Sample details: ac9c2b50dbf450c28e0ebd9422a8b438 --

Hashes
MD5: ac9c2b50dbf450c28e0ebd9422a8b438
SHA1: 400450d05f58d43386b2528087983a41cdc24216
SHA256: ce4b121b1fddf1c940e95540fbd44095974d4d0c2e5c9a4c569e1525801c9778
SSDEEP: 3072:fRx2etPzfL4EpojiNEnPI/WIeVNBRMnwPBzg7zUQzDGkJCoCt6xnlmcSf3U+:NtPzvA3PI/WIenjTg7AQziHDtcgcSf3
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://file.mglt-mea.com/sweed/duke.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
$<IDAThC
f4WxG"Jc
_^k[t'Zc
c-Tywq
O]b_@yD
>DlXAJ
h3!${!
}7TH_p1
0viHo'
V^bm%%
UJEJ}%
-cys'W
/in*MS
1OV{Ps(
1B5thf
{/RqbS
G&hTeQ5
(!=j{h
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
^UH~uD
Rux!1>
W!aA^6
?b8%B\H
;bE0wx
9l+K43>a
\$Kz' 
 teV@2
b<rxwM
ET<,^V_&S
FQ;+@z
XQA^/2
%u8>=^
ho$|0}YqCAV,
(1gjq~
z~h2^y
'20qyF|
tciJLEsF{*
	BG_:q
Buyg*UGM
?O_R<bO
68{Ka8
S#c?G=%a
3B;9XC
&?yz_Q
.*e *a.v
;Ik&st<
E+j[UpP
b*AtKO
 ?.B|)lK
x,YG4lX
Dir>/	t
i1LUl6
YRSQj.P
Hr1.Mp
@'F$6Qrx9
\T;B.z
 `U `U
C:TicQl$
jjPq,%a$
4rB1'=
~h3BU`
npq$lX-
XK-_=s
a;{%(HI<KDq
36X(n$
\1Q1 &qk
"%NbXo
j>L?n7X
AVF8!f
1\cGf^
1|E,>A
(ajS#2
OKC9L=H'
%!;FB6y
d:OqJ0
exKa4h
mTTU$c*
#6~!1}
 e|PrP
W \7B 
|BJJV,P
:H)7|z"v
^HP)r-
I~6^?3"r
2*pY1;;
X J!qXm{
Df;[1+C
wuN7AZ
UE+ xg
:Mt2tB
At@\$s
"sfP,D
;6Qk+ 
c8^ 28
= fb2J@
NM/{$c
a$D'u1
gp~&x3
Uz5JnGkqhE
gAju}I
;vuvwl_
'#xO=F
Y/6wub
xfp'X8
:qd!t_
v` 'vep~V
{6`x n
l&wfh`
?C4.' C
UZG<i0
Ck],Vg
<]},srq&(
GyJ aI
FMs+5_z+
Mj^nvf$;S(
WT~osJ
~ol]sg%O
qj^W_o
+UsP5[
xQy_T*
c&UzM@
yWw}Qeq
=qoV-3
]Wx~k!t 
c"f><V
+6]=~j
sU~\ib
9w1~[o
\V$Z7"
yjyhpie=
VToYYxN
f]6cNb
^pm<BR- R
&95Qu 
Usv%tf
z.]NGk
$ljm`X
mM]	%+A
R:;eXUrRq
3"v$CP
]c(n.5
>7vT.5
&L|~a:
say&4}J
L+E^DwD
$]U>=G
mjb`R{rG
5|fvvj1r
zIDAT!
3,J#]M
aNOK>1S=ni
W3R5!x
b\Htzyl
"B`)SI
|D/ZnbT
Z$(UnX
dMG7-r
tnaZgwL\
9-N`qY
Q4PIh'
{~27=?
*2;3ur6<
GKB%()
42?61>/
E&J]{vq
Te1;-jD4
mya5$RJ
sN?W$DU
pq`J_]^
0=szv6%
g9'WGZ
$[Hwf*jV
l8[J[c
4k2+OU
kQ\RiECJG
ZTP1!aWA*
A2=6>^<n
m?q.(v
|VER;*$
9"`C{\{
}7^*;m
,KTEJS
gMD)P6
TTIOyd
JdduQ	
$n.H<oc
^S71sZ
9ul`bj
;r|xp`x
9801|Ds
hsbrt`
a>w|`xT5
oZeZ_9
EMD^SvF
f^--khu
%A^1}U
Wi}Cq`
Z>eihF
	Xi@?r
!hf$U>
qmKH*&
yM5f~h
2z*dS#
R?9>	K
BZ`Af4Ykz
SOaZ :qj
vaN#CB
!;2QFKh
d	Hf1`
y=Py#>
aYy`1$7a
f mpmA
PwXf ff
!0XWe |
5f2P((
;!e3A}
#JC*EL5
wuXD\"H
`h+{@"
h	{,N3
07~0S@
V<e|i"
d*<I-i
`22O^v
qNV>'~
wK:5,y
60Tf/@
R^sF/9
1gQ0Rw((
*Lv|hD
B TnbO
F)> h&
QWG:4\
Tq:-wUynC
k#M%58	
_y5i$ER
6KFUpr
J"]&S^
j*dLp/
U_U:d6|
N%$4Opc
a^d,&X%
'rLODS"
[(tBN~#
4z_trG
aEZJDj
KN;:VQ|&gt
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
NewLateBinding
LateGet
Boolean
LateSetComplex
Operators
ConditionalCompareObjectGreater
LateCall
String
Concat
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
ChangeType
MultiplyObject
LateIndexSet
STAThreadAttribute
KiPl.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
duke.exe
MyTemplate
8.0.0.0
My.WebServices
My.Application
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
	10.9.15.6
$a4e7cbf8-3868-4630-80dd-d32a6abcc2f1
Copyright 
 Top Macther 2015
Top Macther bL
Top Macther Comp.
Top Macther Library.
Top Macther
_CorExeMain
mscoree.dll