Sample details: c953507d30d40e41074b862a36f8e7b5 --

Hashes
MD5: c953507d30d40e41074b862a36f8e7b5
SHA1: 3945d79dadca3c6b0ee44ead8d975e7beb95f74e
SHA256: 6ac38091a850ad01e2d1473ac67e0b161c25edc1aeba402b0f58659907a5164c
SSDEEP: 6144:0JaGlxDDyqGKPjQ0Ag32IsuY9LOeoqR0LtH5/BJu+s:0JaY91vPs832IshLhl0LtH5G+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://gg.usdipc.com/bob.exe
http://gg.usdipc.com/bob.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA.iY
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
*\$FW1
2&E'/m+
H{%|V+ZG
@c|R!Q'Oq
`K:0]OL
'LFrJ`
\=2.rE
Z ?!r5
 c=HMb
T^~~!g
!EY#i/
o9w}Ui
XzT2zD
d'h/D 
Z&*.-2
Z/*.p2
Xpu0=vaV
os$		Q
5cTQo	@
g.OC@pZ
e}NLA-D
t?}BS,@*
c;B,L	C
T7qQ]*g
2!7pF6e
vSTDF=b
i9C_]=X
(~9pR:	2
S&qIV=Wi
e'jLP-Q
?Zo,dp}
v\w^7Wq
H2+(e%
H2()q%
_.:)|*
Z&,.p7
n?w9SZ
Gc~E;s
Z&,.p7
IDATx^
f8!r|EH
n,`Wj	V
89;b5q
f`b{h	
=ix$dS
0\C,8OE
7N4W_=
kcln!D?*
7WP+"<
|7c?UL
[wZ~1Z-O1
!x_RsRTD
reHGZC
N6MZ)&
3<O~:hz
&sDBfU
%%+E2Uj
Hrbh>[
)FcKB)
ihRWvTG>v~S
[ku4w/v
\KLQQ	
%U+22K
)_V<pC
\z`%Gv
KD0Puh
d2}+uB
=Qhmi:
SFcT(W
._tzqP#_
W5[1#B#
,D'-!f
~+`CT.
)W,8#i>XW
i}jaH&
sl_/9r,
bt>t'P
2@&#j5$
B`<sRV
Z sIBx
/Du"2;
ER;?-O^g~6,
IYQw##
sIKv]~
 SER7q
bjxOn+
V=_MVh
W.V;ro
>8fh&ya
bJe4XT@ehGX
drCi>4
Dj|Z>e
f/!i!.
!Fz6B9nFh
av]*#~
MW5[i5l{
yX4>+3
AGZ-^%
r!dj6D
nrsm`['
;H;'%X
rrKF3hO
'$m6@[
$=FZKc
y~(Aw=
h:S'4:I
tIg>je
I2F5[W
/YoeS[~$
OVUE|A
8|M74G
<uB9 !I
ZTg 4fa
H;JBN}m
1JLXv"
%pbj+HE
3ii$dG z
[4<+4lvEwy% 
$o !h('
`]/6PB:Px
s!\'iw;
1>E85\v
`\}G-O
sI/U;`u|
itd_AT
M\ 4>Y
	,f /|
[G	B8[ n}
lYPj ]
]^iAmR
#9kF	V
D.x&^`
u2&^1G
qJ]9k2
j6@f=dx
,P.\0	O
*W$PcU
[U4"b/:
cMV(x;hf.
RQKEDx
GgxBP:
jVM=<!
$3j\*]
>|rs2-
kZJ=^e
0#4cr-
SYgo6%
^+q+'p
B*\lZj>
m/1I'x
ujI/k2H&KR"*
7iE2AN
SV@	X*
mBG2+>-
Xx^PDh
X_0Q3d
yQPh>&J
o5LIxJ4
Te,tPB
):zjMY
uDrwaFQ
tQxu1B
Lx{4-+
b?Vu>k
v3TUiV
TF'd8q
G}rK|U
Q5Og&v
=CmUg=F
j`Yu	 B9
b@g%|f
0'Fm\Ed
(*(4v{/
lUyhMX
>4vJ]F
t+B8oi
6jg18&
k1tf/m
"'OBg]
I%CD;;
Tu;%rB
P)VYfQ
pH9>`q,s6^
u72)YH
h	14#*x
30+@/x
ICc4N2
6#cmF}
cJALh"
j@5M2-@#
?z]Lc%;-
~mt!e+
q~$}Ac
Scu/3u
m(wu<	
#KQO	x[
	 b#C3"
Q0AAC6D
@6a]NhN
j%lVCN
y4P4rP$
Ecv;H4
DM:F?^kX(
NfKJc<V
<.CJ}L4E
E2mZ[@Cq 
"-:dL5k=
)Ah4wk
@k6t36
D&l?/f
$ZduenN?
D!A.-;
zAloom
_[g:_b	\I
HZpol!
Rd 3I4
s8mC|,2
qrZn?xj
gP=0!m
m_)<>jup
wcWHnm>
~NLF6*
v2:(Kr$_
<frlSr
tv41&e
5Hcd(A
Cpww'A
W5553?
grb8-'$H
?AS2\|1
PDSd]A.
>?	)G 5
c0|`h<
hYJZJvX
	CFGtK
k.#_3}
Jo%Q/)
MhL"cac
'[OK|/G
6M5s7)
p\0&^K
9J9SiI[/'
e*)C^:^
y0k8m W
rswP$ga
uJ	eZ+
(.`8dJP
Il.B(6
w[vPA8p
EWh&ce
1M_Yo\Q
3<bW8.gX8
T^J}lMb
A!G{6F
fyM~4k
l'ivb<
Ow1N\8
tv<p=m
vY}.GiaeO
<1W6&cye
0g7:Ea
^rR2Na
,o*ozc
ipd ~I
9;|v2.;
8E>R>i.8*
Zh B*n2<
1"#pLc
9Xj9K%
B't)$Gq
("[@~>
n/|fv/
f;+Km<tG
&g^=R5
y^qrA>I
Lz).lIW
y?|}eg
&\f-6a
5<nP&6-
2R<IRTi
~qNy6n
vvE}42
=/hRabG
BX1cJU
"i~B?	5
Mp$wU[
.@&?C+
wMh<Nm
)xc?"tH
5D6Yo>`
gx)L)m$1R
xV2q@Jy
a"i''Z
.V9r7C
X`a;$$.
/t1VP7
LS7N2)
EFrK b~cI
J_4zH_
yL_,N|
ue!c`p
<OXUcK
(t4HC~*N8
i/MWLp
K@k'lL
CABW/M
\3sflR
*{>|C9
Gw+"G5
"A`m)*"M
b|f^!h
&GCV_k
~HOHeoP
Z^@a_" 
**xd/>
TCWH[ f;
OODf0y
: 5&9,T
"R=`/|O
#O/eSv
}[Me}}
!U#/th5
~;fS.A
Yt_P(5
HhV+HP
nHdm"t
d2R~vr(
W?Lb?4J
{^" Z737
X\m+@C*
A+rn>c
D&p.z3
lh_Kl&gS
@#?%sO
A~24p/`
x7wRsb
Pu4AY5
Ke3_64
cP/@&)6F
o:	qk!n
=0W4Bm
h+Cx(5
7gu[~6
Q0R8rW1
-b@&a9
OVnA]6D
H}|d{J
y):'Qr<
M?$'HM2!,J
5tP+	S
q&xC8p
B()55q
3-'[a(Y
9Lz>S(
zNrC5gu
i$fEt}y-0
AZO`DM
;AjgvF
LlYAV6
^?~WY%
JUQsk_>
\gvjNr
h$*=	K
u|h845
8IG2/_
HT	JPyB
gm,tEoC
"FViy{]6
r`nY$~a
9}lN|k
1}E(>(r
CNYg<r
EB-o^V
kvysm1"
$NBB:^
'AhF;)
(34(J/
?}hN$b
{v%HQ1
1x310J
FAGk7K
xx"YaP
{LB/[Ww
l	jk,t
:C7JQT
5)&Qk`AD
pK?|IS'
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
LateIndexGet
AddObject
ModObject
XorObject
ToByte
String
Concat
ProjectData
Exception
SetProjectError
ClearProjectError
System.Text
Encoding
get_Default
GetString
ConcatenateObject
STAThreadAttribute
uCa.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
bob.exe
MyTemplate
8.0.0.0
My.Application
My.WebServices
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
	2.5.10.13
(c) 2007 Archer Daniels Midland
Archer Daniels Midland Now SKK
Archer Daniels Midland
Archer Daniels Midland SKK
_CorExeMain
mscoree.dll