Sample details: 19d617f11c04dd60e3a2ec8c7e131b7f --

Hashes
MD5: 19d617f11c04dd60e3a2ec8c7e131b7f
SHA1: bb335acf068e323e86198ffccddd1902fba208f6
SHA256: de86b3ba045b70bdba9e39c4e5479ff2493916395c693cade519a654d8633ec3
SSDEEP: 12288:B8G9J3KRDt4VgbKP8IaMRhB9qc5Nb8zMkTry8vvyhFZ1PzdnL0ey6C4Du8eH7W8e:Bdfep3YU6X10eFCcU7U9iO
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://cayenehost.com/.major/EmberComing.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
r+		po)
rA$	po)
r%(	po)
r}+	po)
rb-	po)
rW/	po)
rP1	po)
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
!GZI7i
c:Vh[=
k#"|'&R
~m>U&3
Etf>-E
64}U![
.+d_Gn
_t9<xD
LJWX2qH
D5,(Xq
Q(LO5a
bN$<O-
|({{+uf
yA&U]'
ZF="^>
pb?,"Ua
In%o{3
V"WC,WC%rU
u!=Lm;W@
0nh*/bq
f}d)+G
}'BDLo
y;XOL;
[Z"y"]
v cQ[}9
5}<nI+
#"X+0/yB
!t['^}
V?,9{y
1zt6l6
8qXZ>r
JW)gm@H!O
k/(r4]
Vfi)A5b
F~J;xn
1"jgud\n
w,~;qj
Z[Ai>N
5P(QLR
aJ4\,v
>b&r}2	
v2<lqQrO
sF	6kS
 (qBSKF
aeQ[5iQ
-3'3uK
vi)MPux
dd(/jp
^F0:VM
$[!LZ1
]6*\5_
|;RIK?
=2P5n0
CL9V$m'a
~cKZ}K'$o-
,Q5G$S
zN5xF.h
C:/$iD}"3h
CPUyaA
O!Im~	
'Fo@{O
dlDM B
TF#+6iT
5J|nRe
/Vdx_,
$olAZk
#>C7Jp
s0&]a~
t5Z}Go
J$--77
g&]P+d
vfKOO?}6XL
4F=+(Y
L7ie{-
8*c'\h\
zBy6(#
9Offk#
NZ6uZc
uk&TN=
Q[JK.Zx
Q9-)J$?
TL([S^
|ryUYE
@{PCot
m?HnU?K&l
\m=]}X
{pv6Bs
8v~b~+jaGc"c
NHv@CNi
%on;*oM
+t>^|F
7&sW>OiS
7o5g'{
xs$ok7)
.u)];/
|#by#M
z1U<dq
L^8;A_H
d%=>F?
{4pxrb
^29A|R
JL_?4_V~
k0zQ}M{}'
f'8o@Ohj
mh^L	,
y2xb.8
i& yx2
mLO|tb
gGmG}G
vdESlZ
^y/54qlDY
@aWt4V(
iZQMBKG\
91-Rpe
H8[aib 
Bq)!Zax
ulkjZV
y)+?).]
l,S,Fb
c_EeJ}d
VP*%U~
_E^UL>
FulTV3
k:P_\.
%})!'4
bWi?:e"P
ZcIZv9
dq Bf#
K\3InpE|Q
l6ULg+
a7#_+V
P(Y*dr
\Vb ke!
vu)dsbTtw
M/ *M2J
KM,eDqX
uF$ZNF
Q7Q;uz
iz)`mj)
&/PNar
ic)amV
jl5^*m)'!.DI
^3 eHa2
+F*S+E*~>
oj-M"2
9#[I//e
dV!$./P
W2Ke^=
P]<Wx4e
GslRm|
w}iwWzs9
W| +s+
V_fv,moM
5w U:x*
d~z2{G
4~#glg*
-a$+Jv
`}G_}Goi
hmJ#\j<
MmL='s
u?sp6w
a$;xgj
mKhe8bT
"1rM]H
+p3##-b4
A(Nd@w
r4CG*m
L8xIWz
p W{3a
L&l+CGf*/
nnBcxXlF\
+cew^!
Hx+-l8v
+lCdxwz%
4$F~,m
/0&6"0
a[J8Xpp
_~Xq"@
Fj"}9JG
&M Tv<
'A23*)
l<|yw7
FH~n"p?@ca
	(yOHs
Xj3:hk
0)X$V&Ri
<HAM!a
aG!NXY~Mv
0WCqr&rK
(!w$ee
4O4T-<
CQe\`k
{AP19U'4
FV<'s6fe
^':2$;
epTOW{0^
D,0vw&SbSsW
lNt>\ht
Lgmfyn
~>;b6,5
rb~~:, 
[y.JI8
1!:FSVi@}	
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
egzcWz\
-"$;IO
7e.d|S
|2	W<=
i3p}gD4
\pJGq&>
)t&${=
yz~lNO
N}I`22+
-ys',R
?_*V0=
28),Z_
kw}3p~
lqcrCn/
,*D~blK
p,Jk%[
V807Xq`
W+C45FUB
$%#aUI"
"cdmfu
Ncm&]Z
=OEt%Y
E1:/F;b
5pm`H,
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
NewLateBinding
LateGet
Operators
MultiplyObject
SubtractObject
Conversions
ToInteger
ToByte
LateIndexGet
LateIndexSet
ModObject
System.Collections.Generic
List`1
System.Text
Encoding
get_Default
GetString
String
Concat
Boolean
ChangeType
STAThreadAttribute
i.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
EmberComing
EmberComing.exe
MyTemplate
8.0.0.0
My.WebServices
My.Application
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
1.3.6.2
Copyright 
 2013 McAfee, Inc.
McAfee SecurityCenter
McAfee, Inc.
2McAfee SecurityCenter Install Time Instrumentation
McItInfo
_CorExeMain
mscoree.dll
	)IDATx
~y92'z
1E[#D6