Sample details: 22cb34813e874ed5b069bcfa4cadee23 --

Hashes
MD5: 22cb34813e874ed5b069bcfa4cadee23
SHA1: d0f08f2e82c2bf6ab901be133d69e6b106202949
SHA256: 2b331ff5b9eddddcb363c2cd31a8c06ac1732424cc4d59f05a37f838b05c32e8
SSDEEP: 6144:1ZmJZVWxhCoCqm3hyk7fDkxHq8ryP62m4wh/T:OIxooMxLkxHB92m4wR
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://gg.usdipc.com/godfcryp.exe
http://gg.usdipc.com/godfcryp.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
N	N(NfNbN<N;NcN
N9N{N]NAN6NDN<NvN
NbNDNHN
NQNENHN8N
N4N9N[NsN&N
NiN6NcN~NwN
NRNENQN[NhN8N
NyNYN{N[N'N>N&N/NiN
NYNtN"N
NNNJN~NRN
:#NfN$N
NvN!N*NONANLN)N-NON[NYN@N[N
NAN?N@N|NCN[N
NiNON N
N+NQN4NUN"N-NyN>N:NuN
N(NeNhN
N%N	NfNgN8N
NBNxN.N
NLNGN(N
NzNyN*N3NONZN7N_NnN
NwNON\N
NgN4N3N9NCNgNfNNN*
N3N/N3N
NDNON;N*NZNUNMNEN|N1N>N'NoN
NNNLN.N
NoNfN'N
6LN3N<N
N'N{NgNxNKN)N
N N9NnNeNcN(N5NqN
NlN(N/N4N
N/NMN	N.N
NzNsN]N:N
NeN;N@N@N
NhNgNTN
N5NRNqN
N,N*NnN;N_e
0_N,NsN/NhN)NNN/N
N+NvNf
4`NfN^N9N_NUN
N=NjN8N/N{N0N4N
NcNjN{NmN6NuN
N,NNN%NrNTNUNrN.N#NPN
NFNxNVNON1NfN#N]N
N#N	NWN
NoN=N.NoN'NDN
NFN>N	NeNiNpN
NtNgNhNyN{N&N"NIN
N^N7NZN.NfN=R
N-N&NrNVN+N6N
N6NNNjN9NCNlN:NUN
NzN<NmNTN"NUN
2qNXN-N
N6NXN)NBN
N(N\NfN`NPNvN]N	N
N@NPNaN1NdN
N_NHNEN}NnN
N.NhN\N)N^N|N
NgNxNhN{N
NsN*NnN,NTN*N`N
NFN;N@N<N
N?N_N@NRNPN
?YlOkM
8*-BEW
,p+A}pr
|cl}jW
*qhl&k
P[4[}p
)!Ja+op
. ZB3u
Q,"d]'
q)5VLg
VB7>!/
5 3y59
7m+0xt^
R=MC0z3
=PXb9 =
>{OOQH
BvcRi)
0&$-I0 F
oD?wTB
tvJaT5R
V}vXjP
F	@KR*
L'R&4a
/H?/:kH
nTn}!f
tI+:ziiO-
~3elX%
]66Y$\~
|)f)WTC3
	;l+#P
RF}fMC
RJK:JZ
!bwlxn
5q)\M7
4j q*&%]
&"AtNw
RXY },
+ihjBK}m
k,#:w2
h,CU8J
+`^rPx
C;W}PC
FxG^j7&
CEGv8l
eGs!%4
?RWC6-
PHTc{a
;<(!8:
Z>h AU
ZX#_`/
-z,vL|
a:c_uT\x
,nJOgp
]HOgjN^
QvYyY9%X
J| j0l
} DIqe
N*)97~
hA&77QQ
w<;Ss[
a2tz=i
QtBh4xn	
~<juF9
bc-d?-
jq`8|W
{4rp4n
Ik\g$)|chZ
!4X~! 
j:n\=[zF`
	yj&Nc;
u7OI72>
\~tYtG?
p:~]7g
ZO%q-A
($l'PZ
r_$__-
vfy=Ye
vySs_u
089up|&
3=)>$J
/5Pl&1
.'9j<&
S=qu4C
?27CiZ1
:%;2pb
+eGwW|
*c^MiV4\
X`(2mj=
k4HQ6#Y
H$ ,3=
QN>0lT
yn,'9X
IVKfSB
	h,\XH
 9N%ZaMq
|G,2e\]
I86Mid
(0bNN2
dvB2mxv
5dzJ&6
xMnYgR3
Whrl/,.
n~F6ru
lDp<m7
.{\>Id
D%1-CiL
,0hL_%
Nu'Uhn(
Z{`\Iy?b
H&8>rQ
UvY2xD)
94FE6wG
aEXIx?
j7y|[}rb
oBW%-k
^'+GO6
fHL,Me
Xc7~h)
}S2MTQ
F\V<DO]y
eWLC_t
}K[[DK_s
m@E{d>Tu
=	M]M&
|35i`I
UIu7GI
HJT-^er
8-f:T 
_re=iy
~k7Z)p^
,7cn\>
N'"V*V
{;W!Xp
m2RwKQ
nv]PB:w
&j,_i3
J_EZq7
0M[ESo
"<5f0~"
t!iik{
*	(eu 
6+GgE	
h+MDLK`G,be
wnOL:*$
0b?7jy5
`8kxE<
+awvH'
=[.}57-B
fH#MEW>
A~3!W|
!nS[A/Fm;P
^E;NkR`[
|X*XG=g
>^B*%zU`Y
>hf&E#
E"{~b0
H2jkbM
SF+#}-\ecA
.XH=8j
{elcOv,g
-	:$HWu
lh@14!
4d0+n,~
Z8Zc.T
zcT} Z
+8siR	l@0
Rz'jY>
.m2>G2
2"gvch
}K;KmGQ
'"F;0?
9Fz)Tadp;p
R*`p"=]
vC 9{(p
$%jRZeA%%
VUc+\3
x	RIe3w
Pmb7h[
*b!L~G
WqHgd3
:g=P8+<
**#Cpd?X
"O8dMs
rE\oTqXh
9s5wBM
-:~X}Z
`P'o-7U
q-&3@	
zQO|(*
U)wF>#
\ C;vx=k
+Hi>\Ow
w%5zfw
?HYg39t
YMj/jM
e[!mA\x
6J}=]{A
>u5oQ_ZO
:ver[}
&#P~]k
O*_}+p
jyjsV)
E	a[%&
"^U~="OI#O
?=^Yy u
fXFS.b|e
cboJY	0_ 
O',=fw
R#L/F8
}NbRxVwJ
'+MiS{
4bFTx5
)f=]mS
=4eQvk
]*|il8
~Tm>hR
.%\7`qc
Fo6M0{
&7'=PJ
#S`@px
Yktl7#
|vTP7K
e ioVR
zkW\Q)
,S?U:h
x%q}O4
r-7&vcz
oK[k<+
N!MEf!
Z ezH1a
0[^s=O
* ![+WvU
}XHTE#GSM
yz{\nl+hl
:\,8kA
^&5Y/@
Zq68>g8
S;[ZO8C
)Dr ,B-
nI^{:@Z
YYl~]:
{+ne[oK?
$F.SPC4
6%!IG&
gNq!(>
lXqFb.
`p4EPD^8
hhR"{Y_
R]$g~L1
D='dVC
(-eBq*
(]x?E*
E33ydbB]!0
:@<7i@w
	#WKv=
bV2E)Pr[
D\BPm0
Om^yjS
5}Nb4!2
\R$T@o
d^9K}q(
sW?uA=
|0Y9 =
|zVt4_
?%#a03+3
zQqE'z
z$CZ$&4}"VUvq0
ib%`D<
sFdYvT
Bn_OY+
vR\}6^
0dOgG^
l}=R\$
4Mf"XO	
[}w%e)
:vF'\D
-h}sLv
Qe%]s#
t)C\o9(
u0,453
7lA?cK
~[qf\S5
R(G1O>@
~e/b[y/-
:I,6K"3
v>V:Pv
t*8$:m
fSGhlWt
\Y7:k_
-/|=F,
ylzzkA
OPyv)r7
6Oi1X>b%'f
/xMwxd
|`/XFJ
kW8 $P
SB#h#ui
kd80O~
{Kd08N
AdK9~3
_]?F,T#b
>\yD:x:
jac5's
{MBH	p
"N@[w?/G
]H|\_#
%1:W&o
Z2SrzB
*x2iPI
(=APr\
4['*z=/%q
W0R|t]%
 q23heyR
{]t}N	V
<]}*h%
nlu*i{`
P @m^b
T4:@r`
7yL=pV
O]S2g$b
=*`\4{
&[?_5y
1o*(#G
:gJ:iO
k]Ecj-'
G>e]4k"
^Do.[]9O
 "jBl=
)#|)zI
.t$WCh
dY$|YF4p
#V65fa
%>y:<	
`aE]O/PZ
j^hzD*7
u=$SpYZR
Q~"*<C'
/Y{u-;
}6Y@],XK=
p%h~:m
.:V%a$
r\r/Ygz$
#$Jp^)Y/J
&_`Y	"
4spOi"$
dL!f{%9
W; <?5
I`]( f
_U8pFZ
T(?pTb
hn4"oI
+6M/<#
"~`NZ@M
05i-5)5"N
I]"p;:
ycyj}_xU
\H5cD=
hk8Q*P
4,?FTt
AT,s K
ra.m]<
v4.0.30319
#Strings
8sJquTOYRtdTerI2I
godfcryp
mscorlib
System.Windows.Forms
Microsoft.VisualBasic
.resources
JSBy6xc1WEffBBG
ZDpO8iM4BRH3P
7WeqK50LeLSi
jaB6mtWY0xNHr
Object
System
ResourceManager
System.Resources
AppDomain
Exception
Thread
System.Threading
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
System.Reflection
GetObject
Resize
get_CurrentDomain
get_Message
MessageBox
DialogResult
NnU7ohS9Hg
GgezUjkn0NuuM
PropertyInfo
GetType
GetProperty
SetValue
uxOrd7g5z8
MVUbBJonV3T
sMRS3zTlbq3
1sSZRV3mboXv6
Activator
CreateInstance
krHHXKFMbViWrM
String
LateBinding
Microsoft.VisualBasic.CompilerServices
LateGet
nlDtpoU2VKM
O6hwHaD5tmaE3vSap
gamcGUzxCcfjhQV
GetValue
K1haFlGn5p8B1O86uS
3PZyALtgMnRkdoT
M9W2CGbUPL
1FjhTiagf9GA48oG
M1Pws0NxPyG
7OLQooQtB0CF5rQ
Nkw36vYFVo
N91bTSEgoO
MzFqcBz8j6TqTuif
ES2O3S7o5hTf
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
UnverifiableCodeAttribute
System.Security
N'N+N.N'NjN*NcN.NBN
NBNxN.N
NLNGN(N
NzNyN*N3NONZN7N_NnN
NwNON\N
NgN4N3N9NCNgNfNNN
N/NMN	N.N
NzNsN]N:N
N@NPNaN1NdN
N_NHNEN}NnN
N.NhN\N)N^N|N
NgNxNhN{N
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>