Sample details: 390b369755d893c5dda36e666364b18e --

Hashes
MD5: 390b369755d893c5dda36e666364b18e
SHA1: 823ab393f0793a23bf4843920b727dee5b0b1efa
SHA256: a6fcb7321a6c40168941c15cea057c4d0cef01ca147861bc22fc5faa7c210bf0
SSDEEP: 6144:MJXjDO7VtChLTi+LXFpxOog4CBqZ5nlMBiSUIj:GfSVtCh3rrFpxOoJnluiV
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://home.annieberners.com/p2.exe
http://home.annieberners.com/p2.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.Object[], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA,iY
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
N	u7YM
5YoWYsAH
r%TP,G
pK|_P6
Hny-	bp
qJi=rG
/]@flb
cIa1q*
6gojLF
^`<U[+e$N
i7 T.H
_d"vOA
{Tkn0)w
0cQGj(nM
5ci_1\
{7a36Y
O4%kYY]
(J([X_
QJ'02(
}4`VIe
ITh]jq
7FH+-f,
DD[e$}m
HSuxEF
m+eSN"
FpvvOO
wj}+:p
9~|W3h
X (Rt\
GJPdIi
7Q\Zj5
i)SLxy
{sQdU%
l2I\:'
dH_PK,]@Hz
V W]RT
cMD;#A
K%*4tl
9qt5fE
A'#D*L
Y16Qo"d
H_opMJ
2X_Ef2`F
HX.j^ N
:y{1*?
WhxJG+\
6X3|L\
c8P9V4
'cU:G^
Zy_hSkZ
09~7Ix
IDATx^
cJ~	!Oz=
:4AK,k
sTC4F2
92W<C_
(0[OqQ
r20]CL
H,4Ti!
VI7	9(lQ
_;.\s%
?~#AC#b
WP=sTx#
sIRL-/%
#U2awj5
"cdgJr#
\Zq2<1
^Q-bXJ
]&ZJIv
,`e}9m
ljfNm@
^ l(Q=
J^y,S"
&7pd-I
-b#HQjJ<
YeH  rX=
w(d~uq
SgFN(N
'y ;J{
P}{2W\N
FPPY7ZR
&l.V^A
CoDj}o
	>9%%F@
J'y&S7
62Kk>6]
g$3#dio
[?rTG&]^
&}xV@c($
20sX$X
\=Q@Yo
](y@`0
K^2fN>"
MlWhF'6b
thQ7q	
H\qy1p
<_/i@?_<CI
B1L%(R
Xb,Hg;
lf~nQc
Zr^eZ0
<rhSs;
FY.J9ov
InqTBV
d -#DB
_gEs  +
L~oQvl
3|o@3)
>,z&uyV
^GM+&+
 VXrBA
)UG:71$
WM 5?OUx
TI*Q^+F
Zj~T)	
Q@Z69f
I2MmtU4
.s<^~?
niVt}R
IoiBOTM
)QX:Ri
|b?H(;
liw7)D
&$1L27^
h||)y"=
YMJ?oQ
~ z#AB
;#R7t?
	aN>4z
'?FdLq>+
4NW#gz]
$PG770
(j"up&3,
GZ\UA^
g+0r4m
o\Bv9W
bG^+8+
x^Y?CO
hGa^jR
b+I>;_u
TX~OVF
@-22;1
=tG#1^
z.+E}m$_k
}+X^mtb4uc
?w6a|U1
"3q%Ze
lqG	'ss
{1|[(V`
Q/	Va4
]%$p5O
z:9H#q
,Re4`O
B{Tj|T
J\W|ka
F3?y["
f'gtz;
#9r9E}
4_":[?
m0oUR	
h^t*+]
3]6$dd
tVk)Xp\D7M
RAW15F
|Qwb=C
%xUNDS
k\A,|{J"?
'o7(Yv
I+b<Mr
'MW=]s
8lX{k&UeBs0
}Dq"l@6
z6@<KjQ
j0^`'c
>(,@qcq;
[	TKsM
_' B0@
'5;\fA
Ut'~z>
ibZ_iP
*7y!Y{
ue#O}J
$FJXF.M2
r^Ts$^D5oF
<js&7g
$.YPi>0akx>X
`Le&+US
(J=TYA
lW	re?
w@E@MPko
0s-4vio
@)?&fpt3
9?x^M>P
e~([M0k
$ 2eZ 
8[$2cV
VaQ\0*
qM(K7=
}CFP5&
&C@?*C6
EMO89Z
<;#eF!
C|,,\|
E^z))v
28D8nBFx
(kB%	&
"LC)'11E
Y9jV5d
.|d4KV
k^$UU,6
IZFIz_ 
Og("_P
L{a"2/n
lT\vC#
y3(9rK
11HOWs
!a,u^\
r3E 3j,
=*/SIy
I:WP$[
q]O \j
Gi2ZU3Zf
2k~5kT
2GEP_fn
\6'PEw
mk?VZ9
u vwSDP
~$V1Bx
 Q,]]GB
mkGu2&',V
[/U&]??
&s:$WR
OtlhRW
/1fM[;>
T'NL^<:
xZ	WSa
+ToRin
(j?eL9
oa_ NR?
Lb2&m,
yWtm7A`E
JRR<&M
4 ,T;]
pw	9O`
_KOvo2
Rsr?vHq(
,	#/r:
?*#;:A
i_JtG;
w\k*bN
Mr2RN 
i~;QXl
[r244X4
$D^fF}C|D
iN5,;M
K;G&<Z
}B@5aD
AN	Lu|
E&,qD+
(;zKC!
2#Ce(_~
SY_yY`
7`E-)/
hjfb;$
BWL},!
>q^d\~K
K0#L.v
0:gJM8
&MG	B{TM%l
\8b&$mPU!I
|/km#G
>N7XD0-
rvkv7;|
cob`6P 
~]Q4l.;.
0d<>M=+
.s!75jZ
4vX4DG
6t2Qg(]
pZY9Ry
8561-NM
,65?kP
cvM6AW
SaTA.'R
t]t6f(T#Q
+G$%GY
!69jry+
^lv#$0
$z:Da1z
"i.T.T
x@R{'7}
kRNIxH
-LOk"`
Ku:gzt~@
wv.kP$PG
"z0GC/
jvy4?YO
HdR{w 
GrhBrT
w9&8nB
|^-Dx9
Ca*)[84Rcb	
oG_6|N8x
a}n<Or
 JYY@?i0"]
zlfh~1
MV0jV\@u
 {p@qAF
]-u9Kfa@
W/hAy^a
T)[Y4nZ
IIA_-!
EAJx.y
E<Fv'}
OFz(=@
d?Cg9-
z:'q-)
Qb]$aJ+
16f	8~T
?bK$@(#/cw>
o<y}fo
0vE,lF9
q<SLG1
R@xwRM(
!sWGeL2bI
d	}D5}
|t^<?}
L*vjax=W
d3=@nY
m^:h+S
iqLB:H
uzX?pE
^vC#@>
3n]^]Z
4&/I_%gb
q("UC1N4	
X1M(G&
Sr/wNQ
~5?\)PQ
=kl{cX8
a[A<y~U
aZ2Y`{
dvL>IC1
t(VSqOB
rCQ5EQGI
HI1V yX
t+\#&r[
m_x,41
&,mK$0Vo
g0|)wp
KM`C@I
bAbr_!:
$j^6(^
AKDJht
rzn+;c
}'=,^f
]0.>(<S
@E^%Wk
j,T i%
S	ezOP
CQx]v^
{4Wf72
]@mZMS
^KW[i&
v50@w1
}.h3[K
yv[(ba
4r`QJ1
[H|)SW
D#\<R0n
O*;0K9q
h4}mfL_
iYuKx}
Tt$owT
m{Bi$a
)|SX+=
>I4Sxp
/-';%b
PQCr/C>
8l}q"U
[B7g)h8
SVwTd=
GU$cyv-
Ws8_k<
r#b!#UJ
%nVq^t
vL+hZG
hW!sba~q
IY\hld4
o`[Nq7
\+~"S=
v}[q~y
'=()|Q
-=,gid
KJ/Q]y&
8a}H*;
-upQFv[
~R0@yP%
5!?8/'
;<t'c]
B*=-f9
pq$7X>LP
-F,wFqD
>xAhK4b1
)(IDATn&k~[
0Rhl35z
3MTb\v
;|]-	757
?7c;z.
~ o6Y$
z^1+NR
(8^-R,EiZ
CeW*-d
A_ X5Ne
	k$,f&W
MQ5?^'x
St]v%i
Z!~gW5
!BE)1N%
LXWA7w
G*3T+	
	as+v]5+
ZqCH\*
/Lr@s`
^ ^Tiu
ZR;&O&
,HV>0B
:nr#Dqo
oY5sYW
YZLu)5aW8
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Conversions
ToByte
System.Text
Encoding
get_Default
GetString
NewLateBinding
LateGet
Operators
ConditionalCompareObjectEqual
LateIndexGet
ConcatenateObject
STAThreadAttribute
meTo.Resources.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
System.Reflection
AssemblyFileVersionAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
p2.exe
MyTemplate
8.0.0.0
My.WebServices
My.Application
My.Computer
My.User
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
0.14.4.9
(c) 2017 USA Interactive
USA Interactive Kol Loper
USA Interactive
USA Interactive Kol
_CorExeMain
mscoree.dll
PA1 VERSIONINFO
FILEVERSION 0,0,0,0
PRODUCTVERSION 0,0,0,0
FILEOS 0x4
FILETYPE 0x1
BLOCK "StringFileInfo"
	BLOCK "000004b0"
		VALUE "Comments", "USA Interactive Kol"
		VALUE "CompanyName", "USA Interactive"
		VALUE "FileDescription", "USA Interactive"
		VALUE "FileVersion", "12.8.1.17"
		VALUE "InternalName", "USAInteractive.exe"
		VALUE "LegalCopyright", "(c) 2011 USA Interactive"
		VALUE "OriginalFilename", "USAInteractive.exe"
		VALUE "ProductName", "USA Interactive Kol Loper"
		VALUE "ProductVersion", "12.8.1.17"
		VALUE "Assembly Version", "19.3.16.17"
BLOCK "VarFileInfo"
	VALUE "Translation", 0x0000 0x04B0  
}PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD