MalScore
100/100
MalFamily
Filerepmalware

BSOD.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 10/67 Related 2628
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 190.00 KB (194560 bytes)
Compile time: 2017-11-10 12:16:03
MD5: 1654eae1a720f617034250a244d2bc30
SHA1: e697533f981509bc1965124888c22d89a8920ac4
SHA256: 9a95f7e477cede36981a6a1e01a849d9c6aeac3985ee3a492cf4136bb6dab69c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2017-11-30 13:21:50
Last submission: 2017-11-30 13:21:50
Filename detected: - BSOD.exe (1)
URL file hosting
hXXp://hitechnovation.com/Extra/Downloads/BSOD.exeVirusTotal
hXXp://hitechnovation.com/Downloads/DList.txtVirusTotal
hXXp://hitechnovation.com/thankyou.txtVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-11-30 10:00:04 [10/67] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x2b654 178176 a182490e9219e38cb2761b3dc69bfd06 3b9d7a3db8b93922422486643066227f1f321b1a
.sdata 0x2e000 0x138 512 809387d58f190b67cb91a796f3090fc4 a2a7d2d2ebdfff591582cbbb3fc388374867bd96
.rsrc 0x30000 0x36a8 14336 42bd72900fb6fdbc189de5d2e2db629e 5b44483d1fc7fd564f3701233d7e0c543cdfa278
.reloc 0x34000 0xc 512 263f9fc446d080e4b482bc0d6aef2b03 0f81c5226013fd925fe34cb3908aa248fb1ee6e6
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x31b38 4264 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x32be0 90 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x30220 656 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x32c40 2662 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: BSOD.exe
FileVersion: 1.0.0.0
FileDescription: BSOD
OriginalFilename: BSOD.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: BSOD
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://freegeoip.net/xml
http://www.w3.org/2001/XMLSchema-instance
2017
BSOD.Resources
##&&
ddd, dd MMM yyyy HH:mm:ss 'GMT'
((;;##99
SOFTWARE\Microsoft\Windows\CurrentVersion\csrvc
,,LL0044
beep_04
Label1.Text
!!NN;;
Panel1
((004444((
InternalName
date
,,BBPP//
Label1
!!$$((
http://freegeoip.net/xml
WinForms_SeeInnerException
--44
1.0.0.0
/F /IM explorer.exe
55>>
taskkill
True
VarFileInfo
""//!!
**))%%##!!
Assembly Version
!!&&
FileVersion
Copyright
VS_VERSION_INFO
,,99!!
StringFileInfo
BSODHOST
PopUp_Act
Property can only be set to Nothing
EE==
++??
000004b0
ProductVersion
FileDescription
++1111--%%
0044CCddbb__BB
**22
Translation
OriginalFilename
BSOD.exe
LegalCopyright
BSOD
//44))
""**88>>7744++
!!%%!!
Courier New
ProductName
rXY
WinForms_RecursiveFormCreate
&&''
..$$
**##
..--
(07073838
O O g
L L
DateTime
5050~<~<
59%9%
ImageLayout
"$4$4m;m;
;Z/Z/:
WebServices
DateTimeStyles
5<$<$9
DoWorkEventArgs
GetInstance
00=0=
, rI
GeoLoc
#v4v4
;Z/Z/B
P#P#
=y2y2
'A7A73838
set_Capacity
q.q.l;l;
7N5N5;&;&O
Process
U U }
40#0#
x x
;v3v3
g g
% 6 6,9,93+3+
9X,X,k
.7;7;
98,8,f
8`*`*
9q,q,r
4e#e#
)J8J8C7C7
5 5 T
5a&a&
c c N
$ $
DebuggerStepThroughAttribute
/'/'l6l6h7h7
BSOD.BSODHOST.resources

[#[#
u"u"
c c
,E:E:.5.5[$[$J
%0606)9)9]+]+
DebuggableAttribute
)e8e8(7(7
PtrToStructure
?+?+:9:9D6D6A&A&
C'C'\6\6
Marshal
a a /
c c
Label1
user32.dll
1 = = 1 1
ParseExact
lParam
m2m2)=)= 1 1
set_FormBorderStyle
z z
<?0?0
' 7 7+8+8
3q"q"
D D
8q*q*q
Q$Q$$5$5B:B:
mscorlib
* * P
3 3
k k W
*v8v8x5x5v%v%
EndInvoke
8q*q*e
get_Label1
IEnumerator
;\4\4
-%-%
<2020
P/P/
&(&(
8X*X*F
c c 7272
SetAttributeValue
Q+Q+9999>6>6!&!&g
:k3k3
S S z
= 1 1
AssemblyCompanyAttribute
;g/g/
%+%+
F F
,[:[:)5)5?$?$>
get_Computer
4];];
%t5t5v8v8
,O:O:
&56562929(+(+
T&T&
[ [
2n<n<*0*0
f/f/
9,,,,
1 1
P P \
7H8H8
P P G
CompareString
"+4+4v;v;
0>=>=Y2Y2
< 1 1
Q0Q0}<}<
'*7*7,8,8q)q)
;;/;//
PADPADP
9w4w4
8 8
#w4w4|9|9d,d,w
Hide
ShutdownEventHandler
B+B+2929G6G6
Z Z
e*e*
;>2>28 8
get_Application
q q t
7&7&
y d
& &5656>9>9G+G+0
1 1"="=
q q I
87777
WAVEfmt
#I4I4
3c"c"
<Q0Q0
set_Text
;-2-2A A "
)F8F8$7$7
S2S2
5F%F%
6 6 >2>2
o0
SettingsBase
2V<V<3030
l2l2-=-=!1!1
2&=&= 1 1
5Z$Z$I
) ) t
hWndInsertAfter
=w2w2
<@2@2* *
#Blob
Control
t t
objKeyboardProcess
d d ?
)h7h7
+ +++#
add_Tick
1 1
!*3*3
m_UserObjectProvider
9_4_4
'2727F8F8
)2828'7'7
,C:C:
.c;c;
1'='=p2p2
Type
My.Settings
,0,0
Y Y
0v<v<
h h #
8a5a5
2E;E;
=r2r2
HelpKeywordAttribute
X+X+E9E9;6;6
8C*C*F
-'-'t6t6c7c7
set_CheckForIllegalCrossThreadCalls
8 + +)
1 1 i
Cursor
#e4e4
&1616'9'9H+H+
'C7C7V8V8
1p=p=
4R;R;
(0(0
'47472828
[,[,
Z Z
S+S+P8P8&4&4s$s$
m_AppObjectProvider
ProcessModule
;w/w/0
5$5$'5'5T:T:
1 1 Z
{#{#
i.i.x:x:
9m4m4
z*z*
get_Name
GetValue
5#%#%
hook
1G;G;?/?/J
M0M0c<c<
BeginInvoke
_Timer1
3&:&:K-K-
#j4j4
-Y:Y:/5/5e$e$D
` `
5L:L:
5J$J$n
; ;
2N!N!
9&,&,
!n3n3
a$a$6565H:H:
get_Controls
v#v#
( 7 7
/ /
%56567979-+-+
) )
5{8{8
:'-'-
2z<z<?0?0
9-,-,
G G #
)48483737
)}7}7w6w6-'-'
J+J+I9I9@6@6
1-1- : :
3 3
XObject
F F U
._;_;
:9595F$F$A
)B8B8F7F7
StandardModuleAttribute
G G 2
ReferenceEquals
K0K0
.text
List`1
remove_RunWorkerCompleted
<B0B0
Component
<&1&1
P P
,
,
u2u2
Convert
WindowsFormsApplicationBase
DelegateAsyncState
g#g#
;(2(2_ _
System.Configuration
c#c#
W W
.(.( 7 7
MyApplication
s)s)4848:7:7
):8:8
System.Reflection
i i
4System.Web.Services.Protocols.SoapHttpClientProtocol
X0X0
F F 9
@'@'
" "[3[3
.`;`;
<w/w/R
,A
-+-+O9O9
x%x%
@ @ 4242
Monitor
<=0=0
A A
m_MyFormsObjectProvider
|+|+
(k7k7o6o69'9'
BSOD.My
)"8"8$7$7
A#A#
2"!"!
WithEventsValue
Resources
@ @ N
E$E$.5.5U:U:
a+a+U9U9]6]6 & &4
2O(O(
4Z#Z#
N N !
&$&$'5'5^:^:
set_Label1
=#1#1
BSOD.My.Resources
( (
p2p2
~ ~
SWP_NOSIZE
System.Net
1H=H=
Forms
8V*V*m
F$F$.5.5?:?:
TargetInvocationException
Z2Z2,=,=
|/|/
.&;&;
4.0.0.0
IFormatProvider
! !
8z5z5|%|%
C C
V2V2
: : _
ISFT
kernel32.dll
)R8R8/7/7
f f
^ ^ _
L L
0 = =
P0P0s<s<
{ {
*p8p8U5U5v%v%
S$S$(5(5O:O:
;$2$2; ;
6!9!9A+A+

o+o+
set_Size
Settings
)=8=8'7'7
(v7v7W6W6@'@'
9h,h,w
"#4#4c;c;
"&"&)6)6_9_9B+B+
Computer
' '
=g2g2
get_BSOD
.b;b;
.O;O;
t"t"
m_MyWebServicesObjectProvider
3 : :2-2-,
M M
8m5m5m%m%
)m7m7
;6262H H 1
BackgroundWorker
WebRequest
h*h*
;|3|3
0 0
FormClosingEventHandler
ThreadSafeObjectProvider`1
h2h2
5M&M&(
TargetFrameworkAttribute
5050l<l<
4`;`;9/9/l
,T:T:%5%5<$<$C
#o4o4
5$%$%
M2M29=9=
dwThreadId
5J%J%
RunWorkerAsync
Culture
EventHandler
8>*>*U
D:\LillySoft\Freelancer Projects\Applications\Windows Services\Malware2\BSOD\BSOD\obj\Debug\BSOD.pdb
#o4o4~9~9X,X,z
'&7&7:8:8u)u)
27;7;
7 ) )
' '
G0G0
set_AutoScaleDimensions
;8282< <
4h#h#
r r
'"7"7@8@8
;u/u/R
get_Assembly
A0A0u<u<
2? ?
y/y/
O2O2====>1>1
;u/u/K
MySettings
(c7c7
!m3m3
2$2$
9=,=,
'4747+8+8
" 4 4A;A;
1`=`=
;}3}3
3 < <z/z/P
;j/j/8
!_3_3
System.IO
:[3[3
#,#,
WrapNonExceptionThrows
e e
z z
g1g1
x)x)U8U8
System.Runtime.Versioning
IntPtr
,H:H:,5,59$9$6
Dispose
r)r)
E E e
ProcessStartInfo
r%r%_5_5
4[;[;
7'7'x6x6t7t7
#0404
)h7h7z6z6?'?'
'Y7Y70808
'K7K7Q8Q8
get_InvariantCulture
op_Explicit
# #
get_beep_04
4L#L#
GetAsyncKeyState
m2m2
STAThreadAttribute
;g/g/.
<.0.0
/,/,
)z7z7
m/m/
wParam
System.Globalization
{ {
m_attributes
&I6I6A9A9G+G+
|)|)8888<7<7
3030
3 3}<}<$0$0
)6868-7-7
A-A- : :
5.%.%
1v<v<L0L0
=]2]2 Y
get_LocalName
v4.0.30319
EventArgs
Application
ProcessWindowStyle
0&=&=U2U2
9j4j4
}"}"
0 = =
9+,+,
set_Panel1
b b N
9>+>+
`#`#
.3;3;
RIFFjR
* * ?2?2
m%m%l5l5x8x8
2x<x<+0+0
CreateInstance
>0>0
&3636F9F9X+X+
&6666N9N99+9+
W,W,
g g
System.Collections
2t<t<)0)0
h h
|(|(>7>7-8-8
z/z/
My.MyProject.Forms
Enter
8R,R,
c$c$5454>8>8[+[+
:{4{4H#H#
'^7^7C8C8
t)t)0808=7=7
f2f2
A A
9a4a4
ProcessXElement
,>:>:
%,%,
b/b/
8v5v5
,V
!,!,
a2a2#=#=
E%E%
9p+p+
4b;b;
: : 9
19=9=l2l2
System.Diagnostics
GetType
;W/W/'
set_StartPosition
A A P
b%b%t5t5
Color
A%A%
@ @
:/-/-*
R0R0n<n<
ThreadStaticAttribute
a#a#
)<8<8M7M7
C,C,
V&V&
AssemblyDescriptionAttribute
[$[$&5&52:2:
.0;0;
'H7H78888
6!6!
l l
2*!*!
$0$0
,3~
*X8X8f5f5c%c%
H H
%56563939d+d+
62(2(f
'!'!
;@/@/
DateTimeFormatInfo
<s3s3
& &
39;9;
F%F%
&4646:9:9L+L+
$ $J5J5Z:Z:
__ENCList
ProjectData
8d*d*X
Q/Q/
set_Location
6 6
8d*d*o
w w W
;|/|/(
,7(W
[2[2.=.=
U$U$)5)5Y:Y:
ComponentResourceManager
time
9z+z+
n2n20=0=
=k2k2
*!*!
set_BackColor
b&b&
.w;w;
;i/i/?
<6060
p/p/
;i/i/9
6s7s7
^ ^
5 % %
&U6U6C9C9;+;+!
8s*s*T
E$E$:5:5\:\:
)?8?8
ContainsKey
$68723adb-bfd1-4a80-bf9c-88a90871d85e
set_WindowStyle
e,e,u9u9k4k4
9o4o4
A A m
r$r$A5A5G:G:
Timer1_Tick
get_User
6F9F9T+T+
9 , ,
55$5$F
O O
':7:7:8:8
& &6666&9&9S+S+
Func`2
V/V/
$%$%
q%q%~5~5
A A "
8z+z+
-$-$
&q(q(3
IEnumerator`1
K K C2C2
-J:J: 5 5\$\$D
8 6 6a&a&(
)<8<8.7.7
!j3j3
v v $
System.ComponentModel.Design
O O I
Label
S S
6<'<'
]2]2&=&=
!y3y3
O O X
8y*y*m
" "
5::::
Form
a a 4
8y*y*Z
!h3h3
#w4w4|9|9V,V,f
System.Core
1g<g<B0B0
XNamespace
>#>#5454a;a;
W W 8
=e2e2
set_MainForm
* *
get_Panel1
l,l,
4r;r;
set_Cancel
d+d+
x#x#
1c<c</0/0
5;%;%
get_Capacity
extra
%$6$67979?+?+
= =
4g#g#
' '
<0<0
m_inScopePrefixes
M$M$
get_FirstAttribute
8X)X)
)Q8Q8A7A7
#Strings
set_Name
W/W/h;h;
5M$M$>
Default
V V :
j j 4
j j (
)K8K8,7,7
j j
l*l*
+ + g
i i
)0)0
8 8 m
< 3 3
6V&V&-
&3636H9H9H+H+
5)%)%
&,&,
Sleep
:D3D3
w w
3-3-
!{3{3
ValueType
-,-,
System.CodeDom.Compiler
")3)3
GuidAttribute
MoveNext
SetCompatibleTextRenderingDefault
.[;[;
A+A+@9@9%6%6
4E;E;
58'8'
5*$*$L
8_*_*d
get_Count
'<7<7
8_*_*i
data
" 4 4_;_;
l l -
TargetMethod
i i
1'='=
1n<n<B0B0
Y Y
ptrHook
;{3{3
x%x%|5|5m8m8
'%7%7%8%8e)e)
)&8&8(7(7

;z3z3
H$H$
SetWindowPos
1'1'h6h6c7c7
.M;M;
0 0
S#S#
3 < <
.a;a;:4:4
5050n<n<
(e7e7f6f6G'G'
~ ~ q
% % r
EditorBrowsableAttribute
set_Dock
1N=N=i2i2
7#7#t4t4
B B
.I;I;
G%G%
name
9R,R,
Utils
=?2?2 }
7G7G7
I0I0~<~<
-`:`:+5+5e$e$:
4^#^#
6k7k7
4r#r#
57%7%
;/;/
4s;s;
.rsrc
J J
ClearProjectError
.a;a;
v/v/
Save
' ' I
4b#b#
*'*'t6t6Y7Y7
set_BackgroundImageLayout
" " N
DebuggerHiddenAttribute

H+H+@9@9/6/6-&-&l
]2]2
A0A0y<y<
AssemblyTitleAttribute
0z<z<
C/C/
- - f
,I:I:1515X$X$S
10.0.0.0
- - j
'2727<8<8
2y<y<L0L0
get_Timer1
_/_/
5<%<%
%+%+!9!9"6"6
2020z<z<
Create__Instance__
H H 7272
))8)87777
Start
,Z:Z:"5"50$0$;
;y3y3
7+7+@9@91616
5M%M%]
f2f2 = =
=d2d2
t t 2
%1%1)=)=[2[2
4m;m;
:1313
6U6U6
= 1 1
1 1
` ` y
` ` r
4p#p#
3System.Resources.Tools.StronglyTypedResourceBuilder
['['n6n6l7l7
.ctor
. .
T#T#
E E
2W;W;
Container
!This program cannot be run in DOS mode. $
Instance
11.0.0.0
<O0O0
,`:`:?5?5M$M$4
!S3S3
Main
DelegateCallback
BSOD
A0A0
Invoke
H H
6H'H'
;$;$
<q/q/=
q)q)2828?7?7
W$W$?5?58:8: - -K
).8.89797
=q2q2
y y x
K+K+M9M9:6:6
1-=-=i2i2
f f
&A6A6)9)9S+S+
_ _
)H8H8?7?7
/&/&:6:66969V+V+
. .
( (
m_FormBeingCreated
"=4=4
FrameworkDisplayName
4~#~#
J+J+E9E9 6 6 & &m
;F2F25 5
!$!$
LIST>
l l x
OpenSubKey
& &
, rW
@.reloc
"$4$4K;K;
set_BSODHOST
; ; *2*2
.4;4;
<3030
` `
#[4[4
-T:T:@5@5A$A$9
68'8'
set_WindowState
----*:*:
'W7W7
-8:8:
4l#l#
S S X
5P:P:
4^;^;
9k,k,m
5[&[&
r2r2
5C%C%
:a.a.
9 , ,
;=2=2' '
2$2$:5:5R:R:
9",",
@ @
n n
set_TopMost
+%+%
8A4A4
".4.4g;g;
l l O
J$J$<5<5L:L:
g g #
-+-+Y9Y9
A,A,
RunWorkerCompletedEventArgs
4W#W#
q)q)R8R8
7'('(V
5+%+%
2b<b<*0*0
Q Q
8j*j*
ProcessObject
97,7,
"33338:8:
!P3P3
5M:M:
AssemblyTrademarkAttribute
.%.%
[ [ +
6-6-
GetCurrentProcess
;!0!0
NameValueCollection
MyForms
9*,*,
,$,$ 5 5B:B:
,M:M:P5P5q$q$;
91,1,
}$}$
f f #
b b =
J J B
get_Item
J J F
y y
=I2I2
% %
7+7+&9&96666
RuntimeCompatibilityAttribute
Timer1
( (
6`&`&*
8h*h*_
Assembly
8h*h*Y
set_TabIndex
)/8/87777
6.9.9@+@+
$@5@5G:G:
GraphicsUnit
E+E+H9H96666
.n;n;
a a
;r/r/J
;r/r/I
_Label1
9/,/,
s%s%s5s5h8h8
o o &
s*s*
.+;+;
SuspendLayout
ReadToEnd
Form1_Load
N$N$B5B5W:W:
get_SaveMySettingsOnExit
' '
#+#+$9$9)6)6
8d
;x3x3
Lavf57.82.102
- -
Size
g"g"
hWnd
1 1
;,;,
Activator
'K7K7G8G8
set_AutoScaleMode
Z Z N
=+=+B9B9
R/R/
+-+-
*s8s8w5w5q%q%|
set_ShowIcon
;c/c/.
&,6,6B9B98+8+
x/x/ < <
)C8C86767
:X3X3
3d;d;
*'*'
(t7t7b6b6#'#'
C C G
)%8%8<7<7
\0\0^<^<
5U&U&$
x"x"
#h4h4
.a;a; 4 4
, : :
My.WebServices
C C X
Dispose__Instance__
get_Settings
&B6B6H9H9D+D+
T T )
KillExplorer
F&F&
components
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
c/c/
1l l
Z Z $
4@"@"
/+/+K9K9M6M6 & &j
7%7%
;a/a/P
K+K+9999'6'6
, ,
FontStyle
x*x*
4R$R$7
-/:/:
4 4
;a/a/I
:{4{4Z#Z#
p,p,
N/N/
9u,u,
6 ( (Q
7'7'
;z/z/'
A&A& 6 6
WebClient
1"1"
:a3a3
, ,
? ? o
8})})
2j;j;i/i/B

ExtensionAttribute
ResourceManager
Show
! ! r2r2"="=
9`4`4
06=6=l2l2
#y4y4
&:6:6O9O9R+R+
.NET Framework 4
DoWorkEventHandler
G!G!
3!:!:(-(-
5&5&
<<0<0
B+B+%9%9+6+6
~ ~
ContainerControl
[$[$
) )i7i7k6k6C'C'
-O:O:'5'5>$>$>
M M a
ArgumentException
I I
2y<y<.0.0
q/q/
a a
M M S
.e;e;
8U*U*r
M M H
6060
1#=#=Z2Z2
M M D
z(6
7*(*(V
8080v<v<
5e&e&-
.j;j;%4%4v"v"
5^$^$
)>7>715155&5&
set_BSOD
],],
AssemblyCopyrightAttribute
) 8 8
O$O$"5"5P:P:
ToUInt32
9g,g,s
T T
,`9`9P6P6)&)&b
4s#s#
get_IsDisposed
d+d+H9H96666
RemoveRange
E0E0
|*|*
Audio
MyComputer
Operators
: 5 5T$T$
)0808'7'7
1{<{<I0I0
.c;c;+4+4
1b=b=
<9090
~"~"
RuntimeHelpers
scanCode
<N0N0
2$;$;
uFlags
&66663939T+T+
O*O*
4p"p"
7 7 C
r r
;h/h/D
HWND_TOPMOST
0 = =h2h2
;h/h/@
/0/0}<}<
%+6+6/9/92+2+
M/M/
add_RunWorkerCompleted
/0/0
#m4m4
$05050:0:
,0,0s<s<
Y Y
?0?0j<j<
1r<r<N0N0
'0'0
k k
[$[$9595Q:Q:
BSJB
set_Enabled
5b%b%
8 8 B2B2
< 3 3

+G~
_Panel1
&D6D68989L+L+
InitializeComponent
get_Value
8p*p*r
My.User
.[;[;.4.4
8p*p*j
:h3h3
beep_04
,>:>:6565B$B$*
set_Interval
p ~:
l/l/ < <"4"4w"w"
S S
.'.'q6q6d7d7
5[$[$
IEnumerable
%^5^5
AutoScaleMode
&g6g67979X+X+
!l3l3
4`;`;
8I,I,
,J:J:.5.5H$H$^
5~8~8
K K
.cctor
AsyncCallback
0 = =j2j2
1 1 K
4C;C;
':7:7
:$:$6565@:@:
XAttribute
/0/0~<~<
:3-3-
N+N+O9O9B6B6(&(&k
GetObjectValue
,#:#:E5E5L$L$Y
G+G+!9!9 6 6
CallNextHookEx
c$c$(5(5T:T:
4o;o;
;I2I2C C !
ControlCollection
.o;o;+4+4
: . .
.Z;Z;.4.4
=%=%
get_UseCompatibleTextRendering
{/{/
c,c,
[*[*
!{3{3$<$< 0 0
"+4+4I;I;
0!=!=X2X2
U/U/
._;_;!4!4
R#R#
< < _
:r3r3
n+n++9+9'6'6
i i d
C+C+0909.6.6
T$T$0505r:r:
1&1&*6*6/9/9B+B+
CompilerGeneratedAttribute
m m
RuntimeTypeHandle
v v
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
'?7?7&8&8
4n;n;
< < 3232
25;5;
Object
( ( _
2D;D;
get_Forms
7_5_5
0 0 X
sender
u*u*l8l8
s#s#
H H
D+D+>9>9"6"6-&-&e
k&k&
^#^#
1#=#=b2b2 V
Args
;]/]/2
set_ShowInTaskbar
5Y&Y&
op_Equality
$ $ |2|2
^ ^ &
get_BackgroundWorker1
:D-D-"
I,I,
|2|2
'+7+7
t t
5-%-%
StreamReader
Registry
$ $ o
:q3q3
4T;T;
" 4 4e;e;
r r %
`*`*
:H3H3
5(%(%
;]/]/R
#c4c4
.t;t;+4+4
!(!(
7t(t(=
*|8|8
)3838-7-7
p p $
2}<}<Q0Q0
#%#%
;]/]/N
AddAnnotation
14=4=
3 3
v.v.l;l;
L L
ComVisibleAttribute
GetResourceString
".4.4_;_;
)H8H84747
,d:d:7575V$V$*
10=0=n2n2
,c:c:3535F$F$X
2g<g<?0?0
H H
LowLevelKeyboardProc
!w3w3
2H;H;W/W/K
:>5>52$2$O
1 1E=E=w2w2
&%&%
RemoveNamespaceAttributes
i/i/A<A<
!%!%
c c
j2j2
'A7A7.8.8
: :
U#U#
n/n/
z"z"
77878
get_Message
z)z)$8$83737
: :
callback
:t3t3
- -
4 9 9
# #
T T ]
+,+,
9%,%,
C C 7
.H;H;$4$4
(i7i7v6v6.'.'
2;;;;
5/:/: - -
Microsoft.VisualBasic.ApplicationServices
GetHashCode
- ->:>:+5+5Q$Q$B
4+%+%
:R3R3
4d#d#
5?:?:
= =
7k6k69'9'
9Z,Z,y
FromArgb
<H0H0
k#k#
F/F/?;?;
X X U
x x
}.}.T;T;
'D7D7/8/8
set_ClientSize
5050b<b<
+(+(
<|/|/:
7 7
get_GetInstance
2j j
X X q
a&a&
get_Audio
Microsoft.Win32
<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <!-- UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following. <requestedExecutionLevel level="asInvoker" uiAccess="false" /> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Specifying requestedExecutionLevel node will disable file and registry virtualization. If you want to utilize File and Registry Virtualization for backward compatibility then delete the requestedExecutionLevel node. --> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- A list of all Windows versions that this application is designed to work with. Windows will automatically select the most compatible environment.--> <!-- If your application is designed to work with Windows Vista, uncomment the following supportedOS node--> <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>--> <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node--> <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>--> <!-- If your application is designed to work with Windows 8, uncomment the following supportedOS node--> <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>--> </application> </compatibility> <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>--> </asmv1:assembly>
FormClosingEventArgs
u u
SetProjectError
9$,$,
(o7o7
resourceCulture
. . d
get_MainModule
E$E$
)L8L8<7<7
IContainer
'K7K7E8E8
h&h&
;t3t3
U0U0x<x<
5 5 K
A A
" "
3S;S;
`/`/
%%%%
i+i+T9T9A6A6
2>;>;
<7070
defaultInstance
KBDLLHOOKSTRUCT
'(7(7
7,7,{9{9
1s<s<?0?0
B2B21=1=
++++K9K9.6.6
n n
System.Collections.Specialized
InternalXmlHelper
6&6&
1 = =f2f2
!|3|3
(%(%
5'%'%
k k
System.Linq
^ ^ :
{ {
get_NextAttribute
6n&n&,
17;7;*/*/r
;v/v/D
InvalidOperationException
t2t21=1=
;(0(0
{2{2
^ ^ S
1 1s<s<
^ ^ V
;v/v/;
j j 3
{ { 6
9D+D+
^ ^ _
^ ^ C
&1616C9C9@+@+
j j #
&,6,63939=+=+
L*L*
^ ^ L
-1:1:7373
9 9 (
7'8'8
.-;-;
@+@+D9D9@6@6
i%i%u5u5q8q8
'$'$3535 ; ;
4z#z#
6 ' '
4x$x$
2!=!=
'4747.8.8
addedHandlerLockObject
DockStyle
EditorBrowsableState
,S:S:.5.5y$y$B
>'>'v6v6y7y7
CreateNamespaceAttribute
5 5
+0+0
V V \
6j9j9B+B+
\*\*
UnhookWindowsHookEx
2 2 b
, ,
X+X+B9B96666
&r5r5o8o8
X,X,
7 7
.2;2;
#'#'o6o6x7x7
3 : :1-1-3
set_Visible
5S7S7
Z Z !
.A;A;
&/6/6H9H9Y+Y+
4s$s$
S/S/
,`:`:
^$^$3535[:[:
L$L$'5'5O:O:
f2f2G=G=
2,!,!
SetWindowsHookEx
#r4r4r9r9a,a,e
Z2Z2
8`*`*`
,K:K:
;p/p/X
1 12=2=w2w2
w)w)@8@85757
2W=W= 1 1}
Attribute
+ +
hMod
T+T+19199696
*n8n8m5m5v%v%
i i =
F$F$3535M:M:
1.0.0.0
9_,_,
9r4r4
RegistryKeyPermissionCheck
CompilationRelaxationsAttribute
{ {
get_WebServices
nCode
0(=(=K2K2
WeakReference
.o;o;
#0#0
Value
u*u*
&<6<6@9@9h+h+
(,(,
HttpWebRequest
e#e#
r/r/
j#j#
, ,
<b0b0
O"O"m3m3
OnCreateMainForm
wwwwww
get_White
<u/u/F
PADPADPL
=e2e2 Q
TargetObject
FormBorderStyle
q q %
)+8+8"7"7
R R /
BSOD.BSOD.resources
Create
R R 8
9%9%
;~3~3
1%=%=x2x2
System
: . .
B B ;2;2
<+4+4t"t"5
HideModuleNameAttribute
G+G+9999"6"6
get_DateTimeFormat
ToString
R R l
R R a
C0C0
O2O2'='=
4c#c#
9?6?6
W2W2
e e n
e$e$
6G9G9<+<+
3 3 v
; ; =2=2
set_AttributeValue
;t/t/I
]+]+?9?95656
v"v"
= = W
DllImportAttribute
s s s
get_Headers
4J;J;
*/*/
Play
=m2m2
9-9-
60'0'
:#-#-1
#m4m4y9y9f,f,
Z0Z0~<~<
w#w#
;b/b/%
X+X+>9>9,6,6!&!&y
3030}<}<
M M
V2V2
8z*z*
Annotation
:8383
m_inScopeNs
-e:e:,5,5T$T$6
;:2:2O O
Z/Z/
g2g2
Q Q
get_Visible
;'2'20 0
!X3X3
t t
8x*x*r
2 2 T
N%N%
& &)6)6S9S9b+b+
AssemblyFileVersionAttribute
5=:=:
55%5%
;d/d/1
:.-.-
2`<`<
9n,n,w
4J#J#
System.Resources
!r3r3
/'/'
#-#-
GetString
9(,(,
y y
elem
"Y3Y3
get_IsNamespaceDeclaration
flags
4h;h;
?0?0
j2j2
SoundJay.com Sound Effects
=$1$1
8 8 F
P0P0
3}!}!L
9:6:6
m_ComputerObjectProvider
8.,.,
\ \

& & f
, ,
AuthenticationMode
source
add_DoWork
I I
6f&f&4
b b
BSODHOST_Load
<G0G0
/-/-
R$R$
G/G/
GetStream
"%4%4V;V;
7070u<u<
DelegateAsyncResult
5+5+H9H9)6)6&&&&
'-'-6:6:
, (a
SWP_NOMOVE
N-N-
9',',
Font
! !
t t
4[#[#
.:;:;
m m
M2M2F=F=
W&W&
<D0D0
;a/a/8
4j;j;
My.Forms
.9;9;
G-G-
String
get_BSODHOST
_CorExeMain
g,g,
GetResponse
? ? +
Z#Z#
&P6P6G9G90+0+
? ? 2
R*R*y8y8
4R#R#
;i3i3
? ? F
0H<H<
;m/m/?
!q3q3
Timer
? ? U
DebuggingModes
K2K22=2=
&)6)68989I+I+
Microsoft.VisualBasic.CompilerServices
'@7@72828
: : ^
9&9&
- -M:M:)5)5g$g$S
RSDSDm
A problem has been detected and Windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: SYSTEM32.DLL PAGE_FAULT_IN_NONPAGED_AREA If this is the first time you've seen this stop error screen, echo restart your computer. If this screen appears again, follow these steps: Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need. If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode. Technical information: *** STOP: 0x00000050 (0xFD3094C2,0x00000001,0xFBFE7617,0x00000000) *** SYSTEM32.DLL - Address FBFE7617 base at FBFE5000, DateStamp 3d6dd67c FS
: : V
6!(!(L
$#$#$4$4K;K;
* * s
)I8I87777
* * k
2v<v<D0D0
6!(!(X
;?2?24 4 "
6-(-(L
wwwwwwwwwwwwww
Keys
5q$q$I
WebResponse
User
`.sdata
} } J
4n#n#
- ; ;
getLoadFreshData
XElement
resourceMan
d*d*
p"p"
!p3p3
;I2I2U U
<0<0l<l<
-^:^:,5,5=$=$H
4j#j#
8 6 6E&E&0
W W
=a2a2
%&%&K6K6P9P9X+X+
get_Culture
]+]+K9K9:6:6
'T7T7A8A8
5`&`&
System.Drawing
.;;;;
2 (
,S:S:3535U$U$6
W2W29=9=
6$&$&
C C k
& &
;6262< <
1&=&=f2f2
n+n+Y9Y95656+&+&|
#a4a4
,I:I:
RemoveNamespaceAttributesClosure
:E-E-
!W3W3
93,3,
y y ;
B+B+B9B9
{"{"
C C
E E .2.2
Cast
GetResponseStream
C C >
(}7}7x6x6('('
,g:g:(5(50$0$G
:$:$ 5 5]:]:
9.,.,
8 8 #2#2
8u+u+
<3232? ?
;B2B2F F /
20;0;
0 0 |
MyGroupCollectionAttribute
N*N*
00=0=U2U2
;`/`/3
4{#{#
.Z;Z;
* * B2B2
1+1+K9K9
o o #
P2P2 = =
)W8W8#7#7
get_Handle
-e:e:9595M$M$4
K K C
,f:f:
.q;q;"4"4
~"~"!4!4P;P;
8)7)7
u u W
#f4f4
9\,\,d
M M
W W e
"%"%
RunWorkerCompletedEventHandler
8z*z*o
'1'1 = =
H0H0w<w<
!a3a3
,V:V:&5&5J$J$O
-A:A:
4x#x#
K K >
- -
w w
M M ]
W W N
5W:W:
K K
2#!#!
6k&k&!
,Y:Y:$5$5`$`$U
get_IsAlive
\&\&
Select
5 5
.H;H;
Z2Z2&=&= 1 1
9f4f4
=(=(
+(+
F-F-
%&%&:6:6
CultureInfo
#r4r4
0%=%=Y2Y2
2u<u<D0D0
! ! I
& &!6!6?9?9V+V+
Hashtable
set_BackgroundWorker1
^ ^ !
P P ,
get_ModuleName
!o3o3
= =
e%e%
(\7\7
&#&#
1 1
Stream
'2727I8I8
;&4&4j"j"&
8{*{*q
BSOD_FormClosing
System.Windows.Forms.Form
:B-B--
P P
o o {
a/a/`;`;
5&%&%
2+!+!@
< < M
Q%Q%
Exit
. . f
< < E
| |
z)z)
v*v*
w2w26=6=!1!1
. . [
A,A, 9 9O4O4]$]$+
5J:J:
] ] +
8l*l*
F F C2C2
] ] '
3 3
p/p/`;`; 2 2T T "
%B5B5
w/w/
i/i/
4l;l;
!c3c3
ResumeLayout
get_NamespaceName
q q
)U7U7
a/a/
F F
:5-5-
] ] t
4 4 |
% (5
w+w+
e e
f*f*
W
c c
4X;X;
remove_Tick
DesignerGeneratedAttribute
22;2;
WebHeaderCollection
CreateAttribute
~)~)3838
BackgroundWorker1_RunWorkerCompleted
21;1;
,P:P:'5'5P$P$J
4<;<;
FormStartPosition
` `
&,&, 9 9
m_ThreadStaticValue
3o"o"
System.Threading
,Y:Y:!5!5T$T$+
'!7!7"8"8l)l)
1}<}<P0P0
INFOIART
b*b*
? ? @2@2
&(6(6K9K9|+|+
'}6}6k7k7
~.~.I;I;/4/4
'{6{6n7n7
2I;I;
c c
set_Timer1
' ' E
6>'>'
' ' I
T T
6B(B(T
%w5w5
a$a$*5*54:4:
get_Current
j*j*
' ' b
=+=+8989L6L6&&&&}
% %
[ [ "
X2X2 = = 1 1
@ @ O
0 = =U2U2
)+8+8
|"|"
AttributeValue
set_Opacity
V,V,
9x4x4
$*5*5X:X:
'F7F7G8G8
N0N0
<L0L0
62(2(G
+ 9 9
):8:8'7'7
- -e9e9
8s5s5l%l%
h%h%
CurrentConfig
M#M#
: : |
9),),
: : i
set_IsSingleInstance
7t)t)
%Q6Q6<9<9a+a+
Copyright
8n*n*f
get_ResourceManager
@'@'[6[6{7{7
C C N
set_SaveMySettingsOnExit
v v
' ' @
Point
H/H/X;X;
My.Computer
:----
BSOD.Resources.resources
'1717&8&8
8n*n*Y
1e<e<@0@0
8}*}*x
6 ' '
E-E-
'&7&7+8+8z)z)
;3030
1,1,
.j;j;
c*c*
set_Item
=F2F2
|2|2$=$=
BackgroundWorker1
)9898+7+7
get_Default
\ \ 5
=]2]2
3u!u!
*o8o8O5O5j%j%
s$s$
\ \ 2
=Z2Z2
*w8w8c5c5k%k%
Exception
Z&Z&R5R5A7A7
;M/M/9
M M
GetModuleHandle
W+W+/9/9 6 6 & &
4}"}"
*]8]8|5|5`%`%
y y
2q<q<,0,0
add_FormClosing
9 - -K
5<:<:
'Y7Y7
`&`&
GetTypeFromHandle
IAsyncResult
-V:V:*5*5c$c$@
GetEnumerator
& &"6"67979U+U+
$ $ ;2;2
E+E+P9P91616
Panel1
n)n)8888'7'7
+ +
$ $ S
instance
"'4'4p;p;
;%;%
4T#T#
$ $
A0A0x<x<
;r1r1s
: . .
6&'&'
;^/^/K
.'.'m6m6`7`7
0u<u<
7+8+8
j j
.S;S;
4$9$9
2f<f<1010
4e;e;
inScopeNs
7*+*+
T$T$6565;:;:
System.Runtime.InteropServices
11=1=o2o2
Enumerable
94,4,
3C:C:
Y Y b
D0D0
r
1 = =T2T2
<3131
9 , ,
9Z+Z+^
u%u%^5^5{8{8
m_BSODHOST
8g*g*p
4U;U;
8L*L*^
System.Runtime.CompilerServices
2 2 i
(C6C61616
set_EnableVisualStyles
*m8m8a5a5l%l%w
add_Load
5G%G%
:%-%-
Y Y #
8<7<7
H'H'v6v6
8s*s*
8i*i*u
0,=,=T2T2, ,
Y Y .
o/o/
)+8+8$7$7
-
8%8%
8P4P4
60&0&
:F3F3
- - 9292
"3434b;b;
9090
:>3>3
&0&0
FormWindowState
set_ForeColor
0'0'
Microsoft.VisualBasic
%J6J6
*{8{8h5h5
<>0>0
),),
0D=D=
.i;i; 4 4}"}")
<P0P0
9+9+$9$9,6,6 & &e
set_Font
2 2
!u3u3
v$v$
:$:$
)1)1
.P;P;
u+u+
Close
1 1
D%D%
4+:+:
6H9H9Q+Q+
IDisposable
DebuggerNonUserCodeAttribute
Synchronized
L L U
9S,S,y
62929Q+Q+
;n/n/m
L L K
attributes
d#d#
1z=z=
.x;x;
n n
> >
0%0%
5:%:%
:[.[.
My.Application
.S;S;C4C4
q$q$
,R:R:,5,5N$N$L
.q;q; 4 4
5j&j&
AssemblyProductAttribute
:y3y3
8}*}*
;*2*2' '
`2`2-=-=
Equals
$ $ <
<Module>
2.!.!
71(1(V
8}6}6
.NETFramework,Version=v4.0
;:2:2C C
Q,Q,
A A
MulticastDelegate
CancelEventArgs
%5656<9<9U+U+(

z.z.j;j; 4 4
-@:@:'5'5a$a$J
d/d/
value
SizeF
<f/f/I
2017
4\#\#
'F7F7P8P8
'(7(75858
_ _
^$^$
j%j%

^&^&
4y"y"
8*8*T8T8\7\7
5 % %
T*T*
inScopePrefixes
5b:b:
j j
6 8 8
J0J0
x$x$
#GUID
5V&V&7
Panel
1u<u<G0G0
c2c2
^"^"
4v#v#
"%4%4
. . i
get_AttributeValue
(f7f7m6m6R'R'
^,^,
.R;R;
'3737
(|7|7m6m6D'D'
P P
set_ShutdownStyle
8b*b*Y
I0I0l<l<
a2a2 = =
:z3z3
,^:^:
XName
5!5!
2t<t<F0F0
.z;z;
[ [
ApplicationSettingsBase
4{#{#G
F,F,
1 1
System.Xml.Linq
- : :
AutoSaveSettings
__ENCAddToList
:%.%.
I+I+O9O93636$&$&
4L;L;
m_BSOD
I+I+&9&9/6/6$&$&
Thread
1 = =
U*U*
Microsoft.VisualBasic.Devices
5!%!%
MyTemplate
BackgroundWorker1_DoWork
_2_2&=&=
<z3z3
AudioPlayMode
<U0U0
:_3_3 " "
9+,+,X
g*g*
IEnumerable`1
_BackgroundWorker1
_ _ #
set_StartInfo
< <
ObjectFlowControl
x2x27=7=
3 3
4w8w8^+^+
,K:K:>5>5T$T$B
CheckForSyncLockOnValueType
R$R$:5:5c:c:
5[&[&/
BSOD.exe
n*n*
remove_DoWork
o#o#
UnmanagedMemoryStream
6)()(v
&66666969>+>+
F+F+F9F9,6,6
5 5 c
f#f#
H$H$ 5 58:8:
2/;/;
q q
*l8l8y5y5r%r%
AccessedThroughPropertyAttribute
System.ComponentModel
LocalMachine
'4747&8&8
)?8?83737
RegistryKey
2 2 i
$ $
[/[/
5S%S%
MyWebServices
ActivateCommand
l l D
M'M'
8t*t*X
mscoree.dll
;n/n/3
set_Culture
8t*t*`
} }
F F n
U%U%
addedHandler
6"("(N
2}<}<*0*0
'M7M7F8F8
set_Value
j&j&
,U:U:8585\$\$Q
26;6;
MyProject
4]#]#
*v8v8s5s5u%u%
;n/n/G
System.Collections.Generic
,N:N:'5'5A$A$d
captureKey
;n/n/I
8i*i*N
8i*i*s
7F8F8
F F '
o o
# # d
:%:%
:j3j3
System.Windows.Forms
8i*i*d
& &
T+T+>9>9
'E7E7D8D8
:o4o4V#V#
;7272A A
ShutdownMode
<*0*0
h#h#
,N:N:1515K$K$Q
N$N$?5?5X:X:
Q+Q+D9D9#6#6
5A&A&
1|<|<m0m0
Y$Y$4545R:R:
add_Shutdown
get_InnerException
<@0@0
.,.,
GeneratedCodeAttribute
disposing
.w;w;#4#4{"{"
;W3W3
Remove
,0,0b<b<
.v;v;)4)4
MySettingsProperty
.l;l;
:7-7->
4{"{".
BSODHOST
4{"{"-
6o7o7
: :
\,\,
-p:p:25258$8$H
!\3\3
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2017-11-30 13:16:05 2017-11-30 13:18:58 173

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#FAKE-Troubleshooting

Davide Baglieri @ 2017-11-30 13:26:03

Detected family: #Filerepmalware

TheSystem Itself @ 2017-11-30 13:34:01