Sample details: 024cf2c94c771fffe32ec010d9fb786b --

Hashes
MD5: 024cf2c94c771fffe32ec010d9fb786b
SHA1: 028a67f1e497b2eede0a357a30bfd63dc7acaacb
SHA256: 569c41122e32d220bfbaf714d360fa6238f44fe15dd398a5b4d2e05a57a02046
SSDEEP: 6144:/nNeuZQsar7vECur3w1o0n2u86o/XpqYP33unhYPBDgInBK7B:UuWsaPur3wnK6QgEQhYJDgInBK7B
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/android_meterpreter |
Source
http://omann.ir/wa.exe
http://omann.ir/wa.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
qR%&8g
[xZ 2g
 adMA%&8
 /GrDZ 
jada8n
$rZ j:2
GOIZ m
 ACAJZ v
'Z Uj2
~Z Nbj#a8T
 DA#P%+
)?%&8s
 0\e7%+
8D%&81
<tmZ ]
-1X%&8S
Z $^/xa8
WZ oxm#a8`
Z (k{ua8H
 Q[WG%&+
f	Qa8x
 'E;8Z 
C#1Z Jxu
 N(}t%+
{Z dH[
$@Z @~X
Wr[Z sN9$a+
aM/a8'
 ktH Z 
 ,LFH8m
JZ )Hv
 kgA4%+
 _Za8g
 [id28O
7Z l,Eoa8
'Z ./k
42 OP 
	 D[5bZ 
 udzWZ M
 )"S^ 
g2Z 	Z
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAg
NmN\N]NrNlN,N{N1NnN,NJN
N?N:NbNIN
NDN{NINFN
N;N{NpN
N?NNN&N=NxN|NON;N3N"NLNwN^N@N<N
NjN'N0N2NjN
N4N:NtN
NpN[NjNmN
N3N(NrN3N
NuN}N^NsNRNnN|N)NfNRNLN6NtNsN
N`NjN4N N_N|N7N
*"NyN1N\N$N1NDNYN
NfNKN4NFN^N
.&NYNXNQN@N-N
N7NeN`N
N NwNLN+N
NqNsN_N
0/N]N*N{N
N_NjNvNEN(NUN
(>NANqNmNrN
NMN_N_N
N=N`N:N2N*NNN
@?NJN~N
N[N,N1N
N|NAN(N[NTN?N
N<N<NqNBN
N&N;N6N
NCNQNYN
NNN+NsN]N"N3N]NvNLN2NNN?NHN\N@N2N
N[NKNkN
N?NxNEN^N/N
,LNyN2NRN
N\NLNCN
N N,NWN
DVNZN	N%N
N~NBN0N@NQNqNSNrNYNBNuNoN
N!NGNONhNcNZN N
NaN#NNNsNaN
N,NgNwN
NdNINvNCN
NeNxN(N8NfN-/
NCN9NsNXNNN
N6NWN8N)NoNiN-N
N?NDN)NLd
H[N;N(N&N
NgNXNgN
N N[N@N'NVN8N
NGN'NzN
NLN?NeN4NpN
N%NENENuN;N]NBN-N
NpN3N6NfN
N/N{N`NMNmNqN
N\NoNnN(NDN
N1N9NZN*NDN
NYN?NiNNN\N
N(NWNNN
NkNJNWN,N$NGNQN{NC
NPN%Nl
NrN&N5NON0N]N+N=NENDNfN;N
N!NAN;N]N1NON
N~NqNVN}N
,|NoN4NHN\N
NSNIN)NZNqN3N^N3N5N
NoNpN\N]i
CH_I<](B3
"b~E;@-EJ
v$l+z$V
}b4Y0L&,|
"6	L<.*
H/m? {
EJgT	u
4"?{}^
Q]C_bg
_`vl/$
9+]"AR5
Wii;20<
1@UDpH?K
ju$J_Q
6	?YRi
	S0ehr
\nk,t$(
EVNehB'*
S'^y'NO
9Yp`0"
];=R>al
XutH6C
P{m$5Y
q1<taC
$2-o!b
|!.&},
2mqY'RJ
ZyhO38
mh6"_8~j&s
9U(^19>
{`R49(
M{3%[Zr
eX#HXp
[Lk:lo+
^t/ji|%
&W|l0<
b?jzT]@#
r)HP,z
FGf[7-Uw
-cfbz4
Y>n=>z?	
