Sample details: 3b5fbb514cec5d5f9ea08c209dc6379c --

Hashes
MD5: 3b5fbb514cec5d5f9ea08c209dc6379c
SHA1: 0d1ff74d1c0f76f2ece99cac4b631da827b90842
SHA256: 2c6b0dc525dac96f162803dd15f9d61701b75fe06403ecb317cb3e41b276cdf9
SSDEEP: 3072:7XXjGn69ocZEZWCxU0Pp3bkwI/q4PtWvoZegwOaomR:7XT99lZEZnpB3I3/ltWwZeg3a
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://meritexchanger.com/aritess.exe
http://meritexchanger.com/aritess.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
oUWWwK
KUxRm'
h9"	lK
mwK&sG:j[
1i(bm2C
!'>)n3
S	!.`YbV
	4NPqAP
Sl!L,K
!]npd~
Ik_,:RI;
6vdQg*
@!EVj&v
v+9s-+
8wfiig
lzQlz,
t;Ye9$Q
!x"br"
kc0:l5
bXj?%3
()=FNVHL
<f7S2a
s7e]wC-
pPr7:d
#*:B^f'
ILz`"3ozr
*.!rWp
. i@ S
yvxpY$
n>,;)6
#N1N77
qze8oz
|RyX7b
Gw&qlG
kaX%\3U
"C't+N'
PBVeD%
}RMAVK
P>'o P
6	a,ur
yy>;iy"
;&fWr(4M
\d;0L<(w
!NV2B;
Q-XqM>!9)Kn
sHAl$"
KpMqN`
,%~VtSb
h1rX]8
B)0aiR}'
&oJ	po
q~	xw:
]k83	Y
b7ZoSc73
KY)kX#* 
yw~'PU
F.+`#a
Z$[Nlp
.0DIn:
\UCQ	g
!,8cczg
EAb1(n
z:v8^!ar
PN0QmW#'
aMeS}M
MUk*EY
pQU-_UU
P,Y]VU
XQVUUU
WS'vnS
\"uUT46yv
[$S~`KE
	cH-*G-
q8FI%	
..F7?-
H/EExG
kp}iyR
O45]=:
MEO{Zk
*&@[UTg
E<ROsGOd
s^^Qu~-
ci=jfz
SO>|@<$
O!= zS_
s>/srJ
9}[@_0;
w',1 v 
o}`u-g
AF:PE=
EGYNE0'"g
85Hsk6X
WkgON`
H\G&*g
<;^S>w
`o;:x"
R& pFHgO
!<*0{6
6g(jjlj
rXRis,di
di3,-hjtymv
V5itbl 
cvpl\>P
fW#vPG
D2]!oc*
6j:Vh=
OEEp^m
;E{WGI
Ypq`Hr
S]q|VK0
W}Oqxj
Ln\}_u
iS*h6alL
nU.c2l6G:
hC>7do+
HpoL7&
s8nJza
5zCqS<
Wn8o8"
93prEa_q
t5-7(_
5HG(i6
^K+ZwF
9Y:3E3
-YXvEg
DMBJz`
EgD!R5
TEr".q
y&eU+RzG
^3ua$j:M
2!XlaD
6!zrHy
"d$9:ET
93MorG
nuLG1;4d
||1]6.T
`$j1]t
B1lq!:q
G>',I8
dvaif~
13[Eg.
Vh9;;=
%;77Cz
BQ=r%[
y'>iC!
G^cAR1
ewa4mx&
2m@!&d
*H! .g 
?]l/eA
P]CMc$
u8=9qh[
*i,-)N
{CrS$&
.$Y8nH
_YDyQ)
B\gdE	l
8N+8U/
oQ~S\1
+zaQ_D-&
*wOz-s
u2|I)_PCI
XojNiX<
@KIEIqI
Z'GNW[*
*?>J]T
iIgdL 
&5]Dua
*5}KIp
>}#gHbL
!X|5wG`D
+K!wdQ
*:kBo+
"Hhuy'
+t1cXb
R	&o!>
yH+M*dJT
^fo:aE
GbUJiU
:?\_&[
<}g	XI
(e]Ag*
r(%`{M]
_=X/Jy
c/E ~W*
xiNElW
3g6_za
m#r{{2
j^{-So
 /}kP^
wzC&/{
	kb_~?
1Fyk>Z
@y8yss|m>
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
(98	Zj
uU"Tgt
a[Y2)H/
fysEat
v&_Oh7
,uzaJo
@_G=s+w
;}a%Pl
gQ,C=F#
llMN19%
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
String
Concat
MultiplyObject
Boolean
ChangeType
LateIndexSet
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
LateSetComplex
ConditionalCompareObjectGreater
LateCall
STAThreadAttribute
eB.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
aritess
aritess.exe
MyTemplate
11.0.0.0
My.User
My.Computer
My.Application
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
11.2.18.16
$a7f418b5-5c7b-4543-b2d0-775f434625a8
Copyright 
 TR Nop 2013
	TR Nop ru
TR Nop Comp.
TR Nop Library.
TR Nop
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>