Analysis Date2014-01-26 18:32:19
MD58daec735df76659bd0e749faef27cde3
SHA1fb2e7a80c65248c24af7042c2cb1d6e5839d663c

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
Section.text md5: 3fdaf672b7bcda163550ae4447cb7152 sha1: af80a120d2296018d295258b27b6d65275480ad4 size: 41472
Section.sdata md5: 557ef0e0999009f4c75a4295d2cd91bb sha1: a80279fa22f3647f96e24e39fdb1c16046892697 size: 512
Section.rsrc md5: 7fcda1551356ebf8957e290c2ffe1a82 sha1: 23265ad7f081a4a3c541645e23ec451e92da5465 size: 12288
Section.reloc md5: e3c719f973cf7d4d2ed899338be0de2d sha1: c643f30f3670eb715cd2768d8af160b4ab281752 size: 512
Timestamp2014-01-03 19:43:51
Pdb pathc:\users\dubseven\documents\visual studio 2012\Projects\Test_Malware\Test_Malware\obj\Debug\SysConfNet.pdb
VersionLegalCopyright: Copyright © 2014
Assembly Version: 1.0.0.0
InternalName: SysConfNet.exe
FileVersion: 1.0.0.0
ProductName: SysConfNet
ProductVersion: 1.0.0.0
FileDescription: SysConfNet
OriginalFilename: SysConfNet.exe
PackerMicrosoft Visual C# v7.0 / Basic .NET
PEhashc123500c4cba0168678b48022f4d5f030d85ff0f

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

Network Details:


Raw Pcap

Strings
.

000004b0
1.0.0.0
  2014
Assembly Version
Copyright 
Denetim
Denetim.exe
Denetim.Resources
FileDescription
FileVersion
Form1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
http://88.150.227.146/server.exe
InternalName
LegalCopyright
\mp.exe
OriginalFilename
ProductName
ProductVersion
Property can only be set to Nothing
Srvldll32
\Srvldll.exe
\stp.exe
StringFileInfo
SysConfNet
SysConfNet.exe
SysConfNet.Resources
systemnet
Translation
VarFileInfo
VS_VERSION_INFO
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
1.0.0.0
11.0.0.0
  2014
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
8.0.0.0
AccessedThroughPropertyAttribute
Activator
add_DownloadFileCompleted
addedHandler
addedHandlerLockObject
add_Load
add_Shutdown
add_Tick
AppData
Application
ApplicationSettingsBase
ArgumentException
</assembly>
Assembly
AssemblyCompanyAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyFileVersionAttribute
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
AsyncCompletedEventArgs
AsyncCompletedEventHandler
AuthenticationMode
AutoSaveSettings
AutoScaleMode
$bb3a304a-5686-4855-81d5-27f22e5f0f77
.cctor
CheckForSyncLockOnValueType
ClearProjectError
CompareString
CompilationRelaxationsAttribute
CompilerGeneratedAttribute
Component
components
Computer
ComVisibleAttribute
Concat
Container
ContainerControl
ContainsKey
Control
CopyFile
Copyright 
_CorExeMain
CreateInstance
Create__Instance__
Culture
CultureInfo
c:\users\dubseven\documents\visual studio 2012\Projects\Test_Malware\Denetim\obj\Debug\Denetim.pdb
c:\users\dubseven\documents\visual studio 2012\Projects\Test_Malware\Test_Malware\obj\Debug\SysConfNet.pdb
DebuggableAttribute
DebuggerHiddenAttribute
DebuggerNonUserCodeAttribute
DebuggerStepThroughAttribute
DebuggingModes
Default
defaultInstance
DeleteFile
Denetim
Denetim.exe
Denetim.Form1.resources
Denetim.My
Denetim.My.Resources
Denetim.Resources.resources
DesignerGeneratedAttribute
Dispose
Dispose__Instance__
disposing
DoEvents
DownloadFileAsync
$e374adcd-1a1d-4eed-8eae-898963ee6acd
EditorBrowsableAttribute
EditorBrowsableState
__ENCAddToList
__ENCList
Environment
Equals
EventArgs
EventHandler
Exception
FileExists
FilePath
FileSystemProxy
Form1_Load
FormWindowState
GeneratedCodeAttribute
get_Application
get_Assembly
get_Capacity
get_Computer
get_Count
get_Culture
get_Default
get_Denetim
get_ExecutablePath
get_FileSystem
GetFolderPath
get_Form1
get_Forms
get_GetInstance
GetHashCode
get_httpclient
get_InnerException
GetInstance
get_IsAlive
get_IsDisposed
get_Item
get_Message
GetObject
GetObjectValue
get_persist
GetProcesses
get_ProcessName
get_ResourceManager
GetResourceString
get_SaveMySettingsOnExit
get_Settings
get_Timer1
GetType
GetTypeFromHandle
get_UseCompatibleTextRendering
get_User
get_WebServices
GuidAttribute
Hashtable
HelpKeywordAttribute
HideModuleNameAttribute
httpclient
_httpclient
httpclient_DownloadFileCompleted
IContainer
IDisposable
InitializeComponent
instance
Instance
InvalidOperationException
isprocessrunning
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
List`1
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
m_AppObjectProvider
m_ComputerObjectProvider
m_Form1
m_FormBeingCreated
Microsoft.VisualBasic
Microsoft.VisualBasic.ApplicationServices
Microsoft.VisualBasic.CompilerServices
Microsoft.VisualBasic.Devices
Microsoft.VisualBasic.MyServices
Microsoft.Win32
m_MyFormsObjectProvider
m_MyWebServicesObjectProvider
<Module>
Monitor
mscoree.dll
mscorlib
m_ThreadStaticValue
m_UserObjectProvider
MyApplication
My.Application
MyComputer
My.Computer
MyForms
My.Forms
MyGroupCollectionAttribute
My.MyProject.Forms
MyProject
MySettings
My.Settings
MySettingsProperty
MyTemplate
My.User
MyWebServices
My.WebServices
Object
ObjectFlowControl
OnCreateMainForm
Operators
PADPADP
persist
_persist
persist_Tick
Process
ProjectData
ReferenceEquals
Registry
@.reloc
Remove
remove_DownloadFileCompleted
RemoveRange
remove_Tick
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
resourceCulture
resourceMan
ResourceManager
Resources
ResumeLayout
RSDS:&
RuntimeCompatibilityAttribute
RuntimeHelpers
RuntimeTypeHandle
SaveFromResources
`.sdata
    </security>
    <security>
sender
ServerComputer
set_AutoScaleDimensions
set_AutoScaleMode
set_Capacity
set_ClientSize
SetCompatibleTextRenderingDefault
set_Culture
set_Enabled
set_EnableVisualStyles
set_Form1
set_httpclient
set_Interval
set_IsSingleInstance
set_Item
set_MainForm
set_MaximizeBox
set_MinimizeBox
set_Name
set_Opacity
set_persist
SetProjectError
set_SaveMySettingsOnExit
set_ShowIcon
set_ShowInTaskbar
set_ShutdownStyle
set_Text
set_Timer1
Settings
SettingsBase
SetValue
set_WindowState
ShutdownEventHandler
ShutdownMode
SpecialFolder
StandardModuleAttribute
StartupFold
STAThreadAttribute
String
#Strings
SuspendLayout
Synchronized
SysConfNet
SysConfNet.exe
SysConfNet.Form1.resources
SysConfNet.My
SysConfNet.My.Resources
SysConfNet.Resources.resources
System
System.CodeDom.Compiler
System.Collections
System.Collections.Generic
System.ComponentModel
System.ComponentModel.Design
System.Configuration
System.Diagnostics
System.Drawing
System.Globalization
System.Net
System.Reflection
System.Resources
System.Runtime.CompilerServices
System.Runtime.InteropServices
System.Threading
System.Windows.Forms
System.Windows.Forms.Form
TargetInvocationException
!This program cannot be run in DOS mode.
Thread
ThreadSafeObjectProvider`1
ThreadStaticAttribute
Timer1
_Timer1
Timer1_Tick
ToString
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
v2.0.50727
WeakReference
WebClient
WebServices
WindowsFormsApplicationBase
WithEventsValue
WrapNonExceptionThrows
WriteAllBytes
wwwwww
wwwwwwwwwwwwww
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>