Sample details: 5c928aa9b14eb7a96ab1a80075a4caab --

Hashes
MD5: 5c928aa9b14eb7a96ab1a80075a4caab
SHA1: af39e249445c6396ef2c7e9a5a25fa2399db7809
SHA256: ba2182a388e73eeb9e9a3ace2f202038ddd54ab8a4b4599423c8c9a7b06f578d
SSDEEP: 3072:TtuZaaq1OEhYZwmbk2s4XM0CNY+mpRRvg1Crvi71Ze6aLUVpY9WK8L3t45hLeVdX:TiaxWZwMkE6W+cg/5iMgWLtMa
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://dutycall.ru/host.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
phpa8m
Z &ZDja8$
z-wa8A
4QV%&8
 M^HkZ 
FZ KJ2_a8
`-]Za8
h4/a8i
Z J`4_a8G
%UIZa8C
 zwuN8R
1- G%t)a%
 g19?%&8
 ;y$HZ 
 8uMIZ 
 Rc$A8I
ob0Z iY
6}%&8,
NZ Dgo
C aZ y,
 f/Ip8
.V1Z U.T=a8
+^SZ `L
	~,a8~
~	/a8~
|Ha+]	
 NX4D%&
Sb+Z K(
&	 p~#
h %&+'
m%&	 }}
G%&+8*
4Z eSo
+? I9H
 SUu;8
FzLZ 0
 mz8wZ 
 +YYo+
2RIa84
 0Q,hZ 
Z #yk4a8V
5EZ >U
 Z{v0Za8
 SgHz%&
& t(H#%+
,%&	 m
0s#%&84
S&{%&8
 NeX#Za8
b	Z d'
B0Za81
 6{I<%+
NKZ Yw
 ~m&+Za8
%&z vfa| 
bZ G&I
y^[a8r
! ,<2aZ 
Z )9Qba8
vGs%&8E
Bhna8E
 c)%&8
@%&+b	
 x?OiZ +1
Y8_a8"
w3ga8o
Z /Thja8A
+( b/)
u28Za8
#Z [SF
 t6 _Za+
%&z	 ^
Z !b@#a8
 HBnw%+
mZ qpP	a+J
Z 5:&Ra8
9b%&8H
d0Z ojj
 pa0w8
 W]gp%&
 V09S%&8
9<8Z _
 k"&%Z 
Z NOUya8
Z xVdia8(
%&+O~u
TZ )]%Ea8%
-t%&8S
KEZ iU
qEJa8E
X	^Z )
 +f1#Z j
2tZa+r
+(	 CC
Z CQpaa8
 |q#X%+
)t%%&8
0NW%&8S
n_Ta81
Z qz<Qa8
O}Y%&8
0 +Z V
J'WZ m
M}Z Jw+
+@ `4@@+
 g"zK%+
 0Y6k%&8^
 tb^M%+
 `*:)%&8
 CR^M%+
^>+%&8
S$ \2`Qa%
D=^Z k
uWOa+1
T])Z Y
 0?>VZ d
OJ?&9q
Ii.e'w
=!K9HRN
;;~"=H
y,~Ia	
D-)rP!
QtRiLN>
+k).fc
w)j$Uz
cJ5KA@
n#`3,r
7crT;Mr
5WZfF!
