%z
WindowsBase
WrapNonExceptionThrows
YanoAttribute
Ym?"#H
?++z81
zhcAYi