Sample details: 20f2e97128851b76fc643ceab2e5d2b9 --

Hashes
MD5: 20f2e97128851b76fc643ceab2e5d2b9
SHA1: 679927c00942ea69d9b8c19c8fc37ce764ec4154
SHA256: bd8bcb375b60a00b091e4dc470dee2b974f2357c926f7ae940e4da63e7613e7f
SSDEEP: 6144:ijcSufsKZFyHeZ4gUZU4SNkDZa6mvG/+Es:prhFyHeigkUjaDbMGZ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://gg.usdipc.com/broscrp.exe
http://gg.usdipc.com/broscrp.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
tz;)H	
VG;F{6o
AnJ	TW_
~11t2sG2
0/>8F\<Pl9
1%/UpOZ
k%z0NK(
[:FB9?
Kt6d8^
I]ML#t
i,WQyD)
0!q@'/B
4&E	Bm
8@g@(x
01g`X`
-dV17S(/<MZ
&X-K/tL
uT78BA
J1h4Uf
~dL79v
X..'SM
(Y^f7U
?PSZ	UG
^_cK'!Y'=Z
$N'$	j
nc?r#/7
Fo6FTTh
PW /*p
D@Z?"n
MmAc$;
ob@.%I
*sv3-8s
Zb@x[pr
C^gD+(
S67,R7E
BVde5n"
u2#JELD
X/=dfI`
-{EnTe
j}&W8+[
r"u| sl
PfJaZ#
F<)Sdv
vZGfas;C
\hV ad
ZdX\B|
6+"R-EP
)SI^oPX
E%}QZ'!
}ne:\R
j#cLT"-N
TfXt|j+
x'{tLS,
6QGP3{z
|f)s~X
trGr,$j
U Vnxg
/.aoK4
LIH[=J
\pb:\(
D*=z[A
Z4MvYL`a
K\'mMe0"
T5eT2z	
qSbroe
>~{G^`
S|]Y N
oaEB p/Y
0mZct'
) F6k'
GChl g
)FY?xB
CFS?iG
bzg r.
I,z2T?g
qp;|7cyHa
Jqi}}(
"N=DlAq(
(<^5?%*
F_>Gl$
?HThkSJZ=<
&G"4L"
oskU&M
Q"1V|W
m:uTcMJj 
J#aYp)
tGg~L>
'`4t/7b
nLbj1A
kmx^`n
{u]$.8sT
+NqHfJ
bpJ6@T
Q)zP,Z
"y{GZG
hmoWj^H
gTw"l$
nlAw[_
kZlr j
Lf i!\+
Ja!#27A
Sgs'dq
:z@s{PU
`I<Nw:
!|&1*2
i#{aC(
WNJ ;z
0cO|bY
lbVm%E
Pic_'2x
~>wt-h
ho?Q<b9qTW
dcE,=M
UH#0o%I
"Yc1~X
n6WT4P
7MGwB~3
A(D6oJDu
5t0(Pxi
$M4"`{
UWpMiW
br]d+F
,{-f+g
?y6PE]
U\}YMK{_
i\H6`U
S>xODJ
hx}x8z
Cuz-o_F
_jK@OH
cx^I}YG
U9t&U(Q
A1xeu!
LQ{_P4
~1(&=Q
aMWxzA
yl15y4
5+?Vkn
l/pGn\
SLv%l+
1"@`y&
^IvvhQ
~L[Uh7JQ
5KhfUF
_t!glN
/P1R(2
Vn,PHX
(%@	#B
R dQJ0d
'-Z)$%?
s.+"b~
Qhg.eW
4=$z<n
ZCR@$D
;eUoe.
hA~wa#
=> )<$
H x*ukVQ
1	_FN0`
x?ogT8k
C^yv.0
5#,kk3
'MH' e
#Q%%RPtq
+lR~6<
mrQrT$n
}'MC!x
kK'eyn\
d{Beb]
b@.e c
H{-wS8
'ouaMi
Rj\0c)y
wRb1S&
tHEY1"%yOo
z7 f#"}
vYe@3\
Q<@"	jd
G?Ew8{
{,rLa``SJ
h;#JP\c
4 RG[dVQ
].(g$K
7|H,U/'u-
$MWh(|y
~Gqr8vQ>
M5Q	[3
J#C]n>
S8&"~D
K<u2|a{;UcI
JH$<=:
_E;1s"
*rzvbO
/EcElL^
Kfk>jw
yCwUuG
!*Yj,]
q9Fuw;8
s2+DVT
bT=w@Oh
6%;`lZZ5
`{"O?#
zN\	'_
3P>eky
lYEZlO
N<*`TE
^o?h}Ua5
&y9w;?
4w1mkt
Hb*5(YN+
&}LIpB
X_`ypa
?}VEoQ&
\VlfbtHN
UD8D;#
suNq+z
I%h?T]d
	 b\>.
'.&wzR=
ZH,9.w
S1kOd6
7Tr9LDn&C
\_kh~+~
\5|S])
JE<YC&~
Qs=E%'t
d4"]m=L^
QA/x3dFp)
12QPn%
kbLe!q
@NeK2t
QsJ^Jnk>
t~BaQf
jhs;(F
:$TX	*
H^J VW
;B*p+9
&ALS[n
>do?p<
x-H1bX
%r-n796
*	^{dq
CHJi(%R
Nt>4LB
JQ j^Xf
#a>/7Psgsb
@[}ofa$Kl
uwk^\t
k==LF^
]D_CJ!!;
j(I\:C
%toTLc
;OkMMn1
)|2y{=
cE2LbBpEq"
1/RM*)
Pmr GhY4)
E~UI@5
'jMEob
%[5Qe<
$r`c}>F
:*xQ5z
O[zqiR-)
e5R,"MG
.\p:?xm
.0vNhQ
.31x@w
PVW13k
bG/ p;
 qyYnI7
zK<1_)
d;=<	O
L,:ij3S 
zbo4)Z
#5Q(2'>
b:aFG$%
E-mkyd
L,'s%E
MB?{aU
:I)m(r
\3K]PYB6
;{ `(k
wdb<Es
VaG%i 
Mp9H,r
+~N!AUpv
7qaO4-
(a;J33
=ha'Vf;
8LwSqn<
E	7lbKz
ifC7\v.
\$A)6V
E&m/SS
=%Au9HGF
TwPQUG;
(n@ciY
%s@q8KA
gp>KC	v
1tK4Ejp
pjSZx8Z
/0lO7:0
5p|\c*
u)E1x8
=?@L)"Bfl+$
W_Ez5"
%avKjF
Xjp^a`
([HjD1t
9hPmI;
bYyO)R
fLJ(Jg#
(6;^e1
Fd]0_d
SWLBcu
{qUeFd
e#qW=c
6`?Su(
/zN6XK
X9M={D
5G	K!e}
!dq` [
s_5#@OC
GIuf/]
hF6w)a4D
?xk_<o
zmq;|_
.X-y6_
iq8?jE
W:Eta`
\;Z81sn _
%r\s[G
~e~e6>
(Lg.	'
%qtbHu
UA+B8u
,q}<'C
7#Iu]/
_cg|yO
/g"&q\
4J_WT3
_\UV@L
;|\B#\
i0Mf1m
_luJ)U
:4L)%U
\(R{oqu
FFPAd+0t:2
`:nvNc
Tc-$(^`U
qoM0ml 
WX(76W)h
<?8#fz
C.cHn&
]'+Aw;
!%olw`
Pi^	rv+o
dFIlIg
%{n fo
gX=,*I
JS^PGj
PAYm^-
hRqtYr
 *J{/n
$_Tv!~
8/Gplt
~)8qNN
+hKy?fD
CENs9f
en20nt
U9A:sn`w
@RmFgf,
k{.TWv
6|$jL	%
J;M,+I
	u\<B`fU
(K-fA}~h]
[bIo.|
hZ5qp\
f,0,H.
G[6y5kF)d
)1m'>:T4
.xsK#]O
 ?Wcd}
Qgz|G_
`frj4<q
bFLopV
9m-5yPU
?SFHao
#0[wxL8
zx.:K6
~dU_{pR
JMFd@g
[{$#cFw
n+_HR7
P>:VQx\
?e0TnK
H!Iv=ly
`u7QQv
4^czj?
v4.0.30319
#Strings
lobwVJRRWEacFKnbWrk
broscrp
mscorlib
RdLdjdVdBoRUKeqLLSlEdOMjGXPr
Microsoft.VisualBasic
System.Windows.Forms
.resources
phYYlW8x2I92J
26LCwPqKWM
Assembly
System.Reflection
.cctor
System
MethodInfo
Thread
System.Threading
Environment
GetTypeFromHandle
RuntimeTypeHandle
String
GetMethod
Object
Concat
MethodBase
Invoke
Equals
FailFast
ParameterizedThreadStart
set_IsBackground
get_CurrentThread
Debugger
System.Diagnostics
get_IsAttached
IsLogging
get_IsAlive
MemoryStream
System.IO
Stream
ReadByte
get_Length
UInt32
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
get_FullName
ResolveEventArgs
get_Name
op_Equality
ValueType
Buffer
BlockCopy
6SNVdOWtFCjCL
EfK4P9YNDZ
GetType
GetMethods
MemberInfo
Interaction
CallByName
CallType
Exception
dcTa2RCenGY
LpS4RkHyCVPG0
1zD8RUYNiUrNqfO3d
r10lRYk9unn
VMyaSJQmsdS4wt
ParamArrayAttribute
XSZ76YVvTPa
8vnbtmMWrDWvOJGc10
3cGBrneF2LFpQYnzix
PropertyInfo
GetProperties
wokEhnIH2hFbBkp
HW2CO8XIAJfKHpZ
GImcvlwiV3EL
naQj7cdjM8ebX2
ToString
4WJdUhZlEa9IELngyA
KMpJicTUwnisYSX1Vx
CCxvvnYYrRe5iM
frCXP1eLT4c8
5K0S31NzvRVl
get_Message
MessageBox
DialogResult
9Synq2D9O77KsqzisOX
JOXnjdP4ql1Dtbw
79OkaRmfCgKPrvx5
TSh3upAZ4SJK
CoCq9t68fG3Y
RuntimeCompatibilityAttribute
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
System.Security
NmNtNfN
NyN1NQNKN
NWN\NSN]NoN{NPN{N
NjNsNzN
NBN NZN,NzN
N7NgNkNuNMN<N
N=N N N_N
NtN,NeNmN~N+NDNNN$NJN*N-NlNdN2N
NTNSNvN
C<NZNBNqNsNlN`N#NINbN*NPN
NqNONzN NiN]N(N
NFN:NKNBN3N
4RS+Xh/G
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>