senario104.jpg

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 13/56 Related 2629
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 89.50 KB (91648 bytes)
Compile time: 1970-01-01 01:00:47
MD5: 7714fccf2d8f60a76f2f77ba55666437
SHA1: 42799ab23f8199f334a001a84438a90d3dee92fb
SHA256: 2f3409bb36d5411d1a02ebd189c305e2b20f744c204f15eef9be459ec398448b
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 .textxc .datax .idata .reloc .rsrc
Directories 3 import resource relocation
First submission: 2016-09-12 16:12:04
Last submission: 2019-04-13 20:08:01
Filename detected: - senario104.jpg (38)
URL file hosting
hXXp://limlim00000.rozup.ir/senario104.jpgVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2015-09-09 06:49:57 [13/56] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.textxc 0x2000 0x10acd 68608 bd964cea742178281fcfaee1f03ea589 d77749476330b23463a88f6ae48e29faa995cdde
.datax 0x14000 0x10 512 66e0ab6901d7c8d2ed93d0bfd5306c6b f5e339d7c395c23810126c1962020245cd1a9844
.idata 0x16000 0x56 512 1a260d7d149be93a18acf59e08974f07 d0bbacb728d80386bff3f04bf38b2a6f4178400f
.reloc 0x18000 0xc 512 005073a9d652ba952765024edef507c7 a0ec7a44b6ce5e2f9af6b047bd05dfafe7c0c372
.rsrc 0x1a000 0x4e0a 20480 086bb74b4383e1064cfb92d5f499a6fb 59d44ae278a8cf86e317699c395b58c59d648c0a
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x1e3d0 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x1e838 76 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x1e884 924 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x1ec20 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: \xa9 Microsoft Corporation. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: explorer.exe
FileVersion: 7.30
CompanyName: Windows Explorer
LegalTrademarks: \xa0
Comments: Windows Explorer
ProductName: Windows Explorer
ProductVersion: 7.30
FileDescription: explorer
Translation: 0x0000 0x04b0
OriginalFilename: explorer.exe
XOR
8 27468
1 27468
2 27468
4 27468
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Text
\input.txt
FIle type: Library
USER32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://limlim00000.rozblog.com/page/main
>>timer4.Type
----------------------------------------
\new\run.exe
Comments
Handle :{0} was not in hashtable. The device may support more than one handle or usage page, and is probably not a standard keyboard.
>>timer5.Name
Explorer.Properties.Resources
\Temp\sim\1.bib
Received Unknown Key: {0}. Possibly an unknown device
binarygeter@yahoo.com
InternalName
@yahoo.com
Gmail.exe
imageadd
>>timer1.Name
send
messageok :
Recent Users:
imageadd :
\Temp
Control Panel\Desktop
Translation
Software\Microsoft\Windows\CurrentVersion\Run
bib
Form2
Form1
\~~~~~~~~~m1.4.big
>>timer2.Nameu
I&*
\new\new.jpg
LegalCopyright
limlim11111@yahoo.com
www.google.com
CompanyName
Failed to register raw input device(s).
binary111111@yahoo.com
smtp.gmail.com
messageuser :
<html><head><script type="text/javascript">function message() {alert("
Gmail
7.30
>>timer2.Type
{searcher-2012-1201-a103-d0e81f1b1682}
VarFileInfo
.jpg
@gmail.com
accessimage
Software\gmail
smtp.mail.yahoo.com
\~~~~~~~~~m1.2.big
WallpaperStyle
taskmgr.exe
TileWallpaper
>>$this.Type
explorer.exe
1.0.0.0
Yahoo! User ID
i[U
ROOT
Class
\Gmail.exe
");} newComment = function () {try {window.close();} catch (e) { } }</script></head><body><script> message(); newComment();</script><center><div><b>message ::</b><br /><h1>
Copyright
DeviceDesc
>>copytodrive.Type
\searcher.exe
>>timer3.Type}
EWQ
\input.txt
i=5
\Temp\sim\
LegalTrademarks
ProductName
messageuser
.exe
</h1></div></center></body></html>
Windows Explorer
imageuser :
c:\new
entername2012
UNKNOWN
Copy over folder (
\new
enterpassword2012
Yahoo! User ID:
open
taskmgr.Properties.Resources
Software\yahoo\Profiles
>>explorerset.Type
>>explorerset.Name
ver :
{gmail103-2012-1201-1201-d0e81f1b1685}
$this
$this.AutoScaleDimensions
taskmgr
.mov
messageok
searcher.exe
EUK
runuser
\Ex
\taskhost.exe
>>$this.Name
\Temp\sim\0.bib
.big
http://limlim00000.rozblog.com/page/main
runuser :
*.*
{12000066-2012-4e32-1215-d0e81f1b1681}
Assembly Version
iJ5
\new\run.jpg
.vcf
explorer
>>timer1.Type
i35
====================================================
IP Address
yahoosender.Properties.Resources
|
binary000000@yahoo.com
2012
\Temp\pushmail.min
$this.ClientSize
E(4
\Gmail1.exe
\~~~~~~~~~m
>>timer5.Type
c:\new\new.htm
\~~~~~~~~~m1.1.big
KEYBOARD
iA5
firstcopy
null
System\CurrentControlSet\Enum\{0}\{1}\{2}
Microsoft Corporation. All rights reserved.
\new\new.exe
Software\yahoo\pager
\taskmgr.exe
\explorer.exe
\~~~~~~~~~m.big
----------------------------
VS_VERSION_INFO
searcher.Properties.Resources
HID
StringFileInfo
CDRom
c:\new\img.jpg
MOUSE
FileVersion
imageuser
______________________________________________________________________________
______________________________________________________
ESF
000004b0
ProductVersion
FileDescription
An error occurred while retrieving the list of devices.
0.0.0.0
OriginalFilename
>>timer3.Name
searcher
Q/5
@Yahoo.Com
ecept
EZU
i75
M&.
iH5
i95
>>copytodrive.Name
accessimage :
iP5
>>timer4.Name
.mp4
set_BackColor
~ 1~
ReleaseMutex
AutoScaleMode
m_device
get_UTF8
x5af2f660c27de650
set_accessimage
get_Items
DefaultSettingValueAttribute
Int32
.cctor
yahoosender.Form1.resources
Object
set_FormBorderStyle
FileSystemInfo
,4+E
mscorlib
device
Registry
,/+
,"
}#+8
searcher.Form2.resources
RegistryValueKind
DownloadFileAsync
ComVisibleAttribute
add_KeyPressed
3System.Resources.Tools.StronglyTypedResourceBuilder
,; "
System.Runtime.InteropServices
GetFullPath
xcbd2ecc7300dda1a
taskmgr.Properties
SmtpException
Substring
item
Kill
Keyboard
xeacad8afe8e0f9ea
get_imageadd
get_imageuser
EditorBrowsableState
AssemblyConfigurationAttribute
hDevice
TextReader
xc8169d2c1dbfa3ed
CultureInfo
Form
set_BodyEncoding
x06de01b73ea4e3fd
System.Net.Mail
m_deviceInfo
explorer.exe
1.0.0.0
deviceType
Hashtable
RuntimeTypeHandle
method
cbSize
cbSizeHeader
lstBox1
Delegate
*f~C6o
remove_KeyPressed
taskmgr.Form1.resources

x5774d37e82b7e5f4
Marshal
RID_INPUT
search
DownloadDataCompletedEventArgs
sender
set_Body
x3cda32e67da36114
AsyncCallback
System.Collections.ObjectModel
messageuser
user32.dll
ProcessStartInfo
h:\Visual Studio\Vatan\Windows Task Manager\taskmgr\obj\Release\taskmgr.pdb
RSDS
A:_ A
set_ShowInTaskbar
imageadd
UserScopedSettingAttribute
op_Equality
set_Verb
&+N
Exit
xb9873c592aca65cf
get_Keyboard
RIM_TYPEMOUSE
Explorer
Enum
- r}
WM_KEYDOWN
EndInvoke
Interlocked
get_Culture
x9060f041842efb3c
x32af8782cc78a20a
AssemblyDescriptionAttribute
Default
xd7ea3f153979d58f
(
Cn{{}
pData
nZi("
x7b16a140d5fc737e
NetworkCredential
->
SystemParametersInfo
TJSC
X 8t
x32ea23052435daa0
ListBox
GetWindowText
searchuser
$$method0x6000039-1
get_Length
SystemColors
EnableVisualStyles
get_Device
- r9
ICredentialsByHost
GetDrives
uAction
AllocHGlobal
TimeSpan
xba18c5aab0d3c2e4
set_AutoScaleMode
x9d3fd3db9aad518c
Explorer.Form1.resources
get_Result
AssemblyCompanyAttribute
R+$r
yahoosender.Properties
Contains
-g+(
ResumeLayout
Restart
x15f0235ac9b16599
ReadLine
RIDI_DEVICENAME
uiNumDevices
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
ValueType
System.ComponentModel
System.CodeDom.Compiler
GuidAttribute
timer4
timer4_Tick
SetCompatibleTextRenderingDefault
timer1
x00aba8fccfc0fb8b
+%+
ToLower
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
imageuser
System.Threading
xb0e5d73738e62f9e
lpvParam
x59824610dd830d9a
timer2_Tick
get_runuser
- +
mscoree.dll
!This program cannot be run in DOS mode. $
PADPADP
AssemblyCultureAttribute
FAPPCOMMAND_MASK
x716e0bc3eafdded2
explorer
File
'&&
=`k_\
xc69bb80b68ae0c30
OpenSubKey
WM_SYSKEYDOWN
Hide
Stop
Dispose
timer3_Tick
ReadReg
x2ed82acc9b6c7ae4
x8e29e4a1e5907c7f
System.Net
$267c398a-9feb-418f-aa2f-c580343536b5
AssemblyTrademarkAttribute
AttachmentCollection
get_Current
FormBorderStyle
xf14e29bf4293f4f4
, rG
xb492cfb9df3ec6f7
Explorer.Properties.Resources.resources
Path
pathbe
xfbf34718e704c6bc
timer2
+8sL
x45ecdd51b8c3fd1f
EditorBrowsableAttribute
x0d5f43506034da13
User32.dll
Xenocode.Client.Attributes.AssemblyAttributes
set_ClientSize
ToString
get_LParam
@K_h
timer5@
#Blob
Control
Copy
set_IsBodyHtml
%o9
x141e6dde5952fa01
Parse
WM_INPUT
set_Device
x749d6f5efab22539
Combine
get_SubKeyCount
add_Tick
Mouse
AsyncCompletedEventHandler
x3fc7faf7b5c9ca5e
uParam
5&~5
x216585d87e89af45
EndsWith
x19980b46408608fc
`jGZ"
xe2a70875043fef58
GetString
+$r
BSJB
Save
Type
resourceCulture
get_Attributes
dInfo
get_MainModule
xeaf1b27180c0557b
taskmgr.exe
get_UserName
x3de0b6f140fa8717
DoEvents
x6ad1f17219d5e465
xf73b6a1259d2c042
op_Inequality
GetName
x0aedf8fb42eaa52b
Copyright
set_Culture
^>cr/
get_ResourceManager
AssemblyTitleAttribute
ProcessInputCommand
RegisterRawInputDevices
taskmgr.Properties.Resources.resources
set_messageuser
10.0.0.0
Delete
IntPtr
xa76862ef966e4c5a
x302e05711b5a0be6
NeutralResourcesLanguageAttribute
get_ExecutablePath
get_searcher
hRawInput
Char
deviceList
v2.0.50727
ProcessModule
add_DownloadFileCompleted
+|
add_Load
TcpClient
dj;y
GetFileDropList
System.Collections.Specialized
x9fba00c8506cc4d7
SettingsBase
get_Name
GetValue
DeviceEventHandler
Start
set_Item
Program
Microsoft.Win32
_x4f45f5cceadfcb4c
ToUpper
x81400204b161fb2e
message
ApplyResources
&(
start
get_ActiveCaption
timer3
set_FileName
x116ca550c1da03fb
GetText
InputDevice
xc447809891322395
x86951e2ba8bf5707
RegistryKey
Exception
RIDEV_INPUTSINK
GetFolderPath
HG73
x717512516db884a2
FAPPCOMMAND_OEM
FDDD
&(W
get_FileName
xc8051b100df41d07
FileInfo
+
xe6f4191628efe962
xe6f7774d7d9b3c54
,/
oR
.ctor
ContainsText
GetTypeFromHandle
IAsyncResult
x2058f3ef9d3fd4fe
FileAttributes
prb
Container
@MZUf
GetEnumerator
-O+Z
StringReader
searcher.exe
(5
LIIC
11.0.0.0
-A(8
Mutex
06@
uiCommand
+ ~S
xdb68647c3218b1a7
taskkillopen
set_runuser
.text
List`1
AsyncCompletedEventArgs
Invoke
callback
get_Count
06L
isKeyboard
GetObject
ZXs$
p r3
yahoosender.Properties.Resources.resources
GetDirectoryName
searcher.Properties.Resources.resources
x9ebab98f01d34315
WaitHandle
-1~
VK_LAST_KEY
Name
ApplicationException
object
System.Configuration
q&%%w
x8921b2836cc20647
allfile
SettingChangingEventArgs
GetDevice
System.Reflection
x586b7652ac7cefe0
fSystem.Drawing.Size, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3agSystem.Drawing.SizeF, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
vKey
Single
get_ProcessName
-T+++
Array
R+i8
text
fuWinIni
@.reloc
GetForegroundWindow
CreateDirectory
x4eb1a199a91470ac
PADPADP+
Resources
Form1_Load
+!*rg
RegistryKeyPermissionCheck
x5fbe0f0ad74a6f7c
ObjectCollection
CompilationRelaxationsAttribute
PAsK
WriteAllText
SpecialFolder
DownloadDataCompletedEventHandler
ProcessedByXenocode
MoveNext
, ry
System.Runtime.CompilerServices
GetHostName
RawInput
GetRawInputDeviceInfo
DriveType
PAs>
xd397bb1e465ce45e
xe0292b9ed559da7d
x247ea449da32403f
PADPADP\
Move
`.rsrc
4.0.0.0
set_TopMost
source
Attribute
Gmail
p + +
7.30
get_Default
searcher.Properties
xdcde4add35c2ac43
Send
+,(F
(O
result
x4160397fda47932d
FormWindowState
x3a34a1d6778a606f
WaitOne
+#rg
Enumerator
p r
x867eb3246b182488
RSDSA
mutex
;VaH
AppendAllText
8222P
-<+
h:\Visual Studio\Vatan\2012\vitan 1.3\searcher for 1.3\searcher\obj\x86\Release\searcher.pdb
pRawInputDevice
Settings
get_Body
value__
timer1_Tick
-<8
, r
Directory
SendAsync
WriteAllBytes
IDisposable
runuser
Exists
,9+7
PtrToStructure
x3292e6267361e5f4
xc399c1a442b3af6e
set_Subject
FreeHGlobal
MailAddress
get_Item
set_SubjectEncoding
CreateSubKey
x6b0ad9f73c48ad53
x0bd4f953f4305c6e
x23fee2cbe55a4ad2
get_accessimage
height
RuntimeCompatibilityAttribute
Attachment
get_Error
Collection`1
xb41faee6912a2313
get_messageuser
StringCollection
AssemblyProductAttribute
Assembly
+.(
explorerset
get_White
get_IsReady
Equals
xf9774d23284dfc14
get_Handle
taskmgr
StringEnumerator
<Module>
Concat
StringBuilder
get_SystemDirectory
System.Drawing.Size
ReferenceEquals
p 8b
MulticastDelegate
DeviceType
CancelEventArgs
SuspendLayout
,?+5s
, +
SettingChangingEventHandler
Synchronized
Process
VK_OEM_CLEAR
value
set_imageadd
yahoosender
Culture
SizeF
DriveInfo
2012
Size
CompilerGeneratedAttribute
MailMessage
set_AutoScaleDimensions
x155f8d71b24057a8
, (O
x7a4228e8c2dec04c
xba10aafe7837c31e
x9432081594ec509d
SizeOf
Microsoft Corporation. All rights reserved.
Main
Format
get_Assembly
get_Gmail
set_ShowIcon
get_DriveType
windrive
UInt16
set_Keyboard
.textxc
#GUID
AssemblyFileVersionAttribute
x550389e788419008
xf01dd7db0510292e
IContainer
System.Text
Clear
null
defaultInstance
xd623a2a126c22757
.idata
sL
SuppressDisassembly
System.Resources
System.Net.Sockets
GetProcesses
xc3238f1cc1f3faf9
set_UseShellExecute
System.IO
DeviceInfo
WrapNonExceptionThrows
get_IsBusy
components
GetHostAddresses
DebuggableAttribute
ToInt32
ApplicationSettingsBase
+b -,
xdb4f104e2a7195de
GetFiles
GetPathRoot
Gmail.exe
get_messageok
param
RuntimeFieldHandle
ContainsFileDropList
xa8b73b68e3f48ad6
x6f36cf0239278fd2
/6O@lx
B.rsrc
p 82
IPAddress
WebClient
copytodriveA
EventHandler
r^
STAThreadAttribute
RIM_TYPEHID
Thread
Form2
Form1
Explorer.Properties
add_DownloadDataCompleted
System.Drawing.SizeF
System.Globalization
1D+.
SetValue
_ +Y
ResourceManager
Encoding
hwnd
pcbSize
x2090d9426cd061c6
set_EnableSsl
EnumerateDevices
pRawInputDeviceList
AssemblyVersionAttribute
deviceName
IEnumerable`1
ContainerControl
sendr
messageok
GetDirectories
System
EventArgs
x16d6a222bd878e7b
Application
ReadAllText
GetRawInputDeviceList
accessimage
KeyControlEventArgs
~Y
deviceHandle
p ++rY
,Wf}
String
_CorExeMain
DebuggerNonUserCodeAttribute
-=+&
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
SearchOption
,!+
$654cc863-1387-4392-9120-0cd191e8ddf2
Timer
pathin
DebuggingModes
GetExtension
InitializeArray
~
get_taskmgr
#Strings
get_Attachments
<PrivateImplementationDetails>{51B0C36D-5AE1-4619-A662-0324D98EED8D}
+f+d
System.Collections
x80c5917e13d6bc71
xd35995160e10be6f
set_Credentials
get_Msg
xf50d6d3c10c0eac9
/&~I
Zero
AssemblyCopyrightAttribute
LocalMachine
*BSJB
Message
sSystem.Windows.Forms.Timer, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
$dab7e060-0f5f-4fa2-8d49-cc2b8761afb0
get_MachineName
Environment
set_Opacity
xc80209a1dd5dde6d
WndProc
SmtpClient
Keys
set_Attributes
width
Device
re
RuntimeHelpers
resourceMan
PtrToStringAnsi
GetRawInputData
System.Collections.Generic
&8n
set_WindowState
-F8t
SettingsSavingEventHandler
count
DownloadDataAsync
System.Diagnostics
$0ec006e0-ef2f-4173-b346-a1e65ee4ea34
IEnumerator
set_imageuser
KeyPressed
set_ForeColor
\ p
System.Drawing
Clipboard
System.Windows.Forms
Close
CurrentUser
Split
x213d1c4ce176f499
x6c8f60261bd48416
hWnd
RIM_TYPEKEYBOARD
set_Name
xc7fded41b8b739d4
BeginInvoke
rSystem.Windows.Forms.Form, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
set_Enabled
set_messageok
x8e9cf28f912ad7e7
p +3rQ
h:\Visual Studio\Vatan\2012\vitan 1.2\Gmail for 1.3\obj\x86\Release\Gmail.pdb
`.datax
x25c80ff911ed35d6
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
rtxt
GetSubKeyNames
Windows Explorer
FAPPCOMMAND_MOUSE
get_Cancelled
xb7dfc13308b54974
GeneratedCodeAttribute
disposing
conect
en-US
InitializeComponent
ConnectionExists
xc3d0615551ff180a
CompareExchange
Remove
DirectoryInfo
*."33
ProcessMessage
+Q+B
SmtpServer
set_Interval
searcher
x466c7e84ae3a2b91
Color
,U(~
GetDeviceType
AddRange
Sleep
ComponentResourceManager

#infosec #automation

TheSystem Itself @ 2016-09-12 16:12:04