Sample details: f26bc3f9cadcb81b6cd1ffbc4298df94 --

Hashes
MD5: f26bc3f9cadcb81b6cd1ffbc4298df94
SHA1: 4606c70e13e076a66818c6d8d74e57f5c2fe3842
SHA256: 9ba7f06d466777c02fa14e28bb5fb5d6b88868c704413b0a790204cb2e0438de
SSDEEP: 6144:pH6c/uU+z69+1DWj6kdIpPlVmtx2WVEcy4eJ5A9Abpjvdtc4dP:pZ/XuZjtiSRwenK4pjv7c+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://aboukangaz.com/xls/comm.exe
http://aboukangaz.com/cruxifix/comm.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
C>uZ f
=eKZ $y
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA1
*	NhN!NrN8N}NuN;N~N
N+NHN+N
NSNtNqN[N_N@N>N
N:N#NUNrNUNhN_N
NjNbNPNaN
NLN@N~N
N]NGNYNONTN
NBNJN\N	NuNEN{N
N!NnN N=N
NWNQNhN
N4N9N}r
N^N4N*NON^N{N
NLNGN!NjN
NzNwNXN
N>NTNLN{N
N<N|NeN=NXNhNUN
NfN~NuN
NQN`N8N~NgNWN^NaNgNPNCN
NqNJNONON
N6N:NXN<NaNlN,NXN
N{NFN_N]NDN
N#N~NKNaN N
N@NON0N0NrN[N"N]N	NLN^N
6&N5NFNlN
NjNNN5N>NjN
N}NLN,N
N2N[N~N
F.NWN.N
NINsNfN#NDNwN"N[NDN5NfN
NdN]NeN
N~N]NbN
N'N}NDN
NWN5N-NSNZN/NvNoNjN
NlNLN%N6NvN)N>N
N|N#Nfz
NSN]N0NTNdNYNKNPN
N@NMNlN@NTN8NBN#N
NfNRNHNJN~N<NCN
N>N\NVN
NwN7N@NiN6N
NMN%N%NoN
NVN{N1NyNBNKN
NsN[N8NaNQN
N&NTN-N
N NsNaN?N
HVN*NVN>NvN
NiN1N5N.N`NgNMN
N(NDNJN
>XNpN/NnN
NJN&N-NKN_N<NHN/N!NMNaNTN
NiNEN%N
N0NYN$N$NfN6NoNcNrk
:ZNzNWN
N'N"NFNJN
NdNkNVN
N!N_NUN;
N4NxNsNPN
NXNjNENMN
@dNeNsN'N2N*NIN
NfNYN)NrN+NmNbN
N\NUN_N1N}N{N9N.NcN_
NgN^N>N
N|NVNiN^N
N@N1N%NEN
N[N	NNNqNoNTN
NRNSNxNKN
N,N+NENtNDN
N#NiNHN
8iN\NuN
NPNlNtNhNcN'N"N\NUNXNiN:N
N=NeN^N
N,NBN&N*N
(kNYN'N
NWN(NeN0N3N
N>NaNfN
N{N%NpNZN)N
NYNvNeN|NbNENXN]N)N
N`N@NMNt
NBNoNENBNxN/NwN
NHNJNyNHN
NMNoNhNFNaNjN[N
(sNxN*N.N
N}N{NNNAN4NFNiNGNcN/N
DzNcNoN=NhN0N
NiN4N4NvN
NKN+N[N
NiN^N{N
NVNrNBL
}4O4)[
,s&7~Nu
YMLA|B
f\8ICY^
W@{<\$
g\*<7("m
LrxHpz~L
~_N'{D0+.
\\7.p{
3Y9[l>
&gTfBo
(pJij_
A{{g8w
gB$&7G
}W	VJ/
C&/N	&
H<kTQ	"W
|S~-KC
B<b9"#
/q@6wzs~&
Qivz_e
$JM*`G|
)KYkU4
dZ] M;
,Uw!S|
vKt)xugv
2$i\Xx
?lB7.m
IUy"}CPa
?qF^WZ
i=VaF0<x
q'1o:.
%mt~t1
FVyQR>
RdsEfZ
s6 +#a
YegRm9
!\(ei2C@
RU,;=>H
 )}4j@f
]?iVd!=
nzX]{R
*lO`~k
QV7sV;i
JgsVG0
}94:sR
/k:s5K
U3<j49
2.r$Mz%
xe1l5T
9D7B{Ml
i Z*GE~
	T	`y\D
V?3yby
-$knjPO
v#!aG7
=c:x[8
U|&?b?Z
u_`8>,
]NU0-7
<Pxr8H
#g;](~
|R:}(i
>65X-fPC
#;h	wil
r10?{Q
U	ny+D=H
oEe(C))dp
$ByDJzx
tR+,@L
J#dQ{3
}LBCn 
VEWg-&
3l<F(Mv
LL_{zo
]LK2pFO
m6$'ns
My; =B
^.3:uBWC
1vl:'-
GJOXsy
RF,eTd
1t&!<G
2#UAm&L
JeaIwR
Ou	w2+
\V{i3\
i$yi6=
~GQi91<
KWW$#oZ
\J[{=dj
XT%:10
"~}~)k"r
ovp*e`
rXB=U>
i!>>D}
759iy[
&vXKjv)_
F9J]V#Q|
 l|5X:
d)I 3D
NfSMe<
-<P;4(
,5vk6+
MlpnLV
6Y`LO'
DqSg TX
8,V`6'>
Fn-" fr
TKP7be
<!23.wV
aEBOMo
S)j	M9
;Q@w4f
l$lS+~
lzyHgh
 xK`W6
P@k/2*s
~_tn@%kf
3|pyY(X
49$mx.
>mX5FAb
m/s]!3
j'=b`8s7a
h} &kBd
X8<a3G
=mS1lk=
_Y	EW+0
nD`},)
i+=>Gc.
Ln9kctV
nC=T>Y3m
*P648K
u*})~6-
:e"6k5
/:5~FC
yQEP|{
4gbTz$
@-1`,^
$"Y8ef
V}z5a-v1
rzX{~M
jR2DHN
$`C	k<uj
K@wqo0OY
Lu*7feV
RnWH~J
t(qLN,
 d[au/,1
 1i%Ea
okPq8J
au``s	$
caqNTT
us|Ic@
|!+Yes
.5pQ/1
TXB-LY
2=S9I@
?h]1bA
`y\Z=m
;mzXG g
-u7J#]
e%qq4&c
<2[c|'%
ex@;O(Gp
BEkr(jV
+	69{G+;
Jk)y|`;
0Ki	io}
aOFB\@
Gn#@A]
lN }c+gp
1%ABxbc'
&KlWr+
WnG3t'
oX6&ZK
U'CCx*
mjL6>(
>-7XQ?
)]dU?m(J
rgg];\
IiDhs!
PA/5j&
Ac^ifz
?q6pWTt
6(?D;"
h{7&$Kw
j#ML5W
)\a+D1
QRNF/Uj^
6=)r'4
hf0i>c
4U>OY&r
e:0i!K
CahT16W
+/U|5[
)K9oKd
812V bn
ziFH^E
d$l!F4^
f,ZG0^
?1VV1b^9#
ZB*uG(5
t6Xie4
Xj,gwpH
P=#0/h
T\HR0^
p myd!$
Z9&8=b
ipxFsq?
@n3&n_
}ph!A>
8'yrYg
B]xcAZ
9k /xT
,aeT_]
5yv&C?
]Q!b} 
)z7F0U
dR6\X`
(sc2*(6
1g#*J@[L1_
q0c9\b
GG&POU
{7X%m,M`
9*7Hnp
9lN<0&
 d`clkK
yhg]Vt
:q&I.I
?;^}mz
&?|-\u
=L^5}[
bgKaA'
%0@{%%~
Ge]C"i
_ILD!t
X)5D3,
B}Ct@M
W1Jn_2
TEN6la^4
h{j*<t
]TwfpzsBwXP
bd?w8w.A
0YXt:-p
3*<11^mU
?Ve9np?
+Zd2um
YFZ!HU8Q
*'y{#cB
ottJ S
wrUsb2
BJw}F]
 YeptNkt
qSI{|hNN
ao-ENB
l`LBWf
F|%AG0D
[G> ~Y
'iSi6x
@UC_j~W
A0Hnsi
<|cotI @,KQo
oRf]TX
>TZLOP
A.cD?i=
x/>K|3
%i[&ZT
ck^+m{<
|YG7pq
#e(u%E
:#$G:!
9Uw/F:H
3V>4IhU
Oa6!YW
JW|kMm
}+rLhE!,
z&J:28
Q/h]:o_
gdJ2sDA$
b>go,/
}mb"ySEe
b-F1o(
`|=QV0
2\`&95~
w>7I|S
<?Au%P
$C@[>G
\JQvK2c
)%P:0V*
Z5<Ww+1
`g_WYP
'@;O0y~jZa
DZpx_*
hlJjI>
K;O!(OHP
]WqO#|'3
5?$87l
L[^JM4E
@tv2Dv
-K-KM+Ca
:<R'A)9
%4X!MZ
%|guUY
-!\A;B
;I_([9
OWVBv<
O&Tx_gc
d)|B_`
ai}qo))(
8>9+O9
E#'.{j
<433"j
_!w2+m&
B_YUzxf+
VsA0ZMb
T1;oya
*VWR!^
e7I!E/
DkPY"n
M-t+]}
y$x_#C{
P>*=sv
NFUcn[
#D,,4x
6] Obf4
]|v!OS?
vu2ABR
sv<w@Jz
nb*6Ul
_,9}9d
L`K#VP
I@T2SAZ5{
]9?{A 
D&CZ&1
NcE@qP6
*cae}OG
J=0e#@
s)T!u,
iJI;qy
>iAvCi
r!!|MY
n?RoQ}
c@v#?q>
n|0jWs
9YA'c,
8a8#@A
:8,#_~
z|{j":
M){#"u
?iLpmB
tb]v$v
yZ}yx 
%U|D0	
Oz~oAa
'(X#V\
GD?Rg%,
C9Q6w7
EA@`CL
	U9X0`
wQ9}rTE
#d`W|z
-f\]gJ
_+3c^YxX
*='JXDH4
*~3tW*
'^o)Oq
!.IWzX
Zdpi1@
v9@Bpw(H
RKZ\%<
m.$R@8
1[X5L|
SF%|">
dNIC37
)2"BAHo\
''L<ujx
FN9f1N
`)vv/g
r4Z)-0
3pybcAf
E,dU?D
E%\;uhP
!'+Pvl
E"*gL(
TmDn5IA
MuXe(n
(Myc<g
@tv"'b
b `HQr
.A0gS/
_9&){9
4J*K'&g#"
1L+l M
|^4KnL&]
|+Yea\
B^8-8Ai?Au
#kg\O@
Ds@Qq1
a5YOv\
y,_Z}f
,siy##)*`;97A
%2w\)6
@3[(&E
904z?Y
Xo3Ewa|T
))xVcf
+I]VSe
veM?c|J
Q (KV)b
hZP9*zE%
.YKZ:Hq
$v.dG[
h^&cu-
5X2gZT
%B\	vB
p-Y{'b-e
;ybGa!
Yn>U-0Sq{\
8%Osi9
-ITcxz
Og_VqV
&Nk8ktI
3i%!\I
.bl<Cpq
'a\}P7
{1a+q(P:`dM
5Rq8VT
pTU:|b"
F]<|a8
}zg^@@
K<H*TH
!TqUQw
EieR;= 
*N8(4o
u\FVy"
vO"Q7.
V7\&!/<V
yb$B49
#*/q.T
D!5*-m
x1]^Cx
&OHD&8U
#);@$<
fFZ346
qcI|l4r
O06k!.
~\2<Vd
yL99e@Q
zXQG6K
JK(5_8m
W*7(2g
XvbkTc
W?Iz3jg
{^ZClH
4I1QOq3|
ZWp+:Zv;
G{3-^)
4ZV.*SG
{A#Nm:
(Jdo:2k
.|EX8^
fW q]UV
`V>+<Oc:
1O0$.4
5,Ehi$
Gnnczg
Y? ^X*
ALeyrF
?1N1RXz
J_Eydc
AxSx!"
OEE\|7
Y)/N'1
l7@Ca.&
g^[__J
'}KAjUx
Z]R)b|@
en$@CVy4i
;u[$6)
gZZIY`)
YV{8.}	
.|`(/I
ly87p?]
Ult()W
77C6$g
+^Y9{d
<,Bh~[
	i{Mx[
)ta	v%
r}^|w7
W N1-	Q}d
V_+.nH
(BL=[V
:^]Bem
XNT{JS
\;#x8@
'U]M6Y
eUEIaE'p1
;gz^`\
l;fTMi
hd5ViF
7XMNF{T
ufapp8
BrXI}dA7
D1.	yf`
7'xlvvJ
0MA`w J
gOkyh[
=r(Q|i
![lR&fPi
(dc.l(
NU.	Ee
`<,I^\I
TymtVp
)!-NJ.
$Pk@7l
./.]`g
5th74nD
xFMbuR
\yl"9l
/%Fef"/
{V3!.F:
 E'OO>y
}aM#[b
h]8,~bJ
bNi~Os
[c)dj#%
>w$T;<5m
7zL:u;
Am]bg'q
[andr*FI
`dNvch;
P9rD0x
4^9\A)
_.y^oy
$ &i< 
4e%Pbj
g,D#IB
)?hqW(
F(+i`I
1"TTpn
q#Ba>9
N^%S\p
9.wq+qW
a62%h?
CO,]^K?
J`<*nn;
v4.0.30319
#Strings
jpKRjXq5dPlft3d7o
mscorlib
System.Windows.Forms
.resources
XQ2YZiEBvgrJvBG5ane
O0fTSuqEZiewc0eep
.cctor
Ih5L8b4SDlr7xuKp3IF
iSEgOAvoCWbLzRicx
Object
System
qRbC2ZdZPpYB5gn
ZpCof0atazchuTw
XE3t1p0EameEPhwu
ResourceManager
System.Resources
SymmetricAlgorithm
System.Security.Cryptography
ICryptoTransform
AppDomain
Assembly
System.Reflection
Exception
Resize
MethodInfo
sGYCZvplyAVa7mtiu
RxxGvyy8NN
CLFs9N3K9h36rYBaSQP
9H4kkJpnNrpM6a
NJBI14u8ej7Lk8Gk
4QcEM4B2aDqeP
9vvL7UgazDC4thL
Q1oAXtBf0eqE8t
6KWaeNmpEzYxLJ
0IaKsp39X4Op24ZCswd
57XLeGJQt7kwKf645
PropertyInfo
cNh7S9YcIaq2c5Fbrz
N2d7XUu6g7riVeH6RR
XSCU48dO5U2vy2T7
7OhDfBaHD7Y
BE1h0OqLHW7
HZPgH82PEeo
dwUNA1lwRvirqu
yRhRZAi6Kf6qFt
LCxmeNwsiNp
Thread
System.Threading
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
GetObject
RijndaelManaged
set_Key
set_IV
CreateDecryptor
get_CurrentDomain
MethodBase
Invoke
get_Message
MessageBox
DialogResult
GetType
GetMethods
MemberInfo
get_Name
String
op_Equality
GetProperties
6t7kfkWlExyjL
UI7OzI1XSb5dumsbA
Td52Ejg8J0OKBGv
oa4tqQQdRPcqaeitXBV
NGzKxi1ws4AjMaj
EZZtCYm24f
FYT7921oTzfX3OmqO9
sqViSgkKXz
dVuyflK6An8e
4hXDUvL02MeB1S2LK
ueh3QGPxilD
Hd8qdvTHsnvmx7
ZvJNg2g19U
NursgmgEpM
1nUge8LJ0ORPr8QTbI
x8RsIbDqp6s1Bg
ZklqMjplJEcI9fB5
5LZ1bd81Q8PYGKJxbR
sbKasHBYd0D
cqx5tYNitxpmlAPwX
dSXGXRgIxsPRVqBs
YxVSSPct1gl2
uV8IFqeKj1KImFO
OoSiv0K8rSenA3h6
YtBTgbVoZEEztd5B
yzJCfjtqRw8Fiv
X1HOXuyXM81bg39m
SuPpj4ZNLTX
NTnz0xdUvev9c
Vv30iTD1eqVET7aXwD
mwTEkbOV2XPXABm
o52vhL7Ebyb
gvDqXQ6Ml3SROKYuRj
Hz0wMphyJrez
9YIUiOqp1PMhynNI809
uLXncB1TijC
NFRNaf95heBZ
CZCWCKfr71
9paxKUeSNOQJ
9bC1t1r5gbPluecOOf0
fMqeHfYqsKEcM0Eb6
9uNcCCSeSRJeh
A4KpvLd0irYI5
EhP8DdgX71th
DDhypWuC4olqfp
8XDgMbPc4LQ
iM70zijPf2
AzMROij7nezVfh0mt
kcALn857lf
7A5uqeoq4qfFCwqerX
hLdZ5Up1J1ISMrt
EpHdfKnprtLMKn
1fK7aXtqP0sEpvmnPJA
3bIbOyeE1Nxpk5H
iz3JbpuveghBG
ooi0wTHxm1LDoCUw
fJwjRV3aXka
ythNsHseQ3sLV
e8Xqc0wrwuDmHvgJ
dTquBEN7zx9X
ZyTBX4mY6xyje
sVqMNYS8fVA
Z6rhZwyKSy41
ykOjaJ0XxFstZaqL
uKfZnRJJMk7cU11
fTErLezXRsl
aq1l8zffGu5N2Pcn3m
Cy5kJOHBrSRwdaBZN
GvWGGTiPFaoKK1
nIOhLsYyla
stLFttU8gevuHWa
4THc4S7NFgj
h4rpTrlr1q
tsLDwwQ3BO
MMDMJPi3qM
QLy9fDSoih4nApd95B
cEIszfUHvY67
hjX9yeNBkH
M5QeHTAsuVTc2I
CJ7hnsk3oxnd
38mrVuvaVRq2pX1f
52Etji0ejhIwlLjl4
ibQOCst8f7vh
mJbnUXSF0OwU1N
TCYAgEYMxbu
qk43JwNix5yY
lGkMme4b5TWfCq7
0ewmRAc6GcTeKBOE
e6NEq4xd3zBRJ4q1WT2
xtKlxatI1Ji5
fYtpfMiJdAZOR8QTshy
pH8gZi00Bxf71REs
KfGCSiTsY1sFeJQBhMO
0Fz9k21vOK9ZhPReH
IIReVjGdCGBpDG4Qzri
RYhiFe2JnRdboxkq
B1MctifPnzcA
Rm4qWNkvnXn8NkWmwk
3pkdlymSeIh6U
O9BRo3EY4m
Wvj0VavB8KJ
dDJwfhNoB12
kG62n3ag2z17
Chb2pOn2BA0
1hRzjyPTqOofTm
UWyiCY2WqW
GyTvRrzQUGKp
CkEodipnYR1WTEzY
BRGqHj9Fttor2QMlKcT
Xh2k14MD59Aq
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
System.Security
9xN<NbN
N]NiN6N
NyNKNaN
NhNZNANrN)N
)kNYN'N
NWN(NeN0N3N
N>NaNfN
N^N4N*NON^N{N
NLNGN!NjN
NzNwNXN
N>NTNLN{N
N<N|NeN=NXNhNUN
NfN~NuN
N6N:NXN<NaNlN,NXN
N{NFN_N]NDN
N#N~NKNaN N
N@NON0N0NrN[N"N]N	NLN^N
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>