Sample details: 14b7c8036c8487e0e7d3f0c410b9a91e --

Hashes
MD5: 14b7c8036c8487e0e7d3f0c410b9a91e
SHA1: e0faef96c94d5a53662c831bd1271fec506f80ad
SHA256: 213036cea81909f061d67141c3da1794eb03c5a7a5a8f0b5ed6671e614ce7b45
SSDEEP: 6144:LFSQwV+XJFv0q9mqYUT6q4MKStVi+krMI2te9jyzWaX3Rb/09Q:VwoDvvQqYUeq4MVlkQI2teJyzWaX3t/0
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://omann.ir/mtt.exe
http://omann.ir/mtt.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
w_sZ 6
Ir4Z ,r
y"`Z !
 ]eWV%&
Z *x5Fa8W
]A,%&8
 |WmsZ 
 R3~&%&
 Z sC0
,FvZ {F
 TGSj%&8
Z \DZZa8\
	 ?8BOZ C
LZ "LC7a8{
4(Za8I
 |Dv]%&8
yZ H*m
 e;1I8'
2r%&8&
Mv%&8H
!>cZ G@
zR=Za+
Z n$&Wa+
ky1Z q
	 XFBKZ 2
_}Za8K
? (edaa%
\p^a8`
 hg3p+
"vAZ ;
 ":foZ 
|Z \@tCa8
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA\Rs
N`N;N[NsN;N1N
N5NVNnNnNwNhN
NmN$NZN~N@N-NsNENFN
N`NHNJNGNLNmN
N=N7NaN
N	N]NaNVNoNnNoNnN+N
NAN%NiN
N+N`NYN.N"N
NeNSNiNoN@N9NENBNwNZNlNuN
N^N)N[NTN,N8
NYNsNyN|NHN
NnN1NhNCN
NrN NDN*N;N~N3N
N+NiNENJN1N
N\N|N;NRN
NjN)N{NAN
N N6N>NsN4N+NgNRNZN
N1N#NCN
N[NlNENhNEN_N]NPNYN[N
NdNON4NoN
N3NDNaNlNqN?N
NrNYNhN
N/NAN=NeNQN*N8N/NON@NJN
N]N^NyN7N^N
NqNZNN8
0<N<N8N
NFN{N#N
N|NGNXNSN
NuNrNSNvNnN	
HANgN8N
NlN#NXNBN
NaN1NhNvNNN(N|N
NUNXNYNnN
NCNtN,N>N
0CNZNQN
N	NlNTN
NON|NtN
N~N#N\N
N0NdN(N
*HN|N!N>NANsN\NgNZN(N
NUNINBNfN^N
*]N4N\N
N8NnN%N
N*NyNaN
NyN0NRNcN
B]N~NXN?N]N
NZNqN!N7N^NnN%NxN
NjN]N*N NtN
NQN!N5NONcNEN'N}N
N;NFNNN
@hN;N,N3N
N7N.N~N
NIN$NKN
NENRN35
NqN,N{NeNPNBN7N[N`NVN
N[NCNrN
NqNAN_NQN
NSNwNZl
N8N[NpN
NtNFNUN&NUN
NMNlNINjN>NZN^N	NoN
N-NKN:N
02]AcM
f!_^}zBx
*s^1Em
!BKENM
j<j5c4
	C>C2r8
1Vp%)S
C9/ZG4
_60@?x
n#gKC%:D1Lkd
+0Emg.
qNEZSi
=x*(cd
^-v&*y
	/CSJ[
#r>@.s
ds4+ac
\J!T*R
 Bl$$5
Gn)Y#q
-`C$<e
^XnD]"
r2$&V,
[*{;=,
 "10h@
_(UR&e
e%oG|	
'#EOMa
2C~d"w
[C|	2}
|xCi^aV	
!)wlkw
i1;dO,`T
G]hsi@
z+xj38
E_ldP@
5Y]<YA
?T/;c]
z[!([!^
at}gFz
g]m9;4U
Tl'>LH
;L;:#T
)Ex5t?`A-6
)=7h(p)
b{}/)^
<ek;3o
.PD:B!
Mlg[yC
xEfGlu
E7@_Z;}
{f_|S!2
z|>m~j
xA8awX0
{OAp#)
+=~zi5
\JqtDL
PxppBr
bgmx5*
dr@?*8
,4?#6f
wg6s(b
*'Ng4b
|sCysE
R?_5p9n
#_qhadw
#0| b|
~0\lxQ0
+,raF}
;1L*@+
K|mZ~"
b8+,_?
0	+qAPu
Q{>!hy
I#0tT909
w0Ie*0+
YEUAI)
|=B 	*>2]M
{PS\(T
4[u-;^
<m3Ol=
$KNvDe
w%}"IJ 
KyaZrn
TeD;.%
;+,?0:
HItr>'
:[UZ$^k
c	b[I	T
ZOsJrd1
`<mTlx
h	.%0D
5x\#e	+
xpg?4q'
%mvkc?
 w6z}?m
`Vy,7y:
.PF ^?
u^Gc7D
Uz!0Fk`b
ZM_S\l{p
H(;y$Y"
t<G[E?sc
B69IgA
oP`=0wIJi6
j;itfh
+im"WVn
:.*x@I
JoxR~(
,_DzKr
 6|uze
m4c<Io;so5%,
'Yvl(y
h&k2DV
) $>:L
z3%)KpL%
	3@Czl3
fx'xYxT
&[y}PGS'
Jlc=	K
$}7Qxk
L?HH#	L
JO(f[=we
AxJc?=
Dm<M		
Rs@XzI]3
kk!?ce
fX{Q=@
cS,9Gp
P(S`4vq>
[d%X;Zz
]tT5J@U
fS&[yw_*
8{un8C7
d;];?l
7VrWc%u
*aME%X
F'A8b-
;5n#z@
)*3oee
Xa"rPxR
e^]n+`
0N9Ax\
L$]g*|a
;ue)	n
ZC:8QK
we]l	W
{j50tq
&hzRA#
G(*=m8k
AxzdN{y
	ba@eV
AlT0Je
ByLs,d
0S"2`i
N,ih.m
>6x,.q
	=<YHk1v
Zu6&;	
61CMW$
	uHMwi
39]sI|1
$o#7EO
#&e)sw
!<C3*W
;#4J =
k/2|lf
v?Tk/u
^NbUdO&
Z1WXj>
c&FYlu
HiiFGU
^#1Of;
%g` _@v
0i3!*[L
6#fk*9 
91LT<u
M5}!Yhu*
'poS93
h T'{2k
8Zt%C}C
F)Y&I{~
t]DY"-U
 lrI:M
qhCqE%
7hD+y%
1n\/wg
]Nu\^X0
6zzE]o
xt`AGW
UDs!e=Z6
I=9v]tS
_9*X[J
NN.tk'HY1
x5<}P"?
xqKlKn
	W&ulPA
IoPH|DCm
['$_<J..
L>f.<"U
q%mW{i
,1T<]}
E{gcV#
\rv>F&
c0!oA]
IicV"4
6~{M.6_
X}(~vd
5+D	y6
i8	)Sl
{3	a"{s
/<g2C@
g#3V[<
Zx'Edt
4QH\0U
c_4GLF
7Q~{?>">
{&0Yeg
2.*eoG
%dvR1@
Aww3rt	
[NuE})
gPJv,]
HjPM'q
iqfBEN
jt=p4vED|b
zHe>u6
ylz\:s
s|W-TUsr
H07SsU
0W=j.	Vpq
jR7h#F
lRp 5SK
4G5uw%
lku2"q
j4NAGK0U
Fthv~)
4#?uW<
.8AD<t
a'0xec
Vn7s*/4us
=7A2"jZ
qvi F`
I41vOu
sP<~{k
SMj;8-
|KvH!$;
u#SY6d
DS}zk}.
;Gowb%
*}<lmp
_=?wBWn
f	Rlj:
R8ArcA7+[
en	-Zq
`"RjbU
;-,+&n
3j0a`+
6a{[+Gq
f:$M9E
C~P#T=
Y%*N^/
wmn9G_
#ng8C'L
S*TLr{
_s{-|_
lom?o g
412	tf
cI(@o\
4Ng}&6
Q="a2Y
gb'uaE
Ax~ijm
.S%k~	
_p	|G'
RJuf- 6
-r .R#eW$
5wMGN$/
mvWPuQ
n2PLJ+#
*l Z`{&
3]tMAn;X
^ }]gc
%BVQLZ
u^3x	w"m
`B	`3X
fa~\P.
}Hn_kx
?Cq)^$
}~a]RZ
7U;uvPy#
:5HC7O
Xe^qsI
[~n.%I(
,4{QtaLA
*+xU'%
.S"x?D
s:(0.yo
xjnm%&U
6mWg -J
o[U/$Zn
uoi>u:
l@=G.W
.v[xcP
xqPXA/^1}
$3Vtr2
<cdj0"
4[A.'r
\gH$w.z<
.po 9X
f/QX%LNy
4'l5$l
nbTVk3q
]Fvcy/ W
.]yHu":
`$z}a1
*QLl6Y
ax/W6t
-)}m^3K)
.4h~rf
&<}+q|
t	AD@/
Y#"	<cT
XU@4"x
L4zB}[
5#SB-g
],0oG;
J$9r+e9{
aespqX
,c[c>.
m`T8J,
)X[(LM
w'^#Oh1
Td}Qc^
B8b$AD
}`t_nq5
 &^Ad4
67[|V@
Z>_E{l<
cyy('C
	w\j@q_
JXncui
cH[q2t
C>Z)1!
$	G%?&m
/<+yv6
ZZ"ld$=
])&5^~
^VmSju 
g\_\\t
9N7&]]
>G$?#{_
)+~Dbr
]hVkq$
NA,JKY
:p`'_AK
[-B*oMn
+*erBX
FOIOuN
ETf!+%
OKm6] 
:\nVC`w
~%6H;S
vvWl	Vp
,mRyDI
~_[%K3
"ve	\V
?kK$8:B
?gXvPAjS-
	E@?nQ
o]o4wl
RL)F`#/3
F@{jF|1
ii<j{M
a7skQ]*9
^Sq_zw
,|rE-2
WTc96	
yAr9/ E
`jKIJK+
yy	ZH.
=pV'>H
\%'pA8
l`$Tarb
\P]u_L
FlkH=k
q{aA"D
9N kDc^8n:
\:s~[V)
( z\eH
zshvY_3=b#
wozH_$
v2.0.50727
#Strings
mrpXOFSSxt35BgA
mscorlib
System.Windows.Forms
.resources
z1FzvDGYNS
u2kz5PnSfkdrVQBHRvR
.cctor
MemoryStream
System.IO
System
Stream
ReadByte
get_Length
UInt32
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
Buffer
BlockCopy
Encoding
System.Text
get_UTF8
GetString
String
Intern
GetTypeFromHandle
RuntimeTypeHandle
GetElementType
CreateInstance
ValueType
Object
MeIza8sW2e
XWwcMdwwWDWc8pL
ConstructorInfo
System.Reflection
CteXnImehTWvMAY1aVn
MethodInfo
LZQuqHRSrNUksSPH
FKYlYZaMOO
uaS6b2rRl1So
K3v00P4KX3JkA050V
LDKSErjls0Wz2G1J3
jeK392QVTCkQkp
Assembly
aHlXL4fMNy2
dmG3nGXYfWey
Exception
bA8ug0B3hL
0MvSlf57ESojoSK
PropertyInfo
EvwnyN0euONLxHpqxx
6P2rvsd9UPG9G9QU
pFbNfxiN5tQSiX
NBfDTKMlB2k
4czHwt4GyUkYVl
kUTMslPSl2xKWuVBXV
c86cB5z5mlz
GJ2ZpCBNSCF
poInXNGXwBASsGnvkI
HZXr5YsvhgX
wVOrieyNDxZB
lMaRZhBLaszJ2plLEU
9AXnpZmHYvwa
xrlCzzLM9A1SEbg2w
5BczkH8NwudPjsorCp
DzXXdBuxULOt
ibZyNE8hwCQL2LQ5
NiaHJgLrMFK
dELX6qOnEjw
GetType
GetConstructor
Invoke
GetMethods
MemberInfo
get_Name
op_Equality
MethodBase
GetExecutingAssembly
get_Message
MessageBox
DialogResult
GetProperties
Activator
SetValue
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyCompanyAttribute
UnverifiableCodeAttribute
System.Security
Rt7qBSIb0W
VJR0zQFzK9
58.64.86.34
CRFidOm5EN
xcdEyNP9wE
WrapNonExceptionThrows
Oyq0QV4bzD
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
IDATx^
oK .h~
l{K;* 
E&X<b8
?Y5go:$W
RH_Sp=
5s.9LG
\sUSmx
a=z)IP
qOqXzv{[
~ai~=,#
*?P_kz/J
-uP2di
J,sO8w
i>G%9w
O8S:}g|
6t+7hI
bOiek@KBV_
{F[a8Iy
|'#PI|
d#Sp_\
&Si,gXd0
w:k6nfh
iS;+!r
(5b)ly>N
]{;7]=
@1%sm!
L,:VJ}
B1iV39
0<%=<u
<	c'DJ
WJC5Cb
QA|[EE-)
v|@>J&k?)m
;;MmcD&
y@+{ql
KjpcfD.Ymw}iH
PM&9@`
__on::
B^;i5'
!sDLpFr
aK.Y6j[
rxbIvn,
jH3[!@
`I&md*
-r<M|KJ
4Z!+')0$q
	DP7)cM,
=cd#9V
fhFtE,z
hs>%;z\
hg78K.
GlANR&%
`;emb2o9r
1#_!Y}
ACpUu6
+Oh	w)
Al0XXH
_/H-rk
Fy\ 2n7
 Ra08G
mmaSa+i/t
P@PVo	7
Nf'E	kBEx
ZXB`/a
t+Vv5p
*bhX'7*
	[|Ka)
DNLw@78
4Dk0vpk1
lr9sF	+
#C7/zb
fj=<$++
z7wcA"EFz
F"d99r