Sample details: c7f1dbf1184138cd0a6dcf90f4266e01 --

Hashes
MD5: c7f1dbf1184138cd0a6dcf90f4266e01
SHA1: 44eee0ee6b093116a85928c153609c225dfbe4d1
SHA256: 9d3ff871ef83b285922eb40dd4a6c67a40aa5ce2de3d7022c95ae16f70187c1f
SSDEEP: 6144:rTEXzceCuuUEsyFzzG+Bwg8fUbcaioL02:rupuUEsyFzzzwXcIpoL02
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://dukhdardhis.com/PSA18.exe
http://dukhdardhis.com/PSA18.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAk
N?NGNNN
NXNTN%N+N<NXNWN
NaN0N{NqN
N!N;NzN%NBN
NNNsNmN%N
N5NpNFN
N7N"NyNqN
NeNxNkN}NtN&N<N(N NvNaNfN
N)N3NMNYNIN
N&N<NjNqNpN NCN
NDN<N%NbNuNyN~NTNdN
NDNVN\NlNSN3
N|NAN;N#NPNUNcNIN
NhN!NaNKN
NtNVNiNDN
NMN;N0NyNaNHN
NTN6NvN4NtN9NzNeNlN
N}NFN~N
NJN#N^D
*+N%NYN
N)N4N%NTNrN
NHN5NpN
N6N;NuN,No
NoNLNcNXN$NINXNzNKNeNAN
NANIN	NjNfN
67NlNiN)N]N*N|NLN8N4N`NzN	N=NONEN1N
N.N]NNN~N N
NMNJNGNt
F8NKNMN\N
NbNVNYN!N}NqNHNuNgN2N_NXN,N:NLNLN}N%NRN2NfNpN9NJN8NnNeN
>aNGN\NgN)N
N'NzN`NwN
NwNoNKN6U
<bN8N[NcNaN(N
N&NANDN
NNN:N/N*N
4gN6N+N	NON
NrN	N&N7N/NVNKN[N%N
NqNGN)NDN+N
NUN N(NhN/NZN{N1N
N^NHN|N
NLN}NBN
N6NnN2N
NeNXNWNsN
NdNVNmN(N_NGN	N1Na
NfN0NRN;N^N
N{NNNoN=N/N
N`N.NaN6N
N<NNNJNYN
N3N8NLNlN
U&t#-v
:_$70RL
iMu|d}
`u!/cE
f	+u:2
l#!aZTR<
a:~ ~4
'W9-}x
K|m'fx
peciv;O
qeuTL7-
ZMLmD@
?92leN
1{FdFe
`iZF`1t
DX)>s0
J5]z,Tn2
XRLR%gT
7.\c?j
i]NpjO
9i8ncf
T_>,AL
S1?'+G2
_kX{-1!
=o&=|{
hu<yW 
@+Cz.dv
+:'nP|
r8yJhl
*$7>MlBw
)iqxv#
Rdp*Je
k7S&,,
w;7qR0P
kr,wsW
S97Rjt
g'JImrw
Sw[<G)dU
jG|,jy
i-WB/e
C<#TH.
`n^:zw`
[a	D\{.
Zo^UzBy
\'[\p#
\wZN]kj2h
n)W$08
92s.V[#
^|	J%{^} 
5+H.23
*7X}ru
CRM`iz
RYWW|<
7;O:O:U}
BM~]yC
iehr8S
8KDKI+
2&_t9W
21}mN9
+c	rn+
A|"|\/
gfPuoE
<3]f_a
ku$,.aDy
*!hLMy
A<Vm]o
.?Xx,x
ZgM,[F
FB8R,q
AV~ub"
IV^ZzX3
U9G}b[
e=NdzA
rZ6JEh
q{<zNV
QGh	1R":
kejZ.m
5ZE" "
	G)ru}
Y"&<%X
SRr%X'
*[3GlS
BM-4	G
j;B~i{
"msa4&;QCh
vnx3@D
RED`	v
7K'g1`
x		<#j
N}UbT$@N
J3,a1MVaIoqQ
H-&H%.
7DvO$	
m=%N90`C
0"_A;\
5A(7R1
p}oKTp
`E]dqP
qfNsjKa
C+|/a/`7
t{	RBc
S3/^EO
#!,#cIV
7*{E+_
:HMyS|
=DD#_>~Q
IeNsbT
68$=_eTpX
pP!{2F
\NMfUC,
[<[^Zl
z=C@12
J]r.8o
K'6l;(
Mc1hfdh
#5C-E2
Id8CK=a 
5l^>V|
mQ9S::
nMaQwI
bY?1~@0
v?UGEoV
'ej4 Q
M6zGF2
jR7Wsv
I9G,C|
Wv!to/,
]#@w-/
	P{&vJ
u_|a63L
$],0S^
fg[~H<
m 6l(f:
cyxSMq&_C
f/^$V{
}G0QHW
{[WY0:|
;G,H$I
,YRK*_x
f$}B&h&
;t*lTn 
TabR1x
;6-M<P3
*KO[?m
^n[R*+s
(^"`x?
{!x4d5k
Uc}v M
O on|$
='^j%Rd
5-ZMr?j
A)7[a<
E0{#f[i
}1S^m$Y
6wf's]^
tv~:9)
y\c<$2"W
mD"lU7}_
Hiy}LC
K.T3cz
O\$N}\
A*|t%&o
CiT>KI
Ri,;W8&
)c1j_^
MJ2x/:|
W$I6_s
8+U_-*p
Wc|s,	
8j7qw%
}`Pqfo
fVW3FhU
k(VYz%
!]=dAo
+5UUIU
B}#;v>
 e"u R
_=qb@|
DHXggeN
O&*C$!f0
{1Nl0D*Q
Un<irw
UOaGck
& m :cm
]R7(x|
ob'e2\!Swhy
o_/vk6
lwzC14
[x920:
.lq+	-
 P0V[zb
Qx^0dv
	eV#Qv
RT~81*
X?-yL<
k>K}{M
dm9\`Vaw
-8D,]go
UAdcV$
00M;_'
v8Y|-7
gWou9( 
*@kL+U'
z>!9sp|e
aYe#'q|1
UTa|{+
s9wP{&
X=<:>`-
U	#m ,
QjCsYb0
	6y&O#
iIuW<[
}xTdMT/
3<q8<u>
78>,%$
xX30C/
||K(?8
gd2ZGv
Tu{\P}Qu
0SfGh5
5PJP_H
Sh>iM(
:%X?rm
hyN6zM
_XAI/1
2xcZVi
	0KHk)h
0!y$a>
n@G9|o
"o$cD 
hMCF5m
1'iE8jq%
}HGny}
O"VD/^g
mWlFC@
qWin2G
YPV|%D$
<.!:(&
aSDzbGn
q-!,nH
z]ug!AMk{
6b 	S+
n|Fhgxm_
-uHzg|:
rl`tK6p
fQUXS1<
>wa\,W
!Kr^ib
\0I4+6
JtZ)^6
0+GR@TyTu
w.2YiK
Iwayar
.{(VNA 
;WNmMX
iaahoSc
Ppz{}]
De7-Ck
_Fg.%N
t(t9Kc
Oy]Qr"
18N':>
F2`Qe?;
3fVLDeq
"9'L;3
^s33Hm
b=\,n0`>
wq*1q(
XA(~lu
( *@sc_
/(\:Yw
!xbpW;
5p62g	^
`UK\qF
Gv>zF8
u|kq|u	
kpQkQPL1+
)4k069
Ny+XbHC
B(m)!`
wALo0i
-zVcd*$
	ZI6O#
A4C8O~
MaqYlP
lK$` C
)J[B3K
o67Kb 
c,e `f
B>y8Z{>
lomi'(R]
kfC'u}
oyH!vKC
p[+^}5
v.V#=]6DQ
?jR;qC
RLqkI4
![ wy&A
j=<w_k
2%anL-
W '4\U
#|_ xv
VW)&u/
v.8#W_
| yWMi}eGt
GS#F2^,
Fm2*B$
2#Oh396
*~E`E{
qoMCHamD
u^%S^1;
>Z|b<(
i}y=!N
a)kObS
YFF(W%
%V]?F&'
,[hK$7y;
hlxK%l
Zas7s;s7EE
6^wV	^@
kuz8\'
8s=PZG
{c9PiW
-Rb/-=!
\tSLS	tW
5bfiT3#kj
y@PH2S
?u2!"x"
8VGm{x
*B@k|Jl<
_H(3=U
v2.0.50727
#Strings
jHhVfCN5OF3Ma6
mscorlib
System.Windows.Forms
Microsoft.VisualBasic
.resources
vfeV9kzi90
yYgxaZqNGIoOyV40MvI
.cctor
37BwK6PfwcNEHBZSV
MjVITEw9UdlQC4EohQh
Object
System
PropertyInfo
System.Reflection
s6srwosF6efsIh6
11oI56h65YICv9
I29We6w5TJ17Y5u
9hatMfr3PfkLFrmBe7R
MiRg3L7OBk7yqbSau2Y
Nz2MGllWkt4CE
ResourceManager
System.Resources
AppDomain
Exception
Resize
LjWgJpgpoYhFPAmZkYv
11kXnsKSry8
String
LQHFOOPpEgA3Hf
baVhvSYOce
kr2LziFtqfB92y4
Af1Pa45EPsYV
oB65CMBAfwcTn4wn
NJup1jjbCvnAkBpI9
QMvQTTtXk8vRURQu0U
IJh7BW5jwi5RE
uu2IO5G1IpMeuWoSE
cs9sdeZvNlYJoziXc
oQGNsv4JTyBe8o
MNGr4gzzul9bskZQqaR
GetType
GetProperty
GetValue
LateBinding
Microsoft.VisualBasic.CompilerServices
LateSet
Thread
System.Threading
Assembly
GetCallingAssembly
GetObject
get_CurrentDomain
get_Message
MessageBox
DialogResult
LateGet
Activator
CreateInstance
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
System.Security
N;N(N_N~NWNRNoNoN:NHN
N;N&N{N)N,NrN
5gN6N+N	NON
NrN	N&N7N/NVNKN[N%N
NqNGN)NDN+N
?aNGN\NgN)N
N'NzN`NwN
NwNoNKN
++N%NYN
N)N4N%NTNrN
NHN5NpN
N6N;NuN,N
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
wwwwwq
wwwwwq
wwwwwq
wwwwwq
2=F?@2)
.FW^nsxs]8'
\II\gnruwwtD)
JMPTamqsxxyrW)
KPNQTcnprsrpi?
JQNNQTchmnmjfY.
DcNNNQTa`gg^[X;
cdNNNORTYZYDC=
ndNNNKJIHCA?;
knqONNLJJG=>9
nwnSOLKJH>8
joqtvusiA8
%?CZp$
 3C=s0
"1BB[o*
$2CCAp,
0DHC=gi*
4<ATUWDA[k*
4<BUWDBXi*
4<BVGBD^*
4<BHCCi*
6<AE?f*
5<@B^+
+]j@@??d
+VFF@?9
G@@9999d
G@@@@@dd
GF@ddjd
]999?jdzU+9jc
jj@jj@9
jjjj@9
R452S443J***?
EFCiBCA\222J
@@>m>>=\%%%B
9:6a---I
AA@h,,,G
CBLy111M
&@?B$ng
Hbd]3JJJ0
YZSC7778
LMFK+++8
./)N***?
1@9bL'
2! &2,
KH]s))(B
"!#=!!!%
TG=4# 
yneWzj\