s.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 37/55 Related 2252
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 109.00 KB (111616 bytes)
Compile time: 2016-12-11 20:39:52
MD5: 96ab18ed3b806245fac847b2844cc752
SHA1: b832129c534a445733e7fbf59e1fbbb2ce0fc91f
SHA256: e23a95f6b8edc2aec100bf8aa52ea6de91335b4fed28a01a8d3735eb62b657fc
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-01-09 15:00:08
Last submission: 2017-01-09 15:00:08
Filename detected: - s.exe (1)
URL file hosting
hXXp://hayan60.inodea.co.kr/s.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-01-09 04:36:37 [37/55] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1a3c4 107520 92e44db9c09ed9300b2a28a3abc39b98 ff3c06f418bdfa871fa059d9ef1f592194f9a88b
.sdata 0x1e000 0x202 1024 41848d7914e74bf5cc40cfa70056b945 92cc7d68655bab6532dff9d7ef3af00e56ec863c
.rsrc 0x20000 0x598 1536 6dafc57b78ffa58de76c27b75cc92c58 e98cc75543fa58c2e9ff8ddf9bd7549ab0c97b7a
.reloc 0x22000 0xc 512 07cd79016cff10dc6cfd110455859688 0f2068de22b1420d2eb2991382be6691080c17fc
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x200a0 780 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x203ac 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2016
Assembly Version: 1.0.0.0
InternalName: August.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: August@
ProductVersion: 1.0.0.0
FileDescription: August@
Translation: 0x0000 0x04b0
OriginalFilename: August.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
crypt32.dll
ADVAPI32.dll
mscoree.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
file:///
{11111-22222-30001-00002}
Q7$Q7
VarFileInfo
.{\.s\.k
{11111-22222-20001-00001}
Comments
FileDescription
{11111-22222-40001-00002}
Location
$this.TrayHeight
.CJ.
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
{11111-22222-30001-00001}
FileVersion
Q7-
August.exe
.#J.;\.3\.+\
Q7&
$this.DrawGrid
SmartFTP
ESWI5gWE8PbiHNCu8S.kbSNDsLZALi5OrVNUO
1.0.0.0
StringFileInfo
Translation
August@
ProductName
Assembly Version
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
InternalName
{11111-22222-20001-00002}
.[\.S\.Kb.c
Q7I
Copyright
VS_VERSION_INFO
Q7E
file:///
$this.GridSize
$this.Locked
000004b0
#"$"'&)(*)+(,(-(.(/(21314151617181
ProductVersion
$this.Localizable
{11111-22222-50001-00001}
OriginalFilename
$this.Icon
LegalCopyright
{11111-22222-50001-00002}
$this.SnapToGrid
QWI
{11111-22222-40001-00001}
CompanyName
LegalTrademarks
System.Security.Cryptography.AesCryptoServiceProvider
$this.TrayLargeIcon
{11111-22222-10009-11112}
)Q71QDAQWQQWYQWaQWiQWqQWyQW
progressBar1.Locked
2016
$this.Language
progressBar1.Modifiers
UuxdVEofv
set_Timeout
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
PaddingMode
PADPADP
ART3yXmvFQWi9N8Bsbc
get_UTF8
CryptEncrypt
entropy
%-s
Qmao3bmCW0ZuStUs6w0
set_WindowStyle
Int32
qgPjETdkGgG3V39PL1
gChZtouf9M9nb5mmye
.cctor
AsyncCallback
SortedList
Object
ztKaEeiOK8Tj1jlr2d
crypt32.dll
FileSystemInfo
mscorlib
textInfo
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
Registry
CtCXqhm0ER
cYPrtTPOj
ReadToEnd
G3qXwXqMZZ
oKPPkWxgfOmxZUiVNn
uQ3DZlwt3V
AssemblyKeyNameAttribute
ComVisibleAttribute
QjlXHWYSJq
LSdEvMjpgjxnTx5rsq
kBcXZ2fTGr
HgP4sSncM
Bytes
GetMethod
ManagementObject
lRQ7Xu0c9Y
System.Runtime.InteropServices
kJ3lT8F9DKmNTAaWNpr
outItemOpt
KBRY3earniVTH9R5uI7
KxHaSDaVHqjJH5KDy62
DsZRWFm2V2XkvCYedxF
g8Pb4RDZt
XwUF5MuK4
iWqNEtybY67O54uL4m
fVh9bPawr69Je8ETmXa
Decrypt
WaitOne
Substring
V0uhN49NOlaRpld25M
RSACryptoServiceProvider
BitConverter
j
WcDDRaahyg
Xn5Xf0U2syQrfsRlRh
<PrivateImplementationDetails>
cipherTextBytes
nbJbu1m5oBUlYr8bYgY
Tum6SZaGulpooQJ4XgI
kmbQmu9tO
z5fXkPxjKr
htSDpmru3D
UnFXKYm6qtgiiaFcRbP
mN9SCu6V8xgYq2CIan
qCoC84a29XcV0a7AKTk
Xw5llJapqcW9Ho3vtsv
BruYTiacCsayCrtRCQH
AssemblyConfigurationAttribute
ManagementBaseObject
msclLL7xfgJDtoiMVN
iCVud2OVcqyvU1YLvw
iWqNEtybY67O54uL4m.jUIsmEW5JbCXvFURDt+i6XUwZvna4RrPmceuf+jWhDBXrQCf6MQF9dAO`1[[System.Object, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
NahkwIFZm6iXIJAF2va
A2ZXJF97cV
Y65wn6EDRG71eTZFX5
Tdm9vZmiOgQW1fCFLJi
f.C
CryptoStream
TextReader
xBf9llaSFmabFMAVqXY
System.Reflection
nativeSizeOfCode
L54vcWSmsoQeIl1srD
P7VLgRFM8b3PqbfFS4e
System.Globalization.CultureInfo
gbtwFnFaoCcxN16YQVo
1.0.0.0
CompilerGeneratedAttribute
fmr74NFzem8FpdsTKrU
Math
d3OroUt1q6GbiZ8UWM
RuntimeTypeHandle
TMqNDb1HZMEc40X3JH
gvVnOfmAQ7RxgqcEMdT
method
v9pjGhmkPCqth6NxrkJ
DriveInfo
GQfDWKiBUF7Q1kYGhW
Yy3BsZD8d
thQyhxV3y
vlmX
Y4BXQbCFVh
yoH5Dsa9Ef2SX23jIpQ
KSeBCtJn1FvXlsIyvB
apnDAKIgU3
CBaZOOoZnNhqkEsTHy
PtrToStructure
VyO2hPGG4L2FOngIwM
Delegate
BApF8VaRNaOowRBdrk4
pYmDWTXHqK
AssemblyName
4'7
Marshal
wRkZmNppUfkDpuWY09w
kurxo5099
UInt64
get_Size
XNmPfOmLSErewYQmQk2
kc3XvBGMYC
Stream
pEtiShiuq
lUDD31vPi6
FlagsAttribute
EIHAoGaHC7YkqiKQB40
m_listSeparator m_isReadOnly
get_Unicode
vgDb7qmo5ffhvQWhQvC
IsNullOrEmpty
GetProcAddress
Int16
Append
m_useUserOverride m_win32LangID
ProcessStartInfo
cipherText
get_MetadataToken
LQUPuRaz3AWL67PuFUv
flcZV9ZjJK91jg98OV
op_Explicit
RuntimeFieldHandle
BekDYxsASg
qMTjqWmWuFTRcKUpV2r
numberDecimalSeparator
jX7ps9abc9510ycGstP
op_Equality
ME.
NGNXN94Pb8
lGrDcgmHyp
CreateDelegate
vvJXhsZQDr
ObjectHandle
nK4Ik9lla
InitializeArray
QXDCZJuM1
August
X 8
%System.Globalization.NumberFormatInfo!
Enum
OvlX5hYcCU
set_Padding
GetDrives
EndInvoke
d"2
# 1
*.+
ed2exnmUlkpLFrDLiqc
TwBJBCanfTsVn7CRGXl
StreamReader
F+Q+
AssemblyDescriptionAttribute
WriteAllText
WUv6LmcBl
advapi32.dll
h3n27CyOt
RhCDf1OnIA
K6u3ejpb94eGlxFicqo
X 8v
*N+
CookieCollection
X 8~
CryptUnprotectData
get_Length
v87ZKKqTF
perMilleSymbol nativeDigits m_dataItem
LmCto2FVZeghLaPV7GI
p32A8BoGZOZURpqkHi
! B T
CFjER1p3uTbmfVIQ9c9
n"E
YmWi1Eae7jbLXD2kqZp
currencyDecimalSeparator
DCIwZ9RoEf0jxQyF8y
1B T
TimeSpan
EK
Win32Exception
E3taEg7pOXbtZvs3ww
Wu81S32RbEY7srOssE
AssemblyCompanyAttribute
VDlX80aMiE
T-7
percentDecimalSeparator
Contains
CryptoStreamMode
pAmKP8mIN7iTKXlof2T
percentDecimalDigits
Cats
SFU4mbT3GMret7THonf
u0cSTja5iHYBVignWkS

*:+
UM629FFFuGpYBIHu5a6
OperatingSystem
QthDgJJ6Bn
ToInt64
__StaticArrayInitTypeSize=40
xrkmVEC8CsORttCea3
f_`X
ValueType
get_Key
WrapNonExceptionThrows
Zero
GuidAttribute
mVvDcRmrRu1qsdhinpq
jvrDFdP24R
jUIsmEW5JbCXvFURDt
NFUDyTeR8Q
GetLastWin32Error
YhTglnmqx8fHgAt08co
eiyDo3Bb4j
vlXm
"
FileMode
description
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
GetValueNames
OOj4MSa7EgVHBnaMIiQ
(( y
System.Threading
YD4XVXkQDL
QGMWD5Xi2Iooqc26OR
gefDOWiJk3
BCWlr2asGs0YSptypCL
CN6PYnFBk07jJqsIkm2
0)=
get_Count
|
data
ipWplboFA
IC7FpSCirgMFedfjAD
|
Trim
NamD7ETMxi
_,7
validForParseAsCurrency
RTA6mX4w6doWQ3TspB
MAwFmhmGJo1qk6oC43d
get_Assembly
!This program cannot be run in DOS mode. $
ReadAllLines
callback
DSxXbHwRnP
File
*n+
nFAcJjFGUbOkxycUHK2
jXi(
OpenSubKey
FPl0H4FRfvZg7EIhXcc
CookieContainer
hKdfvBmXvlMyupnittr
plJDBrhwnT
Dispose
QZ^&
LjIZuXaAyGFOX39MjOC
hRRDIIVQrC
npR73gf91
o2yrkfmMN2E9r5nCajR
dZ9XAhn8AP
FromBase64String
iNZLD03nJiyq7iKNj1
Mpim3Calk48VA45AOSn
get_ManifestModule
Match
CrEXa7lEyT
AssemblyTrademarkAttribute
GetCurrentProcess
ueokNyUhbYPbgLnvkP
ayxPeXqumfClb3Z7I2
get_Current
JLrjotFIGxd0vyP0HG2
EwLDsYnRTY
EtNDj9WD8g
get_BigEndianUnicode
eH65tWmVQ45k3fKIqSQ
VO7oyBatILjNYdSMR5V
FKMxnMaCNN3ZKXjWFgN
Path
System.Globalization.Calendar
UInt32
BctWHYkV1svOKsfG6t
aT6ShuNQpBB4G5xOhR
i34UjbmaTZ6EIblOUwn
Fwqf6awxt
uswOdYu4gp5kEmFLX2
KeyType
HVQq4ZpFpAvknAKJpWQ
DRYDnjMKnQ
DGgLlq2WArv4eEDmVD
NyYXwhmf5eHA3DeZE4T
j 88
yHhD0qq0VV
UnmanagedFunctionPointerAttribute
ToString
August.exe
TiJiSGFPKXPo4P1PpXB
IsWow64Process
NjCv5LbhhfH1ycA9c3
entropyBytes
#Blob
E
FreeLibrary
W0CXzWxwoZ
aRcK4Bvn5y8MGNiZDJ
q x
nativeEntry
xVHDeWWMcg
set_IV
9/$
8h
Parse
A%m q
- 7
wOgXPs5vjU
vbOpjbmmEIi4oKYxoUC
WwGOVd1SQ
dySjIvyhRrV4mONJiX
nmKgmomgkS98altELnf
nIOXLDoLIY
v2*
eniDP96Dt2
FILETIME
.rsrc
TXf7wOTiKFY5D5ZImA
Split
r"K
BSJB
Type
ToLower
FY4D8o31Cp
win32LCID
negativeInfinitySymbol
r2IqlgsQCHK63Gnnfa
p1ohRZaPfDg5Q5b1T92
j>$
VM2Xrf5nwk
j>>
get_UserName
DvKXGledSb
*J+
currencyPositivePattern
j>3
MatchCollection
pOTYfDwy8
j><
ICryptoTransform
alZaVnmwZQLh0mvGbMc
CryptCreateHash
op_Inequality
numberNegativePattern
x7w6y8mkvUCSIRLDfo
GetManifestResourceStream
Join
IIsKEbFToAibyRivnSU
Copyright
AssemblyTitleAttribute
*j+
O%7
ma0jOKAPoj0hg2f09g
' = I
AssemblyDelaySignAttribute
NTwE957Kc
F8FgJwhFP
CryptDecrypt
Delete
B
IntPtr
CryptAcquireContext
y7NDVZcCN7
jX /
$$method0x6000007-1
F5nnl318ZKwpHjhpP3
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=30
] :
get_ExecutablePath
__result
JBh2h2FoFlnnbb7Y7Ob
BQcX02O7Md
Char
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
NE8Xu89oFn
rfjIEimFUaYBTrNSWOw
j>t
CompareTo
v2.0.50727
System.Security.Cryptography
4D53392A6A24D5E801ADA14E79B43F9BEBB79150
lKUx0FTT2F39FtR7a5
IuAi64m1BgZIaExKLvJ
MemberInfo
xh5jrhpqZLulrP8Sx2r
zThV1ra6uaHMjubAUi8
HttpWebResponse
gV8Dk1K7NZ0Usi8rYc
get_Name
GetValue
urP8kpB6l
IconData
Microsoft.Win32
SMJ34n0yfHQuZks8HY
pWqDXySQYN
G4SGgLh40
System.Management
G2cVWepof
aR3nbf8dQp2feLmk31.SplashForm.resources
y9LJruH3Zwa2YHgFMy
(L
HashAlgorithm
OEV
inStr
ResolveMethod
set_FileName
cXTXgD10C5
R0H7Cyn17adsWKgJUT
FileAccess
Data
lKM2ngmtKq1PBDtFPcN
)_ q
RegistryKey
Exception
lytD79Filj8yVZ6MH9u
Yvl#
asi6N7agP68rDqBiIRy
GetFolderPath
to0J0VqjMlVyn4qO1O
set_ContentLength
CtOKsJaERDOenquoGAN
Xo=
RijndaelManaged
ReadIntPtr
aSQQXCaaQvnRwHt6lYM
ToBase64String
dj;+
(;
VLBDwvculP
FileInfo
mmiDlBoFb7
KnrrTOaXIU6IUoWAPvS
get_ASCII
N4g6ilHg7gtFCHgdU4
dUIDqkGq3U
NId5JD4odoH1p21b35
DRQF71MvRRhsXXomkp
CredEnumerate
fLCX7QLQgy
eGn771FnNF
PtrToStringUni
CWmDrB5V5q
.ctor
Version
MswYgRmNu76khoNH7dv
fvGXUvqxoR
GetTypeFromHandle
IAsyncResult
#
JaAXflqUMo
FileAttributes
VNqWTsmQAXfqL7TS9B7
mscoree.dll
GetProperty
lF37tSBbFF
qxZX3URy1e
GetEnumerator
CV88x8F0nIBEjP1u7wc
SymmetricAlgorithm
j6mjNVhdW
r5cj8cwUdW9jYQUHgR
meEMgQLT1CQx84ekPY
crtNeD7pXXY7R1ScN1
f8wnwJr5v
e1OeppmcD2aadsjGakB
m_useUserOverride
l91Dh3m0Hu
SizeOf
i?J
GetDelegateForFunctionPointer
.text
List`1
lcBVZipa11uiN9EdKvK
PO7GU6ah8LWxr2Opxf1
d+Q+
ce4DmfsmSrOT856tDgfrkMb
GetString
AUraed9QsR78YPi9J4
vYIE4YmY0v9WMsK6M9l
KkJJ60mPJPScSFUtt5b
Kuep4HqbU2ZNkZxYrw
peislkigt
Q5053Bjp24ytHeRvRN
TDD7Jgmx7Slpoo8fQiL
vo4Y3dFmuPnZAj0Jd80
sqMisNm8qGJAa9T4Gwf
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo
<Module>{0EC81170-874A-4DBF-BFD4-3BE6816306FA}
m_name
IqsDLugvCZ
xhjMcizeLfPXuMgPF7
hHJTJ2adX5VdCe3su1G
WaitHandle
Convert
jq4c3ogdq2KdUpNZSl
positiveInfinitySymbol
set_Key
gtoDxPS4s0
(w
aX47DLsagg
FlushFinalBlock
numInfo dateTimeInfo
A7bDGgWhIq
O34U7HmKjaZUqCjCNKc
mHKDD87Rnb
Bu8jcuFYIkTE8bOqjRM
x5tXlklaaO
X 8x
oHdwWfmdAGcnuj1rpRl
([
xnNfAqa4ejHI9IF7hHm
Y2OcDH8ag4630wTaMf
~0
HqfXXaX6uh
i %
typemdt
Boolean
YTuQZvaZeRy0PxCQj7r
m_name m_dataItem
lVkB3FF7ECQNBignbkY
get_ProcessName
Int64
Array
jWhDBXrQCf6MQF9dAO`1
$$method0x6000020-1
X 8e
. 5 D
$$method0x6000020-2
Hashtable
Hostet9ekmhX7Swaku
QSf6XQmZj3NND7NUT7E
Monitor
jXi
iUuNytxDu
x31khVKt5
pYu5yE7DC
currencySymbol
gDdXePn5sv
kMJDziYRlG
@.reloc
ARwS9crPJTupfvZMuq
JEPuE35IJk3luDpgLn
PxJjAkaKQ9cVxjwclyh
rmEsu6m9BWId7StlhiI
vT2
MethodInfo
System.Runtime.Remoting
numberGroupSizes
MachineKey
slot
W2IHrH0v0ujJipSrMI
CipherMode
get_Cookies
vjwDESFySk
euECySF3kUc0JLf1kh
Xlp6cDfWDJUq1ctry4
CompilationRelaxationsAttribute
tSYaaTavmT66sOVJ4qb
pCiDJDIlxR
kwX6u9mlETggjyl0KX6
SpecialFolder
Byte
get_Chars
Bijc6Cl0kSoSt
i
WBNRfpsMu
]-7
A3gM02iSO
MemoryStream
G3mXSHyJrT
MoveNext
CZDRT8NcVhRJWIpO1s
System.Runtime.CompilerServices
l)X
jYkovfmnpY1KwctoxnU
HttpWebRequest
A'7
System.Net
ERfX2LuI2T
inLen
QHhHC84a1
,B T
loadCerts
currencyDecimalDigits
ManagementObjectSearcher
j YX
Random
9
vF3R74aLIwZ3FT7XFgx
2016

vCoibqsvCq5MFJRLYe
Dr4XimvwYW
NumberStyles
*
set_MaximumAutomaticRedirections
DPAPI
CreateDecryptor
get_Default
set_Accept
suYX6vJ2pT
Create
njgejDP1rOUl1xAR0S
AxvWatmsO9gm0thKrAZ
culture
kernel32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
result
GetRequestStream
calendar
percentNegativePattern
configdir
E T
j1LaJAqUD
numberGroupSeparator
fFVwmgWTqf041rvd1p
Enumerator
srVDNr2oDy
get_Location
ntdqOgeWG
TransformFinalBlock
PftfbiV4CD4OAZNJlZ
-Infinity
ISystem, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
JiTTP9YBf
get_IsReady
ManagementObjectEnumerator
OaCXWkfQtH
jY -
DISLMWa3xJVsLnCSEEY
OP6tHJfFAVkcKI5LV3
KI4N5mtDpecjcCQLqa
AtuDTA6sRW
*>+
currencyNegativePattern
DfOhM1nasSBMemZ6Rd
aOFXPuYCe
g89xAdmSOZ9uiYpbQFQ
FreeHGlobal
RegexOptions
nawDNRFXxCwlHt1IvjZ
E69o1a1AJV8rj5Ao0r
f`aX
(
OnOUqrkA2ehdCvGhNx
])L a
IDisposable
q9Pi6Pgiu3MQ1Yqpew
Exists
T4NDawGEhH
v"^
I5BhZBlLlcGWxBqDNB
ToByte
Xm1DbGgIuT
E(
XuJxxFVASnELhPIfni
TrimStart
vGvxn2Piju0iTCC5kd
currencyGroupSizes
uWnRKYmDM8pnawEaVU5
get_Item
Regex
numberDecimalDigits
* 4
set_Mode
&7
j
\
height

RuntimeCompatibilityAttribute
j[}&
yIZRmrmurMobyJc5Ot7
CE3n3YLkma3NS5Ncv6
dI02agpUQxt6t1RseOG
PLssKamzRV7BRpW0JW1
80
AssemblyProductAttribute
Assembly
jt0GMbm3fs5sLb5Ztew
ClF5aiHPqj7EZLnyEd
WebRequest
i8@4
IniDteKUDs
BqeuIWEWL
u7ES9xVJ9MDPsEaNV9
LxWZPTakgITjGgnGofe
o1iedPmp9oAyvkhMkE8
>2&
get_Handle
RCEqHpRuDw1Bs4ZhaL
TNqGfWF246bhLWPBTrc
8+
rSeXMQd6Re
pJNDM42ll2
Concat
2"S
qQPXDWQq96
k4viBxmHN22xlj1JiK
StringBuilder
LnsPw3ajbcZtvUMidBq
System.Drawing.Size
mCfIg1pG0v8gOnvFfk
VaU0kHaTQvAI6pLF5Zs
MulticastDelegate
)Ed
ComputeHash
GetBytes
YP6XKU71fG
set_ContentType
Yjs0mea8vtP357yEA14
jW5L4ZSb8LbxbgK5WV
Process
*^+
R9X0he3NTfk79tQbCK
sAl3DoaDbUr06DZkQXE
August.g.resources
ni69pRS1o
ReadAllBytes
IsMatch
ToInt32
edMY;
Mutex
d
Slot
f72mcMaOUWjLLrpIIeN
ae6SVJm0fmiyaxb7kq1
adQOViw8Hwil8VdhKv
cultureID m_isReadOnly compareInfo
eTd1JMFO6JHb7xGvMb4
Tf3oZjmEwkTBAQdxSKL
2
sMuD6FGt0p
CryptHashData
<PrivateImplementationDetails>{F559D288-80D0-4192-8578-BEF66AE3A414}
N2aDKebs3B
percentPositivePattern
hZgwATaYLCdTKIL8Q5Q
rlP7POs1JW
p
aCuGqVIvFASkvkgowo
g09lefVvV
H c z
Void
CreateEncryptor
v48DkJEg1x
RGrvwnXHV
SUbD2ue2tU
ProcessWindowStyle
UInt16
cCFvssa0WZmo2xxu0dZ
System.Windows.Forms
%u 1
iqyyGtax9BUHQZdg9FH
Copy
Directory
#GUID
Resize
get_IV
Insert
AssemblyFileVersionAttribute
GetTempPath
System.Text
GetName
DY4aZ8MYYUgcL64skm
arenaOpt
get_OSVersion
% x
O8uDU3yPeP
QhqXc8UH5P
IvGc6Cll0oWe2
Invoke
i

iTC0VYp0CjVYlUZm3TG
LgqD1lwfr3
System.Drawing.Icon
CD4sqddKeNBUj1rRBV
GetProcesses
&82%
iyUtsZQOfuSDBrb6AV
System.IO
Nh5XdUkdLh
opOLkrvnO
object
digitSubstitution isReadOnly
GCST83aNpaFXKh4q5DF
uvjDQCWuTF
flags
percentGroupSizes positiveSign negativeSign
t8QTiKOGTUll8WbYtV
I)D
jXX
$14eb5d0b-da21-45ee-9b6a-f77991c91367
System.CodeDom.MemberAttributes
DebuggableAttribute
get_Version
VsmoWLFsxcSaLfIAQF5
System.Globalization.CompareInfo
tSXnq6S4m1v7X4itt5
comp
geBXOwHQ6T
Write
zpWt3ymBm0QAZAeXTqE
RoaY3fau5fksk45i4Ys
ty4ct3F5QOxk6eHTV5N
ansiCurrencySymbol nanSymbol
width
ocsqrKDwB9KLg45bBP
VYe1yvvVNRdKfcaAb7
GetFiles
J 7
v2Qv52afcUn9Q9kMqAB
Xo=
L9JrXOFfwpykTgsoanw
FnODiDfS1o
set_Method
MGtEaxmhtPbIwCKJQaW
FileStream
nXi
LHLYjomTquKMxgggUEu
EZbivyLbMyljnwfPgl
H5TXRVCe4W
TGoeTBnN3
GetPublicKeyToken
System.Globalization.TextInfo
__StaticArrayInitTypeSize=64
wYlXtRMfRE
MethodBase
Z(i
set_CookieContainer
Thread
HBTXBfpo7O
GiTbfVmyCkLr1RoFmEO
$$method0x600002a-1
$$method0x600002a-2
GetResponseStream
uWEXxk6FL4
GetInstances
lSVXsfdhfo
System.Globalization
SetValue
__StaticArrayInitTypeSize=18
Encoding
IconSize
Q7p0wJRlo
__StaticArrayInitTypeSize=16
vrJKpTcj4ggKpGTMUo
__StaticArrayInitTypeSize=10
System.Collections
VmcU15m7G5qflFiNpq6
Q4wjXDmOxkrEfa2gNU9
0 0
zqkXoP95aB
BinaryReader
PropertyInfo
Exit
GetFields
*Z+
SetAttributes
August@
LY9aUFaMlPasy5BigVc
IEnumerable`1
RsD2S1FwkbqF8DlEEi0
WebResponse

GetDirectories
MMphy56aD4MhosPBd2
System
Application
ReadAllText
x7s3F1aqHLaUkcSqJFK
IYwDCIqQkw
FgTxKOaBEkc1Icl9dlE
System.Runtime.InteropServices.ComTypes
get_Minor
__StaticArrayInitTypeSize=256
YeiX9FQEMo
String
August_
6
_CorExeMain
GetResponse
zKmXmnC670
jvACUqFCTRUqG67K5vu
R7csKsaq2oDY6GQ3WI
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
n_`
SearchOption
/"V
k0mtw2GYRPDrGeEFf5
ManagementClass
VQiDUbmjTbDsEWprKAk
Gxqq68FeXKHZPcK9GZI
JxNXyM1VXb
CreateInstance
$$method0x6000039-1
CFPlaOaWj4cGGk8vugA
oQPdHlYfwQUEdaDGSF
h-7
402A7260E14251D982343DE40470AA1C0A45E010
ReadBytes
percentGroupSeparator percentSymbol
DebuggingModes
FieldInfo
i6XUwZvna4RrPmceuf
dX51gPFyEAscgvlEokj
SqrASuaUGKlg3e3b3N5
#Strings
N9g7oO1aRd
F0MOq8Fu3F8p2UXEkfA
$$method0x6000279-1
keyString
AllocHGlobal
JVN6mGFNXs6kyC8RsEk
Replace
oIO5Z3eHkypbsdSGNS
System.ComponentModel
AssemblyCopyrightAttribute
LocalMachine
set_UseMachineKeyStore
I-7
HKPQu6me2xpuxyEhuB2
ManagementObjectCollection
uFPNY3mbcHG97FmXX2l
ToArray
po1Jtx6RA
System.Text.RegularExpressions
nXKc6ClzvkpJe
fSystem.Drawing.Icon, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
Enter
a1eWNZD4w
classthis
mguXYvTKQk
VsT0siBLquRQYsW5wj
Environment
wP1OccpveI2yxQkZbS
SV6wyAWQv
TRAX1MhWoJ
vRfhn M
QLCD9Ry8K0
OXjfbnKCGp9D0jJGth
qT7Z0Yeausi21F9h2i
Empty
SpPxC0J0tf2EGYYc1c
CryptDeriveKey
Infinity
Matches
A3SGS6aFtCx7wgBj0uA
inputString
ESWI5gWE8PbiHNCu8S.kbSNDsLZALi5OrVNUO
Uv6HCtaIsEw30O0IVVL
LNbcMSeba
oV6DHcKsQ5
tQrD5AIZ57
xhXUs1hNSpbM48DlQw
GetModuleHandleEx
GxtXFd9A1a
`.sdata
3 m M
UserKey
StringSplitOptions
VwefYrGhsS7ZU6cUEo
FileShare
RuntimeHelpers
TuPrT6y8UqjZdLdVNR
wincx
JtZ6RXpdcpqWUxAHcrL
UjnXE65Wkq
nRGY0aJeOiSOgJtZJc
E,7
s"K
System.Collections.Generic
LoadLibrary
aZLu5Z8BrwYxfeQC0G
lMmXTBwejU
Next
Start
<Module>
LCIh4HOXa
info
XKpyYIpmaOyDSUPIDQk
$$method0x600005f-1
System.Diagnostics
IndexOf
Attribute
GetType
mQNCb9XUQNcno7vDnB
cxOXnWD1cp
mrUXpd1M2d
q2D2Nrayv5XfUjM4L2A
TIfQ4CF12gEnZ8n2fKG
MDndi8QTMvQ5O8PFOJ
q0TXCHnPNv
Close
SetDllDirectory
CurrentUser
hQG1wLNmW
currencyGroupSeparator
Sclft4kwE8PG5fBcjX
~)
Encrypt
ryyNF8TSk5Udd49h21
Qp98FLFK3u2BZyBZF2d
s(
get_CodeBase
SsEDvcMrNo
set_AllowAutoRedirect
y2lXjvjyJq
BeginInvoke
Module
get_Major
xXQAYeUmP
Activator
qOlwmpFp5B8ii3Q3RsD
Y5iSJ1RYf
customCultureName m_nDataItem
_b`*
?_d
ResolveType
dna3MSFlU
EcUKj1yXH
CryptProtectData
Read
g1ADu5xo1u
GetSubKeyNames
mcj3wrmJ2L9pPwY0obS
CGcDSNQiP9
WMGsQJmRPjOwdiEv8vM
MD5CryptoServiceProvider
CallingConvention
eEmypqpoMNWYqtwkMZx
n`
harM9nmHVBn91Ytp1q7
rMkDdsn4kw
value__
NTbox7djH
eA2DVcbiFrj967UEik
Reverse
set_UserAgent
xyoXIwmMCG
oNl4uultyWigSvlV81
Remove
y6sD49f2q1
get_MainWindowTitle
ld8tHJsRuSRFXxUpjv
+B T
3H P
set_Position
HkJgLTAoABO5yZmGFK
OPf7Cjm4i7v5ROXgRJw
NtXzyU4AZ
HgKX4tdd4m
gbUmD5J85
Unwrap
RSuoFHa1CnuDx2moXeA
XIyUt8soa
AddRange
J3yU6WaiEYMUoMcSY9N
gICDWxxeJdgA94x64K
Sleep
` x
validForParseAsNumber
MrsDA8DnM
get_BaseStream
InputData
iDat9fNgC
qE.

#infosec #automation

TheSystem Itself @ 2017-01-09 15:00:08