no?nKa<S&^
l)5u dY6'
vQG8xtD
+t$HRv
"KO>hT
]Q;BM@
vIS~`NB
>)akr=
!@t6sb
XimSz&T
l![PR~Hd
cg8oyn
E3p-I/
]etwQTx
X}uj{K
lAjtX}
*}Pg(B
AK05#q
0GOS3Dl
a0@m%"
O~/u*I
d(#1ZA-
>d}2o:"
MvD8fy
3H_g:,
Z~q'OL
~0Cnof&bZ
~'X}\q
wkz;XG
T C2\y
pOekc|
RUr1_PI
2B@H}2
/GOwP)%UT&
b0Pse.
x\(;C.
kX7G5iB5
N!L`+O
snj:ec 
T{#uv%
|fggA#
|3u\yp
AsRn%$
<U6YOL-A
ZoVLSKl4
KYgO}q
0GM7\s
DqH.cU
u%}Ry5R
sN$Pzt
$`'#;3
g2}a,}
QdSdP)K
KNIyj`
=k-wUse
bH{wb|
':q>2;
{lRt6`
K:7w}X(
JQF^0K%
T$PaU	Y
_fQzs!
n1muX$
ME 6;K[
	h5?xtT
n)3y{m
.C4|CU
fEDWrJ
m%_}Jm
_hRW%%&
Kbfn3%
T#)OqLZ
4]+]\H
V65(oJ
?mYrsS!
Kx\%L;:
y=&Qz`	
#Xwx!d
~aCPRf
MYVTdhy
4{U?Iz9
XRNa~e#I:
r+Wt>^
e0d o Y
|RGt.;"Z|
vYc,~p
0l~qCB
>#f*t7
)	BTzV&
e;)]w;
dnaUMI
n2=~hK
?=Mt|9T9Xl
D;0Xt$
SwadZ0
Qo%L4w
{|KvD'
kqp^Am	
e(=d\g.[
tOvXi^
%a8fRY
&>M,iJd
FAKf2dU
H,/9Qs
Y;4.%`t
IhI=ZH'
tl@Vc"
UJR3i*
;lSI d7"2
p0s6dB
Cr{d"E$
$wsF]BQg
f"1mZ9
94((o\
7UQ"g	
h6>rOsA,
}wQ^I@L#
Bnr)lHC
;JUsm,^Z
(94<#?v
OELrdH
|Zx6`3
W,#JT<
1s,a;./
2LD$;4h
da^1Xp~
/^aNrS	
	L~ OrC
	_/$W9
e&#7G= 
9wj	02XKk
Zu|?N;
"\Q_~+
CJv#RqD\RHyq
aycdC}
(r(Oo/
;FLXw>)
?FcTo{r
E)._K(
3V`z[v
]uO$3i
(	-5T	>
|w42Kc
g{fvi%jS
:x|[Lm
g^mUk&)
AYZRkm0
H);:(I9
4z7B6]m
W2f.8/|
19MC(p
lX$p;i
k<Fdrn
yP EJN/
V!z&^h)U
xig>=	:
"Qq#:^
i'E/:`
gesW#;
PpT>^6
i-N7F7
R}rgg:
\		H@4&%
Pk<bH3
\jB[-k
r2e|db
E[r|y,
@FI1bd
J6rw=uCCs
ae)mG\"
&_zzY63
dQ	YRH
4	8_,O|
<Du*:@
,6D@Lk
&8OTlU
b)HE~$
eCn'JPm
.Oe1	v
85r>DY
xOxw#"
dD8Ov2
0@Vq*j
6'}m 4
s7{Vai
<"pEAP}8@~E
'4\a)u
_?QR"	
v">gbY*
(iSIA$
[<J#ZY
GM%][h
/js@fT
`iqv	o\
eaPuNy
tzIUt3mV=
R)pnp"
dXCw\uXd
m:1yB^
*^Dhq+?T
qh})[3
H$Ux[5q
Icqcz7
IO\Cbj
k|vB`y;
v=oTC7
5IW^>n/g
tpgjZF
GQU~'Z&
lr;0!a
1|s&Vt
P(0MU5iN
#g^R^4
`x@s|n
Y{Gi.2
Gk|scJ}
}54EQy
yDTFjb
X_H_uh 
`-LF ]
($U7xh}Jh
7UCf0o%
nwTGGq
;wdw8di'_b
743SI:
]ZG ?;
]@~s'Y
,TQW ?1AI
:@bDxD
|5#:JU
@ZM|\V
Ov'L6Z
'Ek[Mw
'rWG*G
2+?@j:
Z^F$6E
IZz4JH0
m]c413
RX767T
Ai.V:~9
(pkLgO
M6KP$:
/uy9Pf
uLg[Q'
Nq^|t*V
qfvuR4
uY09IDQ
	"?K]5(P#;
/-4U1K
x)$3:[
#/*"ux
&FfGKX
3?b66X
d":\;v
cRFK#;?&
0SIo3h
HPBu$HS
IF@A7]
QXc:~k8@
5@~4NN
Piz{@b
?DfBzE
zW;'%8
ot~W.,
g#<mEy4
s<%=<W
jQIg<K$vE8b
614~Oh 
nl>G*9
-V.P]MH
L7{98J
o(/,<(w
tT}_$r
hppQ5L
E:nfFw
:%6i3N
a@SL4HN
4I"RYW
lhaN"M
Pgz#&	
p-SQ/Z
V!z1`Wbe
<%9!KF
<Sg[G`
{P&C^8
d]TqJM
 YpM!3
eA_,xD
JEcV4*
jzdL7TLb
|A?Y	_
i(oT+X
k<_rdn
Z`tt 6
C	iM'/*PGF
!kC,_G
;Z,@4L!
(*	O3r
FkIc_w
hT,n"n|
}v-CB#
({NU9K
x(U%<e
`XBZKp%Hf
4u'aFp
SIOQb`=
.Eoi:A
"vOVYz
ORGfP(
e],I3R
QI	Pc|V
%$Ml~4&
gx*!|$
t>7^O=
SB#*uP
2/oG&_
uze=C\y
}l}wZ7
XWh/~U
;KB*,MV
R"	Rbd
k2nU|	w7b
l[uVo-
S	^J9y
e&Qm* 
J@%\oq
oQJ[|A
 d9B#)
VD BvhXLxG
9VC@|R
]]Yc?]
lTf-sK
;EyqYX
hf,o&u
WGM_98
6^R#O;
BM#:hg
N)%KmV
k|!{CkR3
zd'*HIsu]
lJz[aN
-2NoF4
Ug~jN|
'o$C>y
RmL7$)
v2.0.50727
#Strings
7GYx0Ufozsx
mscorlib
System.Windows.Forms
.resources
RGfrNC0Dgmzsba8RPFA
z71ohNtJvHdQDj
.cctor
MemoryStream
System.IO
System
Stream
get_Length
ReadByte
UInt32
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
Encoding
System.Text
get_UTF8
GetString
String
Intern
Buffer
BlockCopy
GetTypeFromHandle
RuntimeTypeHandle
GetElementType
CreateInstance
ValueType
Object
TeUuYrRz8BUf
qWvNEdDNmSnDc
Pfjy8kbtk4OOI7JOXOW
eWQoixCkXFW22sB
KaScdfdi8IsuBIggtD6
PropertyInfo
System.Reflection
y1N7tJGk7gu3E8DZ
Sugk0muTOjDqkj6HH0
xKmUX40eoCKAxW6ZB
vEELEUmwjH7ag
MethodInfo
Zfb85017SQLYKMwVuj
VYZXZ1QYCzEaNTJQ
tVB8QeSZUo
na5vm0w5Ff
AbZ2m9FZrnD4dmI
Wkr5orffKA
SDtiYtXlIm
SLWf1UUk1b
Assembly
AIhADkKI7iAIll5Sa
JUX0ItWFpj16ensUb
sHWXbVKp6PVpy
v0INf5or0bujiY
Exception
mhMx9ZGocRLqkmqow3j
1ZpJsDDvV9CmysCK6
Z1SBAHj40pN
Exjdw7HNrc2gH8azvf
zoafOhg6Oue0hnVM
3oLPlwXtItrP2uyr5T
BHuIcBun433z
zip3FyUQ9LqW
1RpAfUWtDXx4ctGhJXs
GxL5uga8NHsKc74
ConstructorInfo
6JjgIxZ3KwB
GetType
GetProperties
MemberInfo
get_Name
op_Equality
SetValue
GetMethods
MethodBase
Invoke
GetExecutingAssembly
get_Message
MessageBox
DialogResult
Activator
GetConstructor
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyCompanyAttribute
UnverifiableCodeAttribute
System.Security
mj1NYnrvqSmoR3e
HsjVZuZRms7uTOQ
7.30.33.60
oLTfaM5uK5wY2ms
HCdDdgz8OmAypZK
WrapNonExceptionThrows
5S3zqCGeyfwMMuX
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll