Sample details: b128d4aeda16b1c5ff7c68143f61a283 --

Hashes
MD5: b128d4aeda16b1c5ff7c68143f61a283
SHA1: 694fab565953aac9c20c53c6e7c9cc32c872ae86
SHA256: 4669345374d3c14e30ea9000b29a0a674e4a1bffdb9ca033ac0b707317a71feb
SSDEEP: 6144:hBH0KAcxj5fymWdFzl9lIwZeQ3sc3nC3h8R/Z/Kn6bbvjK1gnhl:3H05ctV0dzEwZecWh85ZCKv21y
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://gg.usdipc.com/fot.exe
http://gg.usdipc.com/fot.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
?0FJDPh2
h' k>\
z}$J?D
d!	n#\
bid|iy
[+9rtu
."Wd %
}_v	-H
 w31*0
xU=i))
^~T6#nG
"Hyn<k*y~
y0|u8:r
b:OgAu
#T(0 t
SyuB,J
XP!_F@
_ug>Do
MbQ\_3<
5Rp~2sI
dn,Am9d
1x{s1w
>~+2G01
)?Px4_
m+HOul
"|'Xr2
T[(Wb}
==T|Tz
V#854o5
he.QX`
#6*|"@) 
Z!j`-HQ%
c~#0VD
QD,G#r
LWm!.t
1`kttq
i,iS<d
H=}Av/SF
(\%yT/NYi^
piwtL<
zP^K|h
IDATx^
IZm+=+
UV)d}Y.
@d|KX;S
;|\FS?
B(a[,2
S4]Da%H
<o;41FK
_:M>)}y\
vVNhXu
R^?n<Z/zI|"K
o:S sHTP
SLxb?%
ssJyDR
 GZp'0
rCGK<~
6qzw7;K
24#crb
`>,Hb(
{Qt{'Jm
rG)t|u
{U5o>sC
\?2(JG
q)A4d7
=EUjVY
,jhs<	#]_Ll
w,d&"^
k73*lz
^(tAvt
Snn'%f|
e4lL2h{
)}=p&#
WT1Z"R
	(vyOK
~7s:zg
A#/XY:
LY)J"-
Vz[@.^%
-6FI^I
RxG'Yi	a
)$5y8]
vbe)V_
KXw3JU
p>:[XQ
*g<=hV
;Y031z
&Jn|lB
A`7GUg]&
<=s\|^7
ZE*P)s
k;)Fg<
gi<M#s
ZFYsr{^
)^;&z#
TcK8GG
vg\YlH\
(qQAZ%
!~|67}Fu^S
a@wf;E{
u[doE;
@04V>7
96w	zp
s}9r9V
J7A]lR==
QUq9N>
I5Xcx2
._=(z=
A%1}h~J$
!Cd5xd
s5' |G
@NI$>z
7-D0O\
!aHYJ[
&6#zk4
z6PQ1ttvK1
`>qyqP
oU0g#9}
~Szi/q
nYt@iT
qO!)^;
vKEYg,sq
hl:p}!
L@iQw+0:
P.W:D<
S5mlQq
6wPjN-
/NUML=
Tf3r4l
tt&NQ=U+w,,
\(5dM0
(2GvbHk
.Qcg*A
3IMvhk+S	
MQ>N?[
s|;]-,
4RB`P{
#	6@,/M7Y
z2_=)<N
|rhxc=
M,'n69
pady=4
oJJMZyg
izrCv_
Oxiu*o
?imcofs
q+R4i;
vmhN5e
<8qT.2
Pp,P3(
/JMP+:w
T=Y:+ nO
[n9xus
.>1sbt
ZDBdwdG
qX	~ .Z
p,NP+O r[
h,CVaK%]
UD7^=X
7QUg=F
(&\_\E
Nh7:a)I
c!KY%f"
p4O;&4
V#^mE{
8|fm/N
my5$<P
4mH$t=l`
R*346(
~]z]Kz
T$.w(dD
wJ7wnC
Mt;(ao4
*vlDH}
?NKRWK
h7%XP|
%c:J>%
|,NZG\"
~Br-|G+W
YJ^@_%
3bPKn 6
{XyO|Fg
\S8O,<
-*~i<@
$Ea;tf
8>?fWuR?
sePc;S
%mWr24
7X^"[g
V%1%\z9q
vFhs9'$0
%0Y@^X
D?O%GOKh
lfAKOB}
^Ie<8f5
f]{|:K?g|S
|ZNOCL
oJqy;ro
"B5pN(zV
[O]Z$>JTq
|1_y)HH
^Ek?w}TuL"
FXQ,Cx
2{AC!Z
>)q.M[(\
'M>(Z8
2Bl @"
.	j3A*
YEYYWN
S~FK7u
Rs{}SFh?dr
"ne+6;
D`5q'p5
v$N|qj
0pH?xV
qlWd*?@`
})JI>chs
h'Y*O6
H{vzia
o",/^:
a.xu;x*ES
Asot?<$!
5T9WU 
Bd\XYv
|1EUq6
}<UsZ;l
O{61Noo
}u/.m}
P5=2of
jM8"+R
`f{[8E
<P2qiz
.Ww=oa2
^9~Q,S
P?98`W-+
e6zTs)V
gj:!o%
GQV:mE
Su?aHI
zD`l8$
/k%X<J
<+szW>h
2HYo&_
'1pSt\\
^l3w2E';
ST1HGGK
V>C2H;
)e);B1I
&Vyi@F
I6YKoj
K@O@F$JJy0;Q
9T\t24Li4
kF3#y_&BL%
_)-!lg}V
hp^sxD
MyB`|i
fSBfU;;
z$op]>
K't7@+
gVEA{!
_M9D"z.
yvSg|>
~!sLJM
j>sAxV
H]Hje+
j1eBp_
iFx{oAi3
P2"7xxT
0L2q=}
nNBIl=UT\n
2WA+dm
l H;zX
mICX3 
a~x+X.{
(^2)<g
)H\Hlh
YSLnYv
+T=w7{
xN3k(pfE
8ymiPT 
>9o '+
4q#dZt
U>`S?{
hp-pO-h\
52;&E%
p|]FH@
zF^%r m
MZZ3><
Hgy@14V
ZsYmTxW+
qbSb8s
ruFJRZ
FyXyQ|
j=ZW2xF.
|?lvSs
7=RXAL
vRODZ0
$so6+j
~+]v`J
nJIiTnlO
[e)b>1
C]WI_Ur
8\t	bk
B/m XY
0oT%/"
&NCl}P
\Vi>v2
&?2ZT2
]a\}|/
.?V;J$
G&BC3p
WDV1cJF
DJXc3Q
<e3wW=b
,gI5$u
9Q;7Y])
*"Aaa3
\R3SIMz4
UHC2r.b b
^4{w'F
dlzwt>7
)s[@5s
mG~1o[
~K) LzH`
cV_Jjh
i;wJH,
Qu(m/Y
=AF+_i
mR'%)D
G3n49yb`z[
SgzhE9
8~3{^v
f`QZ-*
#;8dd?
-=s>.gm_
WiBm8%#
2p3IY0z
Gw$amT
&mj zUb
 Lz	o 
Y&fE*O
](rQCs
m TBf)tFF
lN}%}s
19=xV/
Yt)n6W
h!G)5#(-
QPi"<#h
;"U@7m
,`q3mJR
%iQW6#E\"
A+x:,Q
:M	Ver
=DHy\[
d!2=gr
IDAT+j
ZW8$)3
O8Tzg6n
wT?:/	G
H%>1G9
2-l#s.
Q3g~Ud
|*>BXB
6O#evw
DG2NkA
E_wf#b
%7JYGF~6
+t3oy;
1nyH$c
xb|a]J
u\v[VoM
_^74Tr
<-5rq@
x' .&c
?LpN*q
[6vjp@
Hj0oWn
*iU3t <
z|67]&%
X$+Amv
f+%s6)
0q+ae*
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
AddObject
ModObject
System.Text
Encoding
get_Default
GetString
String
Concat
ProjectData
Exception
SetProjectError
ClearProjectError
ConcatenateObject
STAThreadAttribute
Rev.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
fot.exe
MyTemplate
14.0.0.0
My.Application
My.Computer
My.WebServices
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
5.18.13.17
"(c) 2015Air Products and Chemicals
$Air Products and Chemicals Cemp Kopl
Air Products and Chemicals
Air Products and Chemicals Kopl
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PA<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
               <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
    </application>
  </compatibility>
</asmv1:assembly>PADDINGXXPADDINGPADDINGX