8b+_QB1
}6_rh:
'k}jh9
%=d(oD
*$R;rQ
jV7W} 
qAm<dl
	pD!@7
'B]Kj#)
^_Ofq)	Iu7
TT:0=$
mAX}6+
VeBWhkP
TZrOxba
MORy@\
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`IDATXG
;ONmbj:g8
ki'G44K
Q6.E0_Sk
fSUUR|@
i5:t0r
]&9$NA
fm3Qpz
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
dIDATXG
pm+%{z9
R~ETs> N
sFp`}c
cYG_#A
xWqaCm
6!Ig<GA
z+._D&
33p"pv
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
:mzL3m
B5CUc0u
4rs$Yv'm
4~)#6^
yU+#.B
RCB$s$>W4v
\I,4sd
2]yGUH
		}%Id
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
	%MhyuaG
/6V{U6$
.-bhy1
y qO'B
H*,V7C
{=#Vi#
g;SEJw
K"B.2N
Djr,&igH
FVw-;.|
VQD~ud
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATXG
!bZ|L;
SH:;eiTC
~qcOIs
6F2NeB9
@R1!]Y
!]}<|(A
=9A^R:
0^[:K#
qLJn6T^
07EO?Y
^w^Y^@
P Vn@X
Ag')O/P
 2q[.k
6+EkR>	
3=3\UV
6	lo|/N
`*cl9#CE
,J0|Dq
i:8:5+
'VJ=a>
:c^RihnY
b	Mk//
AI3XT~
Nw"ZF.|
+@XRhO
jwp4[6\daz
Z+P7E4i
l(\)JF
%m ?gV
{2]qgv
d/-;]Qu
Mdc4MV
a1c	!e3/I
)X'4	.6
o?J?M`w
`LJ~|m]
^']@hC/
glYV#(
Td	e]|
Y}A ro
41cp%Vq:N
D"&f*#
ra0+GiQ
GqMSkTB
n|e(D%=
6pm355V
4LvmTNm
oSy#Uhsy}
K$i|PkF
 0V2Zba
YE=!#O
$$4|7oDl
gp8#|!
szi9>WiB
x(jZ|'j
<-h*Sr
.Q;44"
8K2H[o
CBy7c#N
Ja#17[
DpCO[4
h!Hx!yoKpB
d~Q,Bc
|J<9<*
D]B[8N
S3MH}<
o({3We
k&DSDcMd
{ve}m~X
+&>_PT
Ep4y#z
@0^MoA
fdJdmx
d*6blv
eLK*![um
*6L6+D
>Tm149
JZ`{X:
!$]LX)3
%%5=Inv
>Q+"1|/d
i~5Lf[
)oB!w+
O0_u;Qtj#
vb0Rt[
|>FFK`Ab
Zw[>@Tf
s9sPwH
g8{MP'TMf_z
>P33H*
D%V <7
Eu6`Tc
Bxv2~b
i~bl"Y
$ZdZN1
"#3sfm
sg6Jl.
Ii/P*c
?c1y3E
t<|TtfA
%zeWbQ
WACvisw
Nhg\5?
>a/q<D|
c_P=;9
c?siQi
 d%diT
nEyBdze?
"_ZgTq
.N3x$iT
~?&,0K
kOO`P1
<&w9t;
'Q!K65
Q&2(#D
IGvzGH
c2~%&+
')oy9T
ki(1Wd~
~`GrVp
S9KkdC0
Zt_g}Q
dRKm{B
$k{V$n_ 1
2(|Wb+
h3\BN)
hz$@pS1
GiGzZX
mIqMhy2]
VoHqQd5u9
J~{X/ .
Y\Qigf#
x1BigQ
?|hets
Cj"cXX
O9XX^>
m?	'8Q-
lYFiYgf
-:~=. 
C+<:s7
#,B|[t
&d|G%eE
?vEe$C
RP}/w7
yU2E([nY
SiGh(,
yPBmXn
GLG.T7
f@/r]oM
+,:q76
ZXzdU@
?dz "uW
ux }^|
=D6I=]:
Y#Db%r
5 SNz^
46YV(]K
$AZ3=xt
^)5V+y_%
WY;zb7{
v}^L^K
R\9M!*t
)EM;Tr
l? a`wn
\WeM&'
1'S]lf
AO0^K/
U33l&vO
`\!;:G
#Nm^1M
x5aMGX
{h6Sy4
p@ C.7
Qjmi#~y
$}+;6Oa
bZWZ+:
+zSoh(S=
O_j<@q
~fj`FS
?P2|(o
%oJSpcK
5T'Da!
GX%"au
GU"L/i
v:O/y*
D v=X>
XzR`1Xy
=Y9Ltxj
XxHPSlk^
r`f3-P
 :	(H+n
Qul,'V"
^)$!Gz
zQ<9Z#
9ObVkE<
l}u96=u
y Tgxu
b^v^ss\
-n2|4)k
 aWPX9
i"a	nQ
PY}dK[
,LShO?x:
	2poY\
-^rB|2M
h<)t~;W
[]w%6(
1Dv$=L;
91NJt'
LCCaSP
y]dWzn
0o80&8
='^OW&.
2[8?UI
u$UtmT
aYRO`^
+RU7C<K
mZdi82Q
FG	\y.
{v(K)(
bn1z-"P
1jiL1Ky{i
6a&q#@
ZOMzc8
4N@k?M
|d1[#f
_VlNls5
v2.0.50727
#Strings
	&	O	c	o	
mscorlib
System.Windows.Forms
System
System.Core
kernel32
{39fa5273-8266-483b-8247-46b1491a83b1}
fd7d4f9a-03ff-20.Resources.resources
.cctor
RuntimeFieldHandle
MemoryStream
System.IO
UInt32
Encoding
System.Text
get_UTF8
GetString
String
Intern
Buffer
BlockCopy
GetTypeFromHandle
RuntimeTypeHandle
GetElementType
CreateInstance
hVvhLSBXmr9X8eZ7Vu
dFG98dExXck2kAxwJe
gtekOSrnHtbKse96yr
aYexO26ILlM4ff6g0j
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
OsuBHKY3wD3qlRC9kJ
Stream
get_Length
fI2To74h1slknmlHFb
sy0VexlM8NkprXriUE
WXFaAARF3JUydjg1YX
PdUL0PJLpnqKRykDxB
ReadByte
MycidHa348djdu6WM6
pdI1hVOJ0PrT5fQjOE
ValueType
Object
Assembly
System.Reflection
SecuritySafeCriticalAttribute
System.Security
SymmetricAlgorithm
System.Security.Cryptography
set_Key
IDisposable
Dispose
MethodBase
DeriveBytes
GetBytes
ICryptoTransform
Rfc2898DeriveBytes
CreateDecryptor
CryptoStream
CryptoStreamMode
PaddingMode
set_IV
set_Padding
Rijndael
MethodInfo
Control
get_EntryPoint
SuspendLayout
set_Name
set_Text
ResumeLayout
Create
FlushFinalBlock
ToArray
Func`2
Enumerable
System.Linq
Select
IEnumerable`1
System.Collections.Generic
STAThreadAttribute
ISerializable
System.Runtime.Serialization
StringBuilder
ToString
Append
Invoke
CompilerGeneratedAttribute
Exception
Dictionary`2
MoveFileEx
ResolveEventHandler
FileStream
ContainsKey
get_Item
set_Item
FileLoadException
BadImageFormatException
Process
System.Diagnostics
ProcessModule
AppDomain
ResolveEventArgs
DirectoryInfo
GetCurrentProcess
get_MainModule
get_ModuleName
ToLower
get_CurrentDomain
add_AssemblyResolve
get_Name
Convert
ToBase64String
get_Chars
IndexOf
Substring
Monitor
System.Threading
GetExecutingAssembly
GetManifestResourceStream
GetTempPath
Format
Directory
CreateDirectory
Exists
OpenWrite
LoadFile
Version
StartsWith
Attribute
AttributeUsageAttribute
AttributeTargets
DESCryptoServiceProvider
DateTime
get_Year
get_Month
get_Day
get_Hour
get_Minute
get_Second
AssemblyName
RijndaelManaged
FormatException
SeekOrigin
get_Position
set_Position
get_Now
TransformFinalBlock
get_Message
GetName
GetPublicKey
CreateEncryptor
GetCallingAssembly
InvalidOperationException
ArgumentOutOfRangeException
WriteByte
op_Inequality
Concat
op_Equality
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyProductAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyTitleAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
GuidAttribute
System.Runtime.InteropServices
AssemblyFileVersionAttribute
ComVisibleAttribute
WrapNonExceptionThrows
	defragsvc
Acqua Panna 
Gerolsteiner Brunnen
Device flow install serv 
(C) 2016
$50d1db2e-3dae-4ac6-a653-2fb5a06113d2
52.123.5.4
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>