• No results found

This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license visit

N/A
N/A
Protected

Academic year: 2021

Share "This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license visit"

Copied!
69
0
0

Loading.... (view fulltext now)

Full text

(1)

Sample: 3e843c40ae032a1ba115347f4db18f7b

P3pper Reports - http://www.peppermalware.com.

P3pper Twitter - https://twitter.com/P3pperP0tts.

This report has been generated automatically by a set of malware analysis tools.

This work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license visit http://creativecommons.org/licenses/by/4.0/.

Classification: #RAT #REMCOS (based on p3pperp0tts rules)

Analysis date: 2021-02-09 12:29:43 (p3pperp0tts platform's analysis date) Exe timestamp: 2021-02-09 00:08:26 (timestamp of the original sample)

Unpacked mods max timestamp: 2021-02-09 00:08:26 (higher timestamp of all the unpacked modules) VirusTotal analysis date: 2021-02-09 06:32:40 (date of last time that the sample was analyzed at vt)

Index

• Sample

• AV detections

• Virustotal

• Yara matches

• Threads tree

• Most Interesting behavior

• Most Interesting strings

• Hosts

• Dns queries

• Network traffic

• Full strings list

• Threads behaviour

• Network by processes

• Unpacked or injected modules

• Extra Information Recovered

• Configs Recovered

(2)

Sample

•md5: 3e843c40ae032a1ba115347f4db18f7b

AV detections

• Microsoft: Trojan:Win32/AgentTesla!ml • Kaspersky: • Symantec: Scr.Malcode!gdn30 • Malwarebytes: Malware.AI.3700840212

Virustotal

• https://virustotal.com/es/file/cc918d46ceafe7d60b4679a6a91d763b4d557b10acc87917d173aef865275a19/analysis

Yara matches

The following yara rules have matched injected or unpacked modules's code or data areas.

• P1:#RAT #REMCOS • P5:#RAT #REMCOS

(3)

Threads tree

The following tree represents sample's threads. T<index> is an alias for sample's threads (numeration is done in the order of threads creation). P<index> is an alias for processes owning sample's threads.

(4)

Most interesting behavior

The following list it's a collection of the most interesting events captured. This list is ordered by the score assigned to the event. In the section "Threads behavioural information" it's possible to find all the actions performed by each sample's thread ordered chronologically.

• Process Create (C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe PID: P1, Command line: "C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe")

• RegCreateKey (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\remcos Type: REG_SZ, Length: 104, Data: "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet Type: REG_DWORD, Length: 4, Data: 0)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect Type: REG_DWORD, Length: 4, Data: 1)

• Process Create (C:\\Windows\\System32\\WScript.exe PID: P2, Command line: "C:\\Windows\\System32\\WScript.exe" "C:\\Users\\p3pp3r\\AppData\\Local\\Temp\\install.vbs" )

• RegCreateKey (HKCU\\Software Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegCreateKey (HKCU\\Software\\Microsoft Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegCreateKey (HKCU\\Software\\Microsoft\\Windows Script Host Desired Access: Maximum Allowed, Granted Access: None 0x0, Disposition: REG_CREATED_NEW_KEY)

• Process Create (C:\\Windows\\System32\\cmd.exe PID: P3, Command line: "C:\\Windows\\System32\\cmd.exe" /c "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• Process Create (C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe PID: P4, Command line: C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe)

• Process Create (C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe PID: P5, Command line: "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• Thread Create ( Thread ID: T1) • Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: T3) • Thread Create ( Thread ID: T4) • Thread Create ( Thread ID: T6) • Thread Create ( Thread ID: T7) • Thread Create ( Thread ID: T10) • Thread Create ( Thread ID: T13) • Thread Create ( Thread ID: T14)

• RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • Thread Create ( Thread ID: T19)

• Thread Create ( Thread ID: T24) • Thread Create ( Thread ID: T25) • Thread Create ( Thread ID: T28) • Thread Create ( Thread ID: T30) • Thread Create ( Thread ID: T32) • Thread Create ( Thread ID: T33) • Thread Create ( Thread ID: T35) • Thread Create ( Thread ID: T36)

(5)

Most interesting strings

The following list it's a collection of the most interesting strings found in the sample's modules (unpacked modules too) code or data.

• get_FusionLog • (*.xls)|*.xls|All files (*.*)|*.* • List of Connections • System.Windows.Forms.Form • set_MainForm • C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe • C:\\Windows\\System32\\cmd.exe

• /k %windir%\\System32\\reg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f • ??0_Winit@std@@QAE@XZ • get_ParentNode • System.Runtime.CompilerServices • GetFromSchema • get_MenuStrip • get_user_TextBox • setTableFieldsInHash • set_ExitToolStripMenuItem • get_WebServices • set_rep_cat_ComboBox • set_Save_Button • RemoveFilterToolStripMenuItem_Click • MsgBoxResult • get_tableExtension • EditReportsToolStripMenuItem_Click • get_ListBox1 • get_Lavender • ChannelSinkStack • get_MenuStrip1 • close_PictureBox_Click • db_TreeView_AfterCheck • set_CheckState • addReport_Load • m_MyFormsObjectProvider • TransformFinalBlock

• Enter name for postgresql connection • set_SearchToolStripMenuItem • FrameworkDisplayName • set_SaveToolStripMenuItem • get_close_PictureBox • remove_MouseDoubleClick • DataGridViewColumn • FOREINKEY_COLUMN_COLUMN_INDEX • set_db_name_TextBox • AddFilterToolStripMenuItem_Click • BlackJack.IMuiResource.resources • KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator • System.Runtime.Serialization • get_CutToolStripMenuItem • get_SelectedItem • get_ClickedItem • redoToolStripMenuItem.Image

(6)

• WindowsFormsApplicationBase • set_MainMenuStrip • get_YellowGreen • OK_Button_Click • get_CloseAllToolStripMenuItem • set_ToolBarToolStripMenuItem • set_TableName • get_CopyToolStripMenuItem • set_Cancel_Button • set_Extension • hasNotAlphnumericChars • set_OK_Button • set_DataSet1 • set_CloseAllToolStripMenuItem • DialogResult • SymmetricAlgorithm • set_RemoveReportToolStripMenuItem • remove_MouseUp

• QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a • browse_Button • rep_name_ListBox • WinForms_SeeInnerException • set_dbConnector • xFBnbvEwvFVeIf9hSV • DEFAULT_PGSQL_CONNECTION_STRING • TreeViewEventHandler • get_PrintToolStripMenuItem • get_db_name_TextBox • set_viewer_DataGridView • get_FileName • ToBase64String • Tile &Vertical; • BlackJack.StopWatch.resources • VS_VERSION_INFO • Tile &Horizontal; • blackjack.Form1.resources • set_MdiWindowListItem • set_SaveFileDialog1 • get_DropDownItems • get_Save_Button • get_DataColumn3 • get_DataColumn2 • get_DataColumn1 • set_FileName • set_NewWindowToolStripMenuItem • foreignKeyObj • get_DataColumn4 • set_NewToolStripMenuItem • set_Multiline • add_AfterCheck • HashAlgorithm • set_host_TextBox • BlackJack.IMuiResource

• Dynamic Reports Generator : Filters • get_TO_TREE_NODE

• set_CheckBox1

(7)

• set_ViewToolStripMenuItem • get_AddToReportsToolStripMenuItem • At least one column from table[ • get_OK_Button • get_viewer_DataGridView • set_SelectionMode • database_ComboBox • get_FK_COLUMN • </trustInfo>

• Dynamic Reports Generator | Data Viewer • </requestedPrivileges>

• BlackJack.drg_filter_remove.resources • get_Asymmetric

• Dynamic Reports Generator : Database Connector • set_SizeMode

• Name is already exist, try another name • Choose Filter Operation

• begin_access_all_db_tables • get_FOREGINKEYS

• get_selUnSelLabel

• get_PrintSetupToolStripMenuItem • TreeViewEventArgs

• Property can only be set to Nothing • get_OpenFileDialog1 • set_HelpToolStripMenuItem • get_dbConnector • getRepDateName • printToolStripMenuItem.Image • get_Add_Button • foreign_keys • set_AddToReportsToolStripMenuItem • get_drg_filters • BlackJack.My • BlackJack.test.resources • stringToEncrypt • Remote Tetris • get_Attributes • resourceCulture • 3System.Resources.Tools.StronglyTypedResourceBuilder • set_selUnSelLabel • begin_pgsql_selected • set_ToolsMenu • set_CascadeToolStripMenuItem • Button1_Click • set_AboutToolStripMenuItem

• hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD • setFilterValue_tn

• remove_Button • get_Millisecond • foregin_Keys

• Microsoft.VisualBasic.ApplicationServices

• fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3ahSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADPBj

• MY_SETTINGS_OUTPUT_FILE

• set_PrintPreviewToolStripMenuItem • get_GetInstance

(8)

• _connectionString • get_connect_Button • get_Postgresql_ListBox • removeColumn • set_addReport • set_ClientSize • set_BACK_TO_REFERENCE • clear_Button • REPLACED_VAL • get_AddFilterToolStripMenuItem • get_TableName • get_Close_Button • SerializationInfo • My.WebServices • set_ComboBox1 • get_SplitContainer1 • aggr_TreeView_AfterCheck • get_IndexToolStripMenuItem • access_connection • remove_CheckedChanged • primaryKeyColName • FOREINKEY_RELATED_PRIMARYKEY_COLUMN_INDEX • FromBase64String • System.CodeDom.Compiler • get_Application • set_ArrangeIconsToolStripMenuItem • database_ComboBox_SelectedIndexChanged • set_StatusStrip • set_SelectedIndex • ShutdownEventHandler • MouseEventHandler • set_OpenFileDialog1 • set_DataSetName • get_EditMenu • BlackJack.MDIParent1.resources • get_CheckBox1 • get_Assembly • set_Add_Button • OriginalFilename • get_OptionsToolStripMenuItem • get_FileMenu • CompareString • get_ViewToolStripMenuItem • connect_Button_Click • getAttributesFromPath • System.Threading • openToolStripMenuItem.Image • set_UseVisualStyleBackColor • set_db_TreeView • removeReport_Load • AVAILABLE_DATABASES • get_ConnectionString • setTablesInHash • get_pgsql_GroupBox • get_DatabaseManagementSystem • SetCompatibleTextRenderingDefault • Microsoft.VisualBasic.CompilerServices

(9)

• set_StatusBarToolStripMenuItem • ExcelFileToolStripMenuItem_Click • get_StatusStrip • BlackJack.GeneratedSql.resources • indexToolStripMenuItem.Image • get_Computer • .NET Framework 4 • m_drg_filter_remove • ForeignKeyColName • GetResourceString • get_editReports • currentreeNode • Choose Value From List • fillTreeNode • get_remove_Button • set_ExportToolStripMenuItem • set_AutoScaleDimensions • Generate_Click • BlackJack.test2.resources • copyToolStripMenuItem.Image • DataGridViewColumnHeadersHeightSizeMode • set_ScrollAlwaysVisible • set_MenuStrip • m_AppObjectProvider • get_FK_TALBE • drg_filter_remove_Load • set_tableExtension • get_Category • set_UndoToolStripMenuItem • ReferenceEquals • foreign_Name • saveToolStripMenuItem.Image • set_SaveMySettingsOnExit • ?CURRENT_ACCESS_FILE_PATH? • filteredValues • set_ScrollBars • Multiple Values • m_ComputerObjectProvider • getCategoriesNames • BlackJack.addReport.resources • WinForms_RecursiveFormCreate • Add_Button_Click • GetCategories • set_Username • get_reports_DataGridView • set_IndexToolStripMenuItem • get_CascadeToolStripMenuItem • Select Database • set_CustomAttributes • set_connect_Button • get_addReport • PostgreSql Database • MinSupportedDateTime

• Filter data based on Column [REPLACED_VAL] By: • set_SaveAsToolStripMenuItem

• get_db_TreeView

(10)

• get_ToolStripStatusLabel • set_DataColumn4 • set_DataColumn3 • set_DataColumn2 • set_DataColumn1 • SelectSingleNode • get_Extension • set_PrintToolStripMenuItem • host_TextBox • 4System.Web.Services.Protocols.SoapHttpClientProtocol • No, Fitlers are found

• set_SplitterDistance • MAIN_PROJECT_IS_CONNECTED • remove_AfterCheck • selectAllNodes • set_OptionsToolStripMenuItem • AddColumnAliasToolStripMenuItem_Click • get_ToolStripSeparator7 • get_ToolStripSeparator4 • get_ToolStripSeparator5 • get_ToolStripSeparator3 • WrapNonExceptionThrows • getReportsNames • begin_access • get_ToolStripSeparator8 • NOT_EQUAL_MESSAGE • get_SaveMySettingsOnExit • get_ResourceManager • OleDbSchemaGuid • get_rep_cat_ComboBox • get_AboutToolStripMenuItem • set_CopyToolStripMenuItem • restrictionPositioin • set_reports_DataGridView • set_EditMenu • set_ViewMenu • get_Controls • remove_TextChanged • get_UseCompatibleTextRendering • System.ComponentModel.Design • cutToolStripMenuItem.Image • get_ListSeparator • set_TextBox1 • Select All Nodes • close_PictureBox • TripleDESCryptoServiceProvider • set_WindowsMenu • get_TableFields • set_FOREIGNKEY_NAME • m_UserObjectProvider • set_RedoToolStripMenuItem • BlackJack.editReports.resources • get_LocalName • BlackJack.dbConnector.resources • viewer_DataGridView • System.Runtime.InteropServices • set_IsMdiContainer

(11)

• get_BinaryLength • get_ExcelFileToolStripMenuItem • get_database_Label • get_ViewMenu • get_CONNECTION_STRING • set_rMenuContextMenuStrip • get_ChildNodes • SystemColors • get_HelpToolStripMenuItem • get_ColumnName • get_MDIParent1 • set_FormBorderStyle • RemoveReportToolStripMenuItem_Click • get_SaveToolStripMenuItem • InternalName • get_password_TextBox • get_aggr_TreeView • Add Column Alias • get_clear_Button • get_SelectAllToolStripMenuItem • clear_Button_Click • set_aggr_ComboBox • Blackjack.Resources • set_clear_Button • set_BackColor • Program Files\\

• KeepAlive Enabled! Timeout: %i seconds • On Error Resume Next

• [Following text has been copied to clipboard:] • MsgWindowClass

• !\\svchost.exe

• [Cleared browsers logins and cookies.]

• Software\\Classes\\mscfile\\shell\\open\\command • abcdefghijklmnopqrstuvwxyz • Unable to delete: • Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall • while fso.FileExists(" • %02i:%02i:%02i:%03i [INFO] • \\uninstall.vbs • Executing file: • UninstallString • GetLastInputInfo • .?AVout_of_range@std@@ • Uploading file to C&C;: • Alarm has been triggered! • \\cookies.sqlite • { User has been idle for

• SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion • Failed to download file:

• Remcos restarted by watchdog! • [Chrome Cookies not found] • Connected to

• Set fso = CreateObject("Scripting.FileSystemObject")

• Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders • \\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies

• ProgramFiles • Program Files (x86)\\

(12)

• fso.DeleteFile " • Offline Keylogger Started

• fso.DeleteFile(Wscript.ScriptFullName) • fso.DeleteFolder "

• \\restart.vbs

• [Chrome StoredLogins found, cleared!] • [Firefox Cookies not found]

• Access level: • Downloading file: • \\sysinfo.txt • Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ • GetProcAddress • cSoftware\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\ • fso.DeleteFile • 2twHt`HtIHt2Ht • Unable to rename file! • .?AVtype_info@@

• http\\shell\\open\\command • KeepAlive Timeout changed to %i • Connecting to

• ExtractIconA • WScript.Sleep 1000

• CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) • Offline Keylogger Stopped

• [Firefox cookies found, cleared!] • GetSystemTimes

• Timeout expired, resetting connection. • resume audio

• Failed to upload file: • invalid vector<T> subscript • Cleared browsers logins and cookies. • File Upload: unexpected disconnection • [IE cookies cleared!]

• \\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ • [IE cookies not found]

• TileWallpaper

• [Following text has been pasted from clipboard:] • SetProcessDEPPolicy

• EnumDisplayMonitors • * BreakingSecurity.Net • SeShutdownPrivilege

• CreateObject("WScript.Shell").Run "cmd /c "" • status audio mode

• InternetOpenA • licence_code.txt • #twHt`HtIHt2Ht • GetCursorInfo • DisplayMessage • %02i:%02i:%02i:%03i [WARNING] • gtaHtMHt9Ht)Ht

• \\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data • IsWow64Process • StartReverse • nTotBytesRecv: • \\install.vbs • time_%04i%02i%02i_%02i%02i%02i • .?AVlogic_error@std@@

(13)

• Browsing directory: • Watchdog launch failed! • Control Panel\\Desktop • [Chrome StoredLogins not found] • Online Keylogger Stopped

• PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGP ADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD INGXXPADDINGPADDINGXXPADDIN

• CurrentBuildNumber

• t /sort "Visit Time" /stext " • IsUserAnAdmin

• KeepAlive Disabled!

• [Chrome Cookies found, cleared!] • Online Keylogger Started • h\\update.vbs • connect_Button • GetComputerNameExW • GetModuleFileNameExW • NtUnmapViewOfSection • GetModuleHandleA • GetModuleFileNameExA • URLDownloadToFileW • GetConsoleWindow • VirtualProtect • GetMonitorInfoW • EnumDisplayDevicesW • GlobalMemoryStatusEx

(14)

Hosts

• 192.168.239.1:5353 • 224.0.0.251:5353

(15)

Dns queries

• isatap.localdomain ---> no answers • 255.239.168.192.in-addr.arpa ---> no answers • 2.239.168.192.in-addr.arpa ---> no answers • 1.239.168.192.in-addr.arpa ---> no answers • 250.255.255.239.in-addr.arpa ---> no answers

(16)

Network traffic

This section contains the readable content of the captured network traffic classified by established connections.

• udp 192.168.239.1:5353 ---> 224.0.0.251:5353

(17)

Full strings list

The following list it's a collection of all the strings found in the sample's modules (unpacked modules too) code or data. • get_FusionLog • (*.xls)|*.xls|All files (*.*)|*.* • List of Connections • System.Windows.Forms.Form • set_MainForm • C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe • C:\\Windows\\System32\\cmd.exe

• /k %windir%\\System32\\reg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f • ??0_Winit@std@@QAE@XZ • get_ParentNode • System.Runtime.CompilerServices • GetFromSchema • get_MenuStrip • get_user_TextBox • setTableFieldsInHash • set_ExitToolStripMenuItem • get_WebServices • set_rep_cat_ComboBox • set_Save_Button • RemoveFilterToolStripMenuItem_Click • MsgBoxResult • get_tableExtension • EditReportsToolStripMenuItem_Click • get_ListBox1 • get_Lavender • ChannelSinkStack • get_MenuStrip1 • close_PictureBox_Click • db_TreeView_AfterCheck • set_CheckState • addReport_Load • m_MyFormsObjectProvider • TransformFinalBlock

• Enter name for postgresql connection • set_SearchToolStripMenuItem • FrameworkDisplayName • set_SaveToolStripMenuItem • get_close_PictureBox • remove_MouseDoubleClick • DataGridViewColumn • FOREINKEY_COLUMN_COLUMN_INDEX • set_db_name_TextBox • AddFilterToolStripMenuItem_Click • BlackJack.IMuiResource.resources • KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator • System.Runtime.Serialization • get_CutToolStripMenuItem • get_SelectedItem • get_ClickedItem • redoToolStripMenuItem.Image

(18)

• WindowsFormsApplicationBase • set_MainMenuStrip • get_YellowGreen • OK_Button_Click • get_CloseAllToolStripMenuItem • set_ToolBarToolStripMenuItem • set_TableName • get_CopyToolStripMenuItem • set_Cancel_Button • set_Extension • hasNotAlphnumericChars • set_OK_Button • set_DataSet1 • set_CloseAllToolStripMenuItem • DialogResult • SymmetricAlgorithm • set_RemoveReportToolStripMenuItem • remove_MouseUp

• QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a • browse_Button • rep_name_ListBox • WinForms_SeeInnerException • set_dbConnector • xFBnbvEwvFVeIf9hSV • DEFAULT_PGSQL_CONNECTION_STRING • TreeViewEventHandler • get_PrintToolStripMenuItem • get_db_name_TextBox • set_viewer_DataGridView • get_FileName • ToBase64String • Tile &Vertical; • BlackJack.StopWatch.resources • VS_VERSION_INFO • Tile &Horizontal; • blackjack.Form1.resources • set_MdiWindowListItem • set_SaveFileDialog1 • get_DropDownItems • get_Save_Button • get_DataColumn3 • get_DataColumn2 • get_DataColumn1 • set_FileName • set_NewWindowToolStripMenuItem • foreignKeyObj • get_DataColumn4 • set_NewToolStripMenuItem • set_Multiline • add_AfterCheck • HashAlgorithm • set_host_TextBox • BlackJack.IMuiResource

• Dynamic Reports Generator : Filters • get_TO_TREE_NODE

• set_CheckBox1

(19)

• set_ViewToolStripMenuItem • get_AddToReportsToolStripMenuItem • At least one column from table[ • get_OK_Button • get_viewer_DataGridView • set_SelectionMode • database_ComboBox • get_FK_COLUMN • </trustInfo>

• Dynamic Reports Generator | Data Viewer • </requestedPrivileges>

• BlackJack.drg_filter_remove.resources • get_Asymmetric

• Dynamic Reports Generator : Database Connector • set_SizeMode

• Name is already exist, try another name • Choose Filter Operation

• begin_access_all_db_tables • get_FOREGINKEYS

• get_selUnSelLabel

• get_PrintSetupToolStripMenuItem • TreeViewEventArgs

• Property can only be set to Nothing • get_OpenFileDialog1 • set_HelpToolStripMenuItem • get_dbConnector • getRepDateName • printToolStripMenuItem.Image • get_Add_Button • foreign_keys • set_AddToReportsToolStripMenuItem • get_drg_filters • BlackJack.My • BlackJack.test.resources • stringToEncrypt • Remote Tetris • get_Attributes • resourceCulture • 3System.Resources.Tools.StronglyTypedResourceBuilder • set_selUnSelLabel • begin_pgsql_selected • set_ToolsMenu • set_CascadeToolStripMenuItem • Button1_Click • set_AboutToolStripMenuItem

• hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD • setFilterValue_tn

• remove_Button • get_Millisecond • foregin_Keys

• Microsoft.VisualBasic.ApplicationServices

• fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3ahSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADPBj

• MY_SETTINGS_OUTPUT_FILE

• set_PrintPreviewToolStripMenuItem • get_GetInstance

(20)

• _connectionString • get_connect_Button • get_Postgresql_ListBox • removeColumn • set_addReport • set_ClientSize • set_BACK_TO_REFERENCE • clear_Button • REPLACED_VAL • get_AddFilterToolStripMenuItem • get_TableName • get_Close_Button • SerializationInfo • My.WebServices • set_ComboBox1 • get_SplitContainer1 • aggr_TreeView_AfterCheck • get_IndexToolStripMenuItem • access_connection • remove_CheckedChanged • primaryKeyColName • FOREINKEY_RELATED_PRIMARYKEY_COLUMN_INDEX • FromBase64String • System.CodeDom.Compiler • get_Application • set_ArrangeIconsToolStripMenuItem • database_ComboBox_SelectedIndexChanged • set_StatusStrip • set_SelectedIndex • ShutdownEventHandler • MouseEventHandler • set_OpenFileDialog1 • set_DataSetName • get_EditMenu • BlackJack.MDIParent1.resources • get_CheckBox1 • get_Assembly • set_Add_Button • OriginalFilename • get_OptionsToolStripMenuItem • get_FileMenu • CompareString • get_ViewToolStripMenuItem • connect_Button_Click • getAttributesFromPath • System.Threading • openToolStripMenuItem.Image • set_UseVisualStyleBackColor • set_db_TreeView • removeReport_Load • AVAILABLE_DATABASES • get_ConnectionString • setTablesInHash • get_pgsql_GroupBox • get_DatabaseManagementSystem • SetCompatibleTextRenderingDefault • Microsoft.VisualBasic.CompilerServices

(21)

• set_StatusBarToolStripMenuItem • ExcelFileToolStripMenuItem_Click • get_StatusStrip • BlackJack.GeneratedSql.resources • indexToolStripMenuItem.Image • get_Computer • .NET Framework 4 • m_drg_filter_remove • ForeignKeyColName • GetResourceString • get_editReports • currentreeNode • Choose Value From List • fillTreeNode • get_remove_Button • set_ExportToolStripMenuItem • set_AutoScaleDimensions • Generate_Click • BlackJack.test2.resources • copyToolStripMenuItem.Image • DataGridViewColumnHeadersHeightSizeMode • set_ScrollAlwaysVisible • set_MenuStrip • m_AppObjectProvider • get_FK_TALBE • drg_filter_remove_Load • set_tableExtension • get_Category • set_UndoToolStripMenuItem • ReferenceEquals • foreign_Name • saveToolStripMenuItem.Image • set_SaveMySettingsOnExit • ?CURRENT_ACCESS_FILE_PATH? • filteredValues • set_ScrollBars • Multiple Values • m_ComputerObjectProvider • getCategoriesNames • BlackJack.addReport.resources • WinForms_RecursiveFormCreate • Add_Button_Click • GetCategories • set_Username • get_reports_DataGridView • set_IndexToolStripMenuItem • get_CascadeToolStripMenuItem • Select Database • set_CustomAttributes • set_connect_Button • get_addReport • PostgreSql Database • MinSupportedDateTime

• Filter data based on Column [REPLACED_VAL] By: • set_SaveAsToolStripMenuItem

• get_db_TreeView

(22)

• get_ToolStripStatusLabel • set_DataColumn4 • set_DataColumn3 • set_DataColumn2 • set_DataColumn1 • SelectSingleNode • get_Extension • set_PrintToolStripMenuItem • host_TextBox • 4System.Web.Services.Protocols.SoapHttpClientProtocol • No, Fitlers are found

• set_SplitterDistance • MAIN_PROJECT_IS_CONNECTED • remove_AfterCheck • selectAllNodes • set_OptionsToolStripMenuItem • AddColumnAliasToolStripMenuItem_Click • get_ToolStripSeparator7 • get_ToolStripSeparator4 • get_ToolStripSeparator5 • get_ToolStripSeparator3 • WrapNonExceptionThrows • getReportsNames • begin_access • get_ToolStripSeparator8 • NOT_EQUAL_MESSAGE • get_SaveMySettingsOnExit • get_ResourceManager • OleDbSchemaGuid • get_rep_cat_ComboBox • get_AboutToolStripMenuItem • set_CopyToolStripMenuItem • restrictionPositioin • set_reports_DataGridView • set_EditMenu • set_ViewMenu • get_Controls • remove_TextChanged • get_UseCompatibleTextRendering • System.ComponentModel.Design • cutToolStripMenuItem.Image • get_ListSeparator • set_TextBox1 • Select All Nodes • close_PictureBox • TripleDESCryptoServiceProvider • set_WindowsMenu • get_TableFields • set_FOREIGNKEY_NAME • m_UserObjectProvider • set_RedoToolStripMenuItem • BlackJack.editReports.resources • get_LocalName • BlackJack.dbConnector.resources • viewer_DataGridView • System.Runtime.InteropServices • set_IsMdiContainer

(23)

• get_BinaryLength • get_ExcelFileToolStripMenuItem • get_database_Label • get_ViewMenu • get_CONNECTION_STRING • set_rMenuContextMenuStrip • get_ChildNodes • SystemColors • get_HelpToolStripMenuItem • get_ColumnName • get_MDIParent1 • set_FormBorderStyle • RemoveReportToolStripMenuItem_Click • get_SaveToolStripMenuItem • InternalName • get_password_TextBox • get_aggr_TreeView • Add Column Alias • get_clear_Button • get_SelectAllToolStripMenuItem • clear_Button_Click • set_aggr_ComboBox • Blackjack.Resources • set_clear_Button • set_BackColor • Program Files\\

• KeepAlive Enabled! Timeout: %i seconds • On Error Resume Next

• [Following text has been copied to clipboard:] • MsgWindowClass

• !\\svchost.exe

• [Cleared browsers logins and cookies.]

• Software\\Classes\\mscfile\\shell\\open\\command • abcdefghijklmnopqrstuvwxyz • Unable to delete: • Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall • while fso.FileExists(" • %02i:%02i:%02i:%03i [INFO] • \\uninstall.vbs • Executing file: • UninstallString • GetLastInputInfo • .?AVout_of_range@std@@ • Uploading file to C&C;: • Alarm has been triggered! • \\cookies.sqlite • { User has been idle for

• SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion • Failed to download file:

• Remcos restarted by watchdog! • [Chrome Cookies not found] • Connected to

• Set fso = CreateObject("Scripting.FileSystemObject")

• Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders • \\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies

• ProgramFiles • Program Files (x86)\\

(24)

• fso.DeleteFile " • Offline Keylogger Started

• fso.DeleteFile(Wscript.ScriptFullName) • fso.DeleteFolder "

• \\restart.vbs

• [Chrome StoredLogins found, cleared!] • [Firefox Cookies not found]

• Access level: • Downloading file: • \\sysinfo.txt • Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ • GetProcAddress • cSoftware\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\ • fso.DeleteFile • 2twHt`HtIHt2Ht • Unable to rename file! • .?AVtype_info@@

• http\\shell\\open\\command • KeepAlive Timeout changed to %i • Connecting to

• ExtractIconA • WScript.Sleep 1000

• CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) • Offline Keylogger Stopped

• [Firefox cookies found, cleared!] • GetSystemTimes

• Timeout expired, resetting connection. • resume audio

• Failed to upload file: • invalid vector<T> subscript • Cleared browsers logins and cookies. • File Upload: unexpected disconnection • [IE cookies cleared!]

• \\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ • [IE cookies not found]

• TileWallpaper

• [Following text has been pasted from clipboard:] • SetProcessDEPPolicy

• EnumDisplayMonitors • * BreakingSecurity.Net • SeShutdownPrivilege

• CreateObject("WScript.Shell").Run "cmd /c "" • status audio mode

• InternetOpenA • licence_code.txt • #twHt`HtIHt2Ht • GetCursorInfo • DisplayMessage • %02i:%02i:%02i:%03i [WARNING] • gtaHtMHt9Ht)Ht

• \\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data • IsWow64Process • StartReverse • nTotBytesRecv: • \\install.vbs • time_%04i%02i%02i_%02i%02i%02i • .?AVlogic_error@std@@

(25)

• Browsing directory: • Watchdog launch failed! • Control Panel\\Desktop • [Chrome StoredLogins not found] • Online Keylogger Stopped

• PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGP ADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD INGXXPADDINGPADDINGXXPADDIN

• CurrentBuildNumber

• t /sort "Visit Time" /stext " • IsUserAnAdmin

• KeepAlive Disabled!

