Sample details: 2b294b3499d1cce794badffc959b7618 --

Hashes
MD5: 2b294b3499d1cce794badffc959b7618
SHA1: 9aa826795798948e8058e3ff1342d81d5d8ee4fa
SHA256: 699ec052ecc898bdbdafea0027c4ab44c3d01ae011c17745dd2b7fbddaa077f3
SSDEEP: 12288:5qIrEFD09leQEA49darfr3/2AbitnVYE96ltR:5AFD1A498H2D
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/RSharedStrings |
Source
http://94.130.104.170/Win32.AgentTesla.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
	-Z86H
yeC,!w",
JGlMvl
Q\(p-7f4Q02
kA^GyZW
ds :YT
<K&F	'
w8u>w.7v
~B~JB`
,hNKMm
|`RaF`
n	hXgcXg
(	C203
uMTPLXw
v._\ey7S
[_Ean/
!w\[mcP8Vt
w	XVUM_bP
<CcS\\?I
.8.:C P
C#Q4B+"
gO69f<
/{5,zT
ejH8>c
501]4{
i-0<iYh9#^
9sYQ"7
 PW^lt
R^)&)D%o
!#c0}<
Wp@FqZ
[Pk'NQV
J"!z]J
Y<#&(v
yRxOZF
F'!c;W
dWRr${"r
12DYsJ
~^3!QN"e
3=LJM-
Je#?,_w
Mc3-@l
|,tl'%
<\@q	=x
h)2i0r
@Eq,tj
IDATx^
&cNY]6 
n	?Ayb
X<;vWQf.
0Rf-dCT
G-xY>2
,#2o/'0XN
	v/Oxl
x>*\r>Y
^A[$aZ{
s&i+@6
R\;zzu7|
	QlkG9
cbE@i[n
cSE<<	
sA!-fg
6;R[\C
smF0$Zr
Aa-GBp
m|i6~:1
1s'7c~
3o|<;R
v,-F/I
pI_%D8
c[!wGm
i850f5
57IA\zFX
YMuMf`-
=h'oE[
\u+;bI
0YS<^E
F6{Rlq
Nw;A}Q2
Sx[S?dB+
O8hOV~3
ya;KuL
_P6OQ|
|)\J\W~X
5RUgqr+
bp2hdv
nL`o*T(9
*{	C&y
!(>1{S/
Q%8f:h}
u;	fK`
]9Vp0T
#gva}?
*Ueu$p
|B/W&2
$uk' #>=
cW"unj
0HgC@I
I-G^sa
b%*'.a
Af\%0|
KF=?*O
0Kp1o0
:EV?Jk
b9@M!.
`Q8IS 
4Wk?9iN%+
;9U[Dwg
>1W3N>
Qct _m}V
Y<FCI@
UsoDmM
,N7;1U 
J$HQ(mjV
]ai'eaw
WO!F3I
j z!4U
IYo=wl
n^xb#T
YvX~&Z
#tF!?I-43
&^hGk'
q{Y{5Q
@~}b<`
{M$T{or
${KKb%}
e(i1zN
fQ*WP*
9GNlio
n/".^w
rOcr;1
A=b@	I
[,@H~4r
UveA-8
J))5n:"c
IAQW&OR
3f}s)""
9%>XN	
id[57/(
q>eyJF
d$r'KB
?OF4(q
+54IS1L
']]=q2
X462}_(
3F>ld<'
)yXrl4!
#gizeQ
0%A2:E
9uZ+%Aj
|VZ:%7
=|qu?$
Elj!G|u(<
"K9{xYut
tH9+Lk
\641i89
H+[U;2
i&5wj.
ir$tuZJZ
3_E[rC4+@
WOe^XY
m<T><D
1V k`g
	Ijl6v
i@e]L}l
%wmka6
OYL%{\
>pJ?MQm;
n5'&F]&
 64;~\Wq
{A*YM]
QF/Kk90
8~RwCl
g")dEN
uE^H]l
/rD1#oF
-::Kp_
i6[zjxV
5)F8(WO
49	*l:
Q}xc|K
-kT&(n
#D8sW~
1c:42s
./hIfV
G'?dS,
'hwon^
>gM&5s?8a@m
[K]G^z
N@(/gi&
7\[NR6
M=XWk7
Y\NQ,e
yYnh;~
HAq?_V
}v]VPOhGXnZ
_]?07|
Q1\Z;/b
*:*b,*
W1&[C0
"\,t@N
L*%Jn4
$)AdaW/
UwHAGsTjk
L6dyC9V
txzegA
9*VLP[
nj,.KY
&Acet3
ThI%3Z
hcQ_(i
~6^Q`>
kP:|${
 $L+fO
>%=R)jy
;,l6Y+
80h*e6
1fSn'o
nb:Mf&~}
zkWbYaE
pT7-cH:Hs
P9!4]M
#Is	Jj
N}x+7u
	)Dp>d
[M{@)S*U
vejY4KI
}t@JCh
N0bb-7
F|X	-NX
SO#7 p
H!:_?=
xUdKRh
>8jGV~
lgec Y
LzYrX-
=]c7u+
H&bW3D{$
J0,B{Z
U*z#ho
a73bhZ
')pTmD
yY$L}v
Dr6{<9
+GW	dK
 D{[8Q
8W}B3I	*/
2QoleNglR=
[qtL6(
~QSJ7*
o~3Jfz
X!;*0E
g:D{pf
gM"B`y
r;'NRC
/d{|@A
D*zMTU
&d.(#g
f2P%#;y6
YVzP=u
N*,*GF
?r`i'H
bA{O/h
g,,^([
"a}9Do
CYGPR>
X"T|A:
Xl*,xW
ds*M2!
G+HWQ>
A?*v[5
@& ^!Y
sV5P>Y
+;noDv
*8,_%V
n:Hb1d\
`J/[i~[$
Ms$KgB
1?fu"y
*gvXn(
AeG}Ux
Z4iogS
:VpApor%
f@o%3&[3
Tw *R]
a'pHeN
20('@%
RTe{uE
0D9oe.
HQJhRe
 s+_s[
KLPi7y
MzYElZ
oO/>r#
3FD9<X
,P%A9ml
?3ez	/v
MSG/)x|
i)&\t^
 Sndi,
zx6H9'&X
UDy].3
	|+8`O
_NFXU\
5'7).44
6%k[Mt
QW0Brc
'`IyVB2
R *5|h
Tp|ff]
s3-[}@d
l"l0J;
YWl"e@<1o
TE	 T^
o,%k4-U
k`)?TV
_6+ewD&i
M}sX %
}fWT.y
F1X6)^
StxH4"K
L>rLc#
x{OwK:
0gLwRR
Ui(Y>pO
yY0?R%
%hsL*U
} ")Tm'V[Z
/I&LC$
.6s2~<`
+1l]B+
`M<vb\
<v!t<2
l`rhqp
(&ZU{/
R+ljdE
6F!C+b
N3p'ah&
Q!I),lC
3Sg%)b5
\#kLYc&VV
dL91_8
:Z5~0;u1
~!/Sfri
op-3XCi<
M}HXCA
?0]o\}tA
Y4wIk&
e#5xj:
JiGgJmV
3|i`Qb
Cb+]Ct>
J1[)D>	F
cn	No$
,_R|-v
R$<s&O
,T\7q6D
,Wj-\C7
kEQE)bOn&S
-?<U&-
3*FS##S5
<=4xCQE
?	STq_
c94r48P
Z#[1vec	o
$D6ozop
*@n:-#
erwgxR
AG@n	>./
G<i5Z:
UXi5d<
 1f:An`
,	Fc	*|tM
?ilHQY}ee1
Sd5gO,
-`M|j)
nFNnSU
u@bCFT
ZJ  gF
Jz*N+[
6r6};mYL
^]1gz[
@e-}r|#
&i(]u4l
7]8oH"j
f0{<_j
i<z9Bk
*N[BtFL
b(;:TS4"
gmq.~Fz
W@bNQP
2)QAo)e&
EBZ)P-o
#rNk43
Fg-xAG
2-l#\B
!M/)OmUNGg
3!1e^Z;}
Q$'Y#"
QumMka
Ui7^G_
~>T.Eh
L&lxkE,:
/ozzWV
7<17m	
"+w53s
uww=_!
t8vFCh
_Mxj8l
e-a8;n
V"NHNx
.t:'9H
	&tLNP
jGZ@~g
)2Wpo]
27=?Bip
}2'P c
/ZI%$.
/]Q\&t
F<`4j`
 g?eN	<
xRhaZt!M
`voG8+m
^niI< TJ
c1BF:5
BCtL(u
Md(E~r
H&2M_c
g&,_d!
,Cf"w!
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
UInt32
NewLateBinding
LateGet
Operators
SubtractObject
Conversions
ToInteger
String
Concat
ProjectData
Exception
SetProjectError
ClearProjectError
ModObject
LateIndexGet
AddObject
AndObject
ToUInteger
XorObject
ToByte
System.Text
Encoding
get_Default
GetString
ConcatenateObject
STAThreadAttribute
Bmf.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Po160118
Po160118.exe
Hjt4REI
MyTemplate
11.0.0.0
My.WebServices
My.Application
My.User
My.Computer
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
6.9.1.5
(c) 2015Comverse Technology
Comverse Technology Cemp Kopl
Comverse Technology
Comverse Technology Kopl
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>