Sample details: 5561f6e862f7231faf82bcf13ad96cae --

Hashes
MD5: 5561f6e862f7231faf82bcf13ad96cae
SHA1: 752f27230a13b578a03f1337a3e99d17d85539a0
SHA256: 75e5eb3a379ef029df6b376ad09336abc2f299847ab2704e450285be8690df55
SSDEEP: 3072:lhuRTAcSdEGwArUwTWX0+tokAWhgAkjpv5DFOmsNYhlL998Xb5ywBQi56J0lRMkp:fcTAc8EWrtTWhTvYJTtWIwx54
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://omann.ir/swag.exe
http://omann.ir/swag.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
NON_N[NmNAN
NKNYN`NDN5N_NFNUNYNyN
NaN~N9N)NXNbN,N?NyN$N`NmN0NWN
N5N4NFNYN	NaNgNLN	N)N
N(N|NeN:N'N
N8NmN+N
NkN&N8N
NKNaN.NtNbNbN
NwN*NQN&N2N
N^NUNLN\N
*'NzNlN
N/N	N*N
NRN/N~N2NPN
NWNVNjN]N
N8NvNwNWNiNlNfN
N:N\NaN
N6NwN>N;N?N
NCNzN,N$NANlN
NQN@NWN!NCN
N3N>NhNTNbN
N1N*N^N^NlN
NdN*NLNhNYN<N
N4N3N$NONxN?NKNUN^NiN
BBN,N;NgNrNbNjN
N~N<NWNaN
N8NJNdN+N>N-NaN
N N3N~N
NWN$NkN7N
NVN"N>NbN|N.NeN@NxNMN{NLNnNNN@NfN
N-NHN4N
:HNsNDNMN3N\N
NrN(NdN\NHN6N
NVNoNqN
N:N7N;N
DKN7NoNeNvNwNQN|NMN
N!N]N3NHN&N
NCNJNfNhN
:KN^N_N8N6N	N.N'N>NzNJN>N
NBNKNGN	N;NWN
NwN?NlN5NBN'NzN
NwN`N\N
NhN9N]NpN
N(NJNnN
NRNTNmNZNBN`NJNfNFNDNANlNjNXNeNsN9NDN7NlNANoA
N<NwN(NGNSN+NSNJN2N
NGNFNIN
N1NvNbN4N^NsN[N
NkN:NRN,N|NJN*NON
N@N-NnN
NTNMNEN
NtNiN`NPNYN^NxN9N)N6N
DkNlN0NlN(NwNkN4N:NMN}N`N
NBN~NaN8N,N;NBN(N
N@NWN6N$N
>oN}N:N N3N'N?N
NHNlNLNIN}N7N1NgNTN
NMN:N!NlNcN-N
NrN!N#NNNbNmNYN{N
NYNRNlNiNeN
;*%/cy^
l+v,r9
O@o;_K
/`NtUps
)G\2B7
5Xx}5;Wq
Fx!@1:V
Zy$s8_
	H	7yu
s)*Gf}=
^/LJ/CSI
wAPA	N*,+}J
?Jg	1JU"
H-\c'<
_\!@M5
i${<EU
SLNw<z
y	@LEi
S:o,G*f`k_
\Mvt*c
@4)TcN	
#5N	5|
=)g iB
;*_lW:g
c[XrI3
U1lWBy
d$4WKc
pomv@|#
JS54*;
s/5@/G
D\ihxY3>]
2	ay8]]
i=<m54
 >sIJ'
ne=@\P+
fDK|N!
3":/C[G
LbA|3(
uSo8+14.b
V4ELUD
IXs[r$N
BI*;bo
q,1qfj(/
%Bt]cc57
nD>?dO
G@k:`G
ckgRRvy
o&Wmg?Q
2R]@K$
h+IW7!
H1#T}+
/"E#2v
{@`(y!
0\yXd8R
/+1uTapds
MVR\:(
'Gq;{m&
`e/ylE
/#.2FT
C5"TCh
Samz-8
u2PDW\:
sYEAv[
GWp%}5
z-UK 4A
	02a!b
:NU#]0HQ
mHl{Nj
BY89Av!O
U:@J\7%
)VpX?O
~	:_oSLl
SV6ig{:
UaoBV}
u2k]h45
:hBx,3
JB/xUf
3Ix3";
7RYx%H
fH(Wbi+l
[B~Xb3%
9xa~a8
{`cIe(b
uR,QHY
 ($Q|Y
1^W!D`
:X)O8>
\M.)MS
xL5>+T
Q$x r|
1eO3><
~\JnS;
z.ElY$t
n;|&+	"t
\:Qe~W
ROPM-O
S.*{93
c^R&b	y
{niB`J
m`N(#!l
G:$k:h
Wq6RXD
k,uQE"
\pKY=>N
{nZ8NU
x4	>rP
nl^LQ"
~,	oy%
u8rvgC
=~+2Ghf
wvR<PX
\)OtSC@
n7Qg~s
jn2\+3*
lQ "+X
wCK,${S:C.Afp
	ge]5?
K`3@ a3t
s%+gd/w
);0F0B
Q	tE=>
<eSc{~
8r&Cih#
*?D#2F
,/4dv 
+-'HCF4
W:MRc8
m70hC+3
&-kDX5WzP
PJ4)%P
^gS$"S
\ts8vJ/
?`|z;)
R/&0vfLP
4!*v5e
n0=C[/m
-W6@Lo
clw'k1
'q8`6U
8U7jA,
\	mRQN"
CcK@XR
^x	K	P
2?~E,Jc
>P<a;L
L+q3lh
,7y5#k
xjb\2>
i9lyx\
y	FJ1d
Uc|C>3B
#4xQ?SN
c]4(\1A
6+!+U&]&
jl\G:+
MnP06!
%jx-6NO
3dY% 0
c(P&D&
RL-Vt,n
b-;s\$
r{	aSI
\m>+YU
bT0L+9
]<I#Qw
Nyky~N
9IT!9`
P(=@Ju*
2n7CfP
YJVe-'Q
(#`5`:B
j&r5}9
	Zkx@w,
0}+_Ko
"xct,?
Myt	]k
r2]<e(
+\Yxawx
u'qyF[
63:sx&
S92"l[I
TST-}6
6pe(G[[9
Qt8W.pe
?g:hK5
P4"Z+x
"!+>C|
tT[ZG$JG
?WJc,C
eQ73yI
}}h(u]
Hsf95 
jjO2!M
<yq72Z
!$3o$P
lDg~5Q.H
E0k3GD
[M$;E1
;;g(!X
M0w,ce
|Pezum
LjlaLE
K#nQy	
*VK99i
08VdB|
<WQ"o6wY;
GyF%j"
V0.":JC
m+I'J7r
L,<nOK
a2>`z	
pUM,H];J
?V~RU*
j6#39o!1v'fnY
KeqYZVR
$LY^ 3
R$s5l$
lD97_C
+xLye=
OZc3PV|
XS-mUv
jyPmf#
,{Vjg0
ES4-tw
\.G.Q{
	3	_yQ	d
tp(g=`
]</Me23eY
@<<6x`b
rJ!kV`m
j*Xy5h
GQ?^#m
2p"8,j=
Q}lzU|
5mqwzvx
03U'@$
KG|UOm
vX\!(D
P$d,\k
}aHq$^
\{c]s0p
KV:r9M
?Z.`gO
5&\1+<
4RJA[$#t
3+*Dj3	w+K:
5dLE=XK
uzJ	o_
q6V)`t[
R\hn..
S_HLn7
/CkWKpv
Iwx|[L
RZ.><b
}:oc!Z
sUR+p|9
J?"\,|Zl
`C>p:Whk
`qCXm%
H2i%.d
JPD^j6
%PI9{7
#42  W
L-NcVl
cE:&:z
i1I0wV
\saMyN4
)|WY{O
uvUc`-
O`<3'<
@-Xd<gx
8] 9H?5
,qd,&)
IBWdiGTh
p?J1nM
TIX@3x
Zso0BO+G
2IkdrL
V0O4qL
@@(bw8#
yf'z FS
d0<8$6a
kXxd@/
i{	^WFg
rvY\}w<
GG@_kE
ha:LgK
X`+IpD5
]B|M[X6
%\I=!T
62(\dJl
t7Ld!B
PPEvoGCmD%
yzMk\(6
5M@b$CA
w+V*dDG
_o`}@q
R=/q<H9
^x$!gC
Og:QYp
SUBQTj|
%O8&w_x
M)S4ob
pc}_eH
L=W,B0_9G
@iNG	<
c9kn|^
JMkpYc.
eTs^=>
@h%	8ALb
mz`:OO
eA3ncd
%H:k,I
*sOtLiNP	"
8h)IeTd
2M9&kk
$/wxMo
@A{s1'
1$?Rpq`
M_r:S>
zWKU&M[
"m9"Zo
x/R3\Kw
x<":1)CP
K'9pf8U
`]=K1k
%zf#oe
1r]vo.*
$m-eCH#
]i*9Fv"
4>z~3G<
vX@/+4
R7Sn:^P
ntm[5@+
tppM I
DH}@ca
y2 *fu
**QsZG
2mOpp|'
sQmO46
~4zE~&-
|z>5 I
+ngY#Cj
,-^O#UR
^pB)>3
Xj%D*x
8K:aSm
B0hP6,
O8G=~2
lw#:evP
SRZ)2/ef
Wk ^"g
},7N>b
0Z3(ew
	obdi@n
rRSFx&
ZeGtCk\
V+&-?CG
G2oH	)
S+sv'8
X	h4Uc
,vA	`^
Vefu8O
5e^|b>
f)HRP*v#
jv+a`h!
/_$e5wIN
Ny4CsH
ujC0&d/
+2{T+j.Sw
:laCL8
S%iJ#d
tFS/-&
-MItk/
o_S)aS
2Ce@R+
@70]?'%z
+Z\jMs
AT*s0O
DY|_^T5
8;vwXt
=fbt2x
rmobJP
47?L{:b4
pz_>/W
B\=ps"
"8^+ZZ
RwB>V	
j{QU[_+P
$^wlv;^	
[<Xv?1Ifm
'LAkO6
4@))QJ
U!]	9|9
B^pS45
B'tyos
}MAq(v5<s
z0A&Ds
$Q]B-0
>N5{Za
7CY$<o
ZV]6dhU
|Vul@^W"
j]cUy;
firm-}
kb\tZ03,E
,g{zQ*
[ptg8K
.c.4ybe
:l.TH<
~.!xJOe
5?;;`	
uG		8:
WrPF/&
@3Wh_S
Dba`/J
1Wyb;P	
2E:pYA.
G3N^(/
d((5Ye
q:y!$A
3lB.I2
Z!?<(%
s[a1nT
 Aj*n+
SYLmt9
u'2xLB
\RQz2cZ9
%2YWR'
(=trkT
vX+SrDA\
2(,z0"
MV_T)9G
q(v)m0
0k^DlH
v2.0.50727
#Strings
L41CvpSa0hgMlXMxq
mscorlib
System.Windows.Forms
.resources
nVmeNyUP5lq
2bP7pqqX9098axc5T
SbPVlSMRzCxZ8AOy
xZmTW6xr92F
Object
System
ResourceManager
System.Resources
SymmetricAlgorithm
System.Security.Cryptography
ICryptoTransform
MethodInfo
System.Reflection
Exception
Assembly
Resize
CreateDecryptor
TransformFinalBlock
MethodBase
Invoke
get_Message
MessageBox
DialogResult
85HDFQrvJuO
BflpaG0jZWfZ
PropertyInfo
GetType
GetProperties
MemberInfo
get_Name
String
op_Equality
SetValue
3dOCOSNnFIfn40ZG
AoUeDLBwUdllF
f7ewZS7D8CXo4u1
MXLLz15FkRCYwmZ
q9qW2N9rm7
GetMethods
SxG0r6cCHAIlpebWqa5
EoCuKLWBRBHKaSTdq
QoDWZVrdRyTpXsm
EEOIpxTIl1
MiOIsQWYBpqD9eZhoyy
ParamArrayAttribute
GetValue
KlRqyD0gKpJalBtf
TgaZocSkThkSVXrXRM
lX5sDO1KVZ675qIApYo
71LNbPF5mDmN8z5
Activator
CreateInstance
77nh0CJO3u5
AssemblyProductAttribute
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyTitleAttribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
UnverifiableCodeAttribute
System.Security
NSNENrNGN`NhNVN
NpNfN8NWN-NAN[N{NiN
N,N NiN
N3N9N[NwN0N
N8NvNwNWNiNlNfN
N:N\NaN
+'NzNlN
N/N	N*N
NRN/N~N2NPN
NWNVNjN]N
?oN}N:N N3N'N?N
NHNlNLNIN}N7N1NgNTN
NMN:N!NlNcN-N
3Bv0vWK4ps
98.55.80.76
q5CPxZGjHq
VVdz5Gra5i
1SqgW3Wmmr
vaS8SzPLbr
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll