Sample details: e6cae6e3ec1fc374334787ef7bc7f707 --

Hashes
MD5: e6cae6e3ec1fc374334787ef7bc7f707
SHA1: 7884436bacf1ff92490948e525a263cd12d33151
SHA256: 19ae7575710813fc7afa5c625e67fe7022c7e9cfe07d1c61fc15622869c6ac3d
SSDEEP: 3072:Aq3+a8MRokIFX/TL2PfaciMmZaXilAIxuYZfoHBjfe8tslmRF5VEV:AE8dZ92PftirZKvIxu9BjfDtmmRF5VE
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://wavesdesigns.com/Abbb444333.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD 
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jIDAThC
Nws:NN
zIeX=e|
BUFlWBWN
/fMT2}
1$&6x*
0.aKtF
HWV-=m*1
!3{[hxc
}z$ ~q
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
a:&?&i
P2d5yN
aWv?}%i
/}\[:R
p(E\9"
bJ=Ks&F+r
n paiA
&iY=8a
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
e'		2'
uh8|2G 
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
tIDAThC
%JQ-tJY
^U#(8I
pe6	WM
!T;)	I
zobU0.
-QNetCUNl
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
Z-E%h>
["< bYO
|b^th~l
xtrvrF
7dTG4I
n2%wp0
7LY[MW
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
:W|,}'
"&>CR}
lEE5%O
FSD'UR
OA,=BP
^0[2}u 
`PsKK)
5P\I	0
EHJRpo
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
-Ps|.'
B%kbP.
AnMy$C
/N3|y s
jZ::H#A
`;q7&`
Z$ n5C
q!$)=~
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
im,Qi:	
5&%nDa
e_0~%}
cae$&K
}HV%jju
[N/@+/,
#~vqmR
CxVL77d
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
j:!T}j
D!o|]]n
+Amn=D
AKIt<I
KlJT_{
Hxp$S@~
F7d`3]
[rLbLH
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
#>r	G%@
MB\bF-)
~J-7XV
lm3LCGOG
vQn+di
chv)(|
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
5q5A`S
{|l~	K
rR;2Z2
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
,}Ju5T
;GiUdqv
buIDPP
7@]ScC
G=Imgo`
x7uiJ~
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
tIDAThC
zkwbr[@
,J^LYH
t~g	Hy
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
QWq+cU
DWy7l^
h\9Xk|
9jF4xNu
+EItso
A?r5zt`B
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
<9NL33u
3w{-a\G
u[	g~/
tQSxCs
]W0-_w2\
=%4?4(l
wz\g86x
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
QCj#GJ
Q`twHw
i^Dp_T
+$oHFe
G#x?X_
$_Ft5)
dObqRm
'RR9=d
U0zm~`
OocqM"
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
8M\C{m
{+LcRL(
TupKE{
-FN2iAHY9f
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
H?MZ0q
fI+GlW
M897~PCm 
k=~\(z 
Oq)>L-
T"["kG
w&[UlzMh
SRxQ:<
[lpj9gWK
qm!~G\,
@z yN?
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
'P{5V+
, TqP^
zW=#0K3
mA3C^(a
@kf^b[
`SsPKg!Gs.
$elP+d|
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
kX$$wy8
.>@D*%!B^
tX+0i)
}f=7[8)s
?Kvs-.x
wQJ!/|
.H;k[z[
U<.c'B
+kVpJ<
;ollc_
H^L.JK
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
+G+C#\Q(
J)Uo84
x?sYbsg&
hK3U<e
|Frzlth
T4%}H"T
?F<D~f
ws.|rP
XPZ*jk
TxW-kQ-
RM,rW#
ql{q3Y
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jIDAThC
hVbS~n
E"HYGT
T9w;k,
SP _9;
|UE\Tg
bmVS.Y
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
i~?@90
kny0>^J
/'l|i"
Go}qtl
r\hN61
QSY[90:
\&DaeU
f+n3J8%
ld.E7:
ijQl,.
hz1YUX
]^dwQz
Ww?E5A
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
27b;I3
	9Ia~1
"L|Ye=
}l'V+^
ppT4+Rg
#/w%6{_K_V1
bYK'Px$
JzGW8R>
|]8Wg1
RvKmYWD
 k(k k
q@1/TD
9H04S 3
<9]* 5u
}TR"T`3v
YZk6$)
HE+;DZ`o
uxvc0'(
LHR56 
!-RbO*YA
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
98-<T[
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
%HP4o#z
<)]i"<<f
jpG1pI
DHG47 
qW-.K1
b}mSYd
>9'o)f;
#$.QUTz
Zjb6nDb	
17#e11Q
.=6QE g
)HvHWFg
+o$_AW9
H*dDOp
%+	`ua^
 ):UBI|
485g,.Vp
12QpR|
"/'qNTv
11@SM=
??%qT(]
'&AZEP
JSK})c
@VQY;a
`4S-Qr
g/z Si@
e<E"h{q
}VW(GQ3p
zP>*Ta:
]&31*.
vHB2'/?
LBjd6 
LHB4( 
7c"-"J
z}EDLHH[
 :}Vi2
#nB40^
Q80.K^
d}B40&
S0j3t'
cPD4x8<
{e"p]u
N\`Pc4
JHB+:?
5XB4/ #
[HC4> 
qZ16B0
NB@5u 
E"5k w
[/0F	}
NHB46 
LHB44 
SioVc 
LHC46 
qu".K3
MHi 6 
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
Fin2d7h
Fin2d7h
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
Fin2d7h
MF*fQ`
MF*fQ`
MF*fQ`
LHB46 
>H,4W 
bHr46 
LHB46 
LHB46 
v2.0.50727
#Strings
matemdeea.exe
matemdeea
mscorlib
System.Windows.Forms
System.Drawing
System
System.Core
b6e5a006-cfee-d6.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
AppDomain
Assembly
System.Reflection
IConvertible
Control
get_Text
String
IComparable
ISerializable
System.Runtime.Serialization
StringBuilder
System.Text
Append
ToString
Rectangle
TabControl
GetTabRect
System.Collections
get_TabPages
TabPageCollection
ValueType
MethodInfo
MethodBase
set_BackColor
set_Alignment
TabAlignment
Enumerable
System.Linq
Concat
IEnumerable`1
System.Collections.Generic
ToArray
get_Font
get_Size
GetTypeFromHandle
RuntimeTypeHandle
ArgumentNullException
ResolveEventHandler
add_AssemblyResolve
ResolveEventArgs
IDropTarget
ControlEventArgs
get_Control
IComparable`1
get_FullName
Incarcator
matemdeea.Initializare
MarshalByRefObject
get_EntryPoint
get_White
MouseEventArgs
get_Location
InvalidOperationException
CreateInstanceAndUnwrap
Exception
get_Message
Console
WriteLine
get_CurrentDomain
Contains
get_SelectedIndex
get_ClientRectangle
get_Width
ButtonBase
matemdeea.ControlFolder
get_Assembly
RightToLeft
get_RightToLeft
Cdsfssrd
LabelEditEventArgs
LayoutSettings
set_ItemSize
TextRenderer
MeasureText
IDeviceContext
TextFormatFlags
MintSeparator
SetStyle
ControlStyles
OnPaint
EventArgs
PaintEventArgs
get_ShowKeyboardCues
set_Width
get_FontHeight
SetBoundsCore
BoundsSpecified
height
specified
Invoke
set_SizeMode
TabSizeMode
SeparatorPaintEventArgs
Graphics
get_Graphics
get_TextBounds
get_TextFormatFlags
graphics
textFormatFlags
textBounds
TextBounds
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
TopTabControl
BaseRect
OverRect
ItemWidth
get_Hovering
get_OverIndex
get_Height
Invalidate
set_OverIndex
OnCreateControl
OnControlAdded
set_Font
get_Count
OnMouseMove
OnMouseLeave
IDisposable
Hovering
OverIndex
<PrivateImplementationDetails>
0E0FA1A62DEEBB1E981471F7A1F5C112CB0A9C65
4C328BECF729897AC2F385EEC7A4AC09D7AF383F
6DF71263AFFB3296BA91B14181DAF02693B8F22E
6EFAC0EE8C248566D5441213E5936E72128EE1FF
AA116D4CEEC324F997842E90883AC815F1858929
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyFileVersionAttribute
GuidAttribute
System.Runtime.InteropServices
ComVisibleAttribute
SuppressIldasmAttribute
RuntimeCompatibilityAttribute
CompilationRelaxationsAttribute
AssemblyCompanyAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
Copyright 
  2018
	matemdeea
1.0.0.0
$b0609cd9-eb90-4cfc-81fe-a462a469809e
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDING