Sample details: 50a652b21941da40d9fca80d12bd35f8 --

Hashes
MD5: 50a652b21941da40d9fca80d12bd35f8
SHA1: b7cf2f941503dcb9167e9fcaf8a159c741161fbd
SHA256: 666a8dbc172bcf7cd698bf95e5b58de17535121fed7de5ce1349db4446a1fa5c
SSDEEP: 6144:8Pb+JB1nuNURlRBOipj5W01NSVsJipfBDNcjat9w44ml5:pYMjF+V7hBDm+934Y
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://123.57.77.130/wp-includes/pomo/tttttt.exe
http://123.57.77.130/wp-includes/pomo/tttttt.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
%&-e& 
@%,c_-?
%&-*& 
%&&+E 
%&- & 
%&& h&
+-&  '
Y1j |(
-9&&&&&&&
-0&&&&&
&&&&&&&
-%,%%9
%,:%,M
-H+F	E
b{pBQ4
Qn*Qy9
plskyM
eKQgCu
C]cSta
@N%;z!
hMC{	\
e)	eM=I
[iH/Za
m$z'So
fXCs]S
"F\pL6
N.]=^}
$QKlD;5
8o'FVs
l.:W4g(8
Q!m2_Ci
I}h/E,
FSN+O	
%iP!lrD2
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD O
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
ZB=g/l
u]P2WK8`
x]I' 7
UT"0=5
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
iIDAThC
i8!(bkeD
.`|ykXj
*}KA}3
IBJI$5
{/	 iE
,&7fQ+
$5qS:k
b\}6JU
qSl5:u
WF*|Frb+
@4%feg
QqQt}R
hR%b4_
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
he&rEX
)WNmF@
Df3~C	.
O!941!
}.#qS9
vb9uhT
px==T|#
c~bIkmR/Jy
>t(TVy
mH*01C
hcK)R?
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
Cejshx
\_	U$9*NH
%!)2(EZO
/|S&_U
22xu<h
fV+vM*Y
K_'d(l
z4\&	aF
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
V_qGmv
#p)M	J
_rC		cJ
}LObJY
c8[giO
):$'-s
:&Jv^"
N.\<%)
'\#'v>
"x,+BS
E(c$GLH:
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
4Jnr{n
f}[%R,
p-\?^4
Z?>	+@
+H,4\9vlY
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
wkA!b/
) FY"o[U
vJ=o^P
?6Ls [
ah3v;W.
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
/VnYP?
jFvm=H8
2>}xA 
R$;sxj
mTgee"
[pmw<>
A"+4A;
o@)X2p
]kt%Te
rc>iq?
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
s7gQ3~
i;&oJ*K
KlCOz;
g~tK	](
r&V@o)
n:b$v8
ji7k21
%Wk4kc
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
 yfxT}@
xK?qi+
5h q}k
/2y+!sTPZ
X9Gz;AE
NRJ{0	
IyhE6.\
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
[@+-mR
;b"bz.x
*p ?^e
<*/sDr
7q4uFA>$OA
UmhHs<
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
2k?FRugq
x@+mrXj
*42AXH0
r"	:9%
>e27GJ
s";1[Vy9
Zv#W~9a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
8WixN-Mk
))OBVu
 G*LUf
9@-]U$
|Xc//S^
Mv%"?n
}SBZ0@
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
<fqA.w=
?"QE?O
s'Jg>j
]GMVc6-
WVCm|/
k[/tZ; uiw
F5pRwi
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
mNLOLw
8YNw%@
Z)mKOG
Pd:pC@a
;TOdz?
Vo.L%zo
?)jx9a
4({mXJ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jIDAThC
<<{6fn>
-bpzg<^
XQJ\>g
8rXhg{i;
b57S=y3
N|,yss
UZ5DX6
%G9oJ|
	h.;l|g
*K$&^X_
{QIr<~
E\MC@;
Kjo :M
oue2y0
WPQ4oe
[!jy>S>-
!Oa?%m
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
cs&1%I
64i}wdk-
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
}o_fS	2
!(~qC[[
8x(RVI
(0kIv0
5khRy|
,\BwT3
1ej4v'
PAd&;'
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
-YTt2@
$.r_Br(w'Ax
3lvMou
~\W\2|
>qOt-S
o	jqcU
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
 3`}Ao1
G.R$x#
U4bI(Y]
}f.>*9
}@Ent(
QW*.+:sd=
?	z_\b?
~S:5Jsz.
1.;*#L!
R7.40q
~]4dr 
.~%D~&
PuDC*Y
>68Sz\
Z>O.^s
yjw#pQ\-9
q<9/jn'i
O!2:AtD
\Sb8\8
|"%W,S
7H4I]=WC
Rc+pMn
s|UtlY
_m)xZh
1X+BYM
N<e35~
t}8@6.
jP1h,,
ASjdR.
-X *gZ
aE<>	&
,~o \~
 -=e#h
pnQ:t7n
1|q9(Y
=3JBtF+b
f~Lhc;q
rA8	=.
z,aFJJ)
gdOnPB
r538X]
9wdrMW
qC2I5v|
	BR0/z
Zfw:BV
mq)@aNw
9BrM+|
7.nFo@
I)T2t{
	%?BMXV
]+qxU]Z~
}^w7rQ
8>A`lb
iEA6Q9
U$\wPG
j,T,(7L
BX3+)g
$E"8!{
FJd<5*
._'%|D
C_IXk|
wv04}ao
6{0?B>
<Ck=5J
,+ooK2 |
k!=I&Ks
l(D@I)]
Ml;Gt]
6\TM=H&:o
Hi5*DsZ
{l<MSt~
`<@0JN%
WT!k]r
utV4 S
__wZ2w
zDFlN<
DBvf5(
g	]kObf&
vi=G2vM
p|fm_	
AYeK^t
I?= *sg
=v	GFM
Wx<;,Ku
d&7^H@
-at1p$
gY `m6
Q&b@jf
?BXq1=
gI|u{5
rM$qV%
lj,&s+(
"4A>W$
#Trr)i>{
d(Z0v<
A^,Zj@g
F_^iw[
^/-2RC
_b>oFW.a
9&T|E\
C~hw/)
auR@'=`
!vj](B
r3ksge@
=k464	;
mOFRM?
Qcq	Ay
|~#$YL
J!]#jk
[LDo9Q
W3|5[	d
KiR0Au
*Nh?dS
{oq$O/
H9`k>9
JmTNa6l
KB{	qe[M
252GM?
@8h\>k
ind"E{
v=q7BG
9=')K/zp
cmsrW3
hpYKh2
!(N*do
/)@N%.Us
QRT,:8
3L6YC{p
yVp(!f
u{~YH?
;9Zs!R
9n&y^s
M	I?b@
YR*&cmq
-[8<'p-\
Qkkbal
I5nJ:fY5
v2.0.50727
#Strings
	(	J	_	x	
winfrm.exe
winfrm
mscorlib
System.Windows.Forms
System.Drawing
System
kernel32
{14241ad3-afaa-4997-84cf-fce1482f74b2}
winfrm%
94f4493e-803e-88.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
MethodInfo
System.Reflection
Class1
GetTheFuckingAssemby
Assembly
MethodBase
Rfc2898DeriveBytes
System.Security.Cryptography
SymmetricAlgorithm
DeriveBytes
CipherMode
MemoryStream
System.IO
RijndaelManaged
IDisposable
Dispose
CryptoStream
ArgumentException
Stream
ICryptoTransform
CryptoStreamMode
EventArgs
EventHandler
Control
ContainerControl
AutoScaleMode
STAThreadAttribute
CompilerGeneratedAttribute
ValueType
Exception
Encoding
System.Text
GetManifestResourceStream
Dictionary`2
System.Collections.Generic
MoveFileEx
ResolveEventHandler
FileStream
String
ContainsKey
get_Item
set_Item
FileLoadException
BadImageFormatException
Process
System.Diagnostics
ProcessModule
AppDomain
ResolveEventArgs
Version
StringBuilder
Attribute
AttributeUsageAttribute
AttributeTargets
DESCryptoServiceProvider
FormatException
DateTime
UInt32
AssemblyName
GetCallingAssembly
TransformFinalBlock
SeekOrigin
ArgumentOutOfRangeException
InvalidOperationException
Substring
BitConverter
GetBytes
Reverse
HostProtectionException
System.Security
DeflateStream
System.IO.Compression
get_InputBlockSize
get_OutputBlockSize
TransformBlock
set_Capacity
set_Position
CompressionMode
ToArray
get_Length
get_Position
ModuleHandle
BinaryReader
MulticastDelegate
GetTypeFromHandle
RuntimeTypeHandle
GetExecutingAssembly
GetModules
Module
get_ModuleHandle
FieldInfo
Delegate
DynamicMethod
System.Reflection.Emit
MethodBody
DynamicILInfo
ResolveTypeHandle
ResolveMethodHandle
RuntimeMethodHandle
GetMethodFromHandle
MemberInfo
ConstructorInfo
TryGetValue
CreateDelegate
SetValue
SetCode
SignatureHelper
LocalVariableInfo
IEnumerator`1
get_LocalVariables
IList`1
IEnumerable`1
GetEnumerator
get_Current
IEnumerator
System.Collections
MoveNext
GetSignature
SetLocalSignature
ExceptionHandlingClauseOptions
GetTokenFor
NotSupportedException
SetExceptions
ParameterInfo
get_ParameterType
OpCode
OpCodes
GetGenericArguments
OperandType
get_MethodHandle
get_TypeHandle
get_FieldHandle
get_MemberType
MemberTypes
get_Size
get_OperandType
Concat
Invoke
SecuritySafeCriticalAttribute
ResolveMethod
ToLower
StartsWith
op_Equality
get_Chars
MarshalByRefObject
ICloneable
GetTempPath
OpenWrite
IReflect
ResolveType
NumberStyles
System.Globalization
WriteByte
GetPublicKey
CreateEncryptor
CreateDecryptor
get_FullName
get_Now
GetLocalVarSigHelper
get_LocalType
get_Message
get_EntryPoint
GetValue
Application
SetCompatibleTextRenderingDefault
Convert
FromBase64String
IEquatable`1
ToString
ISerializable
System.Runtime.Serialization
Append
get_UTF8
IConvertible
GetString
get_ModuleName
IndexOf
set_AutoScaleMode
Format
Buffer
BlockCopy
set_Name
add_Load
GetName
GetMethodBody
get_ReturnType
GetDynamicILInfo
get_IsPinned
get_Value
ResolveSignature
Environment
get_ExitCode
GetCurrentProcess
get_CurrentDomain
add_AssemblyResolve
IComparable
get_Name
ToBase64String
Monitor
System.Threading
ToSingle
ResolveField
ToDouble
set_Text
Exists
_Assembly
System.Runtime.InteropServices
LoadFile
get_Minute
get_Second
GetParameters
get_IsValueType
MakeByRefType
set_KeySize
set_BlockSize
get_KeySize
get_BlockSize
set_Key
set_IV
set_Mode
IEvidenceFactory
Component
System.ComponentModel
get_MainModule
ToInt32
set_AutoScaleDimensions
set_ClientSize
_MemberInfo
ResolveMember
ReadByte
get_Year
get_Month
get_Day
get_Hour
ReadInt32
AddArgument
GetFields
BindingFlags
get_Module
get_DeclaringType
EnableVisualStyles
ResolveString
op_Inequality
SuspendLayout
ToInt64
Directory
CreateDirectory
DirectoryInfo
ResumeLayout
IEnumerable
get_IsStatic
GuidAttribute
$dba33230-8f5d-4312-aa82-173224d45fc4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD