Sample details: 30c35d8c6f6691cc967ef79d3847ee4c --

Hashes
MD5: 30c35d8c6f6691cc967ef79d3847ee4c
SHA1: e7c94298f843cb89039b2dfd5531a46ed50cf5fc
SHA256: 9e7645f45c092e203c5795663a5b8ba0862987a5e4a2d04b024c935ed23e032c
SSDEEP: 384:B3ZsZrjpFINb0vNZl53XZFk8990ZUjbd/axM8GTf8pKc/78+i8NxBMYXkat:B3ZsZrjpFINb0vNZl53XZFk8990ZUPdK
Details
File Type: PE32
Added: 2019-09-11 00:21:26
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://hrpm.ca/images/ldn.jpg
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
User32
tcvw7ieutw8346etr23fUYFGVuygweurfy8o79tvbg8oywiefgwugfvCFTYDyutgvbfrdyvtrcqewd7vuyqreytu234tvrf68bwyegyiuy29384tyun894oigu34wg3w4hrweeh862q3tgf7qiubyeg3f8o2
rdtvfuyuiy8b6i7ti8ytgukiyewjgfukgjwegufhwefwefwrgewset3e4
<Module>
CreateCompatibleDC
ReleaseDC
DeleteDC
GetWindowDC
System.IO
SRCCOPY
mscorlib
Thread
System.Collections.Specialized
Replace
hObjectSource
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
handle
DownloadFile
CaptureScreenToFile
CaptureWindowToFile
Console
get_MachineName
filename
WriteLine
ValueType
get_Culture
set_Culture
resourceCulture
Dispose
EditorBrowsableState
Delete
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
NeutralResourcesLanguageAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
usps.exe
IKUehGeJINeuniuewnruhgMAinfwguhjew342rrewgfwef
System.Threading
System.Drawing.Imaging
ToString
System.Drawing
cergtfdvtygfuyrtujjgwvebutrywb7uyt2buyitwb78rtwgeurjYUTYFGBUVRTYDVTFRY786234ry3tb8y4ugfewuytfwr7eu65vt3w27b4iuyriwtgeikuij67lgw87rthw23n78oriu2yt3c234rwresfdfhgetrsh
nWidth
get_Length
AllocHGlobal
Marshal
System.ComponentModel
gdi32.dll
user32.dll
Program
get_Item
System
Random
bottom
resourceMan
Boolean
CaptureScreen
System.Globalization
System.Reflection
NameValueCollection
WebHeaderCollection
ManagementObjectCollection
FileInfo
CultureInfo
CreateCompatibleBitmap
FromHbitmap
Loader
get_ResourceManager
System.CodeDom.Compiler
ManagementObjectEnumerator
GetEnumerator
.cctor
uwjyernbhwiufshewyiuegrfdy887m3huergimdskrjersrtferyteyr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
System.Resources
fedex.Properties.Resources.resources
DebuggingModes
fedex.Properties
ExpandEnvironmentVariables
NextBytes
get_Headers
ManagementClass
Process
Exists
JHjhgfyiuwehrifehnywrliuhfjeww23434twtw4t
Concat
ImageFormat
format
GetWindowRect
ManagementBaseObject
DeleteObject
hObject
SelectObject
ManagementObject
System.Net
nHeight
BitBlt
WebClient
System.Management
Environment
get_Current
oliutjeoimrlthgkbgeiy8urguh345ergd4e53ytrgdrftewsrt
nXDest
nYDest
MoveNext
HGiujeroumth934y5hteiurhgeiuhtgdrgte4tegdfgertyerwtrewtewryt
CaptureWindow
GetDesktopWindow
get_Assembly
op_Equality
WrapNonExceptionThrows
Print Version
Version Prewiev
 FTS Global Corporation Missisipi
Copyright 
  2019
$c62ea7f0-e5d9-48f3-ae45-14dce3f4a1cf
7.0.6.0
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
C:\Users\User\Documents\Visual Studio 2015\Projects\FastLoader - Copy\ConsoleApp1\obj\Debug\usps.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>