Sample details: 447af103027bb7cfa1c09538b38a6007 --

Hashes
MD5: 447af103027bb7cfa1c09538b38a6007
SHA1: f369d25335c9c899f94ee0e2c2e3ac4b09f27812
SHA256: 94968c73dacfd68500ca59905e410ca4ccafe92cd8e223ed47ad916ee82a6dfb
SSDEEP: 6144:2DrBBOFI9hYD81ViAIhkJepIEL8XmsCiBDA8:2DrSFUaD2IWepIEL8XmsN5A8
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://drillbyte.net/ransom.exe
http://drillbyte.net/ransom.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
mO'>FZ9%`
yyBWdy
BxEf6Z
h'l2{<
&h2-2~v}a
`<A4^C
_%l2%h>
>#(E*6
0V:!22&
MR=$A>W{[
++<S"+
E>$c+3
I/$qFW
@0P.TG
^<{~vxl7E]
<cnBu2E
!<UZ//
M=}BSb&G
,\">%V
)@h)LSP
leUmM6
[10/-e
+{n5#)}
4X0uSi
B+$69%
oLq.6`
A`{}D.
{9x4:m
v|EA/.
4P'sDB
BLsr/^B
gLnK_r
TpAEjd
_o}~k$
kh=kzC
&1~"AC!V
6PE	Ey
P^gP&PQ
CmnhoO
F5MXu%'
oLucf"i
q?8w"5
TVmQ!'i)|
?rG:Jh7-
C')]a"
C)SuPH}
pI#m3S:
iDH<5]Oi
{1[^'P
lX=]v 
$[F*`V{
 3sN(vS
yAiN$"
	Q;(wi
z};Gb`
vZ%@RA_
aW0p|<
{xBax\t
!I#KXeS
P&T'}BT
a2Ik">}
EJ9dwg
;_Apk?:
PvsaWV
~$1qYK
y}']>D
{_JT2w
IZ!(8jUF
UKdt%M
K7''yFrW
Do:M,c
8'FIar
bOQ1II<
mxa{*:
2=H(/mQ
bIt-v7
)8-Nvt
^9d0/	
J:V/2}:
eWu=4^-
F,2N]v
 Ab*PV
)o?cvT
n>MhC7b
'EFne#GvU~9%n
N/r	3X
P)yT*m
o*>gRO'
NQCwbM
QXT3zh
yv#Aq}~vi
$f{"L6R
m	up`w
}A&,6^
$do	_X
	_QgH#
UcflN&2
wUWh"/
~J*/9$^
F`lUWs
	SH:3]
He}t?yW
9Y{k|J
JWZ_J>}
,8b1E\
H<g'Mf
G5]'.)
)ZNigu
e^P;rW
n\{-]N
3cf'gN'
1;B;}Z
iFV:ZP
>v+$b}V
sh%@I^#
1_1^6*h
#w sB8
:K_0(O
L:v|fY*
 NPi1Q
1*:+ ]
H*Y!7]*
1s]~5y
1D5\x{yZ
(6/+?V?
Cn	_xnt
KHrt^AH1
#6lI4Ha#
F-~d'-)
d`N;ZRJ
qy<rHY^
#rQ"sx
dP%?kG
,$0,px
Bi\BvdK
"iJz61"
uLZp="V
OmdlqCb{[
f:.-dD
qG.) ?
*377)W
*cou[0
v'D"\@S
V&_krm
w.v7@6 @
7R,.25
C.Gk j
<^`I20
f k6i6
BD1C:C
j#Z f7
Z }6dea8
&Z t b
VMDj^m
Z vc/xa8q
 EET(Z 1b
b@Ra8X
?T+a8I
 VxC^8P
 &ZeU%+
!'Z 2Z
 S=u&%&8
hed%&8
 Vur\Z 
4MAZ ,
 OtM&Z 
Z JdcHa88
Z &{W+a8T
!I!a8N
 5*d)%&8h
wZ  mk
k&Z 	-
:Cca8#
T^nZ -
 #"nX%&+
|T^a8w
	 gDn6Z $
BaZ h	
LEia8;
%z`a8[
Z dzEHa8
`zZa8~
Z C?"qa8d
Z 6W$Xa8
{<3a8f
 <.}XZ i
 	N<;Z 
 rR#TZ 
 K<Iw%&+
?R{Z t$1
 O{k&Z 
 ZV$r%&8
sz IrWHa%
X7%&8R
 %ht_Za8
_$?%&8
B'#%&8
N`]%&86
 Mr<5Z 
 Q>_#%&8
 ]C}i%+
<t-a8[
?Z Tv]
t :Ng_a%
 }q*v%+
 1o^D%+
4{ .Uf
 9 "VZ 
v4.0.30319
#Strings
#Strings
#Schema
custom-2017.exe
mscorlib
SuppressIldasmAttribute
System.Runtime.CompilerServices
<Module>
Assembly
System.Reflection
GCHandle
System.Runtime.InteropServices
ResolveEventArgs
System
.cctor
RuntimeFieldHandle
Module
Encoding
System.Text
AssemblyName
Stream
System.IO
MemoryStream
RuntimeTypeHandle
MethodInfo
MethodBase
Thread
System.Threading
ParameterizedThreadStart
ValueType
Object
ConfusedByAttribute
Attribute
-gpL|9>YT0USdPbEaCld{L"R
custom-2017
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
GuidAttribute
ComVisibleAttribute
AssemblyDescriptionAttribute
RuntimeCompatibilityAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyConfigurationAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyCopyrightAttribute
CompilationRelaxationsAttribute
STAThreadAttribute
-gpL|9>YT0USdPbEaCld{L"R.resources
3GtbYj)IS5\*FU\\#m7c\\aYye-.resources
UInt32
GCHandleType
Invoke
ResolveMethod
GetParameters
ParameterInfo
GetTypes
ResolveSignature
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
LoadModule
get_Target
Environment
String
RuntimeHelpers
InitializeArray
GetExecutingAssembly
get_ManifestModule
get_UTF8
get_Name
get_FullName
ToUpperInvariant
GetBytes
Convert
ToBase64String
GetEntryAssembly
GetManifestResourceStream
get_Length
Buffer
BlockCopy
ReadByte
GetTypeFromHandle
GetMethod
Concat
Equals
FailFast
set_IsBackground
get_CurrentThread
Debugger
get_IsAttached
IsLogging
get_IsAlive
GetString
Intern
GetElementType
CreateInstance
op_Equality
ConfuserEx v1.0.0
Adobe Acrobat Reader
Adobe Systems Incorporated
1.0.0.0
$7ab0dd04-43e0-4d89-be59-60a30b766467
WrapNonExceptionThrows
.NETFramework,Version=v4.5
FrameworkDisplayName
?Copyright 2015 Adobe Systems Incorporated. All rights reserved.
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>