Sample details: b8fed2d08ccca13137053bf7c81eab55 --

Hashes
MD5: b8fed2d08ccca13137053bf7c81eab55
SHA1: 9e0535e268bae642be7a402e6479ebabea723945
SHA256: c5f112c5afb90b7fe45674d551b48a6ae64914ec7b1ab4be378050d5c21c33b8
SSDEEP: 3072:iFr7GGssmKulT1jT0ALGC6qwh00HNPEvKfO9BtkxSGM7p:uKGs7jvDXW58Kfqtm
Details
File Type: PE32
Yara Hits
YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://185.165.29.173/faq/0404a.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
TDEq'}
?#"Apt=
!js p)
0je+rB
$/HD)pq
!9|qjz
/5/=&Q
&.,%AM
sg)l;Eq
E3M@uF
M4kN^B
5;)'=n
y7RLE5d
PT"r9ddxEc
.Xvy5n
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
;G(vrb
JxJI	sP
&Sj2$	
lR;73S
q{"d=O
@0c*.!>,
Fhu?nI
Z)!t@B
_;lqJr
=nWUFm
U&lwFg
[BC?+e<&PM
&	Ha	H
$l:%$\]
YL{[v&
A}\EVhU
j7=t-H\
fdz=b<
^^U"=$
]-e1:p
:s;qDz
bXlr'd
eAaYP*9
@,o_.oC
?m{u~C'
L=?&{xT=
)Hl(_!
1"Z&4m
hVH~)&
S	%HIO\
FUXntja=
)Sed:T
m/%VCB8Cb
aj,&|C7@A
H9h$lQ
_/?l\@%
Q7/={X
Ix+}G*.
*o)5F/*
fxoaw=
Gn%UH+
!Z^l!0
_GRW%G02
2'JhkZ
'UUiC?Bj
=t+mJ"
&E`xd^
CpT%lG
Xf9B$[
^%,|N9
:?v^hHd
)?x!W(O
e}]F' t
gx"k0s
wL}UN`
?9`$qo1
,	jdIGii9
i	PJ?R
Y9[V.xDs
wUNso&
cu#=yGN
`vjdv&`v
	C.0;-
`_hB4P
MApRnV7
)-J^wL
Da(F;u'j
ZX$:L'a
NX40Bmx
dx&z2&
7]YACVP)
#k58&e
!~)8k|
,knnmmY
2mM]sS
	3jN]8
0&H]3_
^7Oiji
lwY]hq
Qkd@#O
x|jx22
0$fO,A
u=z8oT
Sn^DWQ
VKj_/B6
hey=7?
L* ?YW
<:TIm{
8Qgv\xA
.Z`iW-p
<cpN.X
D>kp~aq
5&9umJ
0&,ssf
sF^I9cH
^PnZUW
GHi}NYw
$n(!ub6
?y3<ty
ATRa]T
&t!M|N@
NS`RHKut
yC?WEs
.F~-uH
3F2*bAE
z0cwk5
+d-KlCy
l|8ZnE
n3\AKE
j"|qu)
)!".qw2
^5^Rlp
|r)^B)LBC
jbDqR%^*
V\r	C7E
dS0+	#tI
<NJ&}q
"9o0\,
8d+H\6
L1^3yyo
o'7Y{d
@6*p	eK
qHI8PJ
{I.SW]
T:MAc	y1ZID#
NSJNsR
5"l!,(
$\IYI\
EVyHaR
{X<PB5
z]fkMu
o3!F>f
qeWVteu
#	SHLY
V&{ drx
Ty2O0YN
9~5%\H
JYsi;U
OkGRO[&/
j]9bn=L
x~sF\({
L)|gWR
l=yfG^
S4U]SS
:v2e\J=
z&g:_'r
6w!u q
rz,z8/
39 .gr%g
v|1m6/
w+ K*]
y|_>Mg
z{W:`O
	w I8;
yE(a/3
	_a `m
Rg)`x]
G9X9>1
A.|0|}"
=ofX,/
B4dIFX
p;,mi9D'
4|@pID
\	F"Ag%x,
|-0CQz
P,hd\g
lahbhW
HB68#q
fbu2L{=
fh2<:{
R2VY5e
)S6?~l
/<IMx/
V#1%=g
Q.8V96
1g$0	tV
5Qzn,rM
&"#AL<
Xr7QK$F
o@$6<V=
UDF}u>m
6dv'@1(PJ
x% Sj*
P,&!cU
Lsyay=
Y[ig8v
^g.Svg
~7*lwW%M\
uVo$Pl
\@$}'uH
n,2#cfF
L9w?y1>
\>>>p|
>021926
>29thpx
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
String
Concat
MultiplyObject
Boolean
ChangeType
LateIndexSet
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
LateSetComplex
ConditionalCompareObjectGreater
LateCall
STAThreadAttribute
LlRS.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
0404a.exe
MyTemplate
11.0.0.0
My.WebServices
My.Application
My.User
My.Computer
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
2.12.16.16
$27aa05be-0faa-481e-bd83-2a95004d38e3
Copyright 
 TR Nop 2009
	TR Nop Jr
TR Nop Comp.
TR Nop Library.
TR Nop
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>