Sample details: bddd8d5f29b42339d86b2316cd60d629 --

Hashes
MD5: bddd8d5f29b42339d86b2316cd60d629
SHA1: c7291814852a433519f9f04abe77f556fdae7ee6
SHA256: 1314d86808f9eeb9076e06abc98cf2cc568f1a1ac35a66dc5bc83fcc3983946f
SSDEEP: 6144:A0S1IQftyFCj1Ui2iyvX77Sd6IUczhBYEwPh9OHSk2VbVOINYLOZALA:A0S1rGCj1UAISYRG/qmL2VpOIsOF
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://gg.usdipc.com/vnow.exe
http://gg.usdipc.com/vnow.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`	#j8)3y]
XZH?}9
rWn;^8
E::BWj
v1[B=O 
O.w)0Q
7Hk8O=
N@@}5&
z}	A8B
/D|A#s~S
Uxu:Zt@
1  m$k
sSD)l~
tz|}T]
%xibzi?
~0bE,p
hvE9o~6*
yWqg!m
}b, "S
n07!o\
-\F}kG
j<2`5	
C8sJn1(
3PfXJ%
T.g29;
fJ\1`g
W{H[b;
20a.b1
W9g;Ed
m/K)WFS
qD.-1PA%\K
ca*5oR1
|S8(y27
H3L.lB
@7+0WAp
;ozh85
+q'|I7l*S
:p0Qlm
v~m?X}k&
zu`$Pp
Rg(dUj}
+DLG3Hh>"h[
]z`I-R
[G-'Gf
IDATx^
O-G(#Y
w0f"7I
_erP+n
?c9Qp*
Z@G[(hp
KyOLk)
O}<Tv"
ZZ]9'W@
)~7Z#X
A$%je6A
G0);P3
2ifH~\8Tc
qq!51=m
F?3Se+i
qbbSUwO
rxb+K*p
3'%Yls
\Rog,>
EHWmHy
;aEr4+
y7VVRy_
pdHQj|
.|8_h8
|	IwCW
D`q'Q=Z
yi\	s.1
_vDAjUVj
bf|L?a
ccrl7p0U
e*L1q%
n8x8a~
`cgeh+%g
y)G]\G[
c*aWY2&
 _qBU&
AI{|C3F
?_pbo'*
E 2D+VG
iI*0p4
YySO0P
+vOwRf
<9X.KL
W+ A3D
7evap<
#-s2u_
?g	!Q/
N!lP&G
JG`Vyk
.yl%+zrr5Nr	
hI6^Z0
y0n;/}FHwr
-,BSDlY$E
\}|"6L
Gpu,w$
(Oh1u$
NS?{uLcw
M@L__x
i_?SO:aY
p3(:}2
;o_>/ey
N6;7m,r
8TDnSsV
!0`4XJ
{z4ek"{
 X/_#J
X<BP8:
4XQ>*P
f]klm;o.z%
Mys24[
[V$i5zf
sl|vx*
Q7MY:g#+mV%
e(r09QN
&-}.G]O
]c!7_`
o<dhh>}
}b&-lN
% v@zd
|ImCYlEBf
@WwX,v"cE{B
L*s/B\#
QrCii=
At'i#d-C
<Gocrn
1]H27(
~r 2}H
}Fsl,o
2vcP&I
BhOIJFk
}9LxG0]f=
Qajc0Gz
Dg$w4-g
v?].K2!U*?U
0YMBg5
g?.O>;
N^Q=g=
CDv@sHC
\u.	:%
s +*+B(
Qs1+L/
!P*\x~
;7|Me%
7N"s*CX
"^=4{:
PMpu|5
Y<`qU`
02|OZ4S
1L}4h8
 7tn\w
fY.Is<
xT^KBM
ZYnk2n
:9!IHb
\re$Kc
1A173e~
KHf2JT
a}K>ty
e\@x]Z
pnPkv&
}Z2 EG
lYoZ@J]
|-d<9W
Ste!B&
^XjSii
<]Oi9.
atHv-i
ym@ju%
!!;S^!iy
.VDy<sv
VykVnU
P#uU0IJ-Y}
MC!Q9Hf
1k6bVAB]
NJ!z>yxD
I3clj]C
;?@kupdma1C
$pO8Z]
OL #f9TQ
_-x@vI
\>U*Uy
!{v1U>
\zU)`O
VosGym
O|bI'd
n%a!d.o*L
uicMv.x
8<6x33M
"d	*U4
"M5KUd&fg
H7=CKg
JG`$vo~i(
	=:o0Fl
&y~g	Q
|`y_VC&v}K 
pHY_WSI@
A(t1f)0
B!co@!
I&pCK~]
{sj	-y/
vz~Qo%
;xF/Q_4Hr7
H%{'\c
=|LkWo
P"A=Y"z
"5"75_
l\/#zB
_kKA>l6v
n9ZOjZ
[.~=R!
mii0R$
i2|oRs
8y'}	J
w|KIO.Nt
cBzSIq
v&tQ)&
*wB{hH
R*\Yh\
h'hxf8
	anfO{V
Aq.DSr X
#4lQY%
.<lE-P
+X<$mN
e3b1eA
y+yRMIX
EDeuhi
6xz9J@
h|Z)\c>0
u*r&doA
-5sLH<
(0|*]p
y%l(`2X
#j?Tn3T
blBtU3<
cZIKekY
zNn7\f
@QHf=Q
f:q^=#
zb$5X5E
G.sl! J
k{gB\3W
I)ySU]A
LS&k5"
4,?u{@Z3
o4;hU"P
(' uA:
jIw3/qMN
0U5cZu
;ulIDf
kx().R
sj5vH9h
':bNL!
nZ;){J
_3|>)X6'3]
{Z^L]F
$].aj[
1d]Jo@c;L
x2o`91#K
&~ 7vw
\P;n,'
xlI.0)
|)9?M&B
kMoe x
@CN)x|:
!eKs)#
+ujkm)n
cR`	`s
tXSyYu>
-V{(Xzp
<Mi[Y_
=<<QKS
J}+~ZI
h3R`\s<
@Yp$Do
i`jx^B
ktm'Xb
;++]Am
@v\zX=
z8sG^ 
Z"lEy5
A!AX==E 
$914?O5hWPLS
gFjs)I
$1owzJ
A\Gr<c@
gr#%VfL
SA3Mdi
-%1[vT4
4$uD~8}%
q0`.b-
qr{KGG
Zm\<@q3T
o)u]05
>\Q<'*
`"rVO:`
SvG11;?
Z@9|gcS
qjWU}#
,;7MMiXd
(2W,.1
,W!,0e
GyrS|g
9wwNwc
:E9{p#
L\U,.k
,yt{lf
;Q`Co~
wDA|tm
/prhNnZ
`m$Mgb
FS1L_=:
uQ>j*'/
is+f&V
Ke^@e-@/
t[vi?=
[HWDAm
i0)3R/
b\MGK2LP
MB5{Nr
=dh'rqM
|#B7yi
B,FC"~
:JF He
C&VSS[>
	M	tJq
,mm2j.
s|K]X%
=\/fyb
Nh8|/uc>4
|KN^2q
v ?.8w
[?"(Ef
/|E$^@j 
dO	Z;<u
vgFQ$]
s+SX`Zc
	Y<=-swl
<2z	9JR
\k,F(^A
+<$?wu
<VD7@N
?"0n/f
:q1t\<
<{&n7Z
AG$NZ2
3P=ABg&
<Cb!1v
I<cK>8"c
yLkz_X'
MK=qt^
k"@A&JW2\Q
^@RXac
g,!-J,
&6u+|v
b;7Ul&
uHsFml
O1j&Tk
<.GAGR|
+>I{sxg
`?Y,Fw
_8QmtC
8^=v#A
8o:Qs!=
d25Q@1jQ
@iH\mr
EI_.aa
ahoLk 
-uB{l!)
&xU5yM
prIG6My
*)i_U"
;`mUTa
C<fz\d<B@
^^I#cW
>-Ro?(
R^P^*>R>
L2h:^M
4\12m=
v/|lGS
l6/s.JV+
fb;N{l
^|]3ZL
SC	LF0
t'GGX>`yO7
_a'&sz
^2C0ne
KsD'=8W
SJcqZES}
bO_6P^5
|	1!gqkG
}s`RbzE
=z<4rd
*$%Frpae8
s6FZkqJ
\h8,[s
WS4+pb
sL9H0tZV$
#$?^SJ&
]3W#odl
g9F	Q&J^
dY4%*SH)m
#	`)8j]y3m
A]}rih-
zy2.D<
;Z5$}?H
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
UInt32
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
String
Concat
ProjectData
Exception
SetProjectError
ClearProjectError
ModObject
LateIndexGet
AddObject
AndObject
ToUInteger
XorObject
ToByte
System.Text
Encoding
get_Default
GetString
ConcatenateObject
STAThreadAttribute
h.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
vnow.exe
MyTemplate
14.0.0.0
My.Application
My.Computer
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
11.16.15.15
(c) 2015Big Lots
Big Lots Cemp Kopl
Big Lots
Big Lots Kopl
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PA<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
               <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
    </application>
  </compatibility>
</asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD