botnet.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 35/53 Related 2476
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 165.54 KB (169512 bytes)
Compile time: 2016-06-27 14:40:29
MD5: 92eaac8b2266fb2514e66a8e2cf98f13
SHA1: db537802fa8dd983f4b596451b1d6fe10619dfb8
SHA256: d6e7149dc9c27dcecc20824c65d4e6ade40cf70c9f78e07861ae2f95a5940a7a
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2016-07-04 10:24:01
Last submission: 2016-07-04 10:24:01
Filename detected: - botnet.exe (1)
URL file hosting
hXXp://185.62.189.29/ok/botnet.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-07-04 06:32:04 [35/53] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x24ca4 151552 8ebf2316d7001dab697e69c5e5e0f9c8 9e81ae9833836f24ac08b2da538b463a641294c8
.rsrc 0x28000 0x10 4096 620f0b67a91f7f74151bc5be745b7110 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
.reloc 0x2a000 0xc 4096 ed4b172ad3ac308676133e33212474c7 81c11ed60643ceb72843fd3566805a8244d827b1
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 368446efa6819aad65e266e28f57b5e0
SHA1: 4e7d46e3fcc015ca6299bd888e307f72c6b3de59
Block Size: 5672
Virtual Address: 163840
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
ntdll.dll
mscoree.dll
jhcm32.dll
IP Found
No IP detected
URL(s)
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://sc
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
aUfUvcFzgq3w4qx8Cmm8k
yIfIdle> <
> </Regist
ssion
<LogonT
serId>[USERID
eries> <St
le>false</Run
LegalC
> <UserI
e> <RunOnl
strationInfo>
USERID]</User
asdas34df
param
e /TN "Update
>InteractiveT
pals> <Setti
eSettings>
cipal> </Pri
reshark
OnIdle> </
a0vztqDhi6LX
LSJxLtM3JqZ228Ax
label1
label2
riggers> <Pr
<Date>2014
"1.0" encodin
</Task>
stPrivilege</
<RunLevel>
/Cr
s>true</StopI
RegAs
ns="http://sc
stancesPolicy
d>false</Enab
e> <IdleSe
PT0S</Executi
> <StartWh
lowHardTermin
svchost.exe
topOnIdleEnd>
Fiddl
yNqGk8gS36SuX9eLi44kLAUZ8O9q8x1nnUNnCKzWHIZ2kIl5
eToRun>false<
RylxRmkT9gclaQWzhE
onTrigger>
aWhVxaZ0vz
& exit
Triggers>
menuStrip1
vailable>true
sight
GileInfo
vbc.exe
[USE
ipal id="Auth
<?xml versi
Assembly
ipals> <Pr
button1
1.0.0.0
-25T14:27:44.
egistrationTr
0145d00bd168810268bfa202ac045a1f
9027</Date>
<RunOnlyI
uringFileInfo
opExisting</M
n</LogonType>
SrGjsEfs7UHj65fDc4iwy2
cmd.exe
e>false</Rest
xt="Author">
otepad.exe
tasks.exe
NetworkAvaila
aZT5FRXySiZ
fileToolStripMenuItem
oslation
gistrationInf
ngs> <St
absYfrApnxaRgbr
ion\Policies\
awW3tdyeVEtwO
d>true</Allow
Author>[USERI
ersion="1.2"
runas
/Author> </R
"{0}"
Enabled>
hce.exe
>false</RunOn
lowStartIfOnB
xec> </Actio
button2
yNqGk8gS36SuX9eLi44kLAUZ8O9q5
exitToolStripMenuItem
Exit
<AllowHard
tem
dows\CurrentV
aM76rsfuDFovodXztDgdTI
oalFilename
UTF-16"?><Tas
fNetworkAvail
ies>false</Di
R_VERSION_INF
ionTrigger>
abled> <Hi
axPUXOYuZaB3LdE9o
fGoingOnBatte
panel1
Data
gonTrigger>
cutionTimeLim
rtOnDemand>
<Actions Co
mand>[LOCATIO
]ZoneID = 2 >
[LOCATION]
icy> <Disa
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
nIdleEnd>true
ty> </Settin
RE\Microsoft\
as34df
/XML "
Level> </P
btVersion
> <Multipl
llowStartOnDe
ZONE.identifi
EnableLUA
FileVersio
aeqaSbxGNzzrZfcXV0rwE1Plb
servi
nD1ysP2zNLnIIkDlgvYxMt8jHUw4
0.0
a7DJ698v4N1VTKzf9
ipleInstances
dxe
AppLaunch.
sbiedll
tartWhenAvail
SOF
a0uBkgcmQHbsyGYbMT1SrJyA3HP
GetObject
/Command>
Enabled>true<
/windows/2004
listBox1
OxUcPgmduAiXhas%
.resou
imeLimit>
keToRun> <
000004b0
oalName
UserId> </
as.microsoft.
n>false</Hidd
0.0.0.0
aC3FvjaWkV64b82RW9ilrQyMiE
<Exec> <
<RestartOn
minate>false<
yNqGk8gS36SuX9eLi44kLAUZ8O9q8
iority>7</Pri
Form1
dDescription
/mit/task">
ho [zoneTrans
ingOnBatterie
wStartIfOnBat
File
WPE PRO
aYZkUMJMmIQQn0BzHJhTfTFHuN8
er> <Ena
<Enabled>tru
fX)Q@3
lD|tIjeProtect
XndVcV2
xjZhQ2
qu{
Z%0QG`
):X<
kO-=
AFhy
s}.1
WebServices
p@Cbh
U -^0
gZnL
#Z|We
NtUnmapViewOfSQyloio
>J-J|
AutoScaleMode
get_Height
JU7Q
UnverifiableCodeAttribute
%T@qF
\ uH
yUhY
+V^9
u`Q4
U"N1
yI&D
String4Ywhe`t
,"Gx9
get_Controls
Version
` cx
zzLt
E2]m\
.Bo_m
PerformClick
aMQgZxzWC6iv
0145d00bd168810268bfa202ac045a1f
L<
0}W5
>[=\
'}J)P
sO.I
I}H5
[:[j
4jO'
2>:?C
#A'FtDv
[ordZ=
XaJ,
skRcSa
gZlY
Reserved2
GaIx
op_Explicit
DtD
\lpE
System.Security
1g~3
FH0Ra
%\nYR
)7@,4
H42N
as8pUCP4u
<&Br
O~L.
aFp6YUXR
\H'f
System.Componen@Wwbcm.Design
(L|L.J{MuM|L~
53Q9
tjCyecute
aSIhpyrX7N
u>wq$
~FU
FyL.
hs'F
}LzB9
j[mU
SMb =
d_:L4
/I(
sCrFs
jR@5
EnableVisualStyles
dXj hX
Point
fl^k#
<o >
Uo`YiYcUm
My.Computer
aQouwZ62QMELs
eSaYdTfPh
"? =
]nW6
rz
startupInfo
VirtualAllocEx
?t|~K*
ListControl
4System.Web.Services.Prot[ywju/SoapHttpClientProtocol
&+W
S1W6
get_Computer
zK}E}L|Nx@"D%
j^; lt*
Format
!^;
KeMi
P6 8
B]oB
y~N(
{E0
~DP'E
AppDomain
tE%_
CompareString
i`C'
v2.0.50727
axHbdkdRyHIlp
+M`7;C
*XO/
abfoL90Zp4KT
get_CurrentDomain
DigiCert Timestamp Responder0
.'F!
pr\
&+9
Yz_i
-JzJ(L
GzI)
ymdSl
GqIq
y\wq
YK|Iw
hX7 H'
]hphronment
Create__Instance__
{RIp
+~WjYp
`Qgw
eU4W
~Q9 <
get_ApplicatioZ
g\m]
RC:X
V< 2
7rZr
JBpF
yKyK*
cuT5
+ )#
mXY
Path
set_Text
(o:R
':E8
".O*L.6
EditorBrowsablQ[lrthbute
o`S
JinX;
_nCs
rBh dUYaO~Dv6
Control
Xy|~zv{
aT57B5F
vU2+
{{H+
$F-O
Program
*> R
L[n
ZK2
zK*6
Fn\=
get_UG
Fb012
o k{
p@tA
cgU2
e j[
J[@qB
BindingFlags
gedress
pRuH*
J{Cc
a6kY2DjoehNhfL
1tv#
U8[k_jD0^n_k^
anjgzS35S1p
acu_Message
B8"K}E
ZsBvC
^uH*^V
&Yob[:\.
zKu@
m =[
1l[9
Ui o^heT
5P`P2
=O.7y
o U`
apAz8aPVk9
C:VDpE
Sesize
get_ExecutablePath
aVHiHstWQolh
UFxO
_9 T
XbN/L
%]+
P; >
,T8
".TwGw
[iO}
GrG&Q
get_s
EhO8
P3Xj]
flX.V wy
"wFt
'HyJ
service
|\l|L~
B$F_KW
(N~O{N
i]@%
_ *)
6WA"
VirtualProtectEx
\W1m
"M}L$
Sk o
O^+J
SecurityAction
"()K|I
{6W@4P
H6V5
%J{P
ncRe o
3 YC
u+_
zK}E&
QfWf
hLjX
? n^n '
AtEx
Bon=
\m '
gckrcl.CodeDom.Compiler
KmYl
IntPtr4@}ti
.text
.B$; /
X=Zl
GetString
ks6 iY
StdError
l]W?
GetObject
isAdmin
J|I}
3Vgn`
O6 >
xJ 1
(~PbW
Ro^{
WrapNoZ_`ecqtionThrows
9sC&
set_MainMenuStrip
Button
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iK [
3As$
Ww] =Zk
cNyL(
a?:X
%#C(
RizeOf
System.Reflection
k : h
^ArDa
rd
>XhYmX'
gXTXK
xIMuM|L~
^f^o_m
jQiX
y9\h~
3 3w
$|G#
get_IsSandboxie
nk p+
>mV|C
*Z(D
'E#
0e1 0
Resources
^lUeRQ
}M|D|M}
HpHuEx9
q@ 5
z 8
c;?CUe
H|3l
;\lXm
AxIy
eaU`~
8} '
=]W]L<
>[<]o`=d
9^wDr
e\i]
label2
abToKEUtdLkTv
^S86N hYo
j^G%
t: 5
aC1NwwcF
8Z<~L)
2 Az
`.rsrc
K_)M
4.0.0.0
(db[d]
N~Lw
DigiCert Assured ID CA-10
,HxH*
%GvO.
get_Default
arFbHmeibsMV
IkXhZ
_n^l5
- =~
flNewProtect
{C"A
~_hYgva
*> 14
CompareMQnpib
M8 _
6ZiZ'
RfTbZ8
YaXi\
D]{tiaSesult
A C =}
> ?
IsWireshark
SaWo
get_IsFiddler
US1 0
n 9
}V.NF1
6sE$
v1%&
jLxM)Iv
~G](E'X
; |N5
ae2WdkwHuUq
&)ml[
Rq,FvG!
zN.2
J#VgT
iUeV
SetThreadContext
jRcS
MsgBoLH}usmt
aQ`TaEuE'CrD6
9M~K
Computer
}K{I(K{Oz
procPersPIp
:KKa
loader
}yux|
"DYn
v0t08
:+PaQ
vH~
aU3oLa5iL4
211110000000Z0b1 0
Vsoject
*IlXc
.?\m]
E#N.`
BmV9
aP`R
cYm
QE-L
o ::
4VR,
.&H,
;7:>@!
hanPv}
type4Svorhalized
GetBytes
sender
q\0 <_
get_Webg
%|Lx
Process
aAauaV0KJ3X8
Culture
GetThreadContQbl
uZk]
gn[d]
*H,V
YhfS
^eRR&
vFwCv
P`PbE
kernel32
mXj[4
r_hQ
@p\m
x)H+
set_AutoScaleDimensions
o_ h
gll`Ua
SvE~GvFtB
yAo^dVVn
zRm]n
T iX
System.Windows.Forms
AqF!Fa
V~8]:
lb]m^
dwFlags
zK{L
/;\9
P`Pb
o dP"
h~{ B
m_MyWebServicesObjectPr[lqbcs
UR@ThreadAttribute
~VbW6
p*> 5W
System.IO
WrapNonExceptionThrows
dnY<[
gmZp)
hDZJ:
odR7
kT`U
IsUserAnAdmin
mpNewFileName
MwGx
{I 8
#CtA
XhnH
gR$_
yF>F
aHDNsuna
ayxuMSP5
%wBw
ExK~
aPrFdUVpizYLwY
oWAp
jUo{e
aabKw6KfzI
GetRuntimeDirectorM
_[H=
j(^{>$
STAThreadAttribute
EvCw
qCcQ0
Form1
4 4
cGn :"kIyP
DigiCert1%0#
slowMsH
SuppressUnmanagedCodeSecur]naGruribute
K,PaVN?
~?Y{
cobS2
sGyJ)
**#R
System
Eo @ C
U9^p
Application
ddT6
Ny,,
<WeQd
0:6B
ToolStripMenuItem
Rpvz|Qf
: 4V
n 9
q6aH
%Vn_o]k
k[%G#
YbPbT
y[lUeU_iQ
\( x 2O
axYKhPj
[R;qC"
BS%A
uDrb
System.Security.Permissions
qm_lZ
jZtEx
dP h
#Strings
Y#G%+
aX1LKj0zp
PfT1
'x||}P
L|Nx@
3-2K
GetManifestRes[ojecOames
MHL4l2nkdF2hE1xogQekEZF95S5tdICTY9IqrC6ler3MNwVhx15DjoeT42hgRsiEm8pO0mVo8gYXiZ8
aELt981Q
Environment
#G|J,
4gZo[
appliW{loioName
/TgX
Zj pDsL
ycyF%D
www.digicert.com1$0"
< 2P6WeUg
:9 9[O
AcGC
l3UEt
panel1
qsN-L
ProcessModuX
uDCP<
= ? h
Decimal
hXiN
System.DiagnosticG
{LyLy
bytesRead
afMexfd31
O.M}I
Sk G>
ax1gwRCB6qx
System.Diagnostics
9)!Aq
#Bl[x
^qE"
[!+ONx@
>R o^
$8 9XiH3"
MsgBox
aI~y
pPk[l^
nD1ysP2zNLnIIkDlgvYxMt8jHUw4j730TTgaA0MT17JHKzGV6dxlWsK90XlxvpdWZei8wF3
3M,5
5{F~
]>`ScQ0S
IxNv
E}EtD&
? >: i
1Q.Xu
am~i
CYk
V_8MC%BrC
9C.cE
BM/K
^~J'Cr}
ThreadStaticAttributQ
bZk[i
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
Pi_?
fYm
[nW6
HKAQ&
9#?\l
.]Yi =
=MxP
U hXh
ProjectData
5}Xa
y <y
yTYx
set_Location
WriteProcessMeYuj
u9!
aaN0pRr
aN~N|Jr
\~Qd
MoveFile
dt ~
8.0.0.0
oKW3
VrU8]
_CorExeMain
y=;+
Title
DebuggerNonUserCodeAttribute
6k= >_u
w Bd
z@9
9<<=
get_Width
Py+J}F
@a1FrGw5
tDpE$
s-w,
$TZa
1 Fh
DigiCert Assured ID Root CA0
jaTc
$nY<[
-j!Y2a
isBv-
}Oy2
|M+
IX'E
aX6GtnP7UvSG
Uxstem.Collections
6{7%
shell32
o_ i
zK 3
0!0
4UgWf
]kTW
WeSk o
+N(5]
BitConverter
_:FTD5T
yH|I-
p\l :
62 >
Label
\tC|
rH
f/rsrc
ntdll.dll
*!FwE&Bs
Pj( o
hO~N<
wo[n
Form
]lZb
OiTb
sDv
Bcmete
h 7{
`zLt
Ap@r
ll_>[
CreateInstance
?, >
FwF5
j*>
> ,|
DAAI
$E>Lj_>
arUIqsA5jONjy
aNHC2gnJaPPj
'?I4[>
H.O}>U
< 2 4y
aWVBoWxGK5eR
kUmCYl
K\jR0
/D2
M}8&
aflezqLFuHgf
7L+7
RaSe]?Y$wFt
u?H5\?
!E %
wHZ/g
V J
aFngLZ9kJ6e
a3k6fc3gSr
'9z
5W1
MsgBoxStyle
p kD
:[iYk
Z~V0
_j\m <
]t _2
WgSp
aZqOGyFQeC
+-N.
,16C
GetTypes
9 CvO
W\jR]bR`1
6#8Jx
l`Rg
DtY,
&L}M
exitToolStripMenuItem_Click
r^ uE
aP2`
Wow64GetThreaPYwhrdxt
%X^l^?
ftD"
j**#
z5AS
Gc48@
System.SecAhqr
creationFlags
3WfPh
hXlY
MqHyI
m]lX
0 M(P
E;\+Y/2
j*> q
S m_o]
]c\O
o\: ;
ResumeLayout
E 2
tU{{KzN
L2Rc
ReadOnlMYwjjdctionBase
kcr^WindowStyle
[m=@
^hP2
#v{Q
l]kS1
System.CodeDom.Compiler
jpcsComputer
vN"D
SetCompatibleTextRenderingDefault
r{N
Columbus1)0'
qEvE
P!@#
HyI{
3|`c
wEuG&
'\hXj
9 ?
uYGqpObjectProvider
data
mmbUn
\hXi
!zMzP
QL)H
ButtonBase
Y=ZlZbZks
}N~L
'
RuntimeC[whgrhbilityAttribute
q@ 2 ; 9
[j\d\m]o
YqD'D#
ck\&Gv
061110000000Z
maiZ
sAgU*Io[d
Qb>J_
auwKwUyP
jh <
.http://www.digicert.com/ssl-cps-repository.htm0
2 m3'#:
>Xh U
ToInt32
uDt+I
= k[
4V6{G
set_Dock
WBsDw
4w >
ComVisibX
^^Sy
4,!A#
rJ :
[d]m
set_UseS\
wG"}
ala0oS8qIcael
0=uh
lXnV
5jYk
gS/[
;vqH~
agZVn4leT
Y8K|
UA2S
ClearProjectError
Q_9 8 9]m]?
XI~O~
{o R
Split
apOyk7OCL1
pBuN
fUdV7
_8 ?|
bXi\
wtCw
button2
{KzN{
f[j]
CoaT6
ZW#
Bcrktop
xINv(
VcA]M<^
:WeQ6
,X]Z
[jXu
OzO=wF$:tAy+
.H&|Gr
w,J+
CaRc~Vc
cicY9[
hQKs
o]{J,
RegistrMQ}
>{-c ; ?
7QaA
MyshwsvBollectionAttribute
v@pF~
MyWebServices
9 #9
add_Load
]>^o ?Ip
SkipVerification
gFtDv</
MemberInfo
.k :
Ui\= j
o2
I,1t
5*L0
kZ< ?
Start
Combine
mm#B#
M3J+Ni(i
*CrpY
WdR4
b#GxM&
A$2y
0v0b1 0
S 9
get_DropDownItems
7L|L/KzLtL}M
+cTfLj
Data
User
ayKRDH7c4Im
bX<`Q
!Q8_?
>dUb
ahDarmArm
3Z((
>0<0
Int64
iX >
6S5TfVd
k <5
_ocW7
=^8Yk[i
.ctor
r|0Q^8
ajB55kxHU
CsBv
N~L-
l\mYm
n_p-g?
a!Qx ~
: 0R,
VoB[J7
0 =FnZ>#
2U3=
cUh
Main
#v{Q
fPbW6
[cRb
rXrG'Ef
7V1
}!Ct
FileSystemProxy
environmeZn
![j[h
":Z;
resourceMan
File
buffer
pN$tf
vHzO{
jYh\
%~M/
IxLy
GetTypeFromHandle
0 E#
YjEn
Iq@<
aSRUxBgNW0g6KN
t\B
ac0GuMa6jk
`rjcge
DzP2x
mtF3
kIDa P
/cctor
gV`X =
7bSc
DigiCert Assured ID CA-1
0lZjSc
,X g
t= <
7"A&]
wd"*
@.reloc
=u=
GetModuleFileName
p@ ?
aQeP1
CtG!6
*ZcA
k\)e3
`vPiYUfPh}
RF2S
O-K{NwO~N|
WriteAllText
Byte
?KW
>tAy
km[= <
0Q7Vd
amaXn
)@f1
MoveNext
AxaO1
a6n9bVdS
~R2WgR
#u?
'Aq@tA
UnmanagedType
p B8
{V`X`Q
H)_EtF'
6<yHzf
; ?
[mYl
7v %
ToolStrip
gWzo
!This program W{vhiu be run in DOS mode. $
rN
N8 ;
rPID
O[(I
W:]=
5 )(
q CsGrL8fVgSf;
MessageBox
System.Drawing
pA'P
button1_Click
=O}Ks
(9YG2
**#=
aQeP+
TcWb
EtB'
*>
yI}H)-9~ 6
U^:
'BAg
Q A#.R/
{I ?
1K+Jx`
t@75
[?
set_TabIndex
ret_Verb
nn[: m
m\l^Hp
6D"F
a4EWJgkpIjHJYB
fOFb
SpecialFolder4]}r@nlderPath
MyTemDvyrc
rCBw
#H9
ThreadHandle4JjiedssId
iRK{L
`RcR
Yrrsibute
=_;
# mR4
:\o`
RuntimeCompatibilityAttribute
p= 7f
MvO-5jc\?
8 9Xi
tdICTY9IqrC6ler3MNwVhx13x1nnUNnCKzWHIZ2kIl5
ResumQNptc`d
\oXa
3vPh < Q
Assembly
UeQ>]
8> ; T
Binder
5W3u
=AyN|{K{
9]:
w 'V|
D+Kz
|Df>^kXi kZnXu
4j0t
pP\]
nKoP
vB:[
P_kpxH.$|Gr
get_Version4}}rYLajor
o[;Z9_<
ResoAh{cK`nager
SuspendLayout
:^n^<h
4-L}
"L9 @
@,8QG
WindowsIdentity
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
P(K{
inheri@Ryhbmes
amnuIs5eT
Size
1 0
x* i
KbeL
iW!]4/
3M'BlXf
J3 ;
@5RcT
Bl[ysEiqy
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
B8Z-FC@
?ZkZn[?$
O,`.VoX
ValuQNavc
B h ;
HsSandboxie
2TdU
yMV7
?ydW7
+Kd(
e] 8
IContainer
tFq4
+I. ,
Lln
'SWe8
UgU2hV{G
Y8\W
Dispose__Instance__
|HxI$
N|Jr
dsBv
r| 4j
set_ClientSize
components
^gJO[(
:ErH
dTef
=_9R0
set_Name
lTL}
H E}
M[cUm
mDpC"
3F~G
19@U
LCvCw
{JCrBvC
dVfT5VfRg
, uG
[j]@p
#Blob
go^j5
3IxLy
get_SpecialDirectories
PerformLayout
w<[j
JvFt
kbiO
wbYb[
vGAy 8
cMyG"= 9
-]g p
vX-vGw
*I-=
aMWW0LZWH4ygj
ResourceManager
EMq
axXU1q2Pl8
Yu<WgW
FtBz
flWpB
0 N|
hl]i\8A,b
R~WgX
bWMa1
3o23
v8A.[8
9deVe
jp'1
GetPr[y}uuCyId
RfWf
ZkZmlq
#}mbUn
ToInt16
N[j_;
Okct
p)wQfT
ajqtJiR4PUxmv
Lates
.5IX
Salung International Corporation1
hx_Z
4k\dn
R6Vg
pzv
^f =
>O2Zk`U%
<= 8
`XlY8
> j[
k`Y<Y8 9 X
< l]3
Microsoft.VisualBUiqe(LyServices
aeQ7O
39Z:
`P]i\
button2_Click
fN-4
ReadProcessMemorM
~BrBp
MyComputeF
W=pZ
mjOK
lY@hleSystem
}K)M
jRj[kYAy
SbW=
ReM(
B&@rB
SdW7
c7<+|V
qAbZ>
IBIJInN.
eNs37
?^=F
Jcvmace
M~M
B%?L
O `y
vWeUg
Oz
ToolStripDropDownItem
{rCsror
*L|MyL
?t\gWh
Dc;><849=C
C%Gx
gQnGIUWersion
$H^n
0 E(M,
{wz~
v@g
GizJ(
nn_jS
1@=eRfS
M|K^
$F'Y
[ikqilerGeneratedAttribute
SpecialDirectorieGJji~x
6mp@&
b$E%
Type
}[nW
resourceCulture
\8\=
Qj p
#y\eU
MX,M
,Tk`V
InitializeComponent
4j0/
;I~Oo
?[kH
set_Arguments
9Z<]
e[f^<Z
8 >Z
iK~/
AddRange
nSize
;\9
Hd U
%bt@
= FK
+I/N|L~
|Sh^
deX:Yi]h
Z<SaGu iO{D% lRcMx
<_o[
%7hR
get_Items
@ +
@**#
?vEw
:W2
.cctor
>ZjZ8
aIZoTDHrX
aKLIAmUN
J)P2u
InAttribu@
><849=C
N+MR
m_Compu@
DqI{
i\?\
T7>SB9
uxI|
FjR'
Cv* 9[?
hgt`m
CtGqI+MAd
wG^7
aG0AMFU
~ j BtA J
oN4
@O<]
0V ;
m0k0$
7Ve@
Kill
H{N
/Pi^l
&*Y>
tDp
x`-O
LSJxLtM3JqZ228Ax.resources
ErJ(
#H'/r
RcBS
3 (#
3 ($
91%
a8mmCXBgLc1
aoKzzK8hdD2YVm
Micros[|l(PhsualBasic.CompilerServices4IlgheardModuleAttribute
RuntimeTypeHandle
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Ex]ilu
N~LzB F'
=\!G2
Ks2Fm
dVfT
ApplicUnqihCase
]k Y
DUzZ
MDOQc
/fQd
ConB
SecurityPermissionAttribute
EEoyju
<qcSa
get_Loca@swh
!<kz+
Xl]p
="au
GetMethods
aZM$
u\f}
]vz~Ph
dTa?&
.L~Hp
FrG&
)UY]
%/J{
fileToolStripMenuItem
0*P4
JT8]m
xx, =
aQcGO6vzTjd
~#Hz
UfUd
%(L4
@*> [
Registry
Wow64SQnLntdadContext
@#H(6
fRG&
eUe|
i`CWF5
^W 2
[sw{M]
^8 '
*4 (
p**#
JqHyI
IeWb[
<klYm
set_AutoScaleMode
?BtDwB
6[z
}I0Q
iXh
i E6
.1T3
[+I-
add_Click
zJ{Oz
essrentDirectory
MoveF]v}C~V
160627124029Z0#
nW#N^
jT^k
cr7D
TA8Z
aQGwZAbxE2Ry3
ToLower4Njok
FD5T
get_Assembly
set_UseVisualStyleBackColor
O9k
`VoB{*
lpFileName
Zz=2
pQW!E
eUNn4
" ._
aronjGjmgP
(N2gRg
wCl 2TZkU`
sBtL
#: :
mscoree.dll
!This program cannot be run in DOS mode. $
www.salung.com1
gvVo
IS%Ar-+-
cdSg
Rh jZn
\wtkr
U_pp
GBrCr
O<E/
Dispose
aBi3crsdhxq
gUaW
w-5~Ir
p@l^M
GetHashCode
/ ;<#
b6S5
q|D>
gU4WgS
_%H)PKb4
7RT|
olV{D
B3;\DuAt
,T]-f8
^"(
nVqrB5b
wFCLJDH
A_/hM
%7TfV
^<Z;
-
> ;
DigiCert Inc1
D"CqA
AE(M}
Ta?/
S0V7
get_Name
'YrK*YMG
System.ComponentModel
GetValue
H@`H*NL
a5GmHRH1Y75v
K<jA
?u@uE
ae6bXK9rEAZjc
5I~L
y^@$
lZ8\
!tz~
;l[i
141022000000Z
vguh
`PCs
zXkZ<t
`VcW
:_lY8
iX>J|I}
IsWPE
* ; 9
BSJB
qtx~
HE2
7c"Y<
fWdQ0
9$EvG
x+Pb
}Hz>
? 9I
An\jC
9 ;hL
z3WD
aB6GKhMa
p 88
SeadAllBytes
aZFYAIJcN1gyYT
nD1ysP2zNLnIIkDlgvYxMt8jHUw9DjoeT42hgRsiEm8pO0mVo8gYXiZ5
0n*'
@*>
Strings
8\l\>
xbOg
FO/= 9
MbR
pVeT
f n`
"\c[jZ}D
Eo ;
:~VsF
aktaOBrw
?* j
[i1
O{NDl
Microsoft.Win32
Ndq@
oA[n
Qw5~t=
My.WebServices
a4hIZrViCod
PoZ<
lpExistingFilez{uc
P2<(
dpwbWc
'?\9w
:\XR?
/ GwE$G
>]My
STAR`OHYOOFORMATION
.*K.P
, r. 4j
MarshalAsA@njodtte
get_NamQ
&O*
JZHY
mX< <^
5H..
KwEqD
* i
P > 2
@dm.w
CsDv@x
[bUX
ProcessHandle
Cv9s
DllImportAttribute
9 8Ud
kk vEt
G;@3
EwB5cJ
bufR
LCsF
Mutex
nX<
StructLay[olGruribute
aHzU
iZk~
+H =
ReserveP+
Q: > jLt
s?&K
=YiY
ThreadId
D]qBq
<r\EbR`
'BrFs
K,,d
`^g`
#N@qF#Z
?3U4
fTdV
*C!
abJjWmA2
svz|
Ohio1
uqbqrEnde
pN$G M_.
1!y"Dw
_gWfV
goH0Te
49MU
RVaD
FeJ|<^8
PADPADP;
< m]m
g o_.
get_uI[OO
MethodInfo
4BnMvU
Form1_Load
_ >@
menuStrip1
,#uB
0}'B
f|G&A
P_k^
T2Cq
m]i\
CompilationRelaxationsAttribute
Rd\|K
ifeP#
FwAy
gn|Ohqut
P}N}
Ge n]
G2 x
%t5|[: m
` IoW5Sk
+!FwD
`i Q
PAs2
Td[nW
e`SbU
baseAddress
Ai]n
j730TTgaA0MT17JHKzGV6nD1ysP2zNLnIIkDlgvYxMt8jHUw2
GeneratePYwbc@ttribute
U"g>
Random
Z& <
GvFt
K-HzJ
aiGOgAra8k
1]i 6HwG
q (/
T{LzB!2
r~BhS
O%2Eq
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
ajWiqNo
Pi m
CrBp
6UK_
Xh n
jZjA
[9^ZX>
hbo|
Q8[k_j
(Wj[j
MenuStrip
Z< '
C7o"!
ksFqJ=MA
241022000000Z0G1 0
? >_n
afe6lYOW1zy
(n l_
$Ej 2
o^o
T7<M^-
IqHyI
WriteAllBytes
gN*7
W9 n_
{Fx7
G< =~
ThreadStar@
xT8P
p|x}
059?
t*Q.\
o%
LD 8
,N(a
VRj]f =
; *;>
exitToolStripMenuItem
(M/7@
= : 8
aWJqufL93d6Ehy
AcM#
(/xT
MarGryj
<|K)=|IqI
}F?JB
1>BTd
arsgzQRex
DockStyle
&:\3
'C 9
<tAy
]eTdV
arTUVzCxC
vPe]?Y
-P7VdTf
u@#DBj'[,
dS3
+3~3
9n mv
set_AutoSize
0?^o~i
0tj]mZ
cytesWritten
F!7h
!iZo
_)GL8
ContUsvu
Misc
yH~F~
aZ#)(
get_Modules
iY;Y
https://www.digicert.com/CPS0
z$@#
CompilerGeneratedAttribute
EventHandler
at07oIy2H0O
DeCrypt
-0+0
7C_R
7UKwXk
Mu0C
H|I}
aM8rF23eCgVkU
x.K+
I+O~
YvgstmentState
I<",
QD0T
I81h{#
%Qbz
8 9 =
ProcessModAv}
www.digicert.com1!0
?C \
5 (!
c=A0Q
TsotimeHelpers
ouQXi^
System.Text
]\qBq
/Principal
sales@salung.com0
Q+_T
szI}J
System.Resources
TcS1
arhvSyhtEmv
set_FormattingEnabled
RmVh%W
g^<Z
HelpKeywordAttribu@
*L.
Ur:G
*1S> i
%U! k
WindowsPrincipal
L:f
CreateProcess
~N+I
& ?^
pa =
bPws
lKieuleFileNameA
G%<
Sales Department1
G>jaVd
Wind[mkDshltInRole
a9BCu8d
k^g`
1R4m
<M[~mjc?
SystQw6EilponentModel
|B*I
a I(
k[k
_n\.
v'M~K
Show
/
D 0%
Ao"D
ge@ELckq
Exit
9@yM*
Z.Hx
~O 9
ow*@
vG`>
retry
]>{M1
DpZk
@t l
; *c
j730TTgaA0MT17JHKzGV6nD1ysP2zNLnIIkDlgvYxMt8jHUw2.Properties
listBox1
vAwOEZ
hM[~mjc
\x+N0
"T5Uho
7~M.
KiU)-
T;^@!
=\n+YM
t) t
+?[j
kcr^FileName
Y~L.
m$;Zj[
.teLn
$F"L
qIr.
l\iG
D BW
a0VeaiPDjhoB
}AqHqIxHzNw
Zh D
L ;~
CaM,0
'/4TE
Np9
gcY9
Sc|XZ
%WfV
gO-Ix
..2`
MyApplication
GetType4NwUrsing
ctDwB{
'E`t
EditorBrowsableAttribute
;t5z
QcXn
? ?^
)`Qf
,HxI
\y<oC
ZdKj <
x"Bs
N/J,
:wBw
%RcR
QnR{2
ContainerControl
_C:
08AY
auVok6az9GL
b[:]
ahlz6yzcatWA5
dwSize
^EDR/
,IdD
X:D8
-R"jRb
K'Aq
eTbZb
<_pB
:u]o`S
!n\l
processAt@hqdsues
aT3w7Wqg
Load
System.Windows
get_Culture
h pBA
F{KyO
vH#!
*SdV
aB6rpijG4lFci
9`;~*
~F^o7
,M(T
HideModAv}HgleAttribute
!'"A(
YlGEq
System.fovrole.InteropServices
vG ?
>XCr
Microsoft.Visualv{koe/Devices
a5u5wHN
B> >`
8 tF!
IW&D!
),Yj[
%L|^
?FBt
}J{O*f_
neUb
? p:
_:
get_IGMHC
<^>
Microsoft.Visualv{koe
vE$.
k8 l
$ R7
!d :
27;=
htibPersLOC
Yq@tA%N9w
zCsD$
W +g
kYI{
Y[D&
U4Vh
!o\!
ax2c3vj61TT
C~uraRounds
}zG2
(=^n
f =\
4U1
3SbS
QeVoX
xJHz
mkdR4
ListBox
Object
zB F
T@"/: m]
k{ Eu
ge@E[stsent
'J~K
3System.Resources.Tools.StronglyTypedResourceBuilder
EbJo
aM5YPvfyXWOz0
AqCE}
5 >
N*$>h
InPath
jhcm32.dll
LayoutKind
mVRZF/
BxN+
SG1P
l]aYWfL~>
?60
|a AxAy9
z0x0:
zJ~L
mpBs
o~zQ4Q
EditorBrowsableState
%N7j
Interaction
?) z
j?BX
Aso[
tX 5
sM{C!G_((
CultureInfo
l\: ;
[Z=;
xHyMx
(= u
StdOutput
H=g"
l&neTm
(M4
RaSB
o >
Z{<Pd
_j_S
dTaU`
'\6}
aJ2qQgUBqk2y2u
GetEntryAssembly
}QT~
C{CrB
ICvO.
ControlCollection
hjcR4
MM4Yvvmication
IsNullOrEmpty
9 m1
E BJ:
]3Q7
O,4)
hProcess4vhGberess
3!AqP
~DtFpH*L-
DsAwO-K~
zK}ESbR`
rtem.Runtime.CompilerServicQi
n_ ?
System.Globalization
%vBw
*LrCmX2
n_9
?^#&
_; <y
IsF]~|jcs
l^?\
:R_>]m
AcuProcessesByName
conff
<h0
pF~j
" t}
aZFPxSarfBaG
I~J@
i]: S
8rPcZEwvIj4YoPDOuD8xRgXYe6rc5x4kM3baqCbAZtAE.exe
SetApartmentSta@
`xI~
9[=\n
a8lwEzc
**#)\
ZjP2L}Ay7
%O8^=F-
M/KzLt :
OperatingSystem
gU]m
1~X8
! =_; <
wFl^^f
OperUnwtu
atJzDOik8Q9qF
aH1hXqO960h9Sg
aBKBl7F8C88
label1
Compilat]uvTcmaxationsAttribute
, J~K*
Coolean
\cdtggerHiddenAttribute
C{JzH
riread
[h n
System.Threading
L"^%G96L|N
vG %
R8^? =
FvD%EuAt
Xk'0
threadAttributes
F?JCN
aBFqnfPdTJ
@"(=z
**#
GetTypeFromHaZ~tc
j^ k
xaW4
ToolStripItemCollection
nrI}
{];AH/
w[j\d
cr^SystemDirectory
Buffer
]fBN[,
sBr@#
q 2
Z .E
FilQ[lrthbutes
{Io]2QWcL-
f5 ? Bo 9{
Rc>T
J{c4
/$F&
t9 ,]
2bT6V
eI~z
qK"24WfQ
2VfV4PaWoWfVdRj
fZkZ
n`W
h!A@1
WqG'
lQE]
J*Ky
FwH*
F,M-
^oYaO~N|*
sales@salung.com
Zll6
fT? :Y9
Next
1!1T5
ExitProcess
`YiZ
`Q*J?
rA T@3
dpJ|O/
x^n_k
nQcUm
Qf^N
Dxception
z- :s'
!GxM
kTW
0}wR1X
n^o V
^@7/
p + +
D%Ex
set_Culture
get_ResourceManager
wQg_=[s
hcW7}
]hZk
pTi k
as2vc35Mh
SetPro^
fTyB
jfV8
mYv*
8Zj^
$IzO(a,
length
4 HqJ
aRbhe4i
cRfSp
6W!G
Qa&^
~CO<
pAv
DhwecrsInformation
k[n
,JL}
$ I7
[ ?
&(
htibess
4UKtU[
Z;pn`V8
1 B{K*0j
8DlJut
S}jh
rJ
3mmh_h
[[6Ue
bZk i
2SxN+
CN%'
&(3
0J@V
m] k
^xN|
^+/3
uC#'
oRgUfO{
&(M
"> <^
Vj_>
r
8 >ZjZ8\m[c
@r3K
$F z
vD@x
\%E-
CcOz
jpobes
set_Size
^)c~K
//#F(
iRUTD5
+X(H
0{ZwC(
GetEnumerator
AK{K)
,1O{I
fTDv
]: =
,:^>
$@pA
EwH{
]l\n 1
1n PE
gQi m
j_U
Y9WeU|
n_9~ 2~
jwH*N
n ;
eW|>t
qCxN [
{K)Fv
AcuCurrentProcess
&{~L'
bL1QdSa
qK~7
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
|LxM,
@::"A9
:@ FM
|M{C
=IiD
1fWg
/bD#
r8s|V<
_> E~
-6Ho k
hXi]h!
IEnumerat[h
>t5hQ
N_nZ
ayieqojsTSY
Microsoft.Visualv{koe/ApplicationServices
YM|JrJ
'\m]
Dn&^}
-m^}1
bOx@x
t 4E@Y47
nvaR1
3 ((
2 =]
J`"@&
nD1ysP2zNLnIIkDlgvYxMt8jHUw5tdICTY9IqrC6ler3MNwVhx18
M| 1
/ZhA
_jSl*Z
RRb
hXi]h`
Int324}}rYRize
System.Runtime.CompilerServices
0 o#
CrFs
iZilghbe
)M}M/
lOhrtance
1UeU7.
5{Wj[:
|@mYk]e
NewLateBinding
sAqC
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
&CtFs
sAnXk ;?
arzAUgX
button1
o[ k
yJ)N
Mutx
CreUn}YYHnstance__
g8Z>
sKAp
(M
"RZ4R3
3 @(
(QbT
&{^g`
\BsH}
PROCESS_INFORMATION
(4!&
+[sw{M]
Tl]Ky
aaOhroz
XxDeQu
B2v[_
j\; U
I3M-
yKJr
aS8htNAES5dR
@3.3
l]kSl^n\
u4R)
<_:
GetObjectValue4HmhrhmeTypeHandle
=? *
3 ?_
IyI+*
EventArgs
IDisposable
C; 9E
aQ64oEWhOH
%!F'
jIdkectProvider
kbX=
hq?Y1
@ m
@$-)
$N}N,e
pH*V
{j}hUtbKey
@pF~
Dispose__InstancQEG
qt|Gvq
UbBg3
iR1IB
{ 9~
k^UserObjectProvider
(Nc48@
kP`Pb
-K~M-
1S_jZk 7
InvokeMember
%`j)dQ
commandLine
z) ~
XuL}P
=_93
@3gF
<Module>
XgWh
EiangeType
q) r
protect
/KzL
>~/#Fw
WdYn\
e59=
GetVQhzUrsing
C `U
value
Xb@vN
/KzL
SizeF
rA `.
oL(dK\
L~N|
YjZh jZn\~P7
ProcessWindowStylQ
m_4WgSA
l 9 >
DsC!
service.exQ
7#E$
IsInRole
=wWnYb
RrJ{Ky
DpE$
p= W
ProcessS@{jrOofo
m=A
#GUID
Panel
iZs
Zh:W
context
get_StartInf[
zZ[^
; 5W
+RiZi
juonns
.bn_jS2E
Threadg{~cIcjectProvider`1
YhX:
TAqH
|Dt@
D#C
!rA#
Q2T5vEw
u,L|H~ ++
'qL/J+
M=}J(L
l L;
k0i0$
ZK| ;
ToInteger
B ?^
hi20
aNx@
hi20
bRcWb
~NzO.
aX745Ds46
r@)K|
GetEncoding
aRQCDMsj
uE,N
yidR4
}MyL-
wZ; l\
x5rAs
D}F
/ >_=
E'CrD|:
mscorlib
:Xh\
RuntiY
!AQ7z
r.
)aX~?
) Cr
0b1 0
fnSc[9
![@"
[e$s
7TdP7V9_o^j_
WaitForEx]n
SetValue
UuL{D
Encoding
Rg{r
j >
GeneratedCodeAttribute
]<Yj[
SetAttributes
_= :
eTbZbScQ
PHdL.JH
{K k
'E#=
m%(L
= 5X?Fl
YlB0V
udjx
G~Pe hXh
-Cs$
2]oYa
hYi[
ToolStripItem
Oi 1~^u
bcZp
]+G<:
)J,YHwE
# 8RbH*Du9
(8tA%
}eN{
sEJd
payout
P_k:8
aQFhIk3A
!A<6
j\; :
wUJ7
compatible
H~^r
LocalMachine
uoIz
m_ThreadStaticValue
[ijmection
=[8 >'
R8\mW
aaufxmHF
U\A&0}
6rRj
4sB
aUZfzIf
CsOzC
x\O,
`m=xH*
#E :
-P6H
SxK*O
Yi h
qF^KW
rJ{Nw
; o?zMx
v?Yi
$}MwB#
" o^hP
Ant]
-xQbQ
lEssrent
S6UeQdz
9 2
Xl'FG!
getkSkQoseshark
nFw{}
,D%)!
JshQE
QaQ3(
qK&
Z<8
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
aDN '
|Gr
8rPcZEwvIj4YoPDOuD8xRgXYe6rc5x4kM3baqCbAZtAE
e~P7
eUaT5
D-PaVc
get_ModuleName
260626044536Z0
\9~ ?
0G:_pA#
gkSgR6?
aTJxLYOPw7ER
aP6?
kYi[
S{ZNv
!Q3U
disposing
>~ku
%O,N}
@ctivator
DispoG
4/1w
'A7
rvFvD
7z8e
C 9
ToBoolean
; P=
j[nAe1
$D#-GW$E
6 o
iPD;
Sleep
160625044536Z
= <Dm
V yKsEWj

#infosec #automation

TheSystem Itself @ 2016-07-04 10:24:01