Sample details: 7a29988411eb992e659a1e73c647c7af --

Hashes
MD5: 7a29988411eb992e659a1e73c647c7af
SHA1: aaf0c4c0b4c2b57c211dbfbe56fcef7b461bd801
SHA256: 89e01f8a14f561aa3046f40144ade2220c424d3748cd0382c56f91f791e13c87
SSDEEP: 6144:Byxy+P+TqfD6Pg9rg9NTzTsZqLspu/TwSa6Tv:BF+P2UAK0bTzTGqLPaG
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://gg.usdipc.com/prepro.exe
http://gg.usdipc.com/prepro.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nP:HGy
1O74?e
-pR8<#
nq1Lyx
MN".K-h
i1]*8V4
fLIitE
(~Tu7F
o]68M{"
#Q.s4]
G{E4>]
' |^IU
;Ua(}k	K4|Iv&
hCg3NQ
zi@{1]@
u!i~\hU
vPtc)Y
)a4HJ]
^Zz+ed9
VZ(m7$
$|kIKY
Qcld0V`
\j	iP>
)ng `r
ff\zsy
f|[f<+J
f>q>KQ&
OzC:t)j
b(-Z=k
WIJXrU
05I4rd
_^Em=c
	b(jF0
-JoA<\
IDATx^
Y"xmex
bZbzQAB|X
:^8{uy%
jYfG/e
kIStQLT
PGp!9KwY$
|t4&]=
%5dcgO
6Aa0n\-
U%Bc`EL
 m@9W2
+ru]_<
)r-L-p
hS(#W"XN
e,kOa8I
pL*NuV
dttM?}g
ib[.F[G-
3w <a0
.R!Rd|D
'xmpG^&
VIiqul
j8B+L}"
JQ{8~B
s'{hK6V
Aead,F
uu~0gC
 8:y.C}I
gwE<>%
k,AfW&
nv>K(Z!!
THVwyA'
't[cD*
aX<MDX
#DZddk\0
+Vn"tf;
+S{fDM
(A0Bog
`J]1wEke
}8wyCDKB
>jJ#Hh
@}e#HE
QNlDNx
/E^#`1
|Q(>(g',%9
/(wo`t
!N&3dw
|_R.-C
7B.z~C
{3'm|O)
YhsC!R
[HnB?g
XaH2$n
H,#oO0
NNs	C~
\Tu;F~
'Me$:~
%o8~}	
';R8v?
K=W1{S3
8"'&W/[
Rbc'g1
9 >SuzP	\
`v'Q"&
oJS\x>
Z2mYK)
D$`Z(c2
_@4K2$
EuRj6r
egrjI~
6p0p	,
-.23`z
R9l,Y&
7%[UKBq
$@mlV5
CJg2)V
)jA?$V
L& a85Z
WjISMl
U&PA E
?&zE2C
'Gm1-TN
[?D>yj4
'U8N~V6
ydvO3L
tm9l\/
otnmeGc	
7 fC4u1l->
|?IA6TZ
}t3^|>`
!|.i1W
\&3\	4
+OVIH*
"$@aOi
6>eC\)H
V^;VMC
0hk[l ^g
x{.e/m
0l:u7y
$.zHgj
=44vLq
}&(\\t
i=Ac4.A}
x@<04::
m\aHhV
oZ5$C4/
}	MS~	
on	YR5
-[3hs!
dHt;42s
|/JV8)
Em1(A3
oqtOb"
e~uEy5.fM
N(%&u%
GFum#v
DN(4$[
Ib.G@|
bgZ^ 8
CJ@,63|p
b38*E#Nz
rVFpql|
2#'eh)
LDL!A:
&NRclV
7&n|"-
I4EM8p
%q !x#
!}KCCKX)|
/J6/IZ6
\FQ!r:
\]9aTo
J&=`bg
e#,mo1
?uS98Y
F&0sG'
NER+3|
G("4M\
%`y[zE
mUn`YZ,
*^3oQ^
66w"tF
`zHuIv
Y\M2Bp\
8sdQ-Y$
96)G6;
(a*%Vp
|zt=1F}
14A2-^
WEy"'W(
DaoCRto
g[U-Xx"n
t,ypVg
D4[`G*6
>-x!+`
Xo`J@r
]>X!ZG
R^:0<v0^
<]fAHb
;|Jbq@
IS$WP6
b(fNj1T
| q5Z%):
 =UY5'(
z4'(Z nJ<2
!%6 S{
3^XO~s
`:UzU&
PY'= {
YCKfJ;
#i[so^
hfOyQp
h%,%sY
81a/)^
zIko'9
9v>Q(R
&mF/M+Z
a-x|'c 
2avdCU
-8(E^_
Yx.nBd
ksh PV
n>dC?8
{<#@iJ
px.gp\
\Z [uB
F92_V<
9qNs)LJI
VLIApB
}hbl'>
b &_M~
]y|0Y!
^Aio\YX[
8(MRQV_\
)7v]2*
m<mCd(?
F^]'h<D
Hrm3:t
{"g_*^
!":)|U
me@)T[
jK9OX\
{TKoI*n
^8=Z&-T
0/TtD8
;PlU:O
;|Mo/j
&Mh=FW
F[;0G(
9U@9<a
 #;H./N
S'I`mK
f((zhX
K_k>HJ
`t{O@[U
rm)sqA<
,qyeP(&
}..hoo
?4ZyfZ
DI)!or
T`74^R
obCUsQ'p
Kk.JrK
O=SNP&
:=w9F 
i!rk[@<
B`ULP%
5MiOn(%U>
u]+NXcN
OdlcGM
Kg1 1U
=/{SnP]9
-_VKb.
GC|N|D
[2xzxDB~
&YI_W~
u=_=6KQ
Dmb'>Ejn
o LWWF
%sMxS1
("NSY/
1Le46T
vaqR.gz
xRMaZ$
j6f7qn
FGxM*{-
RXe0IL
c5Wl[9
I9ls$!<
*-_T1f
~XTYHF
!]D0('*
{W'cZ~
C+UMU$
[o18FE
,JYJ}l,B
JaXm\]
D &'J 
 	~iy"
]`^J8S
.*{Y"bazw
bHT;]/
" .9A/
Gvi/1r
oo4_sYL
2V.n8&
")B+<|u
D7IxrKj
'V"wVH
3ny71 s!1
!VT%6I
XtN4E%
aP6r^U9
gIqkA;E
"x~\I^
N'i's1
;soQ}|
CekJ> 
}zjC?D
_U&c'Ba
J6&$V0
HczmV%
(r/x%V
LKtXPk
WnoBFh
Qfq[sx
)G^NY5
YG iOm
f8ai!y
&0~c1c
*Ys4)|SP
:dA=QG
&E~$ZZ
<Zdp	v/q
)^$3OS
r/:nyN
s;}!%a
th'E9yg
`:69,J
@T>Un&
~j1t4BK
ouE\vkTF
*lJVFZ9j
~.G@bM
!OCi([
?W8&<%-
_]<MNU
ag0a(k+
Qik9t%
{6fjZa5
hV[5~y
hiI7lIgoS
4pk@\xmG)
]jy^:]V
a_&-GjQ
h~E%yM<<
@-rsHu
_&{$cb
rW\{r.
{kcv\[
{d:IGY
m>`PR;
PZb7a7
BvUUogmC
~<e_BH
J, 1{Z$>
gNBVyW
>7w!1y#
p8.dQ+nA[
%r+S(.
a(	k)x
s]ouz|
gB8v\o79
(Mos;<^/0:
["l1^|
"4E,..
2	!EDM
aotxt9
TW	uq]q
x,y7om
QnBQnI
v)&%=`
IDAT#h
"b	5WLk
K)IdYs
[ui*q-
=@5D]4+
f'/g)Z
hlS)Ot
0c.:m++*
e/V/pI
r6iDE<
nV$:S%
OUA)Q?a
Co~-%l
L-*L~%*
g#;8:b
_Th^`e
6QU?R}
T\2X9/
E-CjE6
wEa;T}
H)5%J)>
"B3vZy
q=sN b
-Wn+hh_%
W.V_ol\
TxDv{I
j$R=5E
o]DsiEe
J=oZ}qj
PJ6+0G
nZ!BVF
8]<+	Q'j
A>,>On|
~<|^sA
|2-j47"
n8Os^q
08L-SC
eJ%xz,.97
;zDQbI]+
9p/!-S
V9z|MK
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
Conversions
NewLateBinding
LateGet
LateIndexGet
Operators
ConcatenateObject
UInt32
SubtractObject
ToInteger
ModObject
AddObject
AndObject
ToUInteger
XorObject
ToByte
STAThreadAttribute
gyJP.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
prepro
prepro.exe
MyTemplate
14.0.0.0
My.Application
My.WebServices
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
18.18.0.18
	(c) Ciena
Ciena Auto Slav
Ciena Slav
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PA<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
               <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
    </application>
  </compatibility>
</asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADD