Sample details: 69a5188d3476c370a25f3c88d05209a1 --

Hashes
MD5: 69a5188d3476c370a25f3c88d05209a1
SHA1: 53db120bec2564a7b6c68039c1362a293d94199a
SHA256: 4d7b88aa2fa7223c9d8217ef215a05793edab48c7b292ca57916589f60d18a78
SSDEEP: 3072:gJD5/rUDlHivMbLayOfzV2HleQtYgb2iC8+t:UD5QRHi0ayEXg3N
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://sariherbal.com/11.scr
http://sariherbal.com/11.scr
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD5G
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
%o]o]o]o
bF#%&/B
@:Mqn@
I\$GQ!
=Z3	ku`
D	d"Uw
Ad0\46
]9>GRQ
Mk6L	h
3|%ZxA
L^,2Eb
1WNdrCs
;0(!t1}
1P$ e$ m
I_N&}y
uVEQgm
`<;?If
Pz_'8 
'tov%Z*$
[xi$84Bd
<b.XOD
(aRUhdy
m&&=}%9
67r{!n3#
"8e|\^
j4HpLG0
1uLA36
QA{eA_
#r.Ld~
-4O,Ed
y8cF q
FZ$Unj)
x+	Gx:
Y9oO'-L
omW#<"X
m+HdNA
Npn{|~
0ZV?3c3
%/ZRC:
't.='J|
!CX"qa<
Kmfga)
KlYV|J
,]uG4}
/z#Be5
>i^A?y'^
dB;*7N
Q (DP.
N+IoXy
#CmtX}o:v
pGoq:E
ha@W?.
e_z;@<W=
#)\~d:O
7<uZl!
Xb6B=Q
{x;k+"
I<"A_xq
i:fh98
IlDx.%{
N#rAb+
@de(Fp
RBc'n :
~P)X31
-R3eHkf
kURXl	>,;%
\-C5F.M
1I>'pAk
Kyv&[W
|:G(Sv`
#q3vFw
d&KO?AS`
)vd m'
	]V9gV
y|?fyg8
,IQxRPX
Q{?,sy}H
wt>WH9
`%_TY3
W.-]7g+
Z;GYP9
V L01y
2(X-a&
qplbbx
a3&HRXu
RkM'RQ#
tI3/b4
KI$y3/8{
 	b&sn
Db[(~'
yFX`_0(
}C4{%m:
)7l`J~
=AL`P~U?
/ilO~Tj
gVAV=h
;1=>?Q
_.~iql
Z<.*N:\
YZn'6r
X(-?)30
>frc`Q
W*na8T
VJ)j2lq
Bx7Z9QA)r
XIRex 
s8&&@!
]v{:-/
eo6$nF
$y1>8L
WQ*jH]'7
R*'C`UE
1=TXZ.
?$w|jK)oP
et)X-T"
DRX 2^
4q[Z>v
j0PAcV
%SE-paq
HpFlqI
g;rWk-Y
+W#5Xu!
vnp%)\
]\gy+	<q
%y#~EC
X+UcK%_
9mvLRS
==}c}=
N1T<-n
~93r"_
hOqjbr{
~-Cr1s<
][wRk9
HmwBUG
ruW^Y7
,v)w:C8
S3soOF
9^ZVffv>9h
%M%;Ag
n&z&{p
X:Kod/
d+f?MC
&d"^OQ
a6b,b)!c
=yG&`1
iFjztT
(?wRf<
%21ipK
nFh0#p?w
P=,"rlX(
Q"G;v0
24$LQm
I.0v 9
Jt/x_<
  V[rte
&8>I'Xd
1yFB>?
j\%59p
!Zq.xT'
	;*6,^
n#xCrx
168+a<)
KkkrVP
lF` C`
Wf:#oqY,
;j*uTK
	FtZ:k)
/~~h=k
a\DD"~
@pr#3(n
Z\hweD
^_+wxm
Cs&hns
_j<[\S 
m!$"YE
|TTs]v
166>o=
plf1Ex
j-7y}^
Zcmvi-G
idH!-F
AL{{,Bx
^,3&.X
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
D`2>{1
esI@nd
zf!iF`
-Rwu<5[
>Ao-!:L
\5jx7v
gMEcLW:
.?W 5eT
@Zp67`
"t:mZM5
Uz3b+yj
9)x3C>_
arKbro
\tWTw-
=8-~Ab
F5v0qc^Xx+gY
&|);uf<
-e$T7d
Q+wdb5
tR<6f^
RW%@9[,
TfdGiH
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
String
Concat
MultiplyObject
Boolean
ChangeType
LateIndexSet
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
LateSetComplex
ConditionalCompareObjectGreater
LateCall
STAThreadAttribute
RnD.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
kk1.exe
MyTemplate
8.0.0.0
My.Application
My.Computer
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
3.9.8.4
$98ebd3c5-b4d3-4a39-ab15-109ac600e253
Copyright 
 TR Nop 2015
	TR Nop lf
TR Nop Comp.
TR Nop Library.
TR Nop
_CorExeMain
mscoree.dll
fffffffffffffffffffffffffffffffooffffffffffffff
offffffffffffff
ffffffffffffoff
ffffffffffff
ffofffffffoffff
ffofffffffofffofffofffffffofffoffff
ffffffofff
ffffffoffoff
ffffffoffoff
ffoffffffoff
ffoffffffofoffoffff
fffffofoff
fffffof
fffffooffo
ffffofffffooffofffffofffffo
fffffoffffff
ffffff
ffffff
fofffffffoffff
fffffffofffo
fffffffofff
ffffffff
offfffffff
fffffffff
fffffffffof
fffffffffoo
fffffffffff
fffffffffff