Sample details: 1cd13c94f70a672f8dc30be37ba93232 --

Hashes
MD5: 1cd13c94f70a672f8dc30be37ba93232
SHA1: 84a9f82d0173e2c051bbc8a4f83a47bd1b4ae8b7
SHA256: 6f9fcfaa7d942dea200107857c51c4fbcd7ac5922f090a1b9dc91e0e67e03fa3
SSDEEP: 6144:gw0KZs0HiUA3YOx9mbbjTAlbyAC1nmuItN8qR:CKK+AZ9mH8+ACEuItzR
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://omann.ir/eng.exe
http://omann.ir/eng.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
Z 8F6+a+
	 D/yRZ 
51IZ +
H>%&8p
BG%&8U
Z i@6Oa8#
R)BZ H~
 ?\2'%&8i
`B%&8y
Z`)%&8_
D'&a89
#`Za8~
kWnZ 1
 9c_oZa8
 `5BV%&
}Z "Mt
RNZ "G
&CbZ B
Z ~N7za8
D8Z 1M9
v!.a8`
 M=+KZa8
 04|}Z wy'~a8
9Z RrXha8\
Z _mz!a+
 &AwIZ 
 rjaM(
 s4}T+
  PvB%+
U.>Z `
Z ?ASKa+
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA3Xe
N3NyN7N$NVN
N-N>N	NoN!N
NVN>N:NENzNeNvN&N
NzNgNSN-NUN6N:N1N8NJNGN/N&N
NJNFN{N)NjN]N5N
N2NzNhN
NUN-N1NYN
NaN]NZN&N*N
N(NENBN?N
N[NzNEN
NTNKN;N\NnN2N
N?NSN3s
N{N:N:NIN
NCNTNWNSNzNwNhN
NwNxN-N
NyN/N]NlNdN!N/NpN.NpN~NtN
NwN#N#NwNDN7N
NjNvNoNcNgNyN_N
NYNrN<NAN
NjN5NeN|N
NPNJNaN
N<N>NlNmN
*?NsNBN5NTNqN4NlNnN;N
N:NkNwN)N
N)N}NNN
NJN/NCNSN
NtN2NcNGNtNtNlN0N
NHNQN]NMN/N
NON NQN
4MN^N	NrNMNkN@NmN,NeNiNYNcNSN
NvN?N7N,N{N
NYNKNgN|
NRNDN0N'NeN<NuN|N
N4N)NUNJNLN
NMNBNhN$N3NzNKN,N
FTN+N"N
NFNwN0NTNKN=N~NZN6NbN
NRNiNfN N3NmN'N(N[N
NnN(NEN!NoN
N(NkNdNHN
NbN7NfNvNEN
NJNdNzNGN<NmN_N!N
N0N)N/N
0`N&N5NmN{N/NrNmNXNFN=N
N<NINrNWN3NmN
NMNgN3
HeN3NXNtN
N~N)NjN
N NmNnN~N.N
N*NVNiNBNyN4N<N?N`NsN
N	NmNH
NmN~NVNsNtN/N
NlN@NVN;N8NON
NKNiNZN3NpNxNqN
N&N&N&N
NXNENWN_NKNz
2qNCN~NGN'NhNwNoN
NoN`N`N^NmN+NAN
N N*N_N
JqNFNBN
NsNvNtN=NHNwNONgN>N
NSNgN*N-NCN6N4N;N2N)N
NeN0NnN)N{N
N5NmNPN
FuNCN	N`N
NrNZNcNZN
NhNXNBNyNWN;N
NfNTNNN
N?N`N{NKN
NDNUN`NLN
*|N$NmN
N9N4NDNLNRNnN$NIN
N/N9NONRN
\>0.3CA
:9KPaP
'n03^^
{c2`9s[$
uc,	5>
9_X%O>
;;j[^A
ADJ? !
d9tT*X
E0btS!=
?IA7smU:
(dXYI[
E<FpKa
(NE{i|
/Z/xH6<=
JDa$"jH
7Ib;`y
2W}KpR1
i[g8DV
n"L*W7
-.C/$ 
kB~wLPo&F
10:"-M 
lX&$N*R
z}9C`i
Mgc ot
gv!V%D
7<PZ@(|my*o
AN&2q@;
W@7+wK
9,2bsw
IMV%/l
OnJ5'q+
Lt6g<|
il{k?)q
Wo?"KV
'=%,G|
j%7?Fk$F
$/oKw}
HRe9^C:+
Q?xX\F
Q:&rVB
h8=JD3
&!dP}B6
K~&=tu`
3?:*?l
Nt x@)C
qxB[oa
)]:1LnG
[M>=\)
FaBc1\
3La~%/I
o	w(54
, wmy'0
4WQ+`A]"
(^zmROL
Invwz-
27drg'
6TNPj1
oL%N@n
KzHY1@7
:IBNB;
}xX.W]
z.|d"1
8v*l*~
i$8"P[z
s/.9W?
*6NSE1'
zS#! qY
H&,(y:
{RVHf(q
[_@w$m
bI1;es
l[2.Cn
7O^rE*|0
:19,\@
xO<:?<.
I,9g!]6
_$s~_U
 _8G4rxeV4{
D&pX6;
O 3gvx3j!
0rkT`D'
aBv8O4
cg.)X2
Vt)w=2P
8h:xibIG
+	bIl*
i-SE0D
U7&];P
z\SGY?
P/3&=m
T{d"]S?G
R"xjxV
r"co+I
Q60q7bo
nKZn7|
m>mMLh
+`{VJ!N'
 50])(
d3/:)k
\JJwkH
UB%D,#
riWCP?&"
,DxKJhv
;f\vbyF
W>#wu9
),$G?P
bQCN	S
"$R`2B
0%=4wy
dT+ole-+
3*4>^@
T&)uIM0
ySJ9vG
Coi>3%B0
{`_}J]
uD>MulWj
:`VN^9HE
vh'*!e
OX2H<zF
xV9"F}
YG&+V*
mR4w^.
<{P]|J
T9%8*BF9
@y?QIP
/hV^'f
kODy$VA
XYpR>Kp
`DZW6^
reA	d~
Y1_u{\
'WBoiG&
gG	<%1^6
B"6doy
,k{BLY}1
-NMBk4
=viXkN
~4O+z^
t(jvV 
XP`4j?
!*4"D?HS
t	4cjW
?~E'a=
:+]CLd
RYY1t@
^zo:XJ
#G2xKe
<GPP26N
1C]PJu
P5}4Ls
jB%XE\
#~9i@6.L
^9+H:3T
:4C^X~?a
`b'IUi
>'d_vx
E'AC^P?
T{jP:Zc
m?0gyxiZ
$C8Txs
jDRd3\
aMSn7I
{M=p?	
It"`w'
|NeW\t
{?YSHD
kO[;:#
H[pu=w
bn++yZ
c,e^xfP
6f1CesK
Vb\^E>
/k@Rz)
/jHVts
!BtL]g-
QsLi_b
e2lPhw
0o(8/b
vv|Ud@0S
+cTG~-N
!Qn{v?
i[bJ&('
]NZQ"[*
g`|\E4
E=:ikY
^Y2K5q
~'&Df/h
Q	]EGGx
-6=}w=
^~U\KT
=krp/oP
S;gZ Uc
Cy6v/v+
G"a 'h
>w,tn{?
xw-iGk
u>V3d*y:
uwm.|n
k@(//^F-
C}B#'t
\c0.u=
>70oLR
\3/J@R"%
DUoJu?<
!e`%:^
OMx$8Xe
(ivcK0
g_SaNaHE
[Vf6Ux
nraG?/?
rqk%3%
h[<Fk@
=d_ ch
57LMs7
mzSmM;
LBN^)R|I
&Bk&34
Bd0c'%
t[-(;Z
pnO!Y	
@`-)J:
m5{gP3
k3'fCE
dYS~nqa~^
H=Jgtf
/%n#?PC
#=0'Ae!v[
7P|@0q*z
CHrQ5t~
f\YG(>V
*.H>%.
Qe8Iyo{
6"5lGJ
[oW]xA
uHp5#[
]GJJ|G
#$d/1T
%n%k>+
~$VX2_I
*0ilcZd
J7p!"t
"_\yST
%X<}'Ku(
2	73E|{c#
I<>HY.|
>y5h'\
]UV,<y
F3zHQv
-uO]2-
qdbe(!@S
l0e!9i4.h
ztE~`$
x]`C(C=bz
&9i,Es
"Ei3-RXN^A}w
	j5gMP$R
Uzx?7&N@
3K^#nd4	:
@01v,cp0
(L<^snL
n-	vY7
ukadgz
fjN\p>qL
-XN*~0^1-h'a
$[t?%+'
IoA=`LJ
az57{ 
mbbTT	'iO
GFr'Jhp
@GyPn)
x|wQ"j]>{	 
&pRe@U
?1s!RJ
!oDBFL
lrvO,FY
M=m1?SA
P{]vET
Upx[uBgf
9=3ch_
\^m[,}
gk4Ge]}e
6s8.0N
|.<%6o1
f$0']J
T^0vx@
848T O
YP"dMP
jaS* *V&
}HCSys
jPcf/tC -
+_.jQyS
@pD2^D
Aqy|tC
$^z2.Y
`KkKO0)
70Z\S/
H)d?(G
YWX[IA|
T	UuO*
Z.1E{5
B6r<hDv
~:)HSjo
PA[.Wd
B*.B"%=
eP'6VDb
BKxdOxgc^
c;se^W
GH{OxI
>/P?m\
MFDC0\p
(-g?'	
)-; ^1
M"+/wcq
yIQa?QY$^T
ee_tHp
sUG35fU
+0&D_m
znw-F^b
(ovw&5
}sUr >
SugFIF;
7vJ:-mP
=0 	q	A
 f3g]j
0$:E*]
n#-|:1
<^yv`2
eevuzA
EU,iwp
3p;,3M\
2lb2wg
vG8mdL:~j2
	@lUhMLTQ
4duVk!{
"~~Uy/
zA@UWT(
TLfp|eZt
}2v=r9$B
UI:Z`S
9=p. "Q
bP1\<U
\D)WH`IK
Bh?8c_
G|Tl_\
bH&Tx2*
^gOGe?A
+;TM~j
XrtEza
Z(I4(u
@y:(IH
_u=c}y
eE0x;zw
*5kt.L
4L`v|,r
Yb,o4g
WQ*UmC
%.'{#K
b3|lpo
p;w`{sT
G{41K.
Z*)uV 
n/N]E.B9
	P|?x.;
gG".+ 
04U!H6
$rufM%
K):r Z
/}[9?nc
0^7$\%
/*VpnT
rdcdV|
.W5<[o
 BkaPHW
1\0;_,
A![3S?&
KkIfFp
e$B?!@
*o[A7c
qub>k0
KvW) W`
#56#-.O
,MwKGV
{uhs?8
A/!*m(
G~j>tv
a3sbMj
Jq3aq.
EI+}0o
Z?Q=N}
l %^Q]U
[A%vfG
RXyJ0X
!/*17d/
CkjWu)
Y$#c1Xfe
E%r|bc
qVnL3;
\DmP`M)
jPNR}E
.4KiXN
s&kK\F
mxr2N*
ivZy.B
a*J9t[
`DKu q
9>"rnA
Z!M\<,
#VwYP1
]T=~#!
.#1;AK
tON)B/1
[$Ry4?m>;
v2.0.50727
#Strings
bYIjhKo5Hq0q
mscorlib
System.Windows.Forms
.resources
0jturBXOa9bBZf
OV4A9C19r5RMnwh3x
.cctor
MemoryStream
System.IO
System
Stream
get_Length
ReadByte
UInt32
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
Buffer
BlockCopy
Encoding
System.Text
get_UTF8
GetString
String
Intern
GetTypeFromHandle
RuntimeTypeHandle
GetElementType
CreateInstance
ValueType
Object
poVZSY1Sd3
qXAlwYWzDF
wuzRMKtjNQITwep
fYaRYTzVUfcnY8H2d
VFRJaJLhnDSGCR
MethodInfo
System.Reflection
XyB0VFjDaYPxeLP16cf
6LolIHcQPozo
YVU7NU383uV9pL
8tqh1HCgWhskB0FWN
9UVgsODBNfdeaM5n
iY0HrGrQFBo8Z1B
Assembly
Exception
hqPpvbW7TdxF
ES5Pn0G8t2x26l9
ConstructorInfo
7RBdaoakKJ
z6j9SKTc2wKs
HcTjrIczxSNcD6
mKNtcQdse5Z3y0TrE8
PropertyInfo
oF4x0MigVgGoDpS
4VujDrjD6OvoKql1ew
WR24o93wn6kyUCg5hlJ
tEddEjGIY38Ni1
2jPfYdbD36NgTYA
j9TOVcRpdpK9vBujisr
6kajUZMlYetgnmxEbO
UBQwAZbjz0OulHVq8
6ofUb7m14DnJS
j2VFdoMXRf5TCG
NrvGJL5VqQJ160L6i
XgXJMMJASlghN
19GLHR1Lzb1zX
A1aSgmLCdRnVyY9
3Dj80b2uSoLZUfQi
GetType
Activator
GetMethods
MemberInfo
get_Name
op_Equality
MethodBase
Invoke
GetExecutingAssembly
get_Message
MessageBox
DialogResult
GetConstructor
GetProperties
SetValue
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyCompanyAttribute
UnverifiableCodeAttribute
System.Security
k1gYfkUuxG
asbm32ms9B
46.52.26.23
JCe16EmFXC
LFGv9N6bgA
WrapNonExceptionThrows
mEukpQ7zf3
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll