Sample details: 776cdb53808fd8430d89d16b6c91c490 --

Hashes
MD5: 776cdb53808fd8430d89d16b6c91c490
SHA1: e24ba42b66c3ce72cade40c6eccfd17edd494ab3
SHA256: eb7693ffdd3aadd32081e859450eb100961e6bf87a6f7d6799e88a0b20bbedad
SSDEEP: 12288:8FZCxtd8c1vpRFQJXWoGtBXyQoRL76qABGMzTCKz:8+l8c1vtQaXyFRL762weKz
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://dugunmalzemeleri.org/wp-content/uploads/BankSlip.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
gV)?/m
$+'=0wJ@
Ziw*{g
)ytJ45
Z@y|g$4
N_yvq=
n[!2qqe
9wcvW-
.#B[\"
XX-Th:
 $U'f)
l~(inhR,l&
:??R~s&
5Ss3bz
c\;%*f!v
2<kX1KG_
CT,22|
QKO9S1
'!k'8m
GcKZK+
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
vvwvWZi5
(O1ey7
"{jy7s
EZ<#8U
#Ogb&	M
7hq@ZU}W
A)o\T}
,Qiz]`.|$
@(Ik^x
UbU qY,
,Wd%@r
FdMbZ	
RDQaEPP<
n=<wA^
sDP9	1
33Jp7l
Bp7xV(\
pV`7u,
j)R<1Y
ps#+an
nz]{~-
98_]{>
)+GCsZ
k;,u^j
W#.	kjS
3HD0I=
,\ C<T
eKE?Flm
0lDBK3
S&dP*s^k'
'lXEXI
%CjX^?
_y42^Z
6+FPf_
>dXt	6
	T<7ph<
RA%,i%
@%J/3_
)mpmC	
x$g\{a
MnIMPy
l|+l2~
gQ.8#2
8IC)Kg
3g*Ub*
Q\`M<a
=zhS?|v
BNi{<A
Pxlr>6
:.%nIA|
P?yM-K
V~&K%qi'
"9--*B
:3<L%bO
P/~KBO
P=~1eC
ANDpW?
:C^ePu
yI2C,~
pOVrP=CF
NYQ6>	
WIJ]}K
`n/+NkG
ZsbFu3
5mlzftrj
r>R-y G
}F_Uu-
bU~EJRWS~mcJSY]
ImJ5PzyYq
W UuMY
*'vHH,7
)U}-e]X/eF
2cgd_q
DkB]}u
>c}eOo}gE:
TkOvBk
	UYMc)
DbeSZc_GjEJs
4kcgvy
SZsk+R
46iNmlJ
x"m#<PG3
dmgCAI
DKSEq+&
P[CRM]
tOz[RoC
LS^RyoOB
DajRsoBM
<9bI4W
DANZmj^re{E&F
653Yg6u
2Z{j,I
II]-S5E
lsRbrCfU_CWGZgZQCWN]RWre
XV\<Rn,N-
`ccYUa_wIGFf
3B^[qyvmgfe
VQ!L65
3=F0#}IY
tjyasAzw
qKWAzIW
,L*iK.
IKAIUN
Hrc{sbVw~
QEvngmKIay
D_^Kw{
Tq^ZSK
rLU5i3-
{KF-)E
fuqYe{gEg
TErAWv
tNgRb^
ckBnk]
I%?0#d
OD!uX|
X_-kpdq
FLltAR
gtI=4x
.@L'qwxr
,YQ?I1Do
=>QK{"
E}mS7U
4mtAF7
hes9`@
#I_`89h
sQ ,&J
RApS1C
R#d+R1??
uKk3(z
	"LMo<
/@U_Y$
wUmzNH r
K3Xtfp(
?8I<xM
-cNS6EC
"L6!E0
4VnEx(
6po`GD
3/p(Z[
+Br.]r
R7z"?V
`#g3T$
#n/"}?
DhC~P-
;X>5ml
_	~v.c
gS&Fl_
J+)(;|
5qvu>B
?~I\Sc
Bf2"~0f
h+u+xn
m`+HqE
@L-Hu3!
B$	-JR|#
wpVX+c
#!,GZ8Z
i6$&Nrj
6Gy;'w
'^<hk"$z
#:02Oa
{,3T@&
C$roz'Mvr
V[&t(o
0rr_7N
^;Hr!ah
ZF{vP./HlD
An,st(r
"eT8@d
U.44'XR
C0ox^5
k_p~|jt
jh*$>b
Vxgipa
\7-=vISF
S7\aR5
c:S;D"
=Pvs]k
>Xe 7`bn
OH\vGg
:?/;'J:
0S]aem
n[MAZh
4-1BP_>
t/Y|)p
3tZ[Jp
5z_r_&
R$=]r9
cnAw*F
|*)Z^e
@@wTgMI
L5%d +\X
cc:~V}
"A@@A.
vcgk>q
w^?o'<;s{
$h6i/M
Tp+ni$s
\	B|zF
7SEMggGFu
<9-PxN
Rn4MrO
d{?f~f0V
Lhg0NQ
vwch4.7
~DwjZWM
h~mGq$
xsi_1Dx
TG"C:7
;AHnA 
oEwpQ/
m2gg7#
m4l5Kw
h:^I5l1
im\+x	1
m}5<T^
YP~V4a
-u~`/;
~NE1=}
Ko!yO]
CtE:eC9
)CO<Ij
j`$2lP
c9O}>)H
q<"r[sB"
'-^sb	
2'f*j(9wH
9}^6iDO
i7>-T9
QDKb6w&
BE}sza
nWGi!mT
NT=rk4
r-CR(iD
y]J3sh
^vh`2+
;p6b3I
M$gY/u
,BaT9Y
|L?tPx<
T+D3&%
~=5 E9
[MdA3l
ta6G+}
RZ8hN%
aaiO;F
Dl0/TM
M!\ktG5|
D^aJPI
9W?J[r
l9N`|g
YqK-)J
qc5>+N
cOr$9'	1
NFu7uPh
xgO<Q[/
@S=WJ{
qxh_f>
Gi.;LT_]
l<GAk/
.	kA0&!f4
0wkwH	
*kJ<^u
_e;5oj
{s1zY!
W|xc:.
v$m\;&z-
IEo_]Cs<
'^[d9&q
uwD9$r
fsF|H"
8Lo?U4
j}mw	7
P#8DOD,
OyA`X$
3UixR8
7$r:u9
]p@C63
;>q"} 
A=h-u>
NtPkx(
=N]968Y
ai|kDm
.BM-9.
;y_T8E
5nSpk.> 
Zb/zcH
[hm{i|
*KZU1]
edJ"d qN
x8G`K6/<:
Rpmb~0hX
I{K"C>
nTTTO$
O0\kbwy\
<1^AZG
te<8VXd
Ts:Q%0
ZS|`%Rc
KrI	QJ
+;!}|)F0u
j^r4}{
kC2IY$
@AcKeN
S	{,gn
#q|d$I<
sE?Ur*A
zsZ{3]
et]U.v
I*HE\cn
NcX<yG
}6O%3}8
7.}z["4
LY@>	J
H}NX>[p
P=?bZHyC
t!Q>~'
VZh}4f
GBko}(
F%|]@E
$wUc!b
;L("|q
41VNis
/M}<]kZ	G(
(><a^|D
!M m2j>
v*I]864
|o@	ve
CxnVl'}
}	lmUO
0g&y=b
yH2D=i
8^yiV}3
?+\?.}~
{q!1fg?R[
n05lD=
 e+b\~`
=e_n1K}G
IDAT_;&
"}%%aa
u9|a:D
$O'(}y3
C%eK L
3.ALsAY
S('x|hxy
N^H?'|
xGOiOU
fgh(hw
pni*>7RG
=n8E2[
ImI40<
Cq	XLQo
i@bucE>
t'>vz0x
25\xXO
|74/Oy
R~ys;[
Mu/LLn
3Q?F}/
=9WO5~_=
IX#igZ
>[},8xR
Pn{Lb@2
xcY1OE
n([:Lw
eNtG&b
JYU>h&
ni;o.i
Z|oMzq
 zR^%W
v`Ej,5
$gqCD`
|]#*wl
{70][i
1'OUE6o
Ql#W?T`
^oTD~`&
hmkoz{@
61s8<E
0	sb?]
WcjFFz
&+oc^0
lE8k97
b?aFx0
nPCbs@T
T[^s4_
b#/i[/
-71[YB<
9BTP|+
>^9;u_
r1[g{u
w82ptZL"
n?"9ucp
~yKYEl
GJ;=<@
QvO=7qc
(9E3Vy
nT4}`%
Y`OX<V
;ic'Hej,}$
rwsH`Y
k=Er.p}J
B=$=W2
?kB:5?
+}aab=
OajP*J
3w"lXo
n#xO0Fq
^Cc]?22
N( 1f0
mv/9yR
Y\9x</Ox
i#Y%TL
]7p@n-
J}?;k=
`kThlW
{da)Bi
]N**s'
)_A1y"
;c-y-}
4xW2C5
dsG;pf
]_vVu_
`]o4JKn
qwvh&?=;8
>;,=NVBj
]PW-UO	
|=\,Wf
UP/K+iV
'lLdx0
=EHFXXs_XH!
wrC,,N6.
~N 5[:
[l=rgI
	1$cn_
H^Rc'=
.;k}GN
r=<SS|
'5]b1,
XnA^r_
?}+m ]?
GeZT*L
(x/%EOX
a5vwHb"
Ul/IQ:8
t(Vq}M
9mcpZ^H
fodM?/qnc
o;)N0v
K<U0$*
DI.tY0#R^
TU;Mqs
vCmo)#
!S1UpJ
}].0J~
"d}O(M=
&j+S]G
}^p*u>
g_ydYn?
B3{hE;
87P;.?
	Sy1ZB
6*-17X
h~jmq|
0Y{bc@pg
	>s(4.S
D)&I<h
Sut4GL
Vv?M5:
o08	/+
>vveBw
e8OXO|
@z)5pZG?
{fc\	;
_D\y2t
Ji(i=K
#<,~eI<
C85,]I<
F8oXOd
mtfbM"
ON8yhS
Y~jt7"
9	ZOF<
R:Y<wB
BZF<>E
zJl=	'?
eas"HF<
C8i=	gI<
L85,fI<
WVea_ZOv
9	ZOF<g
[OJp86:zY
oO8)1C8!
`d?J@Xf
Ww4YK=9
CH}B_>
pF<{bl
&t%;5\
lZgOH85h
}g*qaE
BoF<;"
F<]r4a
sx8N82
|mRE<t7"
3b8kGX
9	ZOF<
`$22b/"
rU3ZOF<
BZVO'p
7@lUX;KZ
NE<t7"
-NzNkR_
C0z_B2@
?peATP
C!-1vQ
/"t}y]j
rU3"HF<
=_r8XH{n
*pU3ZOF<H
NZO"HF<2
TnpF!X
<7?;	U
S}T[GAX?
{NUx0o
f F#*Ns[
3:M$Kc9
|[uF_;
EZY}h3
Sc?-1S
~<i[c%
wM[	LTEi_
/uX7,|D!
UamL?U
#_c$^XPU
CsjYHZ]>
>tK,em
T5L|VV#
(ay1%\s(i
PlB$O`
	; 0k	
M&cIY8
o%7B3.j
8n{?u?
@E|H	c
lk|.;d
9%a32&\
ov]mKy
YPS^K%=
]*. Vh
ICw|`5vZG
&:JoLy
A'eTY2
(c#Cg!I
HFh8DPk
{f.&$4_2
U~=w5~&
a0+)lHB
]n3R,Y$b
acG0dM
&f^bfoz
4:?_l/P
}vc.VW
>P67TU,
6YH>'h
h%pJ!@
};6%Yp
4j9573Vx
c<"D7c
O!<Pk`
>&nIjK
[wu@lO
-u[R`G,R
,ekOpa^
Bo/	6Ec
uI>;sr4c%D>
W~B]meD
k?q]^1
`jH<IN
b>[Z}>
YYDV+,^
rQNITt
i8XNhB
e_<GL9o
q[-F:L
7`wpTj
!\"q$A
eloCd}
cF64E2I
nhhmxx
f3B&BW9
+L'zD8
nD=(4&
pd}{C-2
3K/]qo
M7xvC+
_d(ioS
X.pl($
?VQ#b",
c9.HkB
N]M-1lg4
$TL`Y_
XQlffKR 
Q1JjbB^
lUe>5&KX
upr;dzb
*gy[&E
~=ZDgC
oRS>&O9
=rV4fY
;1,Lnk
q%=&2-
s&=uvz@
Vey(kY9
Ct&KdS
108tE_
SZqJ+Nk
=3ccSS
%(7I^Z
*wy9+0
(Oh;|2
3vc4cz
88--}&
c[/5?L
zH/})j]
V3Z|g(
Mz,M0j0
}F/A;M6,<$O&
gsA+bF
TOr(~Xr
Yj|KnZr
$dNJa(
Fe=kI%
	m8}D2"
~	|AlP
7r}YVb
Vb*<5s[_
o+e^Sz_e
>C0g5B.
Xb^#+p
z>|Z=_5
>~dAip
csHcY|
3x*=LZ
i,IcjI
7+xc_x
o<~19-
fq;8fq3
gxjt||
!"i3pw
49:19y
~Ta^(I
;9g92\N
EVVuut
YZojeo
NEsmYo.
6XmqSm-1
:|	oW0
<V#;2?
!Bj{h)
V#.g^Rk
PPc@U(zE
o70iu]
'2"25vQ
_!gFG-
{w,!qp
hL&Osc
`XZ='I
O/,O,)*(
jA0}3\i
L@<n!P
a6m4}3
a)=<p\
G)hRM	<O+M
	5k`83
X9e\8oj
'Q Zh\
pMiH	eIg
!SrE$n
VSyqrR
H5Zi(\
+^haA9
Oea$"*DPm
%B(|Amx
o+7Hn,
/)1:8G
$$|I1E
N+F+N1
VIg)wY
,bq}ME
TzREAM
_#|dp^F
KNu8)n
r3\JftBG:
I'Qm+5
e?Wczx
ify[lH
-fIUJD5
7K:n%WLe
x@I@y@
]dV)x3
2P<5hQ
J{"rx/
StgQo[
POdbv&'
~MnmnOnN
F5RU=7b
m=wRoc
@#Q16]S
53:	[s:
Uc1<0^
_Xlw4?
8mIIpO8
f&6gL#
`@DcXZ
ALdUOe
)]EL\U
 \H"ww
~Vy(=*
%<VGP7
,lkr.b
An!;k'D
BDo&bPVK3
AV<aHc
l_|fl=
jcM?!v
moQ,$ZS
>ep3\?
XNM$`C
66,~?H
A7lN@Ppy
fA/AnA
JZ))tu
!F0tx"%
7n$$"+
0=Wt!ez(
i#{b`V
	A=uql0Yf
XJl!> 
!]96	j4
v#Do<3$
$=@)TaBm
:8Hiv 
I>3@2E
(LDr	)RD;
jhp6]Q+
?@2B_7(
dzvf|byin
%4{/4'{
/.GN/_]
nO+AM:
Ouz?q>
?srr%'
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
String
Concat
MultiplyObject
Boolean
ChangeType
LateIndexSet
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
LateSetComplex
ConditionalCompareObjectGreater
LateCall
STAThreadAttribute
G.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
BankSlip
BankSlip.exe
MyTemplate
8.0.0.0
My.Application
My.Computer
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
6.8.3.5
$3be232d7-b988-4e63-8427-28bd7c588aaa
8H9W494GIW4
9ERUB5ERFUIB34OF
WF7G4G7GU4WF
SBEGOU34GU
BUDF7YE5ETHUET
_CorExeMain
mscoree.dll