MalScore
66/100

J4v4s0ck3t50v3r5371n5.exe

Is DLL Packer Anti Debug Anti VM Signed XOR Related 2132
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 230.00 KB (235520 bytes)
Compile time: 2017-06-13 19:47:28
MD5: 34c802b36ace4b14986942da497743f5
SHA1: 04850b933f81b58ebe136d882821e7ff6dd24b15
SHA256: 100afae765e270a4683ec87052231861de8a4928edede2adf08b9d6e479b489d
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 _rx*Z .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-03-23 16:39:02
Last submission: 2018-03-23 16:45:02
Filename detected: - Fl4shR4nsstmp465.exe (1)
- Apkw1nd0ws3ttings.exe (1)
- J4v4s0ck3t50v3r5371n5.exe (1)
URL file hosting
hXXp://windowsmxapplayrun.com/Fl4shR4nsstmp465.exeVirusTotal
hXXp://windowsmxapplayrun.com/Apkw1nd0ws3ttings.exeVirusTotal
hXXp://windowsmxapplayrun.com/J4v4s0ck3t50v3r5371n5.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
_rx*Z 0x2000 0x11d34 73216 d63050fc51cb378ba678d70edd3221d8 aecfb7d1afc0204dfd53f0b95a7494149d8bfa08
.text 0x14000 0x26b08 158720 3f27e8daf06565cfdc69dbe6d700faaa e743fdb756664c8ecffc1195e5427ebe88380c7a
.rsrc 0x3c000 0x5f0 1536 426bed14a67fff531ada559e21e61d6a 10780645f36842971a9fb455d5896564f41133ed
.reloc 0x3e000 0xc 512 66d63f892df3fb28fbad48b2f5b1453d 5630189e9f0619958849372ecfa462537cf58cf8
0x40000 0x10 512 ab021b6655cf6a325cffd4119d6403e1 ae2bfad70a0f8d585ace71d030b769077e57f633
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x3c0a0 868 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x3c404 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright...
Assembly Version: 0.0.0.0
InternalName: 23marzo1.exe
FileVersion: 1.0.0.0
CompanyName: Company name
Comments: Random comments
ProductName: Same as in FIleDescription
ProductVersion: 1.0.0.0
FileDescription: How is seen in task manager
Translation: 0x0000 0x04b0
OriginalFilename: 23marzo1.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found 
c292c8bf-3db2-2510
c292c8bf-3db2-2511
c292c8bf-3db2-2512
c292c8bf-3db2-2513
c292c8bf-3db2-2514
c292c8bf-3db2-2515
c292c8bf-3db2-2516
c292c8bf-3db2-2517
c292c8bf-3db2-2518
c292c8bf-3db2-2519
VarFileInfo
Comments
ProductVersion
Same as in FIleDescription
Copyright...
How is seen in task manager
Company name
c292c8bf-3db2-256
c292c8bf-3db2-257
c292c8bf-3db2-254
c292c8bf-3db2-255
c292c8bf-3db2-252
c292c8bf-3db2-253
c292c8bf-3db2-250
c292c8bf-3db2-251
fff7693c-43c0-97
c292c8bf-3db2-258
c292c8bf-3db2-259
1.0.0.0
Random comments
StringFileInfo
Translation
Assembly Version
FileVersion
VS_VERSION_INFO
InternalName
000004b0
23marzo1.exe
FileDescription
0.0.0.0
OriginalFilename
LegalCopyright
CompanyName
ProductName
c292c8bf-3db2-2525
c292c8bf-3db2-2524
c292c8bf-3db2-2521
c292c8bf-3db2-2520
c292c8bf-3db2-2523
c292c8bf-3db2-2522
<9[a<
P;%]
V(?
vy{8
5HH2
y=	6
LTg=
nzA*
UJzn
Int32
E\sy
GlgD
dK>$o
w+/8YcKAn
3-n
3h/\
-*7:
@2I3R
/c J
*wyU
.S0
L;HB
6#@
EkP
"5NN[
e``_
,huh
S$AA
0gvFp
ResolveEventHandler
<mgS
yDM"F.8h
'1=
V`]o
LFw Qza	=
Drd}
bNjX
p'`l
vWt6I
K_M
_D@B
m
2K
j&Nc
kQ1p
|L_mk9^
KU!*h
add_ResourceResolve
O'A%
<PrivateImplementationDetails>
IM/
ML!KA
'R!9
`eJx7
phn_l
-fyd4
|vvLA
UNy+
_8M!
5y.}c
D7h)S
]4TU
=A-6
)`>9
oGZ>
NRnl
;2CE
o)$/*V
:W\5u
'rF{
PNG
;1QR7
A?n
1Y(w
Yw6Q
XV=f
Q|f|
$Bhy
Marshal
k|*M
~~w\
|b:a4
Zm1j
I
dF6ZW+
DYAQ
?[a
iK[V
JHwr
<~$&%
.jPv#
SVeC
kevl]
B\tU
YD<6
6o\KFsxCU
T'kKl
I]6)
pxH
_.>R\~$
EQf$U
x`8i
k~mz
eFL.
e>r"
8%4/
{Zyf;
Nq='U[d&
\"RA`
)3k
bS@$4
O=%g
SZ]js/
h f*
38N
R8WQF
Y${O
K&sp$
^z
W
:v{/
'Adq 4
tq ]p
F7BzG
Cm*c.
JrLe
d-@b|M
4	fK
3u,;
QgxA
x;feE
9D{h
,x(
^
bbba050a-6219-b5.Resources.resources
x\H+
NYY~
<',m
tk~L
hI_<
[`-o
&8bo
fFJ'
IECt
5dNSk
EnableVisualStyles
^U%z
(!ziX
WhEi
9:{S
(!08/
lIH=|qk
JmP*
9W[
s(+Zo
AssemblyCompanyAttribute
sz'{vw)
s) 9
)s([
Bd+3
jo
,
!X#!
B$*4
01g_
T5KY&
>7 S!#
Mup*R
xrm
SN82
r)a
)`V~\7
MY#rG
3%o8
5EyO
@lR6
E"1W
!9Ui*s
Q}b(
5Xp6g\
N8L 5-
H[h_H
AG>i
i .bf
Pz969
#BnM
rI,k
SU
_n#@m
g~4r
^~_W
wK q
AppDomain
f'zi
THG
|{EV+
hb0
KNY%
get_CurrentDomain
HQ^*
|`^Y
9i!NS
Yb]^
RBDg
Z27
0{;X
K#@&-
tFHK
wI4"
RjG
2<nN
x*7l
=`G)
Dt4V
lz-
1td8
ex9
kWP+C
~GoX
saf;
F_>{5?
k"jC[
^Ho
AssemblyTrademarkAttribute
'LttG/
UnEV
.{CE
A
B
$
xa[}u
`P<{
/G\z
set_Text
Mx6>
*D3Q
S;H@?
W{2
|WZp4
-hZJ
a%5
85o?
_x	#
|	I$
5BQY:
#Blob
Control
w"9P
~gZA
[4>P
yf1VEE
[x`8
;PJ9-
EtMw#df
e^UY|
kESk
*J]Q
k3gb
djBB
WY4Y
OGR
[M24
%(zJ
iH%v
AK
F'
pbS%p
i}*z~
TNl>d
v6Ey
2Mv&
_~%tm
Type
`k'
MP6k,
.-o+
uJEH
/t^~
]bs'
8XK=
Qvpi)UNq
v=i2
sLVQ
<OHwY<
y)0.Df{:IpIw
)Bc>
)+tt
W7^\
dfgfdfgd.Properties
'9Z8!
Vy
3I
.B
[&w
;pk3
+:\3I
y)GV
@QD3
b@0W
zN_/
t}b^
MU+) '
BVEG
MrDh
bsKx
r>VZ3-
)sF
`Opu|N
R|C^6
Vy
>af
aHH0
Char
eRKH
$3Jz
J+]<
WSm !}
g`9T
e=<V;D/t
>/s%
E&v
sw/l
1_\d
pe<g
5uhJ
={_8
get_Name
1Y70
8llu
)n]\~
ROBt#n&
KH"V
a$QKL
kw@z
AH`#
To7K
L@$t
G<=:
F{ls
!]%i
R<Wm
g?6W?
%mnE
TI4
get_FullyQualifiedName
g}7d
+,
S7f$
>^[,4fs
A`[[
$.&h
N$?^Yy
cTYlc
LC^1B
/AqE6
LNV"
GegJ(
c~Uw
G,d
C%^l
=.n=c_uP
N,}u
1/KZ[
.lW+X
<xx!
5N"Za8.
961\
%es_M
`e%{
P!#8<9S
hI0IDF
f.;7$
Xw->?
BbC
doAq*
K-9}
C|YJU
ak|3
_bA-
.text
MsXq0
i)<y
xv:nK
GetString
zs_v
[2v4
A'w:
D9I4
8U04R
1]+{
}c?YH
}#>J
rw%V
cv-U
6*g\h%
Waq2
Oy
2*\q
Z/RY
o$sOO
UXOULd
v	rD
RoX
4A_B
"-iy
kIhw
nWb=
|LCo
,`g
4:N]
s1C^&
vF&*
+Egt
H4E1t	y
3V>PL
u6]c
iR6b
ItIJ
ehKu
nov^~
Monitor
1r,o
e$D"u
tA"VkS2t
Ga|w
o_	+
XBaK?
Resources
B&H#
_OD
l{l`v
,q]n
OLy"2J
gpzb/
>Cu,
/OoL
H}:M
%O5C
Ae?Z
!KgK
~3<
qO3t
p!t7
}U%R
Ma0q
R?t_
d/yO
GP)]
$Z}iG
R?v*"
slwe`QV
|}Lnf
L>b'
`.rsrc
bX	r
vxc
XUm^
#Schema
rING
3TYRu
YY
9%y
<BOch
OTEZy[D
,>Z]
$D4f
G[XL-kF
XP`P
[:ko:
v.Z)~$
-+*@
kernel32.dll
z?	9
Um<O
p
AQ
P{{R
bCua
nm?#
kc5m'
F%
3zb{(
em
B
tLWY
V4}E
1~cC
rXZ%
cSu:+
<tQ]Jn<
}hJ
[UzQ
rRM<
5@4w
8={A
HA1J7M0
5
}F}
:t&2
Rb{@u
[U_<
\y:
Yu[2
ZI?#
*:u5
voc+
8F+/?
op_Explicit
bBVwo
,7r:V
~8^(
_"_Azl!
4p3G
z7YO
L/;!
.)K
jx%
s
f)s0f}PY
Kqj5
YW0W
kA{^
PMY
`#pf
Ei16
&, &
eIDATXG
5?Ed
e`2B
GNZ`\
QW"0
_cBN
pVc3
+GQ09U
w^k8
oMdG
{frQ
3:!
~jp*HR
/7;
m_P2
}+B?s
FormClosingEventHandler
k-l{
m{_xvX
GV#7
(25J
(
wiGxd
(5|e
@VYPS
h&@
]!ve
agQ7j
vN 7
S2)<
2P-
s\Ash
}'U
UI|
+
}n=
BbDX
#c6U
fOK
Yu:Vp)S?i
LE
a
#8]
,2F!
HwY4
Write
OjSG
set_AutoScaleDimensions
=]36
$mvJA%
o4v0
d
G
get_Assembly
j>Bo
=dVx
!I>6
>8vg
;P=j
k2TU
TR-TQ
6+7*f1`
wxkz
)ZVe
sT.w^7
fr-C
Q^B
urFL
-DH
?mCS
v%h|
oFGf
i(UO(Q
2(4z
SXyF0O4
,V$U
aRb4
@~x]p
/i5)
eK{G$
System.IO
aH	"
WrapNonExceptionThrows
(3$%
R-kE
c/y
X^wS8h
e)|q
-c1T3
Y
B$
%0^Ek
^y'e
W^4c6}
A(FD
c#`VW
Nk#=
ke{E>g
3;2*K\Q
JV],
qTrX
.	Wt
/C%,UC/
I^eFA
7}8Jf
RuntimeFieldHandle
Z0nL
-46|
]&kT
EeM
u\vZM
mv9D
yndYn
!Ld#O
STAThreadAttribute
re4I
,`Z-
p)'b
IHDR
Form1
8nTaO
\O_y
w-;r0
*hj'
System.Globalization
c+;4}+Ytt
ZGTK
A @
[FmR
7DrF
,l?#
Pyf
:j5V
6IW`Y
Z.+X
g>|R
U.rO
-U;j
bRsE
System
EventArgs
UC"N`
Application
U;^a
^Sjy
.~s
b6l
|2%O
3$
`r>f3W
+
8nC
FsJ?
|*)s
>pT5
Jsubj
$5%
s)at'E4
ic	;
0VB
G$'T\
web
Wjy41tI
\tBd
Lk(q8
D/Lwg:Z
CreateInstance
&f0m
qRF*e
HTE6
/|S<i
U+U&
MPd\
N2vaH
MethodBase
#Strings
'J"y
SQ5zp
_(/(N
W+n
@xEf
yHv~
k@t%$
k>
#0
Evidence
@IC>
s@S;
E$^:H
]gw
[?XI
l*y#
j 	=
03]id7V
SZnU
+z!"u
Enter
4S:
@GE&
Yz(&
RS@
VirtualProtect
fX
0GO2
P,KE
(+7
MN
fw;:
6HY@
%tDV^N
&&S`
jIDATXG
&y-Y>6
+H/]<li
#&twL
J@/,
W0E>
`5yfbq
get_EntryPoint
zdTg
/H18
.,CGu
,!~c
*x9|
~o	9
2^Us
1	`^^
:z!=Q
dL%wZ<
}()
*
g.R#
HVVM
>%5
*2pI
R`[|
DkJnI
`P+FV
>!
/Z&&t
Mr^`
&!g!~
7)Bg
*[,u
Ki"
:
7d+)k
AV,D
kNR
{u=0
^-RI
SZ59
6k] ~
^s"`
]/iq
Hw Zi+=
>Fm{
;	&.i\
(/r
Hq{
8iVp
Z4Xlc
):'5@
J4hb*=
uK|V
b(G'F
H%Uv
699LL
-vmg
Array
nT=T
@_m8`l
jrx%Y;
H"w
\aC{
8iVV
[{	O
_rx*
Intern
QgR.:
\g{Z
v*1zUFw-LM?
mWli37
5{7~
1n05`
B%:;
.O2?W
}pl$
iPcvnKJO
get_UTF8
_A40
mf\l
h `mm
1:=L
ContainsKey
7_D'
jer2
(%;e
HtlD]
Dj /
+-p+
_Fc1I
Hn;P
~d/XQ
VB	\
!T.S
+< AGJ}gE8
]h1?AW=
UDH>2B
0{<'
X]26
4`U
g6MLY
zim)GwSq
*.r$}w
M
B*
(#X5-
e"VK
Sn7:
nRcy
GXa=
va_4}w
1A{5]
CLWx
rM?
;Qfa
t?-0
w.y2
>'
N8.
db:v
11Oz
h4}#
cIS"MU.
v
2w
v F
|ue{K
*e9k
/ T"
{m:~J:
IdDkd
;{H"
Form
CF^5
gH5]u\|
bx]>
M!hX
X2Rn
q8'ap@DO
NbYo
H6H8
LFR%
1ns7
n?EJ
jL7
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
vnig
}Pc7_
q'\]T
b`Bx
}aGpv
o4iM
3
Y{
=:o
1"d^BI
sKV<
B*qkah
C\3U*<
f$/a
H\<F!L
:2J:
>5E=m
BC"
#f))
lU%oM
4sHe
GM
_R0"
S	[a1
YQt
KksGx
-H=t
byQ#
,Vd;
'o4
?npQ
=aIu
x-zl
'N7&}<
{.N%
zDcib
kCQ
K
$|mu
T#aq4v6'Pt"
3nt+
O9M
VG1\NA
T[3
>JcqD
u^)%
wW/pk
set_Name
a!,QK
~#a?
a.5yY%
8\Nz
}c/t
#H]
JY?Jtf"
yE(y
jNyl
rU6Y
get_Length
(
U.
"0^t
xS/.~
fIQ
\U
[iM,R
?]Djc
as`J
>Ye@
R
Alg=
oN\A
LEM
WQG
d"`S
-BDk
ResumeLayout
U?Q&
bt@.3
vLww
Tlhs/
?QO:
hb@O
5_`^Z
}oy1
ValueType
POa{
I+GY}
6t-;
System.CodeDom.Compiler
GuidAttribute
=z
7
SetCompatibleTextRenderingDefault
<Q4sJC
s4Yi
dI.]5L~
(' zg.~)
X	ZO
NwwOwNOOL
SdM
bPlg
u;Ml"!
*q8v
tOOw
KDNu
\XFm	j
Qb>.F
p}r"k
*m6u
Ti&,
'"*-
[tP
)1:O
!l(Ty
Pj
&
"+ht6
;'Z
=y	[
g`EWT
{Ocs
OVC/
@cRiyjS
U8O
1)a34
=}
x
i(x8r
y&Co
n!dyO
IL
qD2
84l
~=u+
cPqH_kr
T"D
|ZF0o
65Wh
uVaE
[35i)
r%pRbm
?z!z
l3Mg
oBrVH
IhNl
t)AF!
ctP"
Is%M
NsO~
pF[8
T6C*
h
o.
UInt32
)I
`U|%
Ph]KU
ICustomAttributeProvider
@.spVC
w^@D
ToString
yM7iy
z_p"
(Le
Qc+ug8
eC/$
<AP_6
bs,#/C
X#p)2YW1
5$Zi
l,GT
A%k\.
YV}YIY}
G"VN7U
uWlBKN
!(t5lP
VU	g
GBZSg
7Bs!T
Mx >
W;#A
z:Za
&5B[
W?~)
jQ6$c
f%70
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
ahG[

}w!/
1=o
t:j6
bXiB
#3]>
sZi8%(
/Y
a
"ZWf;M
,Bu"J
Q0
F
AssemblyTitleAttribute
NqHm
tQ#fAx
e`Qa
_K'9
mIDATXG
sMUh
GetData
bx[6{6
k;s
Ix|^
Tr3m
i[K!
Nf\^x
LKQ6
vwhm
r6:3+?
!wpO
e6yb
igzpQHG
Nz
xZHk
4di0
!,4Y'<S
$*h2{
^A*)
add_Load
^zGs
M2 Q"
9UO>"
~m$3
OWO(
a1&d
#&E}u:
;Ou;D
t0$y
PfZU
ld9U
%=;ZR
8	Sw
$=RO
)%v0
b2x
&%e{,
!0v^
Data
J_gW
:L1{
K]:-
c~*
gIDATXG
8EU#
&W~43
U\nh&
/|(`
%,O@
DurwR#
:QJC.9_sHD:
#6z+
/}gA
do01
%U8Ct)9
dCvQ
y-Uw
v
z(s
W5;7r[
"t6h
pHYs
.ctor
5 G6[J
ISD<E
)t@z
I=W
FxO*
DB|
WFqkX1
k		r
[dngu
5qs
hC~=
8'tR[
i`PQj
|8WF
ayd@
Invoke
<
%>
^$f8
iP=f*(
Oi,
iE"b
D^EgM
G/x5
Vu)U7
oNbel+
ZF).
e%"M
:""Kn
v+:riK
nZuB
(smm:
LR3
j128
KZn?
2Eh^
_&3bE
Module
ARrw
R:*F
:Hnf
(x*j
LR~j
+d51
9d+(
$zb"<
MGpw
oIxdT|;g
@>{N
@.reloc
TN;L
Kcnn
tY.t
H%S<
W
Jd
R,^o6P
zLIQ
yI.-0v+
i	-+
,G}]
um8m
&/Ac
gFb.#
`G}MsN
f{zW6
+,#T.%
iTd
J.j/q
Byte
get_Chars
92kZ
b&|Ob(b^
y:Tq
4i4n
oP	o}g
(q0L
y]q6
O,CH
,z393e^
qSj#
GKaHt
/jI
%D?`
:EoAFP
i
nE
m@N
X6J%
b=0R
z1_>[
$g*m 
hvx
Ybr%E
riRY9
mI{
H]B]"
TV3@
'9h]]V:Ye
/bvl
#Rn$4
eYLV
NLIQ
GcW
7Q %Z
M0`F
' nw?
HJ_FE
~ym_(.
/Go*
{+SS
!Kh6
R=L&
PE
2+T9
h@Jn|a
uo6x
gH!
P=shh.
h="
{Yf7
@qn+I
|VB3
T	nH
("89t
`k^X
Bd1
kFmXs
cKg
rM
8
'u^v^
>/(+
FBA{
@A(h
#sG4g
l
c
1`
PRe8
VFEv
SF7b
{;E/
@XYrDPI
M2%lu
o42F
=}j
NOcn
vuYS:D
VE=l
6#M~h
;YXo
))8.2*
b,a
q/.V
],ASS
3TSw$
1]fC
Assembly
4pbS
Z~d4W
.bm2I
+}4)
#gmN:
bS?|q
lm=.
i2zs
<Hjb
}]?	Q
N	Ut
C`P
d!q'
@$ce
!CHs
91r#
PjU@
Kvh(Q
6]|}
SuspendLayout
$eDE
dQy]o	8
OP}k8
4n!E
k+cu
;#=~
+C~
WHH'
*u_O
j
HKY
Qg~k
Size
u(	#q
I+!U
o5l^
:QZv
.0vx^%
/wOl
"K~q
,:Z['
']a[
`L}v
x<
,*
]WZ|p
h@}/S
,Ct
%qrC
3#1e
^fKD
T:L@t
@/#O
Y@VjrX
-u-W2
WHt;
tlz$|W
IContainer
oy<n
5{!@=
@s3*
qpad
+-%2
rds1
AwrU
dfgfdfgd
SetData
%hqI
w&_#
0:5B
7U?
Guvt
C{\*o
"
D~
)\efAs
ISerializable
p:ZW
yQ4-BY
&zbh
S
Lw
V<g3{D
(5G%C
)-
I#
<{DVo
Ka5
.Og(
F.=
&qM
U{:6"
8jekH
IR6^
Vtv5@
J]Jm
35bU
3E0A2A1FD0D1EB19A875606BDEB5D70F0AA1F04F
MZj}
JlN?
nr=M
,&Ud
DeflateStream
?
_V
0oZ0
wM:@
?vt8
]j%4
~ 9&
V-L:V
"z{Tl
M=%K
m=/]uCcM/@
I_l5
P6wy
TG+\
E]_g
B-X_
Djm}
ResourceManager
RuntimeCompatibilityAttribute
\Ls
K(G:
GetExecutingAssembly
8F1F
9P
C
#DcD)
N0Y=
39FK
6.
p
,=v
.$64
P
H
ContainerControl
ZhmT
sz
`P
GE',
A(=c
O*}h
F$v)>
K3R3
}|2cW
.3-K
J	BV-4
m';w
r&l3u
HHurC
;Sz
osp0
TD
QK
x-L#
"-f!
ReadByte
7[L<'
Dg2$
#|3f_Q~W
iA@axQ
cYu+
f<ej
Yw~s
9L{0A
6e2}
kG*
D>D
BK,v
S.(wzvS
)A^
/8
i:f4
x+LI6
i'`{T
=Lo;
`9g+
r]]b
Zu'
AssemblyCopyrightAttribute
Ax~@w
`~h:\h6JW
[UW
X>:O
gNl1y
#)ua&
Ue&d
B%!{
{++B
-6*D
vH`n*
6#V[]
w;
+
RQH:h
?T^)
Q0C
AN^f
?=n^
Y8yJh
|C^!
[evo
ZzW2
V

}
.x"*AhX
U{E>P
=0lq
\p)+
RNl*
M:Q0
mMlu
Iigo
{'^#
^TVD
Close
d$0]+
d1]X
6A`4
{3u'
y{>h
Pe#kT
70vR
iNjK
get_Evidence
i{+6$P
-eG
A+Ga
BEvd
5DYB
>(q4b$
/<*lGd?7
ujU}
Read
Gp\i
@rCI
PLZ`
^3m6
MVNN:
cq=,
IConvertible
q_Tp{\\
~AC,
\Xq8
B%,tq
(A8`
!]xl
V
,>Y1t
po]6H
5Y<=3
nF6~
{_i8N-
?F?}>m
9J{S
LJ%+
Rb:Wq
l7Q,1
Ywfor
^	B"N
;\]m [t
gAMA
.L4A
X|UF
u%ou}
iv-'
K:[oE}x
"%
IAbG
c`Nr
wL1|o
AutoScaleMode
f$@)q<
fS%
@]
09fF
A$eb
MarshalByRefObject
t"[<
G{*2/
EKz|
{X K
omhC
>x^l
tML]
.cctor
`C.8
,]g%7%Hx6
,+3S
mscorlib
gi;:
OgM%%`
:$f/(
&y`~
"gZ5
':MY
6R5+
MB,L
0B_}
{KXn
gdb>
n8v.
2hcC
k'=?~
9
k'
0XXW
$>MH9Jg
Qhq3
V
<S
tx_LdJ
g):Q
shVj
uPfG
9*NG
@h)-7
ab{F
@`s|!
}c*s
o?E
iXPV
:JHR
/_"G
ml?2b
>RD$r
X*f
{'{5MrJ
<~HQ
AzL}
Byvk
I`'+
"#
Y
Z^AD
X[_
a<'.
@`yt
System.Reflection
~eeJ
er!W
OYWO
}q2+O
"vq(
>df@
%/v+V
/&%[
RuntimeTypeHandle
3<O\
}_"p
ht\3
5g'C(
4R#
tRNh
B%A/`
6_	}
#<>Q
w]	?
[1Fo
cF*J#
>4{R
PLp!
DMn&U
Yf]<
Append
CaWi
9dogd
|xJ
-$![
+t}6y
5QTp
C)^1
jhb
_\#<
_pI/k
Pv2F
j|cGzc
^?3t
ihdVW@S<7
li{1m
m#.k
Ub0Z
Nn52
7}_B
`&6zs
?I0c(l
_{iYb
AssemblyDescriptionAttribute
Tn&p
L0OBq`
!fp|M
0_=8
ye-s
@'O{
K'4%
x2TR
CLqq
>M]0
'IJ
,Rn"
Kc9Z
j>in
,M+x
~KK=
3J;7
set_AutoScaleMode
G*Ekv
8pS.
7k{H09
1]@G
;4rM
(v n
=zM~
D~,N"
eU6T
(V<-~
6F7Q
L:|-
{m9
#Qa~
UVtAo;
<scf.
:K;Q
u3[/x
Ef hB
shq
tI/D
T;kJ
5({+
T/c<
e.>Fm
,#Y}
sVcpt
5l_WJ
8+#{
/Caf
<TI2Z
'$b~
r((UjH
Dc1A
qa&v
7Qe[PsQ
j?\
fIDATXG
{sM#"
NbH/
n'c&E
v3	K
&MN.C
uY'|
xbvV
mscoree.dll
!This program cannot be run in DOS mode.

$
System.IO.Compression
H	T"
:eVU
099|
\:sD~
-.IF
Sa-;C
)Uc?
J 8
^#
>r`aH
2jTb
);M
Dispose
k0?2
t^F:*X
,e'm
(u|
uvL@
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
qrX[
ICloneable
#5fy<o
L$Si
3}$c
{v0M2D	+
Lt)M
n)IvnA
p(</x
R;je
/ NX
sslrVPmd
(TOn
ThQxt
??$o
[GQ7Q
set_ClientSize
7`@=
y!,r#3
Y$D&k]
Aqur
:whH
tYd/
xe@_
{g!T
=$g
qAs0
C`|#/kb
FVa
iLq4
581qW=_
pxD#
6aJkZ!,
dwN
4}v}
CS4=
BSJB
)MjC
[LoL
x0=Nb_T^
`U1,
ZRuSbv
,!y!
`Y?_2~
|)!74\\
e>/V7g
L""kC
KM!<{z
'YbWj
3a-|ao
W4XLA
i[d@
aqA

|
f028&
C~R$FMP
@$P"
N	/r1
y8KG
Twp8}
?PwN
m"v
IntPtr
se6
@ihbUGC
NZd>
!#6:g
{&NKQ
B$.
,V+6
;mp^Gj
h~Oc
$/"4
%W;O
j3<;f{
Q2*
6\GP
"dK}v
7n%6
Y(|z
a@T7
SV/aU
bHV|
_AppDomain
% :N
]wN7`
|doZ
i>TM
<|2>
"Z\'
bEE_J
#GM
QH'd
Mto3r
0 Y9
wf+Rs
tV}A
%UU>Yi
@<+m
<Lj8
7"P
<-%3
+iZ3	d
A38?
NXvc
\3_a|u2&ib
\3\3
t:Xt
oi?-
:t{J
kHZ))
Gn2C
X9h|eY
f3;f{/
<)X&
>bZ
J
#}p
OaXwS
4vX/u
U-xv:
Q(u:
3`)
$aUa
Q=h4
m)DTAI
{kcJ>
BlockCopy
K!9m
M2I#
O	V )
(wIf
lBv@T.
&x6M4
#0Da#
gk;0
^HD
8w<GXk
g^0vB
FormClosingEventArgs
Ma;S
6h,rD
&NZ`
es_"=
}8$]
RVq)7
0 =|
?b*#w
/:a~
J>p3
n7pX
*U!h
S|i`
#342
Xz%@
kL;u
pB Nq
5MEy
:	+;
6q>
,ewV
wLkD
04cDL
0lU!5+
t6&U^@#
g\O.
:Wz@
wdh}
-/p'
)Pa
ob
z
G?,f
8\&i
U>v
U3dO
VOf
,bZ,
V~A%":k
dE.@4N
;.bo
,T	M
MethodInfo
wJp)
;P'M&
hIDATXG
~s.?
! tV
1d~2
mUv.
Xt
CompilationRelaxationsAttribute
+($v
H?u6
:as)
$3r}
]\Sr&ZigL
UX[1
K{7c_
MemoryStream
b8CG)
&tTR
%5S 'qw
4[J
+&ez
zTu06
ResolveEventArgs
2H;*	r1d
"VK
5<QI
(+r;v
`u{8qOi
$NlaO
lIDATXG
t'LVKej
;"%-
wF9#)
$.U}
yo]v
V1hn|
uoaF
2R8L
MnIi
Jkamu
`DN<
)[]@?
Ync]'C
qAj}Je?}
^[rDf
+FRv
dIDATXG
jgRs
nQ9O
`-W!
S
pz
T[gE
v4.8
X>b<H
IEND
XO5$
b=`\5l(
Oq>>
xoR,k
&7JM
7n2z
5Vbp\
*Q2r
1
AT
{[--
3|ey
]lC\
K])_
1QuE
SSI}
b(I<
EG[%
C{lC
LcX,N
x}_n
K3us
@N7}
V0]
U~BcV
Wr$y
WiB-
soi_C
Rc$+
@JnW
g0
B
3F
iab!n
2FV}
~1xB

3;
Y
T&~
15.0.0.0
H*-(
MeU.
+@^#
&.S2
bLC5
UGQ
W<{X
?YNQ
Yc/k1N
fGYl
Concat
0%@Y
Y=,/
63L1
StringBuilder
sj<f
]=t6r
!wbm4
47KO
fn(f
p24
pQ^+h
;Ewd
2"9dRp
$($c3
c!JZ
Bw|
Q`l#'
)tZr
|!
j`yf
' (=
E].f
/;\A
EventHandler
Fz?_Y
'sW
n8Vb'
Z*n`|7o
|IM'
X^8%
yDEL
v
=Z
b7\LT
Yi\i
!]#Q
nPz+@
4S{'
/sM'
`=O@f
~PmX
HOq
&
*-
].^6
wW1A
NkIfL
j,zX
WOjb
B	q+
ox[t
{=}q
M W
AssemblyFileVersionAttribute
KpQg
^6~-
|}#'`
System.Text
49L'
vHnM~
N":?4Y
*H~^
L(I
gi{F<
?=3EzH
i)>n
System.Resources
54U;-q
zF}+
f:|C
+4"."
e!i$r
4y"V
"m{7
yk$V
l+b
{i%F
V33"
GetElementType
tMd
qBT1F
GKt\
++Da
\;_C
A._9
%)E
NbJn
wfEgS
%3w
YBw+O
tx`}
D#)I
m-aBj
Y.8t
N/`>
f\_C
Ba^N'!
$YyT-a
w(tc~)
,M2zF
G.)N
YN_]E
gr?p
;.lX)
"0
be5
$62a70ccb-e2e5-40b5-9d87-a479b7a7f732
;T9)cz
-x8P
9|7r
&A
F"
7p;,
e6bW
>uuCI
pv^7,
|>}GJ7*W
`O' k
*x
6
agfR=
@U!a
|2QM
AFwm
p&5?i
{I%'
MujU
`2(P
*&'A
uL{P
0Hh7
{k`[
=.(u
O
S`n
]~),
t4Q'W$2	QFi
gZ
0
String
Or/|
_CorExeMain
KLbVG>`#
lq@4
$i9I
.j^O
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
2~Ck<
`q*
-&EO
0M+J
SC>a
5NBh
,>R2
S	fpx
3EY'
I{KB
`!2]
$g`
<[h:
"}.!
InitializeArray
w(6k
vBr
}J`g
R-Fg
x.>hf
.l^)
PpxFKh
rY^
^wm4
ToArray
3b=b
3Ha4
C>"^
EditorBrowsableAttribute
~L W
t\JU
]4<+
bWM&e'
`p?
4y
b<Cz
TB)s33E
^O6W
&(@I
k.e
bDJj
i^*d
qdI|
w;)#
w&&I
+Ux
gjt=
Rut=
7/qD
,C@o
X1Jq
@+#5
ThmQ
0WN]%o_
c]Tz
p3Gk
Load
'4Es
4O3
1*Zx
System.Drawing
~y@*
7Ia+
L,O>
~kpT6Y
q
*>
b)|xl
]'YO3
.d>O
Dictionary`2
/
p
;ms'
}VzaaG
HOakU]
SUy
Xk[8$
tVm0
]&*[
|,*U
R_Q$r
"/K"U
EfPuk[_l
Xw|KU%
L4F0t
40_"
Y^6P
6/;
!;b,
9!x
`o8$
RuntimeHelpers
Tr\vk`A
GN/h_
DL\c
gT#s
^FHh
>=1n?
sT)Kf
0&-n
3C+Oi
Q'+be
Px8K
vNJ;	:4
Rwd.
92A?k
{=8'
%{ZQ
BQ1%
x;qv
Object
s?yW
_DuI
<2-B
H6]=
ComVisibleAttribute
Z|C?
BCKN
3System.Resources.Tools.StronglyTypedResourceBuilder
B1]a
5$dn
="z]
ABOg
w&Q
a!@J
Y's
^T*&
mJn|
^Mv8
\k&s
/awu
+FV
X=9X
g))[r
_Assembly
xr}eH
jaMI
/rFt
os?&=
M!]I-
m8PK
tS@'>W
H;
`
EditorBrowsableState
AssemblyConfigurationAttribute
a$r:X}`B
|B|
hf
'
GbnkC
;o#k
PV\a
w)8p
S.F
gxZW
CultureInfo
RD97L
C[1mG
5JyJ!
1.0.0.0
hCnry
\xnN
Y6)h
# e
/KCC
n|ha
8t<<
nR	F
eu:y
qw&S
!u4h
System.Security.Policy
To/
HA[-
* b3lCT*
wPt
9?-U
=/4T
=L*0
Stream
]HPD
tVWu
Gq]?&
dB"S
yOl4
hU_d3
:;x
X-nq
8&\?)
Dh4+"
Uj8fY
u8b\,4
zL7=
Exit
a~%m!
]H,@
e91G
9L3L
?gG~
@D1P
09}j'N
;cFr
s{Sp
S4UG6e
l1wa
"1^n=4
s'bvvL
G"^A
s$*^^:tm
-e3Qw
#=!*
o;
o*s#(
?A]>
z,$`
ICV
BBB*
+$e_
x3\}|
3=AO
Aoy
HIC@
Xt'Y
vol8
[w_#
&#q%
,Zn5
?FbGN
Hh)I
>5)5
7E8J1H
B5o\:
J\U5)
):b
`|U6
p,x`C
1Dx<
Iozx
1!@
E&Ak_
-:y2)+
G/n^
zLS@
Lc) c
Xu0R1WsN(_
lR-(
>*^%-
Y[;
&1:(?
_( U
7L0~j
2MDU
s,W
s>*
[&Ph
s)[3u6
fjB`
];''
+%7*
P=2;
PeeA+
|b^
Jwgdt
OOI@
C]kK
System.Threading
'dGBjY
$.,j
YQ#$r@@m@
G0m+
)f1m
(A]z
4xV
]>
m
FzZ,>
'$cR
I=oc}<
facD6
%KgU
`1yi
a7/~@Q
p$c
m<lk
SSiqc
COp+
'O+
MzbX
3<yB
yK4?
CmO!U
e
~|
*lo^
~bZ!
1+GQ
JMzV
cQY;c
&$2"
GetHINSTANCE
)<+t
Buffer
BrPM
K_lt
#L;L
:oQH
A^k
`%o&
xoKVb
)
"R6
5\r
a~Q,
@a|t$V
\T]
ui8Y
>bhk0
-8 _q1d%#
O/op2
4%pB
aj\~
?xQ>
)u/WH`#e
_=;p
k6}q
JDw&W
@EMy
\<IW
}5!4
Rk g
!d>+
Av@ul4
~l4|G
Vwu(
ZvDr$
NKd8U
NH+?
g@=%g
o'd|=
YO$S
M3d<
Kc!J
+@'{"f
CE904DE3617374361EFC8ABD539339211419D7B6
Uny!{
+<_z
Copyright
AJg8
Zz9"
e.9`
2& c
94b4
1h/P
.%KG
x%!D
L=]`0
)v]>
;mXu
5.A
'$P@'
LV |
hr_",*(
$;D'
{Q7g
bZvyD
vGp,
v2.0.50727
<-*
:2/1
ag\q
gVR=
&1Gc
|k.S
x:b)
set_Item
G)cR
F5M	d#Q
j^Q
Z`=<
~14[
TO13T
XR?+
E\Fhr
A)*Z[
9@TV
't)H
6t#2J
&_X$
^$KQ
l`a%k-~
{*dS
Z$rn
T
L^
OL:VzP
KMc~'
gqkIR:
ZN	F
(dTY
.l+o
a%fz
Z}f5\,
,%W?
BknW
eis!)
add_FormClosing
(jWER
+p3J
#
Y.
GetTypeFromHandle
dOP6+
[)KW
<%Wjh
~@LjW_
/5}`D
z7[1
*|Y_
(XuwjG
& H0
s.8\
jL0&
W{jl
\@Ga
}kKD
umb[4
\@]MzP
:d&+
f'M5
3O{[
o_IT
AEmJ
yW;2,
>|o6MY
xN>)
Vv N
GK^T>%
J4l0
1!AB
>dQQ
tO7-N5}q
dvOp
x^;tt
%0lY
BNvUH
7>Lk
`yR,
{ MDa4|
FlWV
System.Runtime.Serialization
G5+*(
[xcU
7=^,D
YZr=
w$W[
"oE/~
"?hF
h=E
[3S2B&
8Adh
5Jo:
MnNH
Ti
bm
XuE
Zo|e
ZbDBV
vO#(
%Nd
System.Runtime.InteropServices
s~S[
7gy%
Math
}y8`
g4D,p4
D ](
;[*Ub
Cj)n
a-SB
F6nl
UKit
,
vH
m)e:
Nwmrf
JC	g
'X;;9U}`
hbX=
mG=:&
H#R+
Ci5P
WGup!B
System.Runtime.CompilerServices
}#it
6G-?$;
=s7t)
2)o
SuppressIldasmAttribute
I-\&

{p?n
^'z>/
^.V
fjfE`Z
#|{Y
U',B$
p|~k$
`d1>/
^5N?
2\KP;
kY*"@
w5oK
1xY1
1-Jg^
vwR<
Q4dT
p~<
Xa
m
GR^r3
u{#?g
dU=hl
02c%I8
EgpF
Uw>Sx
.":<Nug
r+hy
AATz@
]r|tZ
GetManifestResourceNames
8 V&
6e{
nIDATXG
kIDATXG
C(m*
oeJg6/
v+~,
HQ9s-f
o:c
,KwA?i
o8%1
IDisposable
J9VH
moK
D*S!s0
ooT>
S5k\
b4X8
hsNz
ev)7
r.,A
5zP;
+DbS
8bz0
!II
CompressionMode
pJRN^
xySs
$4xL
/c
zW
^+~Y~
AssemblyProductAttribute
3
R(
r6z
UFe&>"
kBCq
L.Dz
IrR
X(,rq
/9A*
<Module>
pGv&
l'7"
'"QE
t&eUP
"{OI
"M4R
MEBnt
dfgfdfgd.exe
|Kf[
f]
ytT
-2e>
fW_
I{N-
-3u&v
LP?J
)ym52
q,YK_
boC;4
SizeF
/}T
dmZ#H
2018
e'}u$YHB
ED;I
u;q$X
m9zB
vH:MA
z)vf
p`z,VK
1.(@RY
XfF8
,,Ph
&+(.}F
1_o?
?E
~
}GFd
cw_
49N2=
ywBw
qMi5
v,bw"
aAt+
~v&A
zy2:
tdC0
1(sG8}Z
#+eV
#GUID
Xw
a
2=|.KD
b|F}
Zh))a
wKBaa
zFK
k,$N
oIDATXG
C3%iC
bIiI
,
aA
#[DT
%1^o
`FRJ
#BPG
54x^
8nVtu
(O1_X
!vYC
f?>8
Su,^
U<h
b3~:(
Fe<G
7y-$
s6l*
4k3CT
<`-[)
;?&v
~>"
(yR,
P~<r=
7-A/[
-mfg
,H0
3hKu
2N[|
MH4S
vtMk
8CEw
hB^T
CD.V
Q(-u
~&5F
X 1P
8Y!F
Jj!%
a)
!
&eHhr
)4<c(
#nltLg#v
.QR)
Jcqs
Encoding
NH}|
z4b
q
c_'8
[!~z
v>&%m
IDATXGc``
[c_I
/|Ws
02[B&
"ZaK'
G.vP
IEnumerable`1
cgKc
5(*l
<VqI
get_Module
mSHX^
2UE,E
#HGkhh
9j[V
T=^L
b>#$
(\Nu|
9w[MA
FaC;
@e(w
gl{s
xLb%N3
K
&^
!y=p
KkT(
lU%3
2	n:CUO
uRGGJ
3oN}
>HJo
F
	.@
rarE
7vip$o
$tx j&
ZNS~
W(M
rHHC>
R>U9
0{D
YYpnR
<e^MBab
dZnK
i8-r1
System.ComponentModel
~0hU
6"
T(IA
!+.
#	?Z
vj{i
AeNu
sz-&dYJ
HEM([
cY!:1
g5f{
pfbbl
g8WE
i=qC)
&%,tq
~
@1YT
C=|sdz
3	}Q
5N,jt<|
>\ru
ppO{
"%Q;
nq^pJ
GkGI
K;0E
OK$^;
G?CE
m*-MZ
0}F@
ruzu
JuXm
we@$'
System.Collections.Generic
jhHmL.
E$uE
&na{+
o~#
v:Ky1
d;z\
rSY1v
K>+M
wAM5i
Nlk
P];
:f
S
.t`9
System.Windows.Forms
WOtM
7 ;O+.#"[
7VSe
zKHp
`hc;Y
G:Xta
/-H2
A@YyN
O /I
s_PI$J
/6]X
\L~@'
System.Drawing.Bitmap
nF_/
R{VH
ze3 '
oLfI
gRD4
7~T>Lu
8<
*sU9
ks;
}ypx
?\'!q
r[|
oQw*zZnD
^__r
AOYN
GeneratedCodeAttribute
disposing
B_%N
S/)A
kd
!
cW0W
xbL"
L^*Z
?:{xO
slO2!
2S:ED{
p^]Q=
"
A
#8"*_
8@8x
FD/TW
Qr']w
Bu7=
h'e]#
U5u3>+
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2018-03-23 16:38:03 2018-03-23 16:40:58 175

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven07_64 Seven07_64 VirtualBox 2018-03-23 16:38:03 2018-03-23 16:40:58 175

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-03-23 16:39:05