Sample details: 98ab23d0f86c63e69f4c48b066763f4b --

Hashes
MD5: 98ab23d0f86c63e69f4c48b066763f4b
SHA1: 56cebe7a05eb77e7744e752bbaf5debf99b1b9f3
SHA256: 7fbb0fb5d77b41ba0a3ff64f8bbb6d081942d4e4b2c0e5c78161309420766327
SSDEEP: 3072:6wRl5POxKGfSBc8OOZgoELPRvkNI7h8BdVG5/fy4Yr83v3gftgXI4j:3R7WxKG+BOO6oELPRvk88HW/fQo/3g
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://gg.usdipc.com/botdcryp.exe
http://gg.usdipc.com/botdcryp.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
NyNON8NsN?NCN!N
N9N:N=N}N>N#N]N
N)N`NTN`N6N
N?N%NVNRNBN}N
NeNpNWN&N0NEN_NxN'N'NnN;NvN|N
NLNcN7N(NhN
<DN8N*NwN
NyN0NgN{N|NINnN3N]NiN-NIN&N
N8NeN%N?N
NhNrN.NwN
N?NzN3N1N
o>q]!'v
"	L1iz
0Wp|Ob
U#-,'a
3M[:OgO
d,0ExgJ
PW<]U34f
nW+e)(
x~PI_5l
2CCqZnb
5K(KG/
j2f{e&b
P(vozV!V
C6Jb2h
4yAyqx
J_F'<A
5?P)g`
e0*b9	
J-o"kw
!`~f4>
\<+03"
h{Gm4F
7mPyzSD~
t:<d$F5t
3 :^cN
ePv:7c?
Dg/k\m\[{
\X$^0 u
eB`T/}
;J1>;8S
,^$)0.
r@ Fdv
Qi7|b[D
T^5!'|S
Ey`6D9[
raXvYs
h.v=VQ
)a1EgA
mJgp$A
9V`@h>
9	z{0#9|
{n	{G>
u(,='.
4fXuGXqF
4^%NAu-
7#=`Hb
g0jUBT
ru{AtT4@
hF)}ayI
hB@tf]T
eO#Eb[
xZ_.pSG
b7OWkL
	d~	j-
(Zq{#+F@
<}!\!@VO#L
x'("fW :
pC%P-/
Mw4h!N
k2{JHhT
FQ4~O~l
3:Y'!k,
'5,~X-K
VN&6<d
v-W)+EQL
Y%MiMGB_
e'%[;K
mP)P/F
C<AaIP
gEgi;c
,0.F.H
dSO	kj<-
E@D/fy
IfGK& 
^HQ;Q?
>"s7#2[
'\KP%<
k`"H@]+
jhcHW4w
O\akFcQ
x,S	UbPF
tV2/cz=
fkUV5?|
eFkuJD
"81`S7
(S.{ZfDp
LN__?I
KPSb#k,
~1*G[|
 |z_!U
(VAh!eEWO6J444v
p_WCEw+
}~rdAP
zw.LEr
!MisO.
o6`!+iT
jEQx{W
9F;//gF
hWEb'K3R\
#nYb_s
3$G$1(
6A=hJ*D
>KXC($vNL
':)vi<
k6}_Ki
5Iwa@\&
4zX"hM-tOSW
pOw2<)!^
J=p;0F
J;_`'"
xOVY/i
i!gj`h
@i ok<H
cn(+M~$
 wfz(b
pZY[y<']V&
R3J:yrV
#<||Hd
pD!6E)
nC7HQ,
3A|YD}
/}B)R L
(h8/Wa
m,/x#q
+x6ac_IX@
Kv<fvj
jvv,](
xr6.O[
RG_<V$T
]_|*zn
bk>h~& 
6:;>tg
3ki$)h
t796  g\t]
d1"^{>>
_/1.f_
F5xE{Ah
uQ.iyC5R
w=]1[X
reN\8(
EWW5f"
v3zuSf
GF!ImW
^Lv"yv=GI
7M	/6L
ql7}b*
Cs"f$G
y\Z")0
!S 23W<:
lu(tvy
pz-nRnt
`$5].s
7}os?dik
FH)`!I
 V}-v>
@8[Qu*'
N9.v*O
WWl6=` G
G+V\E.C
(zhK3bX
r4wx0g
"u5(`X 
>_l`W8Nu
t?1*`_
S)	bL{
&`(JKf@
2$2b8#
VR:	eT
Lzo<z	
FinGv|
|ZKgJM
Ki}I,c
e;nRG$Az
SV,5n#
E	'jIX
b2x5lV
5e&zfUXW
8IDs^!:
p 8 =|X
&#xh.y
c3&sw!!	w9$g
LB``u K
*aiLbbzy
AL^w`U[~
M[s!iv
2QjY4	
9	hLL]
]3&$jx
>b7@>N
omz3HJ
<JTXb>YP.i
t<FR,R
T/&coR
l^bPj,
WGa0J<
Q	?RkMh
.ic_"l
lL{'\I
lX/Anq
KJ$Y+}^
=c^	RUwFK;
xufRZE"
>j7t+F
xB!qEO
P0KrdG
2:Rw876N
inn`S7rR 
u57<)'
z-L*k&>
a1d2A+p7
<z5iXt
9=7YQQ7vi
\&qHt\
8GaR=&
P]uA03
V%M*Um
v4|=M`
#GHcvw
 =Z]8(mc
~	;D83qA
ihMtLS
X?Zit=
v2.0.50727
#Strings
BmLh6sJvraSB5A0g8
botdcryp
mscorlib
Microsoft.VisualBasic
System.Windows.Forms
.resources
pCmGZYBIX1T0Ah4jsS
L4XnSqE2zhQimTN
U9wiUyCEJwNI7t
w1EjEm9gzNXW
Object
System
MethodInfo
System.Reflection
Exception
GetTypeFromHandle
RuntimeTypeHandle
Interaction
CallByName
CallType
get_Message
MessageBox
DialogResult
BTbo38WmQM1dPv2Hn
VE3iF2cXkuU6
String
QGm3EfCbM5orSOX
oFic8Mi9nrCIxRLk
13blVgQtRidoPS
j5AF459pnS
zNBRrEQTd8mIS69
solZXDz13ThGCBZUcW2
GetType
gTs0UkKVomR
0b1FJs0EL5APd
YnE2sat0LK7E8E5yY
ParamArrayAttribute
PropertyInfo
GetProperties
MemberInfo
get_Name
op_Equality
duOx8cESewPGW
BxNh4FqRhJANLV
S6f3quBryCd
LddXFOhvvm7R3nL01Y
ToString
eCiywxq9ASRz60v
CFg38PF1k82BidXYc
4B6NUKLk5vmWqy5t5XG
OEijeeEd1n0XY76OV
iIaJGjW07O2rjqtPQEH
GetMethods
nyrAWvor79LMIhF
AIahbOen7hX1E
59gECnXWmiSiqMvneqx
rd5IfMjGFd
kA9tYStRgGpieGhI
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
System.Security
M=NnNKN
N$NwN*N
N*N~NXNgNQN
N%NnN:N6N+NPN
NhNrN.NwN
N?NzN3N1N
N)N`NTN`N6N
N?N%NVNRNBN}N
NeNpNWN&N0NEN_NxN'N'NnN;NvN|N
NLNcN7N(NhN
=DN8N*NwN
NyN0NgN{N|NINnN3N]NiN-NIN&N
N8NeN%N?N
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll