Sample details: ec40d80939cf09739ab0082cdb597916 --

Hashes
MD5: ec40d80939cf09739ab0082cdb597916
SHA1: 4771f5f828aebdcd97f563b9a45050026d269ea5
SHA256: 4b1f8f6b93a14657691b67320bfa04da116fcb8d32fbc2517becb32845318e48
SSDEEP: 6144:U6NUeRlwWPOyqFCFTuhakMOA2diDXTto+WlqEv9NIgvq2y0Esb7/2IZKWfNqwg4y:3ULpyqIkMOAOiKlqEv9nSG2F2
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://185.115.41.234//MicroUpdate.exe
http://185.115.41.234//Sc.exe
http://185.115.41.234//Stub.exe
http://185.115.41.234//Svchost.exe
http://185.115.41.234//Temp.exe
http://185.115.41.234//WUDFhost.exe
http://185.115.41.234//WepHelper.exe
http://185.115.41.234//WindowsRepairTool.exe
http://185.115.41.234//WindowsUpdate.exe
http://185.115.41.234//Winup.exe
http://185.115.41.234//WmiPrvSE.exe
http://185.115.41.234//m.exe
http://185.115.41.234//sunuc.exe
http://185.115.41.234//windir.exe
http://185.115.41.234//winhost.exe
http://185.115.41.234//wininit.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
+!+"+'+(
+'+(+)
+W+X+Y
-*+^+_{
+	X+	+
+-+2+	+
+<+={1
+*++}1
+G+L+Q+R-
+G+L+Q+R-
4XJY(@
+9z+={M
+W+X{M
(XJT+H
,"+({V
XJjX}b
+E+J{g
-'+H{g
+D+E+J{g
,R+c{k
,(+1{z
T+,+F+GJ+G{s
_T+Z{}
+@+A+F,
+8+9+:
+++,+-{
,%&&&&&
+ +%+&
+5+6+7~
+3+4+5tW
-4&+4|
+4+5+:
+D+E+F
T+<+=+B~
+5+6+7~
+3+4+5tT
-4&+4|
+5+6+7~
+3+4+5t
-4&+4|
+B,<+A
+B+C+D
,-+0+1+6
,$+4+5+6
+)+*+++0+1u^
+)+*+++0+1u^
+9+>+?{
+1+6+8
Qkkbal
v2.0.50727
#Strings
ohlj.exe
<Module>
Microsoft.VisualBasic
ApplicationBase
Microsoft.VisualBasic.ApplicationServices
Computer
Microsoft.VisualBasic.Devices
mscorlib
Object
System
ValueType
MulticastDelegate
Attribute
GetString
SmartAssembly.Delegates
MemberRefsProxy
SmartAssembly.HouseOfCards
Strings
MemoryManager
SmartAssembly.MemoryManagement
MemoryStream
System.IO
EventArgs
SmartStackFrame
SmartAssembly.SmartExceptionsCore
ISerializable
System.Runtime.Serialization
UploadReportLoginService
System.Web.Services
SoapHttpClientProtocol
System.Web.Services.Protocols
ReportingService
IDisposable
PoweredByAttribute
SmartAssembly.Attributes
value__
ModuleHandle
Dictionary`2
System.Collections.Generic
IWebProxy
System.Net
Exception
System.Xml
XmlWriter
List`1
EventHandler
SecurityException
System.Security
MethodID
Objects
ILOffset
ExceptionStackDepth
RuntimeHelpers
System.Runtime.CompilerServices
GetObjectValue
Equals
IDictionary
System.Collections
Contains
GetHashCode
String
get_Length
Version
get_Major
GetArrayRank
MemberInfo
System.Reflection
get_MetadataToken
ICollection
get_Count
get_Rank
StackTrace
System.Diagnostics
get_FrameCount
StackFrame
GetILOffset
ToString
get_Message
get_Name
get_FullName
ToLower
Assembly
ToUpper
AssemblyName
get_Namespace
get_CodeBase
get_StackTrace
Process
GetProcessesByName
Encoding
System.Text
get_Default
get_ASCII
get_UTF8
GetBytes
Microsoft.VisualBasic.CompilerServices
CopyArray
ProjectData
ClearProjectError
EndApp
Collect
System.Windows.Forms
Application
Interaction
Environ
Intern
Concat
Directory
CreateDirectory
DirectoryInfo
get_ExecutablePath
Environment
get_NewLine
get_StartInfo
ProcessStartInfo
set_FileName
StreamWriter
AsymmetricAlgorithm
System.Security.Cryptography
FromXmlString
set_RedirectStandardOutput
set_RedirectStandardInput
set_UseShellExecute
set_CreateNoWindow
set_RedirectStandardError
set_AutoFlush
Thread
System.Threading
set_IsBackground
ServicePoint
set_Expect100Continue
FieldInfo
get_IsStatic
get_HasElementType
get_IsByRef
get_IsPointer
get_IsArray
get_IsPrimitive
get_IsValueType
get_IsEnum
IEnumerator
MoveNext
get_IsLiteral
get_IsInitOnly
UnhandledExceptionEventArgs
get_IsTerminating
get_StandardInput
set_ExitCode
CreateObject
NewLateBinding
LateGet
LateSet
LateCall
Exists
IsNullOrEmpty
Convert
ToBoolean
Conversions
WaitForExit
Stream
RegistryKey
Microsoft.Win32
Dispose
SymmetricAlgorithm
GenerateKey
GenerateIV
CryptoStream
FlushFinalBlock
WriteStartDocument
WriteEndDocument
WriteEndElement
SetProjectError
CreateProjectError
HashAlgorithm
ComputeHash
Buffer
BlockCopy
set_Key
set_Mode
CipherMode
CreateDecryptor
ICryptoTransform
CreateEncryptor
FromBase64String
TransformFinalBlock
Operators
ConcatenateObject
ConditionalCompareObjectEqual
GetExecutingAssembly
ResourceManager
System.Resources
GetObject
ServerComputer
get_FileSystem
FileSystemProxy
Microsoft.VisualBasic.MyServices
WriteAllBytes
Delete
GetProcessById
GetCurrentProcess
Format
GetTypeFromHandle
RuntimeTypeHandle
Marshal
System.Runtime.InteropServices
SizeOf
ToUInt32
BitConverter
ToInt32
ToInt16
Rfc2898DeriveBytes
RijndaelManaged
get_CurrentThread
OpenSubKey
GetValue
op_Equality
op_Inequality
GetManifestResourceStream
StartsWith
EndsWith
get_Key
get_IV
ToArray
RSACryptoServiceProvider
Encrypt
WriteByte
ToByte
Delegate
Combine
WriteAttributeString
WriteElementString
get_FieldType
GetElementType
GetType
get_BaseType
StringBuilder
Append
get_Module
Module
get_ManifestModule
ReferenceEquals
get_Assembly
get_ModuleVersionId
GetName
LastIndexOf
IndexOf
Substring
Replace
get_Chars
AppDomain
get_CurrentDomain
GetAssemblies
DateTime
get_Now
NewGuid
get_Version
get_OSVersion
OperatingSystem
get_Platform
PlatformID
get_InnerException
ThreadExceptionEventArgs
get_Exception
get_Data
get_Item
IEnumerable
GetEnumerator
get_Current
get_ExceptionObject
GetField
GetCustomAttributes
GetLength
GetFields
BindingFlags
GetFrame
SerializationInfo
AddValue
GetMethod
MethodBase
set_Item
add_UnhandledException
UnhandledExceptionEventHandler
add_ThreadException
ThreadExceptionEventHandler
GetTypes
Activator
CreateInstance
GetProperty
PropertyInfo
GetGetMethod
MethodInfo
Invoke
GetWebRequest
WebRequest
HttpWebRequest
get_ServicePoint
HttpWebClientProtocol
set_Proxy
.cctor
LoadLibraryA
kernel32
DhcpDeRegisterParamChange
DHCPCSVC.dll
GetObjectA
gdi32.dll
ldap_modrdn
wldap32.dll
OemToCharBuffA
user32.dll
GetProcAddress
kernel32.dll
BeginInvoke
IAsyncResult
AsyncCallback
EndInvoke
handle
SuspendCount
DelegateCallback
DelegateAsyncState
DelegateAsyncResult
lpDebugEvent
dwMilliseconds
KillOnExit
object
method
callback
result
CreateMemberRefsDelegates
typeID
CreateGetStringDelegate
ownerType
SetProcessWorkingSetSize
GetObjectData
StreamingContext
GetServerURL
licenseID
serverUrl
UploadReport2
appFriendlyName
buildFriendlyNumber
GetVersionEx
kernel32.Dll
GetSystemMetrics
GetSystemInfo
RuntimeCompatibilityAttribute
CompilationRelaxationsAttribute
AssemblyConfigurationAttribute
NeutralResourcesLanguageAttribute
AssemblyFileVersionAttribute
SuppressIldasmAttribute
DebuggableAttribute
DebuggingModes
AttributeUsageAttribute
AttributeTargets
WebServiceBindingAttribute
ThreadStaticAttribute
STAThreadAttribute
SecurityCriticalAttribute
SoapDocumentMethodAttribute
XmlElementAttribute
System.Xml.Serialization
.resources
lala.Form1.resources
SmartAssembly.SmartExceptionsCore.Resources.current.png
SmartAssembly.SmartExceptionsCore.Resources.data.png
SmartAssembly.SmartExceptionsCore.Resources.error.png
SmartAssembly.SmartExceptionsCore.Resources.error16.png
SmartAssembly.SmartExceptionsCore.Resources.network.png
SmartAssembly.SmartExceptionsCore.Resources.ok.png
SmartAssembly.SmartExceptionsCore.Resources.warning16.png
SmartAssembly.SmartExceptionsCore.Resources.{logo}.png
SmartAssembly.SmartExceptionsCore.Resources.default.ico
Boolean
MD5CryptoServiceProvider
UInt32
GetDelegateForFunctionPointer
IntPtr
ThreadStart
PtrToStructure
FreeHGlobal
AllocHGlobal
CryptoStreamMode
ResolveTypeHandle
ResolveMethodHandle
RuntimeMethodHandle
GetMethodFromHandle
CreateDelegate
GetParameters
ParameterInfo
get_ParameterType
get_ReturnType
DynamicMethod
System.Reflection.Emit
GetILGenerator
ILGenerator
OpCodes
Ldarg_0
OpCode
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
SetValue
InitializeArray
RuntimeFieldHandle
GetModules
get_ModuleHandle
GetMethods
Ldc_I4
get_Handle
get_Ticks
add_Idle
Registry
LocalMachine
TryGetValue
GetPublicKey
DESCryptoServiceProvider
FormatException
get_Position
GetCallingAssembly
get_Year
get_Month
get_Day
get_Hour
get_Minute
get_Second
SeekOrigin
set_Position
ArgumentOutOfRangeException
InvalidOperationException
ReadByte
CryptographicException
Interlocked
CompareExchange
UInt64
UInt16
ToInt64
UIntPtr
ToUInt64
ContainsKey
get_Keys
KeyCollection
Enumerator
Reverse
UTF8Encoding
XmlTextWriter
ThreadAbortException
GetInt32
LinkedList`1
AddLast
LinkedListNode`1
WebClientProtocol
set_Url
set_Timeout
ApplicationException
WriteStartElement
v`OHNo
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
UnmanagedCode
WrapNonExceptionThrows
7.0.0.0
"Powered by SmartAssembly 6.9.0.114
LoginServiceSoapT
	Namespace;http://www.smartassembly.com/webservices/UploadReportLogin/`
ReportingServiceSoapT
	Namespace3http://www.smartassembly.com/webservices/Reporting/L
Ghttp://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
DataType
base64BinaryE
@http://www.smartassembly.com/webservices/Reporting/UploadReport2
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
WL2!T-kz
roP)RF
(E7v$%
L	w}90
!BIfw`
$"F&r4
lSuA9"
{M?ur&
&<;uGg
art+VA
vstjEbW
skIZ?\Y+PQ
rUB|)/
d{&?Zc
'S=1l|
mA vb9
[Q]X)5
s>6<ZK
VuAB-[aA
^P/`,Zn	u
*NIhvY
x\bi;l
%u)/gU
q]*nw])
_|}AHHr
c=l9]#
vzRO:I
i?w~D0fF
]g~upX
{tN bV
|?	s0q
0)itv7
3Mxp(9(
#A,|Fqg
H@D/mWM
iG,Cl2
;+LUv8
80%R0dq-
p`7r5@Ur@F
NoukvIR
10.r/s
3Kha9C
f/A-j'
)1U:HV$
RWkH2MIg
BfRZXi
6KA&l(
lcNnT=I
WnttX8
	{Lx*@
</$wOr
*K#[;5E
w|==,]
wTLOnx
c_tRHA
L$aB?a
z&'3yTi
*	:S{<q
	>Gg`t
+jS!"C
DMHR#@
mQi25%
D%'U\T
{Yk=qLx'i|
Ua<BZDf
tHe-r_
^H071!
QR=$AX
K(`DoY
^O` !1
-$2:/>
oP(Jp5
Cmd#"sZ
H<bx%a
yA_y*)y3F
l0b*GB
n	34_4
V,HQr&
3|OKhXT
t-/_-%d
Jqn(<a}
]p'\v5
R}&+@VN
W	')P#rM
c6%9uN
:N6Tv9
{TRy	|
NU]4;ZQn
Ei9@W]
o8cYI]q
,SSz4T
J'[n=c
<(2Rx0
bgpPTk
lXxY>b
[o||\w	
*S,>0)
ZsJ@3@+
~\e ?(
3y@#q_
f3:@6H
DO	=R`
0$i'Ri
}F=E]4
%rtaL}l
ItKsem
22l=]1GL
"i:J<A
M]	gqL
$O]78g
C$z6hM
\DoCk+
@_t{NI
^~yGo.
ZW^^.2
'>gftW
*|Okl-
qu9Ft4
dPS.+*
@Pepw@
	kB>yg
f@GFv`
'S-zb[
3W8cb"
v gzRVi
#)ZMi,7
za.-<\
K/Tu6=
Aw\vsdr
FKAlTm
2J7m t
"Px_/U
Hs<#p's
 TPE4pY[
{-U{U0
wJqbUq
f-R  ,b
^(AbS1
d [XyB
4_<	W.
v3'T*?
Dx;"/P#
w4<{{e
r$%'i|y
X 6k|O
1WVS(t
n\={3P
xrDSU'
xp4,9]
oLsvR&3
y(_&~AO
YqR@:2
AE?b'2
vyIGM1Y
JIe>;C1$a
+3 b98
{R,Lg)
]RSKjVk
OJV$6I
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
.nEpIK
'IDATx
-;`k9s
3:2rLT
 $E DG/
LSQcB3?OE
niin~%
/FCKA#
IDATx^
L;VA"9
3#Fh	Y
-Xmwxj
|uUqze
5T?Em'
ZT <XD
iwC2%0
]v0#F(
/Y/S:{;f
a'WyE8
(%h4{H
8-<_2;&
J(f&#Mc$
ZkQZaSA
#,..299
|z?>>N
nW{H))
'O-E_>
pIDATx
YB)kBQ
<)eS \?
V:99	u/nE
)&k/w)
Y8!8=<|
wwwwwwwwwwwwwx
wwwwwwwwwwwwwx
n================ABA=========E
=zDDDD
xxxxxxyxyxxx
{||yyyy
pppppp
pppppp
$$$$!$!!!
$$$$$$$$$$
pppppp
**********%x
&++++++++++(x
pppppp
&...././/...x
..633333333)x
pppppp
GWF8.9888886x
Qi^]TKGFF9F9x
pppppp
Tliicb]YWTTJx
Wuliicc``YZMx
pppppp
\wvmlhfddYYNx
PUUQQTTLKKKL
pppppp
Copooopooopopooopppppqpooopoo=
Atsssssssssssssssssssss
============================n
_CorExeMain
mscoree.dll
LcK*_gd
e0`[\Hi
ohQ4>-M
-;-`k44'|m
*0{[IMM
Yq9-8kt
7n4:v.
bI>1;&
(4jpsss
P*HK^n
iWW'uGmn
9)8{d#
{T3vU{
8":d{_P~
IrcI+6
mz7zA18
/~LC]}3
EZpaA&N
i 3CmrRPPI
.3WdJo
D!,b8!
J>}a&.
=jZ[u!5
g %-]1
+R/E)W
CPVV*c
$n{o!s
#/Ehw'T
_nEq.t
5U1%Iqx
^~I9vU
55:lc5^
k)1%	<*
og0ix%K
IPW9 q,
U|\ P9
o<	cGU
z#/h0y
J@WgFU
\Q3ro|
!Q:(1!
HhTc7n=/
=(Gz|2
WM9p0N
IT|nq5&
OWJ8M;^o
pSE`bL
.l:1@e
Qi@GGZ
?vL3&M
{sd"o<
DCdI:^:
 EB:Ex
yf}|\9~c9C
t$`w~3
?|X=&L
;WT!(U
%^SS#Y
1g_!NZ
A/nFUG
/E?ZZd
Q@{WNE
orm^Jv
?OxRAq
%riz_,
{\'aD>-8h
cE$P]W
>&xiv_
	4|y'|e
jovboH?
`GNXvY
7gF.V`
r"O.+s
 M@k"8
pIk]g7
2fP*]@E
J]g!gv
K^j!ft
L^i ds
ARm eu
Uj8	Rc
K^_"dr
8F!cvp
Ocubtn
VklF^_
UkZ	ET
WmRD[\
WmLBXY
Vl4BYZ
Wmj<PQ
HZX fu
<K0exq
WmL	L\
Vk(F^_
Vk.F]^
WmsCZ[
Xn	   
Xno   
Xn~   
Xno