shit.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 9/56 Related 2501
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 412.00 KB (421888 bytes)
Compile time: 2016-12-14 00:52:30
MD5: a6174ed191f0bf9e88126e3fb2b0ac01
SHA1: 2dc299ab692677c914d1907256de3dd73ecce615
SHA256: e1c5b70be26b7e9340415fb0520bf6e308ade02501de96b495e65f5f5f366bf7
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-12-15 00:42:03
Last submission: 2016-12-15 00:42:03
Filename detected: - shit.exe (1)
URL file hosting
hXXp://csgolegal.com/pony/shit.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-12-14 23:21:20 [9/56] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x63926 409600 824235da35f7894886e8efb31c42ecc9 166793a3df4c6dcfef06d6918fcf125380f9e9d1
.rsrc 0x66000 0x338 4096 05a95cd10f13ed8d6ee29a76a68a85b3 e84bfd2df3f99037c515a39b809c3bb1970db3b9
.reloc 0x68000 0xc 4096 96d70c5b709043c467a1c3b8a08a1ea6 9ecbd64490da23d02b49f65efa7d1adc6bf47b3a
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x66054 740 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: www.nulled.cr
Assembly Version: 1.3.9.6
InternalName: 2.exe
FileVersion: 1.3.6.3
CompanyName: www.nulled.cr
OriginalFilename: 2.exe
Translation: 0x0000 0x04b0
FileDescription: Leaks Forum Community
ProductVersion: 1.3.6.3
ProductName: www.nulled.cr
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
System.Xml
FIle type: Library
mscoree.dll
KERNEL32.dll
IP Found
1.3.9.6
6.9.0.114
1.3.6.3
URL(s)
http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
http://www.smartassembly.com/webservices/Reporting/
http://www.smartassembly.com/webservices/UploadReportLogin/
http://www.smartassembly.com/webservices/Reporting/UploadReport2
m_Label_Desc.Text
31jw
Unknown
VarFileInfo
\!3j!3Z!
{50bff26c-11f0-47d4-a089-a2963a500357}
{bf13b64c-b3d2-4165-b3f5-7f852d4744cf}
Cannot connect to webservice
0/21
n31
Leaks Forum Community
!1\!1j!1Z!1h!1
InternalName
1.3.9.6
!1\!1
!!\!
!!\!!j!
w1\w1jw1Zw
1.3.6.3
j!3
Translation
StringFileInfo
{data}
1j$1j
2.exe
Wrong Header Signature
Assembly Version
r31\
{100fd8cd-4fe2-410e-8c33-ae1af08ef31d}
FileVersion
VS_VERSION_INFO
\(%0%I
000004b0
w1\w
ProductVersion
FileDescription
$s;.
hh)
SmartAssemblyReportUsage
OriginalFilename
{be78a0c5-c47c-4127-a428-52bdc580a02f}
LegalCopyright
ERR 2003:
www.nulled.cr
CompanyName
ProductName
*** Information not reported for security reasons ***
The 128-bit encryption is not available on this computer. You need to install the High Encryption Pack in order to use the reporting feature.
Unknown Header
1Z$
set_BackColor
ReleaseMutex
AvailableBytes
AutoScaleMode
DateTime
_b`}+
+$+){
get_UTF8
GetUserStoreForAssembly
Atsssssssssssssssssssss s s s=
Color
Leaks Forum Community
XGT*
Int32
.cctor
set_CurrentUICulture
AsyncCallback
ComputeHash
Object
c+ +"
set_FormBorderStyle
DataType base64BinaryE
FromXmlString
J PK
Step
licenseID
Registry
b+d{
FileMode
XJY
get_User
SystemColors
_XT+
+A+B{/
`z;O
o[ys
iT8\
2@(0
DynamicFeatureCounts
set_UseVisualStyleBackColor
GetMethod
y^=o
get_Height
W32%
IOException
IsNeedingInput
+7+8{
gAMA
IsolatedStorageException
%+(}*
b`~]
%+1+2+
set_DialogResult
GetPublicKey
FeatureNameAttribute
8XJ
XLog
Substring
1"+X
RSACryptoServiceProvider
Guid
x-$8
+&~f
d`nU
=zDDDD
a'WyE8
, -a~@
get_Controls
@ /
Label
XJX}
Failed
[X}e
GetCultureInfo
~+ +
T+K8
XJjX}Q
-
SmartAssembly.SmartUsageWithUI.Resources.warning16.png
CryptoStream
get_Second
set_AutoSizeMode
b(B
Form
|yyy
Y8!8=<|
@Jpb
+(~f
+\+`8e
05{c
j0X`
GenerateIV
RuntimeTypeHandle
Yj_i*
+4ov
Xq }
method
J* 8
% m
NewGuid
**********%x
,6& om
DefineDynamicAssembly
8Ae)
{z}
Delegate
+ + *
get_Hour
AssemblyName
WriteAttributeString
set_ControlBox
UInt64
sender
Stream
FieldInfo
set_Top
z+ + +
." 3
get_CurrentUICulture
get_Major
/Y/S:{;f
D&sY
get_Unicode
reportSender
Ldfld
IsFlushed
Int16
ReportID
+%{B
XJY}!
RuntimeFieldHandle
T+b8
+ + +
a*Rf<
op_Equality
, +@{
+!+&+'+,+1+6
XJ2
Conv_I4
+@+E+
System.Reflection.Emit
&++++++++++(x
+:
+B+D+E
^\1K
mscorlib
\pe5
Enum
add_ProcessExit
1.3.6.3
#.zf
$78b
ParamArrayAttribute
MethodBase
EndInvoke
O"PT
maxLength
Interlocked
get_Day
2.exe
Nullable`1
XJ`h
+*++{
set_Name
<)eS \?
ZkQZaSA
+*++}
++{C
'O-E_>
3 + {R
.>ry
pIDATx
elems
1Q+d{
&77
get_Top
XJZ
-.&+.+/+0t
get_Length
2m4
RegistryValueKind
3
Dukc
]v0#F(
;D
DESCryptoServiceProvider
261F
z%K {
SmartAssembly.SmartUsageWithUI.Resources.error16.png
AP}
XG@{
set_AutoScaleMode
XJY
-3&&+6+8
AssemblyCompanyAttribute
+;+@,
XJ,?
p:"|{
|w~XZ
#,..299
get_ControlLightLight
X)1> >
ResumeLayout
Wuliicc``YZMx
DefineMethod
3_L
OAJ;
FormatException
SmartAssembly.SmartUsageWithUI.Resources.data.png
OperatingSystem
IDATX
HttpWebClientProtocol
fp6O
X (A
Format
ValueType
+U+V{
Zero
XLiok
set_TabStop
MoveNext
, + {
k`Kd
=+P9
/FCKA#
%+.},
FormStartPosition
*+>{
+S x
+%*
BitCount
+)+*{
<`1o
AppDomain
System.Threading
CreateType
b(B
get_Month
set_Size
a@J#
w:W
L;VA"9
get_Count
+! ^
BJ'! U
data
Emit
GetFileNames
get_CurrentDomain
X om
OpCodes
AH D b
System.Web.Services.Protocols
DirectoryNotFoundException
get_Message
!This program cannot be run in DOS mode. $
-!+(+-+
+ *(
XJ,K
GetConstructor
XJYo$
xxx%
Void
f+ {S
OpenSubKey
TotalOut
,X3
PoweredByAttribute
+++,+1
GetField
\(fW
XmlTextWriter
+'+, a
Dispose
AnchorStyles
-vY
FromBase64String
WriteStartDocument
ComponentResourceManager
+#+$, +#+$
>jm
+m w
AssemblyTrademarkAttribute
GetCurrentProcess
@Yog#
SecurityIdentifier
+ +!+"
Y%
ModuleBuilder
get_Current
Z) *(@
FormBorderStyle
%,$Y% :/
Binder
ServicePoint
4XJY(e
Path
set_Text
4XJ`h
UInt32
,XJ
|z?>>N
StartsWith
WebClientProtocol
+5+6+7
nW{H))
$7x"
get_Version
jB{"
set_MinimizeBox
CallingConventions
set_ClientSize
ToString
IsWow64Process
,8+B
ILGenerator
Ldarg_0
#Blob
Control
name
usageCounts
SmartAssembly.SmartUsageWithUI.Resources.network.png
sdk~
(%h4{H
4 ] c {
GetWebRequest
ZT <XD
www.nulled.cr
+ ^L
.$XE
Microsoft.Win32
InvokeMember
3>*
ControlCollection
AppFriendlyName
ReportingServiceSoapT
mutexName
get_CurrentCulture
XJ(F
bytes
'fgg
XJ(B
get_Minor
!NR*
XJ(]
BindingFlags
GetString
BSJB
Type
ReportingService
W-l qU
@ A
XJ(k
+'+(
TQDd
DefineField
0XJoc
Ev<#F
GWF8.9888886x
.)+4
XJ3/
~K6isP
ICryptoTransform
System.Text
ContentAlignment
DefineType
op_Inequality
Clear
GetManifestResourceStream
8XJoc
X[fee
+-~f
get_Ticks
8 <0
AssemblyTitleAttribute
HashAlgorithm
lo;\\
zMnE%
(XJXT
SeekOrigin
set_SizeGripStyle
d`2
HttpWebRequest
PADPADP
lfj}
SoapHttpClientProtocol
$E DG/ A
IntPtr
GetValueOrDefault
Point
SmartAssembly.MemoryManagement
(0V
ErrorMessage
I+Jf
IDATx
SmartAssembly.SmartUsageWithUI.Resources.default.ico
AttributeTargets
v2.0.50727
%, 8
System.Security.Cryptography
~?[I&
p& H@
cu4&
+"+#{?
ConstructorInfo
Q!Dh
get_ClientSize
get_Name
GetValue
DirectorySeparatorChar
Start
set_Item
J {z}
Combine
ToUpper
I$bC
Y\8C
Padding
4
+g{|
+7oG
- +7
6,IC
@XJ2
set_Expect100Continue
Callvirt
+9+:
InvalidOperationException
jq2>r
+B{/
RegistryKey
Exception
get_DialogResult
4+"
InitializeArray
o}
UJ?j
_+H{}
RijndaelManaged
GetModuleHandle
ToBase64String
% }!
3~XY
ZH $
5 e l r w |
oX
M,zv
t\',
ShowDialog
<XJoc
XmlWriter
SmartAssembly.SmartUsageWithUI.Resources.current.png
pHYs
.ctor
+0+1|
, +={
System.IO.IsolatedStorage
WriteByte
+?+@
IAsyncResult
featureName
System.IO
X+#+$
result
BlockCopy
mscoree.dll
$JYYI
Y1=8
GetEnumerator
SymmetricAlgorithm
5mBO
. r[
z oJ
Dwpkm
ButtonBase
Mutex
get_Now
+>+?+D
\z) V 0
ToInt32
+0+1
.text
(`De
+>+C{^
* 8
Invoke
callback
z om
]& 6m
get_Id
Qi^]TKGFF9F9x
8?[V
nSTj
xxxxxxyxyxxx
WaitOne
Ldc_I4_0
:TJR
,Y+K
BinaryReader
WaitHandle
Convert
9a&g
T+V8
IDATx^
Y* 8
* 8`
ApplicationException
+K+O8T
MemoryManager
Ghttp://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
+ + +
FlushFinalBlock
GetTypeFromHandle
IsEmpty
dynamicFeatureCounts
$X om
SmartAssembly.SmartUsageWithUI.Resources.{logo}.png
- +"{
CultureInfo
* 8H
SmartAssembly.Attributes
:99X
* 8B
* 8D
+"+', +*
PerformLayout
Boolean
%-"1'
_cXT
n;^
Array
WrapNonExceptionThrows
AssemblyBuilder
System.Collections.Generic
,X ol
\wvmlhfddYYNx
Monitor
`}P
%+"})
LoginServiceSoapT
-F&+F+G-4+J+K+P
@.reloc
J* +
SmartAssembly.SmartUsageWithUI.Resources.ok.png
q}&'}
TypeAttributes
UH6k
1$+I{
Tliicb]YWTTJx
MethodInfo
CreateDirectory
CompareExchange
Math
ApartmentState
+G{^
cpj/@
& oG
8 NV
,*+,+-+.+/
XJof
J(f&#Mc$
CompilationRelaxationsAttribute
5T?Em'
staticFeatureCounts
hQc{
3#Fh Y
Byte
XJ/
@j,k
X |uUqze
WriteEndDocument
+Q{d
CryptoStreamMode
DefineDynamicModule
MemoryStream
GetILGenerator
+T8Y
GetCallingAssembly
+*+++,{
System.Runtime.CompilerServices
6,ax
Newobj
{||yyyy
+'+, X
emailAddress
+++,
System.Net
j b
F A
fP5*V
GetServerURL
pppppp
z}7
%,/_
`.rsrc
+$+%
email
(XJT+H
set_TopMost
T+@8
+%+&
-Z}C
kN3?#
(
SmartAssembly.SmartUsageWithUI.Resources.error.png
-M&+M
CreateDecryptor
5Q `
+ X}
%,62
;] !
kernel32.dll
J* 88
.'+L
(XJo
,T+S{/
Enumerator
+>+C+Do
SmartAssembly.SmartExceptionsCore
v #F
8-<_2;&
& om
System.Web.Services
*B+
X8V
EmailAddress
Exit
- +&+'}
IEND
iXok
IsolatedStorageFileStream
set_IsBackground
*>+
xmlWriter
e A Y
UploadReport2
) q
MGiI
z4Z
set_TabIndex
+A{k
ThreadStart
IDisposable
DialogResult
4QX\
System.Security.Principal
ToByte
X ol
X om
CurrentUser
+#+$+%~
Buffer
d;;Gz
XJXT
X* 8
buildFriendlyNumber
T4N=
SmartAssembly.SmartUsageCore
set_Url
ReadUInt64
MethodBuilder
CreateSubKey
<d-W
PlatformID
)&k/w)
============================n
Zjz
XJ0
{50bff26c-11f0-47d4-a089-a2963a500357}
RuntimeCompatibilityAttribute
+6+;
TransformFinalBlock
+=+B
XJ.
XLXiok
XJ
SetApartmentState
AssemblyProductAttribute
Assembly
.resources
XJ.
DefineConstructor
WebRequest
encryptedData
+6+;+<+A+F+
get_Handle
<Module>
_bYT
] A
Concat
FieldAttributes
jX+>+C+D+E
a#{21o/aa
mEl5b
FalseString
-Xmwxj
XJo
MulticastDelegate
Size
hS+Z~
reportId
..633333333)x
1kSQ
SuspendLayout
- +',
GetBytes
+X{1
IWebProxy
XJY
Process
0>1A|
XJT
SizeGripStyle
Stfld
_d}+
WindowsIdentity
Bitmap
@http://www.smartassembly.com/webservices/Reporting/UploadReport2
SizeF
pending
Flush
Call
+(+-+2+7+8, +7s
AbandonedMutexException
CompilerGeneratedAttribute
get_HasValue
+Tz+[
,F&
Aj uci
kernel32
get_ProcessorCount
XJXT
'IDATx
+1+6+7,
+j+n+r+vT
- +5+6
& (
Write
BinaryWriter
*(
set_AutoScaleDimensions
3qw{_
xaqc
Mw#'
+5+:+?
8Em`
+n+v8{
add_Idle
XJX}
IsolatedStorageFile
Z{]v2
wn>Jj
CreateEncryptor
+4+5
4XJ9
System.Xml
@b<9
OpCode
.nEpIK
Copy
Namespace;http://www.smartassembly.com/webservices/UploadReportLogin/`
#GUID
get_IV
&...././/...x
AssemblyFileVersionAttribute
(uuq
T+;8
IContainer
i]Wb
GetName
_T8!
$=p/
|Xm1
4XJY
XJ?
_+U+V{~
UTF8Encoding
StaticFeatureCounts
Would you like to send feedback on how you use {0}? The information you send will help us to improve the reliability and performance of {0}. If you accept, {0} will automatically send {1} information about the features that you use.8
- + +
-:&+
System.Resources
+ {,
System.Reflection
VSVW
+ {)
K)ZJ
SoapDocumentMethodAttribute
Seek
Qkkbal
.$
_b`}
l4:G
set_Proxy
AsymmetricAlgorithm
6n]C)
AutoSizeMode
%,O.98l
Replace
+K{c
set_ImageAlign
serverUrl
pwlA
$$$$!$!!!
+ *
0l/A
cjnM
BuildFriendlyNumber
3:2rLT
%, X
set_Image
E BI
+9{_
set_Timeout
{>|S
ArgumentOutOfRangeException
AttributeUsageAttribute
notificationEmailSettings
WriteStartElement
set_ShowInTaskbar
_("bI
$XJ2
+ Y},
set_AutoSize
Ldarg_1
.M3J
Icon
EventHandler
- {p
PUUQQTTLKKKL
,Ja
Thread
errorMessage
DDDD
LOMS
IHDR
(X om

set_MaximizeBox
set_UseCompatibleTextRendering
LSQcB3?OE
System.Globalization
+;E
# / = z
SetValue
EQ~M
ResourceManager
Encoding
IsFinished
get_Key
GetExecutingAssembly
YX}e
+U{b
get_CurrentThread
XmlElementAttribute
XJY}1
codeLengths
W A
&*(
AssemblyBuilderAccess
ContainerControl
Z__??
System
EventArgs
+;+<+=(^
Application
ConstructorBuilder
N A
CryptographicException
+N+O
XJo$
%-%1
*z+
Name
get_Year
- +4{
String
WebServiceBindingAttribute
%,G2
_CorExeMain
System.Xml.Serialization
Copooopooopopooopppppqpooopoo=
buffer
ReadByte
%J,|
V:99 u/nE
+ +!+&+'un
XJYT
cHRM
+(~h
Button
+?+D{^
object
KeyValuePair`2
MA -R
b j
XLog
CreateInstance
get_Size
uZw=B
step
+o*7
UploadReportLoginService
XJoh
c>RX
& j
_`95
ToArray
b~]
Dictionary`2
#Strings
iwC2%0
H &m
GetCurrent
Image
+@+A+F{^
XJoP
H!AJ
System.ComponentModel
AssemblyCopyrightAttribute
LocalMachine
AvailableBits
XJoI
Liok
,XJoc
get_Text
+ {*
1>3}d
-;`k9s
YB)kBQ
px``
Enter
Environment
services
minCodes
XJ1:
* 8u
Empty
(XKa
] ,
A Y
set_Padding
:+ {
,'+-
+w8x
Q^,!J
ek!w
get_EntryPoint
DeleteFile
t: ^
Version
FileShare
FileNotFoundException
Ldlen
?YA!
,XJ(B
f&J4
+9+>+?
XJ* 8%
e!-G
set_MaximumSize
}G^J
TypeBuilder
e9{;:
= i u
GetProcAddress
,%+3+4+9+:+;
Load
,"+.
XJ1B
set_Location
get_Position
System.Diagnostics
Attribute
n================ABA=========E
set_StartPosition
+'{q
get_Minute
X:VK
System.Drawing
f+ + ~@
System.Windows.Forms
XJT8X
MethodAttributes
Close
T+,+G+HJ+H{j
wwwwwwwwwwwwwx
vrxVr
FileAccess
niin~%
k48B`
Encrypt
DeleteDirectory
get_ServicePoint
r{$z
-. PK
"Powered by SmartAssembly 6.9.0.114
+${*
GetFileNameWithoutExtension
BeginInvoke
Activator
orsu
appFriendlyName
get_OSVersion
!T\
>f,/
Read
5 AA
-J2IH
+? 8
JX}1
GenerateKey
set_Anchor
value__
WriteEndElement
FieldBuilder
get_Value
Remove
Namespace3http://www.smartassembly.com/webservices/Reporting/
SetProcessWorkingSetSize
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
TryGetValue
ToBoolean
set_Position
SendingReportFeedback
RuntimeHelpers
$$$$$$$$$$
<Rz8
PNG
A
+B+J
XJ1
Intern
MD5CryptoServiceProvider
+"cd
get_Platform
5`L~

_bXT

#infosec #automation

TheSystem Itself @ 2016-12-15 00:42:03