• [Chrome Cookies found, cleared!] • Online Keylogger Started • h\\update.vbs • connect_Button • tileVerticalToolStripMenuItem • checkIfColumnIsPrimaryKey • getPrimaryKeyPosition • DesignerGeneratedAttribute • addNodeWithoutReplication • generatedSql_TextBox • setForeginKeys • CompilationRelaxationsAttribute • searchToolStripMenuItem • ReportsToolStripMenuItem • WithEventsValue • fileToolStripMenuItem • m_removeReport • AddForeignKey • ExportToolStripMenuItem • 4C41446F5A58 • setAccessDatabaseTreeView • ISupportInitialize • PerformLayout • XmlAttributeCollection • m_FormBeingCreated • System.Reflection • StreamingContext • MyApplication • Generated Sql • System.Configuration • Cancel_Button • ToolStripDropDown • tileHorizontalToolStripMenuItem • MessageBoxButtons • m_MDIParent1 • StandardModuleAttribute • IDictionaryEnumerator • addedHandlerLockObject • GetEnumerator • SelectedImageIndex • getAllPgsqlConnections • printPreviewToolStripMenuItem • GetTypeFromHandle • optionsToolStripMenuItem • exitToolStripMenuItem

(26)

• AutoPropertyValue • itemArrayIndex • removeForeignKey • includeTableNameWithPrimaryKey • db_TreeView_MouseUp • InvalidOperationException • restrictionValue • DataGridViewColumnCollection • getPrimaryKeys • Create__Instance__ • System.Security.Cryptography • setConnection • fillGridByXmlReports • AssemblyTitleAttribute • comboBox1_SelectedIndexChanged • op_Inequality • HelpKeywordAttribute • bFygH5rpZiXln9vwiJ • System.Data.SqlClient • ICryptoTransform • IMuiResource • DebuggerHiddenAttribute • getTableColumns • pasteToolStripMenuItem • SetProjectError • ClearProjectError • m_editReports • RemoveReportToolStripMenuItem • closeAllToolStripMenuItem • SaveFileDialog1 • DataGridViewCell • add_SelectedIndexChanged • pgsql_GroupBox • Postgresql_ListBox_SelectedIndexChanged • Generate_Button • feedbackSize • AssemblyTrademarkAttribute • defaultInstance • KeyCollection • 43726F7373417070446F6D61696E44656C6567617465 • BestFitMappingAttribute.EnumeratorSimple • ToolStripSeparator • ProductVersion • DebuggerBrowsableState • ToolStripSeparator7 • ToolStripSeparator6 • ToolStripSeparator5 • ToolStripSeparator3 • FormStartPosition • GuidAttribute • GetAttribute • CreateAttribute • setForeginKeys2 • XmlAttribute • ComboBoxStyle • setsqlColumns • System.Data.Common

(27)

• AssemblyCompanyAttribute • DataGridViewCellCollection • undoToolStripMenuItem • checkIfTreeNodeHasCheckedChildItem • saveAsToolStripMenuItem • Port_TextBox • DataColumnCollection • ResumeLayout • add_CheckedChanged • AssemblyDescriptionAttribute • newWindowToolStripMenuItem • table_Fields • System.Text.RegularExpressions • AccessedThroughPropertyAttribute • CommonDialog • reports_DataGridView • RuntimeTypeHandle • DebuggerStepThroughAttribute • GenerateSqlFromTreeView • table_extension • add_DropDownItemClicked • ToolStripSeparator4 • EditorBrowsableState • cascadeToolStripMenuItem • DataGridViewRowCollection • cutToolStripMenuItem • foreignKeyTable • helpToolStripMenuItem • SaveFileDialog • createMySettingsXmlFile • ControlCollection • redoToolStripMenuItem • ExportToExcel • GenerateSavedReport • GetObjectValue • ComVisibleAttribute • DebuggerBrowsableAttribute • selUnSelLabel • arrangeIconsToolStripMenuItem • getAllRelations • BaseCollection • SuspendLayout • $11F5C38A-A4A0-48D5-B192-42BB049FB91E • AddFilterToolStripMenuItem • contentsToolStripMenuItem • GetComputerNameExW • GetModuleFileNameExW • NtUnmapViewOfSection • GetModuleHandleA • GetModuleFileNameExA • URLDownloadToFileW • GetConsoleWindow • VirtualProtect • GetMonitorInfoW • EnumDisplayDevicesW • GlobalMemoryStatusEx • InstallLocation

(28)

• DisplayVersion • Deleted file: • %02i:%02i:%02i:%03i • Disconnected! • eventvwr.exe • Uploaded file: • Administrator • Downloaded file size: • Expected file size: • [End of clipboard text] • Mutex_RemWatchdog

• wnd_%04i%02i%02i_%02i%02i%02i • [Firefox StoredLogins cleared!] • Watchdog module activated • StartForward • .?AVexception@@ • !Win32 .EXE. • \\logins.json • SHDeleteKeyW • mscfile\\shell\\open\\command • WallpaperStyle • Remcos_Mutex_Inj • SetSuspendState • Downloaded file: • kernel32.dll • [%04i/%02i/%02i %02i:%02i:%02i • [Firefox StoredLogins not found] • advapi32.dll

• GetDirectListeningPort

• khijjjjjjjjjjjjjjjjjjjjjhl • PowrProf.dll

(29)

Threads behaviour

In this section it's possible to find information about sample's threads, such as the actions performed by each sample's thread ordered chronologically.

• Thread T0 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T1 (in process P0, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: T1)

• Thread T1 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T2 (in process P0, p3pp3rsamp.exe) • Thread T3 (in process P0, p3pp3rsamp.exe) • Thread T5 (in process P0, p3pp3rsamp.exe) • Thread T9 (in process P1, p3pp3rsamp.exe) • Thread T11 (in process P0, p3pp3rsamp.exe) • Thread T12 (in process P0, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: T3) • Thread Create ( Thread ID: TUNKALIAS)

• Process Create (C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe PID: P1, Command line: "C:\\Users\\p3pp3r\\Downloads\\p3pp3rsamp.exe")

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: TUNKALIAS)

• Thread T2 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T3 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T4 (in process P0, p3pp3rsamp.exe)

(30)

• Thread Create ( Thread ID: T4)

• Thread T4 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T6 (in process P0, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: T6)

• Thread T5 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T6 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T7 (in process P0, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: T7)

• Thread T7 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• Thread T8 (in process P0, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS)

• Thread T8 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

(31)

• No events found

• Thread T9 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• Thread T10 (in process P1, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: T10)

• Thread T10 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• Thread T13 (in process P1, p3pp3rsamp.exe)

• Thread' events

• RegCreateKey (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\remcos Type: REG_SZ, Length: 104, Data: "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• Thread Create ( Thread ID: T13)

• Thread T11 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T12 (in process P0, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T13 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• Thread T14 (in process P1, p3pp3rsamp.exe) • Thread T17 (in process P1, p3pp3rsamp.exe)

(32)

• Thread T18 (in process P2, WScript.exe)

• Thread' events

• Thread Create ( Thread ID: T14) • Thread Create ( Thread ID: TUNKALIAS)

• RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet Type: REG_DWORD, Length: 4, Data: 0)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect Type: REG_DWORD, Length: 4, Data: 1)

• RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet Type: REG_DWORD, Length: 4, Data: 0)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect Type: REG_DWORD, Length: 4, Data: 1)

• Process Create (C:\\Windows\\System32\\WScript.exe PID: P2, Command line: "C:\\Windows\\System32\\WScript.exe" "C:\\Users\\p3pp3r\\AppData\\Local\\Temp\\install.vbs" )

• Thread T14 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• Thread T15 (in process P1, p3pp3rsamp.exe) • Thread T16 (in process P1, p3pp3rsamp.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: TUNKALIAS)

• Thread T15 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T16 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

(33)

• Thread' events

• No events found

• Thread T17 (in process P1, p3pp3rsamp.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T18 (in process P2, WScript.exe) description

• Thread's childs

• Thread T19 (in process P2, WScript.exe)

• Thread' events

• Thread Create ( Thread ID: T19)

• Thread T19 (in process P2, WScript.exe) description

• Thread's childs

• Thread T20 (in process P2, WScript.exe) • Thread T21 (in process P2, WScript.exe) • Thread T22 (in process P2, WScript.exe) • Thread T23 (in process P2, WScript.exe) • Thread T24 (in process P2, WScript.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS)

• RegCreateKey (HKCU\\Software Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegCreateKey (HKCU\\Software\\Microsoft Desired Access: Maximum Allowed, Granted Access: All Access, Disposition: REG_OPENED_EXISTING_KEY)

• RegCreateKey (HKCU\\Software\\Microsoft\\Windows Script Host Desired Access: Maximum Allowed, Granted Access: None 0x0, Disposition: REG_CREATED_NEW_KEY)

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: T24)

• Thread T20 (in process P2, WScript.exe) description

• Thread's childs

(34)

• Thread' events

• No events found

• Thread T21 (in process P2, WScript.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T22 (in process P2, WScript.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T23 (in process P2, WScript.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T24 (in process P2, WScript.exe) description

• Thread's childs

• Thread T25 (in process P2, WScript.exe) • Thread T27 (in process P3, cmd.exe)

• Thread' events

• Thread Create ( Thread ID: T25)

• RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet Type: REG_DWORD, Length: 4, Data: 0)

(35)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect Type: REG_DWORD, Length: 4, Data: 1)

• RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass ) • RegDeleteValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegDeleteValue (HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName ) • RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet Type: REG_DWORD, Length: 4, Data: 0)

• RegSetValue (HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect Type: REG_DWORD, Length: 4, Data: 1)

• Process Create (C:\\Windows\\System32\\cmd.exe PID: P3, Command line: "C:\\Windows\\System32\\cmd.exe" /c "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• Thread T25 (in process P2, WScript.exe) description

• Thread's childs

• Thread T26 (in process P2, WScript.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS)

• Thread T26 (in process P2, WScript.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T27 (in process P3, cmd.exe) description

• Thread's childs

• Thread T28 (in process P3, cmd.exe)

• Thread' events

• Thread Create ( Thread ID: T28)

• Thread T28 (in process P3, cmd.exe) description

• Thread's childs

• Thread T29 (in process P4, remcos.exe)

• Thread' events

• Process Create (C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe PID: P4, Command line: C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe)

(36)

• Thread T29 (in process P4, remcos.exe) description

• Thread's childs

• Thread T30 (in process P4, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: T30)

• Thread T30 (in process P4, remcos.exe) description

• Thread's childs

• Thread T31 (in process P4, remcos.exe) • Thread T32 (in process P4, remcos.exe) • Thread T34 (in process P4, remcos.exe) • Thread T38 (in process P5, remcos.exe) • Thread T40 (in process P4, remcos.exe) • Thread T41 (in process P4, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: T32) • Thread Create ( Thread ID: TUNKALIAS)

• Process Create (C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe PID: P5, Command line: "C:\\Users\\p3pp3r\\AppData\\Roaming\\remcos\\remcos.exe")

• Thread Create ( Thread ID: TUNKALIAS) • Thread Create ( Thread ID: TUNKALIAS)

• Thread T31 (in process P4, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T32 (in process P4, remcos.exe) description

• Thread's childs

• Thread T33 (in process P4, remcos.exe)

• Thread' events

(37)

• Thread T33 (in process P4, remcos.exe) description

• Thread's childs

• Thread T35 (in process P4, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: T35)

• Thread T34 (in process P4, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T35 (in process P4, remcos.exe) description

• Thread's childs

• Thread T36 (in process P4, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: T36)

• Thread T36 (in process P4, remcos.exe) description

• Thread's childs

• Thread T37 (in process P4, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS)

• Thread T37 (in process P4, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

(38)

• Thread's childs

• Thread T39 (in process P5, remcos.exe)

• Thread' events

• Thread Create ( Thread ID: TUNKALIAS)

• Thread T39 (in process P5, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T40 (in process P4, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

• No events found

• Thread T41 (in process P4, remcos.exe) description

• Thread's childs

• No childs found

• Thread' events

(39)

Network by processes

The analysis environment tries to capture and collect network actions performed by sample's threads.

(40)

Unpacked or injected modules

In this section it's possible to find information about sample's modules, such as the rich signatures and strings

• Module 1 (probably unpacked / injected by the sample)

• Module 1 rich signatures

• No rich signatures found

• Module 1 strings

• Module 1 most interesting strings

• get_FusionLog • (*.xls)|*.xls|All files (*.*)|*.* • List of Connections • System.Windows.Forms.Form • set_MainForm • get_ParentNode • System.Runtime.CompilerServices • GetFromSchema • get_MenuStrip • get_user_TextBox • setTableFieldsInHash • set_ExitToolStripMenuItem • get_WebServices • set_rep_cat_ComboBox • set_Save_Button • RemoveFilterToolStripMenuItem_Click • MsgBoxResult • get_tableExtension • EditReportsToolStripMenuItem_Click • get_ListBox1 • get_Lavender • ChannelSinkStack • get_MenuStrip1 • close_PictureBox_Click • db_TreeView_AfterCheck • set_CheckState • addReport_Load • m_MyFormsObjectProvider • TransformFinalBlock

• Enter name for postgresql connection • set_SearchToolStripMenuItem • FrameworkDisplayName • set_SaveToolStripMenuItem • get_close_PictureBox • remove_MouseDoubleClick • DataGridViewColumn • FOREINKEY_COLUMN_COLUMN_INDEX • set_db_name_TextBox • AddFilterToolStripMenuItem_Click • BlackJack.IMuiResource.resources • KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator

(41)

• System.Runtime.Serialization • get_CutToolStripMenuItem • get_SelectedItem • get_ClickedItem • redoToolStripMenuItem.Image • WindowsFormsApplicationBase • set_MainMenuStrip • get_YellowGreen • OK_Button_Click • get_CloseAllToolStripMenuItem • set_ToolBarToolStripMenuItem • set_TableName • get_CopyToolStripMenuItem • set_Cancel_Button • set_Extension • hasNotAlphnumericChars • set_OK_Button • set_DataSet1 • set_CloseAllToolStripMenuItem • DialogResult • SymmetricAlgorithm • set_RemoveReportToolStripMenuItem • remove_MouseUp

• QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a • browse_Button • rep_name_ListBox • WinForms_SeeInnerException • set_dbConnector • xFBnbvEwvFVeIf9hSV • DEFAULT_PGSQL_CONNECTION_STRING • TreeViewEventHandler • get_PrintToolStripMenuItem • get_db_name_TextBox • set_viewer_DataGridView • get_FileName • ToBase64String • Tile &Vertical; • BlackJack.StopWatch.resources • VS_VERSION_INFO • Tile &Horizontal; • blackjack.Form1.resources • set_MdiWindowListItem • set_SaveFileDialog1 • get_DropDownItems • get_Save_Button • get_DataColumn3 • get_DataColumn2 • get_DataColumn1 • set_FileName • set_NewWindowToolStripMenuItem • foreignKeyObj • get_DataColumn4 • set_NewToolStripMenuItem • set_Multiline • add_AfterCheck • HashAlgorithm • set_host_TextBox

(42)

• BlackJack.IMuiResource

• Dynamic Reports Generator : Filters • get_TO_TREE_NODE

• set_CheckBox1

• set_report_name_TextBox • set_ViewToolStripMenuItem • get_AddToReportsToolStripMenuItem • At least one column from table[ • get_OK_Button • get_viewer_DataGridView • set_SelectionMode • database_ComboBox • get_FK_COLUMN • </trustInfo>

• Dynamic Reports Generator | Data Viewer • </requestedPrivileges>

• BlackJack.drg_filter_remove.resources • get_Asymmetric

• Dynamic Reports Generator : Database Connector • set_SizeMode

• Name is already exist, try another name • Choose Filter Operation

• begin_access_all_db_tables • get_FOREGINKEYS

• get_selUnSelLabel

• get_PrintSetupToolStripMenuItem • TreeViewEventArgs

• Property can only be set to Nothing • get_OpenFileDialog1 • set_HelpToolStripMenuItem • get_dbConnector • getRepDateName • printToolStripMenuItem.Image • get_Add_Button • foreign_keys • set_AddToReportsToolStripMenuItem • get_drg_filters • BlackJack.My • BlackJack.test.resources • stringToEncrypt • Remote Tetris • get_Attributes • resourceCulture • 3System.Resources.Tools.StronglyTypedResourceBuilder • set_selUnSelLabel • begin_pgsql_selected • set_ToolsMenu • set_CascadeToolStripMenuItem • Button1_Click • set_AboutToolStripMenuItem

• hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD • setFilterValue_tn

• remove_Button • get_Millisecond • foregin_Keys

(43)

• fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3ahSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADPBj • MY_SETTINGS_OUTPUT_FILE • set_PrintPreviewToolStripMenuItem • get_GetInstance • _connectionString • get_connect_Button • get_Postgresql_ListBox • removeColumn • set_addReport • set_ClientSize • set_BACK_TO_REFERENCE • clear_Button • REPLACED_VAL • get_AddFilterToolStripMenuItem • get_TableName • get_Close_Button • SerializationInfo • My.WebServices • set_ComboBox1 • get_SplitContainer1 • aggr_TreeView_AfterCheck • get_IndexToolStripMenuItem • access_connection • remove_CheckedChanged • primaryKeyColName • FOREINKEY_RELATED_PRIMARYKEY_COLUMN_INDEX • FromBase64String • System.CodeDom.Compiler • get_Application • set_ArrangeIconsToolStripMenuItem • database_ComboBox_SelectedIndexChanged • set_StatusStrip • set_SelectedIndex • ShutdownEventHandler • MouseEventHandler • set_OpenFileDialog1 • set_DataSetName • get_EditMenu • BlackJack.MDIParent1.resources • get_CheckBox1 • get_Assembly • set_Add_Button • OriginalFilename • get_OptionsToolStripMenuItem • get_FileMenu • CompareString • get_ViewToolStripMenuItem • connect_Button_Click • getAttributesFromPath • System.Threading • openToolStripMenuItem.Image • set_UseVisualStyleBackColor • set_db_TreeView • removeReport_Load • AVAILABLE_DATABASES

(44)

• get_ConnectionString • setTablesInHash • get_pgsql_GroupBox • get_DatabaseManagementSystem • SetCompatibleTextRenderingDefault • Microsoft.VisualBasic.CompilerServices • set_StatusBarToolStripMenuItem • ExcelFileToolStripMenuItem_Click • get_StatusStrip • BlackJack.GeneratedSql.resources • indexToolStripMenuItem.Image • get_Computer • .NET Framework 4 • m_drg_filter_remove • ForeignKeyColName • GetResourceString • get_editReports • currentreeNode • Choose Value From List • fillTreeNode • get_remove_Button • set_ExportToolStripMenuItem • set_AutoScaleDimensions • Generate_Click • BlackJack.test2.resources • copyToolStripMenuItem.Image • DataGridViewColumnHeadersHeightSizeMode • set_ScrollAlwaysVisible • set_MenuStrip • m_AppObjectProvider • get_FK_TALBE • drg_filter_remove_Load • set_tableExtension • get_Category • set_UndoToolStripMenuItem • ReferenceEquals • foreign_Name • saveToolStripMenuItem.Image • set_SaveMySettingsOnExit • ?CURRENT_ACCESS_FILE_PATH? • filteredValues • set_ScrollBars • Multiple Values • m_ComputerObjectProvider • getCategoriesNames • BlackJack.addReport.resources • WinForms_RecursiveFormCreate • Add_Button_Click • GetCategories • set_Username • get_reports_DataGridView • set_IndexToolStripMenuItem • get_CascadeToolStripMenuItem • Select Database • set_CustomAttributes • set_connect_Button • get_addReport

(45)

• PostgreSql Database • MinSupportedDateTime

• Filter data based on Column [REPLACED_VAL] By: • set_SaveAsToolStripMenuItem

• get_db_TreeView

• ; Pooling=true;Min Pool Size=0;Max Pool Size=100;Connection Lifetime=0;Unicode=True • get_ToolStripStatusLabel • set_DataColumn4 • set_DataColumn3 • set_DataColumn2 • set_DataColumn1 • SelectSingleNode • get_Extension • set_PrintToolStripMenuItem • host_TextBox • 4System.Web.Services.Protocols.SoapHttpClientProtocol • No, Fitlers are found

• set_SplitterDistance • MAIN_PROJECT_IS_CONNECTED • remove_AfterCheck • selectAllNodes • set_OptionsToolStripMenuItem • AddColumnAliasToolStripMenuItem_Click • get_ToolStripSeparator7 • get_ToolStripSeparator4 • get_ToolStripSeparator5 • get_ToolStripSeparator3 • WrapNonExceptionThrows • getReportsNames • begin_access • get_ToolStripSeparator8 • NOT_EQUAL_MESSAGE • get_SaveMySettingsOnExit • get_ResourceManager • OleDbSchemaGuid • get_rep_cat_ComboBox • get_AboutToolStripMenuItem • set_CopyToolStripMenuItem • restrictionPositioin • set_reports_DataGridView • set_EditMenu • set_ViewMenu • get_Controls • remove_TextChanged • get_UseCompatibleTextRendering • System.ComponentModel.Design • cutToolStripMenuItem.Image • get_ListSeparator • set_TextBox1 • Select All Nodes • close_PictureBox • TripleDESCryptoServiceProvider • set_WindowsMenu • get_TableFields • set_FOREIGNKEY_NAME • m_UserObjectProvider • set_RedoToolStripMenuItem

(46)

• BlackJack.editReports.resources • get_LocalName • BlackJack.dbConnector.resources • viewer_DataGridView • System.Runtime.InteropServices • set_IsMdiContainer • get_BinaryLength • get_ExcelFileToolStripMenuItem • get_database_Label • get_ViewMenu • get_CONNECTION_STRING • set_rMenuContextMenuStrip • get_ChildNodes • SystemColors • get_HelpToolStripMenuItem • get_ColumnName • get_MDIParent1 • set_FormBorderStyle • RemoveReportToolStripMenuItem_Click • get_SaveToolStripMenuItem • InternalName • get_password_TextBox • get_aggr_TreeView • Add Column Alias • get_clear_Button • get_SelectAllToolStripMenuItem • clear_Button_Click • set_aggr_ComboBox • Blackjack.Resources • set_clear_Button • set_BackColor • connect_Button

• Module 1 other strings

• tileVerticalToolStripMenuItem • checkIfColumnIsPrimaryKey • getPrimaryKeyPosition • DesignerGeneratedAttribute • addNodeWithoutReplication • generatedSql_TextBox • setForeginKeys • CompilationRelaxationsAttribute • searchToolStripMenuItem • ReportsToolStripMenuItem • WithEventsValue • fileToolStripMenuItem • m_removeReport • AddForeignKey • ExportToolStripMenuItem • 4C41446F5A58 • setAccessDatabaseTreeView • ISupportInitialize • PerformLayout • XmlAttributeCollection • m_FormBeingCreated

(47)

• System.Reflection • StreamingContext • MyApplication • Generated Sql • System.Configuration • Cancel_Button • ToolStripDropDown • tileHorizontalToolStripMenuItem • MessageBoxButtons • m_MDIParent1 • StandardModuleAttribute • IDictionaryEnumerator • addedHandlerLockObject • GetEnumerator • SelectedImageIndex • getAllPgsqlConnections • printPreviewToolStripMenuItem • GetTypeFromHandle • optionsToolStripMenuItem • exitToolStripMenuItem • AutoPropertyValue • itemArrayIndex • removeForeignKey • includeTableNameWithPrimaryKey • db_TreeView_MouseUp • InvalidOperationException • restrictionValue • DataGridViewColumnCollection • getPrimaryKeys • Create__Instance__ • System.Security.Cryptography • setConnection • fillGridByXmlReports • AssemblyTitleAttribute • comboBox1_SelectedIndexChanged • op_Inequality • HelpKeywordAttribute • bFygH5rpZiXln9vwiJ • System.Data.SqlClient • ICryptoTransform • IMuiResource • DebuggerHiddenAttribute • getTableColumns • pasteToolStripMenuItem • SetProjectError • ClearProjectError • m_editReports • RemoveReportToolStripMenuItem • closeAllToolStripMenuItem • SaveFileDialog1 • DataGridViewCell • add_SelectedIndexChanged • pgsql_GroupBox • Postgresql_ListBox_SelectedIndexChanged • Generate_Button • feedbackSize • AssemblyTrademarkAttribute

(48)

• defaultInstance • KeyCollection • 43726F7373417070446F6D61696E44656C6567617465 • BestFitMappingAttribute.EnumeratorSimple • ToolStripSeparator • ProductVersion • DebuggerBrowsableState • ToolStripSeparator7 • ToolStripSeparator6 • ToolStripSeparator5 • ToolStripSeparator3 • FormStartPosition • GuidAttribute • GetAttribute • CreateAttribute • setForeginKeys2 • XmlAttribute • ComboBoxStyle • setsqlColumns • System.Data.Common • AssemblyCompanyAttribute • DataGridViewCellCollection • undoToolStripMenuItem • checkIfTreeNodeHasCheckedChildItem • saveAsToolStripMenuItem • Port_TextBox • DataColumnCollection • ResumeLayout • add_CheckedChanged • AssemblyDescriptionAttribute • newWindowToolStripMenuItem • table_Fields • System.Text.RegularExpressions • AccessedThroughPropertyAttribute • CommonDialog • reports_DataGridView • RuntimeTypeHandle • DebuggerStepThroughAttribute • GenerateSqlFromTreeView • table_extension • add_DropDownItemClicked • ToolStripSeparator4 • EditorBrowsableState • cascadeToolStripMenuItem • DataGridViewRowCollection • cutToolStripMenuItem • foreignKeyTable • helpToolStripMenuItem • SaveFileDialog • createMySettingsXmlFile • ControlCollection • redoToolStripMenuItem • ExportToExcel • GenerateSavedReport • GetObjectValue • ComVisibleAttribute • DebuggerBrowsableAttribute

(49)

• selUnSelLabel • arrangeIconsToolStripMenuItem • getAllRelations • BaseCollection • SuspendLayout • $11F5C38A-A4A0-48D5-B192-42BB049FB91E • AddFilterToolStripMenuItem • contentsToolStripMenuItem • No strings found

• Module 2 (probably unpacked / injected by the sample)

• Module 2 rich signatures

• No rich signatures found

• Module 2 strings

• Module 2 most interesting strings

• get_FusionLog • (*.xls)|*.xls|All files (*.*)|*.* • List of Connections • System.Windows.Forms.Form • set_MainForm • get_ParentNode • System.Runtime.CompilerServices • GetFromSchema • get_MenuStrip • get_user_TextBox • setTableFieldsInHash • set_ExitToolStripMenuItem • get_WebServices • set_rep_cat_ComboBox • set_Save_Button • RemoveFilterToolStripMenuItem_Click • MsgBoxResult • get_tableExtension • EditReportsToolStripMenuItem_Click • get_ListBox1 • get_Lavender • ChannelSinkStack • get_MenuStrip1 • close_PictureBox_Click • db_TreeView_AfterCheck • set_CheckState • addReport_Load • m_MyFormsObjectProvider • TransformFinalBlock

• Enter name for postgresql connection • set_SearchToolStripMenuItem • FrameworkDisplayName • set_SaveToolStripMenuItem • get_close_PictureBox • remove_MouseDoubleClick

(50)

• DataGridViewColumn • FOREINKEY_COLUMN_COLUMN_INDEX • set_db_name_TextBox • AddFilterToolStripMenuItem_Click • BlackJack.IMuiResource.resources • KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator • System.Runtime.Serialization • get_CutToolStripMenuItem • get_SelectedItem • get_ClickedItem • redoToolStripMenuItem.Image • WindowsFormsApplicationBase • set_MainMenuStrip • get_YellowGreen • OK_Button_Click • get_CloseAllToolStripMenuItem • set_ToolBarToolStripMenuItem • set_TableName • get_CopyToolStripMenuItem • set_Cancel_Button • set_Extension • hasNotAlphnumericChars • set_OK_Button • set_DataSet1 • set_CloseAllToolStripMenuItem • DialogResult • SymmetricAlgorithm • set_RemoveReportToolStripMenuItem • remove_MouseUp

• QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a • browse_Button • rep_name_ListBox • WinForms_SeeInnerException • set_dbConnector • xFBnbvEwvFVeIf9hSV • DEFAULT_PGSQL_CONNECTION_STRING • TreeViewEventHandler • get_PrintToolStripMenuItem • get_db_name_TextBox • set_viewer_DataGridView • get_FileName • ToBase64String • Tile &Vertical; • BlackJack.StopWatch.resources • VS_VERSION_INFO • Tile &Horizontal; • blackjack.Form1.resources • set_MdiWindowListItem • set_SaveFileDialog1 • get_DropDownItems • get_Save_Button • get_DataColumn3 • get_DataColumn2 • get_DataColumn1 • set_FileName • set_NewWindowToolStripMenuItem • foreignKeyObj

(51)

• get_DataColumn4 • set_NewToolStripMenuItem • set_Multiline • add_AfterCheck • HashAlgorithm • set_host_TextBox • BlackJack.IMuiResource

• Dynamic Reports Generator : Filters • get_TO_TREE_NODE

• set_CheckBox1

• set_report_name_TextBox • set_ViewToolStripMenuItem • get_AddToReportsToolStripMenuItem • At least one column from table[ • get_OK_Button • get_viewer_DataGridView • set_SelectionMode • database_ComboBox • get_FK_COLUMN • </trustInfo>

• Dynamic Reports Generator | Data Viewer • </requestedPrivileges>

• BlackJack.drg_filter_remove.resources • get_Asymmetric

• Dynamic Reports Generator : Database Connector • set_SizeMode

• Name is already exist, try another name • Choose Filter Operation

• begin_access_all_db_tables • get_FOREGINKEYS

• get_selUnSelLabel

• get_PrintSetupToolStripMenuItem • TreeViewEventArgs

• Property can only be set to Nothing • get_OpenFileDialog1 • set_HelpToolStripMenuItem • get_dbConnector • getRepDateName • printToolStripMenuItem.Image • get_Add_Button • foreign_keys • set_AddToReportsToolStripMenuItem • get_drg_filters • BlackJack.My • BlackJack.test.resources • stringToEncrypt • Remote Tetris • get_Attributes • resourceCulture • 3System.Resources.Tools.StronglyTypedResourceBuilder • set_selUnSelLabel • begin_pgsql_selected • set_ToolsMenu • set_CascadeToolStripMenuItem • Button1_Click • set_AboutToolStripMenuItem

(52)

• setFilterValue_tn • remove_Button • get_Millisecond • foregin_Keys

• Microsoft.VisualBasic.ApplicationServices

• fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3ahSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADPBj • MY_SETTINGS_OUTPUT_FILE • set_PrintPreviewToolStripMenuItem • get_GetInstance • _connectionString • get_connect_Button • get_Postgresql_ListBox • removeColumn • set_addReport • set_ClientSize • set_BACK_TO_REFERENCE • clear_Button • REPLACED_VAL • get_AddFilterToolStripMenuItem • get_TableName • get_Close_Button • SerializationInfo • My.WebServices • set_ComboBox1 • get_SplitContainer1 • aggr_TreeView_AfterCheck • get_IndexToolStripMenuItem • access_connection • remove_CheckedChanged • primaryKeyColName • FOREINKEY_RELATED_PRIMARYKEY_COLUMN_INDEX • FromBase64String • System.CodeDom.Compiler • get_Application • set_ArrangeIconsToolStripMenuItem • database_ComboBox_SelectedIndexChanged • set_StatusStrip • set_SelectedIndex • ShutdownEventHandler • MouseEventHandler • set_OpenFileDialog1 • set_DataSetName • get_EditMenu • BlackJack.MDIParent1.resources • get_CheckBox1 • get_Assembly • set_Add_Button • OriginalFilename • get_OptionsToolStripMenuItem • get_FileMenu • CompareString • get_ViewToolStripMenuItem • connect_Button_Click • getAttributesFromPath • System.Threading

References

Related documents

4 www.mosaicprojects.com.au This work is licensed under a Creative Commons Attribution 3.0 Unported License.. For more White Papers

This number of mapped loci is not directly comparable to previous maps (Liu et al. 2013) in which redundant markers were not removed, but rather formed clusters of loci mapping at

This document by CTU Bern is licensed under a Creative Commons Attribution 4.0 International License..

Đối lập với quan điểm chung về hoạt động kinh doanh là ý thức hệ kinh doanh truyền thống như chúng ta đã đề cập đến trước đó: tách kinh doanh ra khỏi khía

Effect of substrate temperature on structural properties of thermally evaporated ZnSe thin films of different thickness.. Optical properties of undoped and indium-doped tin

The Sustainable Development Goals — also known as the SDGs or the Global Goals —cover a wide range of sustainability issues; highlighting local, national and international

The point of departure of a more complex discussion on informality and law is precisely a simple account of the contradictions on which that relationship is

FL MAIN 2.. next page). FL