Sample details: c2dc75adc0a516482539d6082e1a2794 --

Hashes
MD5: c2dc75adc0a516482539d6082e1a2794
SHA1: e045ee46745d6e46041b05823aa10ef922b4ef23
SHA256: 56fe30c5e7e666b052d867e56baa600044ba2ef8ebd39a2ac92473f8010b765d
SSDEEP: 3072:tuPxEd74ccfGtsqPQNu8u7naZ+nwUw81cGwqcjoX7U:9WVfGK/ubakw90bcj
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Big_Numbers1 |
Source
http://meritexchanger.com/aritess.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADp
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
}@hxg e
N	`exk
?)w?	X
Hii-=|
o)=n#yR1G
%T9 	-A
iU9="<
tjCD-"
B)LC"Y
%xB@Y	
RwC%	C.
hT68JH
FHk?&:Ca-
 lrzTi
Tm+{{+
8wdiiG
%ytR{mt
$VH$qK
IB0`wh
o ,5M0
6@k0]4a
yZr,QQ
	tH5[U
"(PE#\
,:nN6/
|?/Kfr
%nEWpE
DF!2CO
{_vl15
3+-b_31
|b;_F}
w5?@7M
BP8w&=
P5cX.x[
LUl%~	^\
d^Uc9m
z&iZ.E
1#PN>N)
"8o2].
3uDg>N,
:}{5=B
wipYb5W
i#2$Gv:'
F)6d8zFKG
PTT|	.?
Z2X-Gs
q<4{>JV
&[!uONd
Qqq5E5
7<Fx#Xa
zVZq(}R
Zn<in,
1sbgq#
(c,,!@
yw~'PU
')BXPl!
BnYDtl
>Z<UtL
x+:L^z
"pbfg`2
 A&hZj@
5`K?'w
I,$H[u
`Nyumq
([TQRRR
,[ZY^	
7n_U{mm
<K+*KD
bEihP*
(Z+7b;w
PkZCrxg
l	36`U
v.Wt;~t
I"4D\}N
{%hPE 
u~I;.~
H?=z/0
VgE;pb
etM=.O
1E@r1E
wj#wiW
=S>#Oc
@HG:(f
W6\?rK
}\[7Nb
6;r>,s>
w6#[=x
6k0L%f
l2ozV^
1-,XTF
o< E?f@
 ,xS(bB
68SFK(
M	G2h0&
R!W$nH
+6k^+z
_Vr@6sgJ
H[I$z:
_@V6'q>X
F6iV2]
MNtSt1
Epq`HJ
0]^U%6
n{,I=[R
7-7^wx
a#}d7J9
&[J@Q<.R
V0]z	z
e^48BIC2
ha2&c6
#H|;YWp
NqRV7aZt'"
4G".c-
yHia;m[
)c"*;JA
AeK'dQ@
b}g8cF`
2cuZxR
5~tE;XvK
Wghw7x
HMUtPuf
;#t	RH>
gcv}N6.
HmL.$P
,FC6(!
	$F<`tIgt*Q&
681'M)
<d0{c~
3p {MH
I]7vl}r
1MqbS$
\Q#19K
mo\.zo
?71^:69]
^/z`{a
	L@QMH
&PBBJ|
](/C~B
,v)ssk
8i(+%1
n|l-[k
xQfMkUs
\O '"n
a&QOJY
Ue>jzR
Sg%;0B
vl:i'%q
Om27s:
\.!"j9
ZAR@7.
f.X:sp
EU}E?M%m
+Zh)tR
aLTRQR\
!	hM`8
dzsXQ;
1(<wJuK
3<g@\sx
+#T}.{z
A%Y1Gu7*
5g#fQ)
>}3gHbL
!X|1wG`D
+K!wdQ
*:kBo+
"Hhuy9
+t1cXb
R	&o!>
yH+M*dJT
^fo:aE
GbUJiU
:?\_&[
<tu	XI
(e]Ag*
r(%`{M]
_<X/Jy
c/E ~W*
2b?K](
-#rkk0
l1|a\W
d6.6,>P
B?*33Sr<
=1Iu'w
Ay3::[
5t&y38
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
["=b{ 
\xGms!*1"O_/i
epP-]|Uf
pae/k4(
x:wRoV
6a?{bi
kN#{PyHA
#%V`'}
.;;7kL
g$)tza
Y% X8J
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
ModObject
ToByte
String
Concat
MultiplyObject
Boolean
ChangeType
LateIndexSet
System.IO
MemoryStream
System.IO.Compression
GZipStream
Stream
CompressionMode
LateSetComplex
ConditionalCompareObjectGreater
LateCall
STAThreadAttribute
iAul.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
GuidAttribute
AssemblyCultureAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
aritess
aritess.exe
MyTemplate
11.0.0.0
My.User
My.Computer
My.Application
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
7.3.15.4
$67711228-7c67-4fb4-a4e3-8197c8bd83b2
Copyright 
 TR Nop 2014
	TR Nop uZ
TR Nop Comp.
TR Nop Library.
TR Nop
_CorExeMain
mscoree.dll
333333333333333333333333333333333
333333333333333
333333333333333?3333333333?3333?3333333333?3333?3333333333?3
333333
333333
33?333333
?3333?33?333333
?3333?333
3333?333
33?3333?3
33?3333??333333
?3333??333333?3
333??333333?3
3333333
3333333
?3?333
3333333
?3?333
3333333??33
3333333???33
33333333
?33?3??33333333
33333333?
33333333?
333333333
?3333333333
33??3333333333?
333333333?
33333333333
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>