Sample details: 57d63a23a440d9eddae61ce0a5d9491a --

Hashes
MD5: 57d63a23a440d9eddae61ce0a5d9491a
SHA1: 037744e160ed44f4c7c500d521904c571ed299e0
SHA256: 0cf64445ea4a1f8caf5039e3f751315c60168d859cadafd06c1c7504ee648c99
SSDEEP: 12288:1ES2lUbpW9ISaAkDUKybYIHaTER4Tngf9:CSHW9ISaACT+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://gg.usdipc.com/newest.exe
http://gg.usdipc.com/newest.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA`hY
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
q;#5H%Kl
)Eo]H*
(7vdS0^V~
v:;;y5
fl~$Xj
~Wav]z
wzziNt
T%8F#Ay
e]1Zbk
rK}bALuY
}R_!2W}
ksxbCe&d
;	>O'Y
7:gzW?"
ru~M!f
kC3HDVC
ShTn"r
<7Ky2B
lK@sA\
7s@0P[G.
UZY#qR
Os)x?u7
]*`Hvu{
][z$&3qt=
<yp,=v
bg}HwP
9W'3>N
vj<[	d
O	ME5K
<MTsC=
?k3~cz
hpa pR
IDATx^
!R3Q4%
;Qh43x
,8Vb%1
.% f(.b6/<
fFZT!^
~dxiw>
H~TexN|
RSOV$\{;l
~W(4DF
J_C)Mx
[#!G,"
8F@,Y1#'
eMK!mh<
K.c`XKf
qGOiS[
C_18vU
"a8n1Z
[/h7{$
9VUt5fbd
qnwp,q
_TZ5m	
*xw?'j
,6kxnJr
5CLy*8b
bQ9h7n
J	!`|9U
L:iz%>bH
?N0rg .
vDO<'3
hPX-X-
>BD}:s
=nq-)6
ayl'P 
cU&YDZ
BP_S?*T
eBOG%$	)h
 j1R56G
Olb5gg
Kd!!,U{
h}qksc
DO)"hwGa+
(KkNXQ
Xh>y[)
R0GPt"
-7^{H7
%m1ErX
G x{s^I
Of\:l<<
t$Jh0v
g.dk5t
y;>LFA
UhX|9X
fhxW] G!
ixUgC_`WL
M?&Do@0
>4@c7_F
jYih<&
,]v=	HP
I@JCh(
Jg2:"B
~J Gl5$
S_*i5'
3VI_Q(
YX }u)
,80#Wg
ve.627 
H{D,Ey{.
kq'+mV
^>27j'
!swQu).t
IhIu\V
=1K7h8}
>UTl5=)
08(hIG
nR!j Op
A;v@LI;j
!^VQK|({'5?
!K6U{b
2+N!~B
R6"4~~
Oa3h4h
	eS*'7<+v
dSk.L<
_xz(}-
CN%1(2
Qf}_66
#n_}q}q
JMXv{['
>bz72{<
.K\9!.
4k,{0^.
hc0`nl?
2Mi-x'
B t=C	iX
hlL$~i
S+,F2d
/yW7Yp
IYP}a5
'5u4?+}
+8cz>EC
`:Ov "-
~DN8!.1
G_O;S`d
oEc3.l
:$nf3o
CF%?++
qH)?ub
:4T20P
r}95	6
Ji[)Hg<
?t-GcL
-LU3'"l=
5X!J?A
1'c_2V
 }_}vO
h7vR.z
KwOCQ`
1a6I#T
TR|+gu
RXNQB2
H	77T Q
I<dQTsq
I>K>}f
8I/5\Cc
}5`YffWy
]#XvRX
9wj@,}
^J(rk"
}Ga=)m
i9;6|H
>]|^z*V7
Y%hkk(%#
N8zPRV1
BLJ}4J
N|i3uY
Yi;uM.
2yo?=-
cn{S(+_(
<vi!`A
G7dZ"8
y,	*>>
Pi:h)	
Mj&HC;
KC%o+t(
~ttkq1
|kq3&5
[p7$KB
}R7UvaUa
Mq a@8
=!^WER
)(&i3L
gc!l;o
*+8p?k3iD
"(N	^a
i0PBCyF
_}`De5
r)/qu	};-Oa]
M|^SKy
>{u+=l
+ZH5p >
I'kG.|
MXGT6Y
2:>[Dp{+(?
]p@@q'E
C[oVht
=N[$,n
3*A:-{
>qAoL4
/|YHQ^
uTA(7h'
%W?pW_
Km:tJh
&C97C%
?7Jw$S
R/2f &>
=R!gF{
.](JN4
uw49;L
2n5T-=
]jvqS^
e#OcL?
vx	XQ4
4kA#?!
|AXw:)F
kg3p;t
=w3A%L
EkojuL
GbSc./@e
xeY2j(
7Kkil,37
xp,%V`
t9E`pj
_XQzZyD
C(K='ky
$>Szb87-
9ndSF]
5zgx~2$
GW=uevt
}^ ve55
`9y	*M
(6&Cx^
Lzd4vRI
h#63[$
k+RMSL
P=;9.K+
%a,X-W
sC__Ati<H
^vF;\{
?SW#,E>(i
cbC')A
adb;BZ
mIfU9P
ij5i>GZC
`t>u7\
vLAolBv
z(9`,%
R`\b1t
CjZUJh3a
r*n	l*
5i`bBr!
bD/_1qF+^q<
 -[{?y
~Yp^f_
sXg$A'
$ZW	#D
mSZ9I?
QiAx,Lv
#QWtLSG
(b*FPOF{'
j,/~zi
hf,dwjN
aIR8im
8U5GZl
](B/9mV
Hy!z<a
'S`{&s+
D3eFzwhph3
8.3#Xo
uRaJ?A8l
1~Z2_'3
@Spn[#k
{DuXsc
^AE"m0
M23RX#
UR$\|J>
cmQNsg
*7T9JK
ElQ30%;C@ 
Sf0r31
b\^ "6
Q-IQW8
pg=Z5W
hA2|eH
,Df]Xn
q=;Kwz
~pXy!V$A
*(]] ~w
R>Uf-1n
2Yw':[O
>*Fc~6~Y%
iS)4!S
qVl{	R
T/h] 9D
#S#Q	D
Lk^W\|`
d1sP}X
E1Dn}.
1mp#_}
&["t\Oe&/n@
aa2uP8
9QVFa%.^
wC?HSHVD
,-w ]I
5geE7-
'`q8EI
N_}L(Q$Z}
5814#]
u&pYOR
GXy-EI
LD"g]D
*Us\+OI
2Qv\KW
b&#wUa
ADEzR0
yq;7~tB or
!d;#sM
 %0OQO
fLmvwu
j2_dzN
,Pj\y{
am 8^o
xXZYFX
C)PI/$F
,?*b7l
	tLiy*9j
1+oNrP
5lN5>'
YD1l.a
|:'fwo
ZhUWEvz
w' *C'
"zwtw\
L\^ti`
)"J PS
A	),ej
x4+7,_
4A:z$h
|0SaOPG
D0,!00
nEXQY?t
pZ2b3<
8ipu[6
FlQ`*w
toVmJF
#m9){!w
&Ztjty6 ,
8$	CK?
W.[-r?
+w) 9{
HJ~GNC
A1x%gW
HE!UNu
OfP8BU
,?;l2ar
;A{]A6
:GpAm[
CB{b\5
y*0?c^
:I(==N
Z7}qfP
Pf"*}E
 ;ql?%
oW81+J
U[li7^
NU>.v%%-H
Xz;1db
khf$Jh
)4j+kn[
EuZc.+
Aqh;:*
)YKx1>
%r5#2H
B<o^`B
4q+ry%
G<up	n
M)^\gj>C7
e0{R=i
S'|4[X*
*88w:B
2[hy:82
b)"0:nu
RR`WDh
~#vQKIX
<WsC>3
3Q"<,P
	2s\sO
5kluRf
.^.B2Y
+<qO7u
H5#lK%
9a5"$&
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
UInt32
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
String
Concat
ProjectData
Exception
SetProjectError
ClearProjectError
ModObject
LateIndexGet
AddObject
AndObject
ToUInteger
XorObject
ToByte
System.Text
Encoding
get_Default
GetString
ConcatenateObject
STAThreadAttribute
lc.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
newest
newest.exe
MyTemplate
8.0.0.0
My.WebServices
My.Application
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
19.18.0.17
(c) 2015Borders Group
Borders Group Cemp Kopl
Borders Group
Borders Group Kopl
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
               <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
    </application>
  </compatibility>
</asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD