Sample details: 83b02d936185cece54768ec4b635ec0d --

Hashes
MD5: 83b02d936185cece54768ec4b635ec0d
SHA1: d259907ea554402e785ab9d7522ba06d4949df1c
SHA256: 900180e9d991dd8cd12194da9b65758b0401334da14d5b372cee61bfe2902564
SSDEEP: 6144:Jo/d5YaJPDGK83aqk62/UnApOVKSHMtQuEgw:Jo/Ma8K83Rk62v6XHMREgw
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://thecryptopeople.com/susutesla.exe
http://thecryptopeople.com/susutesla.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
8YfYOw
$crH+eu
{_HkSn
<l?vc+
haVz3%
]*C>hM%
'(}:X?
\<^}4M
BP",`?
:&I}Vv
G/t44=
E '<;DN
g@i60e7WE
D0}X8'	
|.z6)C
Hf+_#9
"$i}}k
Xmm!3n
)S-"q%
l?iGt4
	-`Jw~0
,MOl!b
~c|Cld
Exl^RJ
bE! `H.MG
 5ds#;y
5x?; 1l$
rhb:Pd*~
V{!B:X=gX
%2y}n%{D
rhd;w0wO0
bRukm+>
ITB%3vo
/s>k	T
Yrpgh?
[{E7Or
a::)}~
;Q~LcW
gR*&KS"
^O)!:/
dj>	8(
o(LyZj
r&KHMmp
,sx|=R
uu~ o/?<
6nzNGL
)V^5o4
)HN:#1B
cxk#;T
yIR)jb
cj'oL'
(-YB76
j&U+og:
`iJ)5Y
P%+GK}
OzG4<6T
wzfMM^
MD,@cd;
q6kM^.
Yfsw5v
eP_{0m
K5%+	xoN
zS?E;h
Wgdck6
MSF4|g
(Bqc:E
#2c?=E
>iF3Z{
Be5v!|
z9Tv~s)
?8l'z*
}vi;E f
JE1<:Q
#kRfi`
9^2?Ei
fxURoB
MjvJ1>
v0;WO+l4oF
eEg00K
# iRH~
Y4=	Y<
c6%K_rH7W
=8uD^9
yH|S@E!
/Ghw3o
B	x~-E	vw
_Al6O@
q]Rno;}
|?$0LDS
{Kg,~R
z+U++;EJ$I
	o(jUG,q
.9:d'I
`Z;-?T
d$FCUiD(y}
e{%]6N
G^b8M3
kb'U{:
m{xY_x
S(%q0Z
Eu""C|
p<H25Y`P
yP.`k%
:nO7?-E
>6vJ]8
idC i`s
B^DHoIR
6~-u8GAc
9G )+M
DAu5n5
4%e}v4
o:2?:i|
FP([_Y
 1FzHY^6-
CKY4^0
]LOK#\
elnSvk
1"6rt\
G-Ti#{h
78dMCK
DM'OV[x
2ZZC67
^Pkl5!
C$AnM'|
zpJ?GHE
A,P2dX}
4h6"2C
hwhS!:
 Sb+BaQO
SJ9dk~
/{&NiVY
Iwh43xeEX
>>ELT@
y%M<7\.
%[@x'K
EU~Qhz
a:xAZ\2I
 A}e6\$jJ
]X3q&D
n>ZUzu
;f%Rx?
]zjO~d t
~""M9fM
uotzFR
}a5*iP
Znl@H3TU:M
=S/ [p
t8<<<H
nEdN$Q
gj59kz
_/j,fA
hqRn0(
9M^.7F$
n{l'Z]'
 dw;rnV
X-5x?7L
<3Br_y1<R
$B<bd3
#:C+2Lc
dn,mX0
]zX*4K
.,	Bxj[U
B!+hZLL
}l'NbI
mkOnE/
!Vd	|[
*e1M 4g<
Z$0-5Zt
s1A<D+s
ue67&\
yc]w^#\Tok+:
"U*lp#D
bS!j&e
sLrJ3BL
]O4U-8T
.;yyh+\N
:n-~zA
r,5;Zl/
VF:I:f
T2kGf	
LXWT-oj
F)	]Om
3'gtIPOi
|sU[EI
q;JXv3
.68d"=P
Pk9hZK
]},iwD+B
i_#5*2c8[i
&>%MvX
Xccmy~+
8i~$o	
  ~[KF
JA+6M8uu
rt_8/8
uD&$q0
@'Ystg
|N??Fo&4
cb1Bu	
K2 -C-
S @< <m-
/z^><u
elMN-%^x
b_ao>T
'1u$@m
9.QK(7
\,OQC7
z9My!8r
YThx)t
,`45$s
]2nc;Q
*vz_;%
5_zhx9N
ES<1Q~
BS^P:"Y
h,&5Hr
	a,M<M
FaIhuo
{D	'CIfL
7Ci42s
@U*9%s
aHU y0q
ot~dN0)
G:h0\&k
.F%?w">
!SnE(6
t#*^tV
z: YA2)
jGgxdgN[b
c	4p|5
l|"5hW/
<{zZhm
fqWV6/-AM
HE|g(L
1mEA)b
)Pv.1>
vs{VtW
mExh=9
[63OfRs
bS_/4sQc
HE-A&*
!wG2wio
vILHn;
9MdU!=	$
35(U%>p
s,Vk'uytN'S
JFU[x;US
ZO+[yNuD
gLV"	5
ZN"bW8n
/56w;T
ViIpq4
)SfHk|
<#j3\>j_
7{>?W%
qM8c2b	
.^OUlG!f4
pn40%W#
ymZ:"k
Z-.TSdX
7fRK~;
kJ,CJk
+INu8(
c@lT:-m
n7vsT[
8w+O1Da
4ImcqB,]F
cPOS5M
0uD-9,
By)lEXDm<rtz
24d;Be
}LP;<1
M!Ff_q
UQ9TQC
fimTvf
3@zED,Ei3?
w@=]!q/
eWT`y$PB&.H
`NPljBNG*
4c]Z7)
aj<]b+n
J`O\pF
(;nLz][C
:Y_!#i
o?AP%Phv}
]r[fpF
g;[yB;)<
xVCflp
On#>i'2
6|\17*0
*WD7Zv#
ymRsM-
:}^6e#k
Z%5k,x
zP^HK=
wb&7c9
$ZODc!
Dc@``%
+ofl@l
/VMB`Ph
UQ0Qc"
h>A^uR
%wi!2n
w/>GD@m
*6"$Um
!nC_H%
~p\Ld-
sbU4JZ
wdcsG>
^|xS$~}
#fy1\M
0MUHFt
2FNfV:#D
s+vL*{
P	:X{,
)|%R?X
Y5om-{
u	bU	t
O^"wqQ
C_:ON$ H
)newBH]
-tVR:;c:
G7|)45
<2/FRAb
3fyx35
iWOQ,o
W3, lc
I?`O(F
HhS_;R
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
*0	bwQ
]e-$gO
uP$TTC
Qu^w	g
Ou>VLK
ttZG@1
h.	%lc5^p
kbhy)y
1r*w~t%
(":d8#%&
'?/e(2
;8,`E7
bV-)q7e
~fpC!m
%$?f{u
q&bjx,
e*eIeA
+s|'2#}
n~"1 K
Qw%8Q*
?Kw0YTe
4}\,<=
mW*&fY
Tv\Z:H
PAz,K:
aE`i_N
Q%FpI?
%\LO>[ 
i~~Ie1
d#me'3
i	2)T&e
tVdx4%qok^
(A_,V{
b@^<'&
t.<7m]{
K<NFWb(
,1/][n
VpLs)X
t2K|v7
z)Q /w
Ygs6<i
ZL<a#7
(v8>CIse
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.Drawing
Bitmap
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
UInt32
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
ModObject
LateIndexGet
AddObject
AndObject
ToUInteger
ToByte
System.Text
Encoding
get_Default
GetString
String
Concat
get_Width
get_Height
LateBinding
BitConverter
ToInt32
STAThreadAttribute
EPV.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
susutesla
susutesla.exe
MyTemplate
11.0.0.0
My.WebServices
My.User
My.Computer
My.Application
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
8.0.2.14
(c) The Clorox
The Clorox starter
The Clorox Company
The Clorox Launcher
The Clorox
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>