Sample details: 7e0a5b6f8b6425ad20fd2f8d212cd4d0 --

Hashes
MD5: 7e0a5b6f8b6425ad20fd2f8d212cd4d0
SHA1: 673ec3f07c47c317404dfd69a80ac68f26213d6d
SHA256: 045e4769a03b38b28c31a970ec532d243e49c4a6b53c299ff9f04e6683a58e1a
SSDEEP: 6144:R7VdkYxDIo3G0odv8lJYvmKYn8oAZks89fLly5MF1/MVxf:PCYNIo3Yvxmpn8o8UIp/
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://gg.usdipc.com/project.exe
http://gg.usdipc.com/project.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA)iY
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Q^.xV+
}@X#*J
<YS>~=
kh qPCta~
4!o2om
MQP NY
?MR-S8
Sug Mv
&r2F$U
6;&kZPV
'?P!S]
${[%)B
c/g<c]
\k*n]x
]mkFj1
C	jysB
8z+':\
d	{pzuO
.o2Njv}ED
U;YnmP
OcH4Dm
f+t)bL
N7U89xQ
Z <EW|
&.N[yx
0LO	/i
X}-UmJ)
*<QCu(
cz_OwsBB
/>+Zt|
kZJD@L7
/4*AAS
KW?_P79
Q1bz{x
@O^\X~
65~A'`
)TAb+2U
('_$u4y#
UJe[+S
\L>/\Y
T=2 t?
RS0tR"
uH$%VG
Ul8bmx\
0ts>d1
_RK(G8
/ldV= s
IDATx^
iS#^hW
:#p}|;
&i{H7@
kpjM^d
1-5tOcB
-ZGw!d
!IJ*IAQ:
x$^.sE"
S-GW?8
dtyjgt
MD-/_OWa
5u}PCp|
,l'IVTS
AZxd5e;}
uZ+e%_
<p@>= u
NTfTj>
 kQfMGa
jTOmV(
[YqP;4
nD.<\s
I,)e`k=
ck!<8dt
0I`^Xp
zyr]7r
|OVq1;l
a0dQ"X
:meivF
^Sf+;6X
]wS2	m
u9oUw:
cm!wW}
${7.!8N
:rw<i=
}k^q8EL
+ez_Xf
831@/0
v!-qZ]@b
p4J;|'
/ES\pd
>=KPiV']U
NE`}oh
p(@d-~
Xz<p^Mf
NHQ;H+
?U5AMD
.5"b&C
}8{'J12T
A#zOm%E
Vxzt:>
uVb/:U
cU2ypZ9d/
)#s@OE
-OL^j.
Cr,T\bZ
GL9IKw
}(QyFq
]GoIh%
-W!_  
28Iuf~0
V2hPER
#N=rHd
H#]W6w
u"v8FV
_J5&ns%
3:S6pn
UynN?7
}U<GCZ
,5i@|d
`a}B-$
$y48w6iM
}ulEBq
m+GN)X
M58U[+
|p_:2M
64u|xc
;AQRiH
w1IwXv
YGdwfUzc
dOM,31y|
/!c?'j?
YpoVlq
0"VzjT
3$4pE\
Om[v)Guj
<m[B!^^
?J9;P!y
<=vBCo}
">+N?HJ
L03&O`
(Wc;@"
c.6S0T
z[ 4wTB
a\x-W":+q
[oMZS$X
H_'*3u(
*VKXz::
&b#.Q.
.pG.+D
@znYT$X
FTr2AKz
y<}pjyQ#
y,Lht	
_z{vhs
5OM*1?L
r!>Qp<
cC1gr\
E\YKq)t
(s>_:iY
ypaF"-{G
4:.|lj+DF
W=TC'N
bGVmzh
y?x,	<
/S0g|'
*	~iJe
lJQ)kX16j
#-3nlGO
}	b<.:I
cJdF43
j7_k=?
&J;|s\
]2iO;+
b>s-~[
zPNP2%6
c)4 tQ
IF!lGXO
dhOAWHj
R8KOK#r
b.MLTv
	(\_PT
N9p[Kt
r!'XcC
AR66r^
 lrP}`
I=sM<c
bOm{@A
j=S7YGHz
k)pnh5
_{,)ha
/@H;b.
ui#b4$
>VZ	YJ
X;-m)*
w~Z=EV
EP!A:B
X5J4 d
GR<D//
lcOLjm|v
_rv"n!
HBI[7jm
!b.PSafP
Ej	qt1(r
(8/Vv'
\&Fd,='f
x*Gm}$p3
|`'&:a
h;KPqNI
	!_X>o @
9Cfxq2"
{7<vU+
2\{VTH
!+XX;]
[=7=c#
v7"HwW
wNqu,p
4onvUB
D8~5Xd
WBv(w2
#P7sr_
?'w	_<\
qQGnpQ
a4&,"Y
"	qR= 
UD~*w1
y<Ukt|C
3:^M~=n
Y$~RTq
"b%j631
@e4<gk
]qZT}h
ad~7\J-
>=WdefJ
sK2I.tl
gLNN3U/
=@MxPy)
~vJ,.0w
/\GVaLx
LL=H=F
WoI83-
3=?e2.
	ki8RyV
rUna:Q
J^b#n=
1nuo6m
u][F7&
nzAp)FD
hmM]C]
?k}[Rt
",dZ<)
!?_$6	`
kdy{[?
:1{2Cf
l^)\{SST
F~A.k-
WwkD;c
rI|MHW
I$vleyp
0m'(Z#
N@wm/S
3q)kha
lfqk_Z
2~rn8^|D
>qIT2x
!qi*B}'
/v'{Ov
q-PTK'
S_LV*S
*x"CA\
'5>;iJ
Bf!dR'E
wNd(!L
lP/T:b
8G!0`>3
A+-vYv
L+7o(G(Fx7
*4D>0	
C_&I-{e2
b$#( 3
@hg>Aq
,b[Q1U
K0$Q_7B<
A\NB<5
oZM{7Q3
h1kM:O*%
XfKB[#`Ioh>
:~Yh~[T~
\(GK`B2
/	Y$,E]
y%sE0C
*(ba[v|7
8&."S/c
dJ}ti\
\d,mkg
IC5Y5O
Hr,At8
P":wJMUd
L.hZqr
rx|/$6
Su)I$8
r4D Y&["
wG`vTd
"zK7 |
4`B(bG
F}}+,xU
	AEwo05C4
DtM7e8
.Gj@Qme
EOIGSIW
XVF~CI
qa`uUu
@<#xrnp
5v73Yj
R^!=:2
-!WuB7?
UT& %d
J,1 cj
1wIwKw
a|%]y$3
=3_/{h
""':5e^
K 6T{w
=y5?X;r
v=VO x
OP$}%+
5PLdPLS
K|S[h\
 \hJt 
1jFUP4
uaUl^~
kl6.}&g
7F8	^(Fk
v3nPd|
BwD/,1
!GP)uK
lX:_\.
9swL2-F
TTOH(\:
}=D@sG
g;;W|h
L2!:.^]j
wYp?yE
jj0`-Q
/SSf>4F'
ZV"@|7/
U>T9x"vV
	2;dh?&
L,cbRb
l XW[V
xZ~C7h
Yr/h{6'H
xsY	M{
e\|Lx}*
q7@)[i
e,9QMv
Nk=+_@
$Xf=wZ
1#\LS,
!}[Aw=
2&ji 2v:
T {eu]
Dvrx'a
]+~HY[
IQAfM}-
CG/er|
(LRBx3E
!FuVlM
5K=O~)
8F\Cba;
<FLR*,
)d1?]#wg
O<QQ8i
DX-5Bo
2mz0-'
$Yuxa$
*[/Vo#
TW*/9oz
jYC|Z/
s"!]#@
wiW9!`
8a X7K:
0/RyWP
l*L:fz
BV17h#
wt^i)w
:N%?SoP
]JP>}=
g,mn%u
os[VBu
yZ@_5]I#e
/<w9;6
B,|H)4 
\R||Ng
cx5px(
\oV1\:
B$f_sW]D
mi$(?B
\WSxHh
mF1YMs
mwYwazT
mq+n_|
o|07D!
Zko0}:
f>BBMH
']k:L\
18jXV'
9T27lu
`H6DrrO)
?E"g!5
_4#~c&	
S%.-FP
4y8x~+
bPCfu0 
'<?sZ-
~M@ssM
l\LY+QS
%RL*|Q
je8]$0
ci(d6smr
KuD}ri
ui	N]B*
"U7>=:
oI[ODv
t?+6\'
wxWS43
y?F9bnJ
f1y"SRzB
J6an}j
>$VQqz5
i9@{N7
zvhW?(
d6|-:	]
*Gl*St
mIem"2[ D
;Qr1wp
BBSL<Ux>
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
Conversions
NewLateBinding
LateGet
LateIndexGet
Operators
ConcatenateObject
UInt32
SubtractObject
ToInteger
ModObject
AddObject
AndObject
ToUInteger
XorObject
ToByte
STAThreadAttribute
GNdl.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
project
project.exe
MyTemplate
14.0.0.0
My.Application
My.WebServices
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
17.10.17.2
(c) Darden Restaurants
Darden Restaurants Auto Slav
Darden Restaurants
Darden Restaurants Slav
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PA<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
               <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
    </application>
  </compatibility>
</asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING