MalScore
100/100

HOLLYWOOD.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 14/65 Related 2629
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 191.15 KB (195736 bytes)
Compile time: 2017-06-09 10:21:52
MD5: b4a63d13eee189a5920f7a4802f812c7
SHA1: c410f5effc4eac8afd4c1cf88b1c87a659128d5d
SHA256: 18a6e482dfbff9a8eb45f9fe30234ea6e6353ce6cf324873202886bc81dd9f75
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2018-03-19 15:21:03
Last submission: 2018-03-19 15:21:03
Filename detected: - HOLLYWOOD.exe (1)
URL file hosting
hXXp://claymorebg.com/HOLLYWOOD.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-03-19 13:19:40 [14/65] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x2baf4 179200 5e3531cd222ab1f50be492e2cfbec5c5 979eed198f04b8047fbbf73c3aa31bcbda379151
.rsrc 0x2e000 0x800 2048 0c17f50a7c75cc8f02f27532923cc18f e356a306771f79a16c1070ef6de7eb47386b0b11
.reloc 0x30000 0xc 512 cb083a617879e79dd7f87fdbf300376f d83376a7b8b3adb8d0499a0b2026a175669d6177
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x2e090 780 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x2e3ac 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2018
Assembly Version: 1.0.0.0
InternalName: sfsdfaw.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: sfsdfaw
ProductVersion: 1.0.0.0
FileDescription: sfsdfaw
Translation: 0x0000 0x04b0
OriginalFilename: sfsdfaw.exe
XOR
8 14022
1 14022
2 14022
4 14022
Signature
MD5: ef4f6e9e459a226100bafbe91bb4bcfe
SHA1: 92b49cfa4c2450aa48ed81d954d7dbb0aa74ec37
Block Size: 13464
Virtual Address: 182272
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
uncleT.dll
DecFunction.dll
sfsdfaw.uncleT.dll
KERNEL32.dll
uncleT.DecFunction.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://s.symcb.com/universal-root.crl0
https://www.verisign.com/cps0
http://ocsp.verisign.com0
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
http://s1.symcb.com/pca3-g5.crl0
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://s2.symcb.com0
https://d.symcb.com/cps0%
http://sv.symcb.com/sv.crl0a
http://s.symcd.com06
http://crl.verisign.com/pca3-g5.crl04
http://www.symauth.com/cps0(
http://logo.verisign.com/vslogo.gif04
https://d.symcb.com/rpa0@
https://d.symcb.com/rpa0
http://www.TeamViewer.com
http://sv.symcb.com/sv.crt0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://sv.symcd.com0&
http://sf.symcb.com/sf.crl0a
http://ocsp.thawte.com0
https://d.symcb.com/rpa0.
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://www.symauth.com/rpa00
http://sf.symcb.com/sf.crt0
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://ts-ocsp.ws.symantec.com0;
http://sf.symcd.com0&
http://ts-ocsp.ws.symantec.com07
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
e1aad637-bb3c-250
VarFileInfo
Comments
ad9c7e71-800f-18
.dll
Ez=
InternalName
TeamViewe
1.0.0.0
)+y.
StringFileInfo
sfsdfaw.exe
Translation
uncleT.dll
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
uncleT.Properties.Resources
Form1
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
uncleT
DecFunction.Properties.Resources
CompanyName
DecFunction
LegalTrademarks
000004b0
ProductName
DecFunction.dll
2/&W4b@bB/<m>
I+yc;
2018
sfsdfaw
DvD:
l])c
tWOZfc&
0V0(
IT8w
!3=v
yB p.
bUR<
*h.`
PNG
*wk9
96|k
96|p
.oTL
)qaB
o-@ B)
NDX O
wVmm
ElZ~5D
$ }Zd
http://www.symauth.com/cps0(
bkk)
Q&Za
ResolveEventHandler
AutoScaleMode
i"1;
EyTs
YGW$
eu6};}Gi
]3h0.
9+m$
TNo Z
Cswb
H'+y
om3a<&
<PrivateImplementationDetails>
*an-o
?bOs
aGmL
2Terms of use at https://www.verisign.com/rpa (c)101.0,
Western Cape1
-nAZ0
3[Yu
|l;)$
+'mc
;!`4bbA
LXJA
Int32
GqQz
0L0#
s1$`
bv@
Z%R0f!$PT
e.H>k
Wm{>
.resources
e0c0a
M R:M?
YV 4k
|g%v jO
:*JS
csld
RuntimeFieldHandle
=H*7Y
j?b,
System.Security
Rzf66U`
'Symantec Class 3 SHA256 Code Signing CA
H C[
8Va0
~N8N
YGWA
http://s.symcd.com06
+5X.N
n3>N o
&\]w
.http://crl.thawte.com/ThawteTimestampingCA.crl0
wMRw5g
gz:
FY M
nu7J
(0&0$
o"_'"
$t{d
Me7FZ
0R|L
<R V
5OOU
EW%.
hkzb
p)FxeisH
rJ_zn
xdIi
;m3jEq
AssemblyCompanyAttribute
lb#2
R z$
o MV
http://s1.symcb.com/pca3-g5.crl0
+V}M
~gLv
C!{d
Enumerable
` TK
$c. jk
'z= :#+5L
:Z`v
jO`l]
ZJ
AppDomain
Goeppingen1
/zun
Yc5~
get_CurrentDomain
(y!C
#FZB7
!!v<
nB6d
x1U2
PADPADP
fvy+
-J}9
Hdt0
%H&n=
tO$,
&J@<
(=Ak
g8r7
9rC[vAIi!k
zO?S
.|G>
{]Wk
AssemblyTrademarkAttribute
$:!}]
ToByte
CnJ?g
,~f,
|6/H
aE=.t
set_Text
7[ l
ya[t
k +(
o:
I~[.W
l!Qt
"hi:t
ggf,\
]B+.<
[ QZ[
5tEZ
HJBKX
^+.
=W-y
HW&IS~z![B
#Blob
Control
=zDO
ph|)R
RL2"
3_ f
J<]+>
6|pB
sNY-
x @H
xG<8E
>$&[K
ZJk@ct
Zd9D
j0Pq
Type
dHpJ9
IEnumerable
a8GJ)
Of!1
$35e3117e-984c-4fcf-af75-7bcbf54d2e21
NdZn
^m@8
E. i
|?}I
w*K,
Lj E
OzSgH
SO%
d=Lws
"I~4
DecFunction
Char
70~t
170102000000Z
:XnV
CE%x
uW1O&+
get_Name
J[pj
5,2R
!^?kd)
C+&_
_E|z*
QgyU
9`!f
b(3uQ+~b
~08x K+ch
SyK]
^tK~
`.PP
|b[E
"Am)\p
iyuQ
(Gia @
?*urYm
e&=/
r*2TM
_*:E
-yo VX
V'Via
http://ts-ocsp.ws.symantec.com0;
\6f
-YHK
-j x*
160112000000Z
http://ts-ocsp.ws.symantec.com07
& `x.
Z0X0V
q= H
L};Bh
.text
JZ2{
E{Yj
I91c
-y:WDf
xjG/
X6iJ2
GetObject
2cO Y
mwNj
2yO Y
mNA4
M'Qw
Convert
5lhi:%c
kD$Y
|@u5
System.Configuration
ba
IO36t:
$ iim
H @G
.(Ev
c 9D
aon0
9^?r
72#G
a-D{
&MA0
R{TU
UOP
"b9P
tqYO
{KQk
`Xw
N'9UU>R
PX^n
Resources
"zm_
gWeo
sfsdfaw.uncleT.dll
&Kq{
Durbanville1
f'>Y;
n_1"h
IN;rH
7XXC
/1(0&0$0"
& el-
,l>O
$vl :d
+Dm=
image/gif0!0
_:b(*
t2kN
`.rsrc
6]Vu
4.0.0.0
CUtD\
0 F6
HnF)
qB-^
uQGF
K"f\5\
kernel32.dll
4!Ux
J_&R_a
/Mo)
q-mb
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
; ?f]
57b
ey}`>
sfV1
0^1 0
%VeriSign Class 3 Code Signing 2010 CA
uncleT.dll
?zBOPUy
@kU~
Settings
Y.r
2G0q\-
n= ,
= 3E
45Udn
tCU9
M$Ko
-\E
121221000000Z
"A]O
&*8?
\/ u
&o j
(C f
q0dRae
B~?'P
x9>V
vf5U
<>9__0_0
280401235959Z0
~[Xt
FormClosingEventHandler
j`}z-
wvxlB
+ZR\
!Hj3
,S!|
DT8.
t3~G
=_O[
!g`$
Q[o9
Xn=$e
v:~
Z,Z
.u][
&*8T
|;Qu
_a_:Q`
~RH,=
[WvuA
set_AutoScaleDimensions
#!:V
%f+
n ,q
get_Assembly
g!i YFl
1/eK X
4E^C
J/R>
6;S6
D#dD
c ?
"0 0
x!>x
FlHG*p+
6Un{
$}aR
TzYA
gM8O_
CQ$h
System.IO
WrapNonExceptionThrows
eVX^JE}
7ac|
A7 >
g( Nq
|Jgm!l?
|5 f
1o+Ep
MYj5
k2;&
zG2X
6u[W
}_ IM
*c8X
Z`m#
5)[6
:H!f
ytdr
lT"@D
Aa$P
Y 8G
UPEq
{;Tk
9s^2af
| xc
uBYDu
Ute\lU:\
bargs
STAThreadAttribute
i0g0e
IHDR
Form1
+gF[H
System.Globalization
*-|h
`gY8Nd?,
Klb`e
.Y7LyI
$ZK
&*8b
&*8c
,&c3
&*8m
&*8h
>Kd$
]Z.Ye)
System
EventArgs
U&*(
Application
MyMethod
$G JXyF
<Mkd
(<{@
https://d.symcb.com/cps0%
][)D
oNk
|?61
-G_o
(6? @F$D
SymantecPKI-1-5670
!yg;
x1Oud
l hd
9)@?:
RSDS
2CLd
'= qI
;Cj2
MethodBase
#Strings
Gh!\<
Lp(=p:
System.Collections
DecFunction.dll
uy>i_
PE_
gb6S
_ #pL
Xrau
5aS]
B/s8
VeriSign Trust Network1;09
*Vs
#X6L@
2]FB
"5h4
get_EntryPoint
vDi)
WpV!V
j1zP'q
b|8d
kHnX
http://sv.symcb.com/sv.crt0
oso3
8h
.qJo
Dgf_5
http://sf.symcb.com/sf.crt0
System.Diagnostics
/k8f
add_AssemblyResolve
]:oE
&'i|
nR$=
gJF
AwNW L
9s`a
Yg B
}wS>
X) 6{9
+@ E
W. zSTYu
pH=?
K {d
b1903e92-52e8-c7.Resources.resources
Doh+
.Y&/
ECNB
6y.5_
Symantec SHA256 TimeStamping CA0
"nt7
nDS?v
f<f2
Z@+Q
1&<T
8yG3T
Array
1 0
b07x
C>aGC
#Z(sP|
=G+0!
O ?bV
xCMt
8_Q'
$J[</
p7 .
_CorExeMain
qe@g
DebuggerNonUserCodeAttribute
+KS6
o<e1
IhQD
K0I0
o=E$
*bl
\(NL
N-vE
R0[s
a^w0
AL6
{q!]
s dL
http://sv.symcd.com0&
! hs
e)(g
Func`2
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
EnableVisualStyles
nP
j/^'
@5 B
>Hn%-J
?7>z9/e
H":Y
EwF>f
~&MG
[;%HB
b@Dk
Eb?4
dG0L
Form
System.Core
+6M~
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
|Vs&
.rJ'
[H8"r
SecuritySafeCriticalAttribute
rXP&
2ixLC
0r0^1 0
AssemblyName
al &u
$nZz
EFAn
c~+ c
P hm
|Tl"
jT#(7
b>a5
u]aFplqZ
'DYM
r~z!
C+U7h
z/^7R?aD0(
sA"M
DBf
set_Name
Default
MXLF
`5 x
affe
Byte
Symantec Corporation1402
get_Length
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
L`K|
+G=8
0zU}
\Z^ k;
Lecn
/.fk
D9 5
]rB
http://www.teamviewer.com 0
ResumeLayout
o>fi
5d&T
@+~/
3k 02)k
c d~
5Sr&
K gU:
ValueType
.] ST
+9y[
}>B"
System.CodeDom.Compiler
7,!
GuidAttribute
SetCompatibleTextRenderingDefault
uUu<
/-b|
kKe7
iZM
4#m~
eBncF
GsIa
201229235959Z0b1 0
#http://crl.verisign.com/pca3-g5.crl04
a)*%
Js$=
CERS
(9L^
V<-}
Thawte1
cZWeKsz
Mjfx
,t2$
u $1
eA96!
V^i%H@Z ,
Ohn+m$.
9%X4
Pdtu
AXnR
cy MZ
W=Z(
161128000000Z
ToString
m3/
JTQ~
B]*)
/iNEL
&)Jt
\I,Y
tX'Wu3
UO_,
eDSH
'JvZ
1qgF
hUIk
l9u$!9
)+^
5}
S =a ^
r~g
:6c7BC
1806
HD5Pk
j!=]
4 (9<X:
AssemblyTitleAttribute
&mVjlq
F'Nix5
{U(Z
DecFunction.Properties.Resources.resources
f0wN
"d*
t.N,
%d}Li
~-Cp
BhX-3
yX0U
*}GA
McZ7
EEK
B4qF
")0k
? ^Q
kH{S`
add_Load
T4csk
[ Y2
)0'0%
,d^]
p Bj
st 2
SettingsBase
https://www.verisign.com/rpa0
Bw*7
xl{?
VbIaQ;
'Mrn
>r-<
dpw)m
Jx-p
#iNs
IDATx^
%C# z
WdR.
Data
RI%N
jlqz
da<R
EnQ
TA{o
>0<0
QHz}
;E2d
y3+.{
pHYs
.ctor
Idm
8#Xvh
Y +
$51bd599d-d56d-4166-83ba-3badaefb0fe3
?\|S
11.0.0.0
4=:/}
Main
wgyxV
=nAA
Invoke
3<L`9
&!iD
QjpQM~Q
]tt*
bhXV
I|lH
1i|47_
DecFunction.Properties
)mZB
]9w#
xWSW\3
^A,r\
b',Q
V}k^BX
>fW|m/9sm
[aHc
tQQY
27 0
+"6#
?Ig1
M4oF0?
@.reloc
uncleT.Form1.resources
-io)M
.I5fAp
nE}-
1Z2c
4ywm
@EE<
w3WS
+Ra`
n>10
W[OB1b
+a4@
Iio4
WwN^n?
/0.k =
o 4&
U:D'
61:N
~
X1_ 3
_:VPt,]
^8b:l
Xbqs
Ue_i
&?s'
uncleT
(<vZ
$S7yW
J(f4
CqUjg
QV(h
sfsdfaw
ucOVO
'Symantec Class 3 SHA256 Code Signing CA0
7O%kk
]zk
Baden-Wuerttemberg1
pTH
4n][0
[zO x
0w1 0
0?R:
#,s)4
^;"LY
lJY/
a6P_@
5/3X
90705
pE0
iL/e
Vg@D,c
T(dm
oBba
hCF(O;@
w8t5
$R{#
0h9U
(2I9`
\q}t)
;7KY_'?
iCYe
p!!d
http://sv.symcb.com/sv.crl0a
sy+|m
D*oV
7rwX
rE(9
RuntimeCompatibilityAttribute
polb
rn$7
+ojr\`
?$b$
-'T&
OGt
Assembly
G1Z
https://d.symcb.com/rpa0@
(W_c
sq3a8
~=o`d
<Main>b__1
?m|4
6B4o
SuspendLayout
xTSK
oZ54
xM(0
zh CZV
n5 d
$0"0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
E b?
+/^F
Size
http://ocsp.verisign.com0
9 F&
|i$O
set_AutoScaleMode
ZPVv
|)%J
ScSJ
QfY`F
3X51
o :
{~Pr
IContainer
1\Fw
j;.MB
B=e6
defaultInstance
jJg6`K
9W #
bO>P
nXv#
)%6HK
XKLg
/Fs
components
;M::B
ZbPC
xlBn
#t?|H
DebuggableAttribute
$162c0745-3088-4aa4-96b5-50eacd4da928
v9fj
Y}_+
C/,D
X h
"xfOi
^1llDk
Q8ZP
9i3r
M LNNg
7WL?
dK5~
r],a
]zW:
4@\
TimeStamp-2048-10
-Ot<9n
ub0
XM#bj
~9.W
Vly:
+f_P
GetExecutingAssembly
80604
g v
iB97>ke!
GdyA
xY"k
HM|0
3/jb
ContainerControl
P@w|
iFNa
%Y+
HiA+
+%+;X1]4
'4 :
yoL/
f{Rh"[
R|,/
"W*o
} STLM
o3i^;
s9_i`A
IComparable
{Wr
)P&3K
W-(cc
#k T
a;EQ
AssemblyCopyrightAttribute
E|L~ U
@AJ$
UMok&UN:
+p:{
0QX]
BcI?
lcE^
, =
=125
Y 8,
Cy8$
jmX
VeriSignMPKI-2-80
s0^u
5yK*Iz
[kv(
G-
4wUP
DYed
lMh?sX
[1g
q`A;
o+L^k
6o{U
Y 8q
9]^>
2Xg5
Y 8c
xH4,Ih3
6Pp+
o3].
hqB-
4400^
_0]0[
_Y +
{4}xtL
4=O1
^Ipl
qR5^
Close
CJDu|f
]*.y05
Thawte Certification1
180303235959Z0s1 0
qaCm
C9[/h]
h#8uO
OeYf
,{0A
Read
50301
.O;hr
OeYh
zm*]
G8J-l
OeYy
InitializeComponent
+ P6
/HI.X
Eez?w
gAMA
TimeStamp-2048-50
:kUu
2rO Y
]uMs
xAx
"`i4
$%`?
kCK
T%4n6O6S1Q
`;1i
gc\O
]E[I1~:R
fm~8
MarshalByRefObject
+47%H
6f}K
c: /
k 0nf
https://d.symcb.com/rpa0.
.cctor
u)K
mscorlib
`F~T
`% n
4A}@
O =W
yc~3F
D zz-
dllName
!vyv
n! n
]&sR
8F6
*NY46
f0t>?
iG`)/
v03(
System.Reflection
*<nQ
RuntimeTypeHandle
`t5bZ
7ph<
{!w1
7!h
j47x
http://sf.symcb.com/sf.crl0a
yg6Qa
HkBG
*P{?a
sender
nq70
J0 l
#,yoS
y7B>
K\9 ]
Append
PMVe
vmW(
hx'z
)zb{
u%N9
CC$NN(~
AoY3
S5/:
-O;A c
AssemblyDescriptionAttribute
Ae0ziR
SyC
<rf_
^@_|
D7rVE,
cBEG
X :~
uncleT.DecFunction.dll
*.s
-kig
qB'd`
Sm n
?&b'
PX.z
cmd)Z
mI__
22q[3R
010
#- Z
eat-
?1CR[:
`>!
IDpR:N>
m``G
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
7N>t
Pxy)
* 3
ye >
FuR&
ql$W
db>"
XD ;K
mscoree.dll
!This program cannot be run in DOS mode. $
te e
5L<v
C:\Users\ROGLaptop\source\repos\uncleT\uncleT\obj\Release\uncleT.pdb
qci^^
g0e0*
2 G)T
Dispose
Z S!GWFl+
G>9y
TeamViewer GmbH1
TeamViewer GmbH0
rH*Ebig
eGU^
/FBMY_a
P"ug
ICloneable
r2wF8
0R0&
2;$)
~]Nh]BK
4Qo>
o*^.o
set_ClientSize
Q>4i
Q^$z
3CQA
b$>
$K)0
f|LQu;-
B _d
]F88~mkI\TV
20171215114803Z0
?b<^
,g/-
l#H)=
2Z3p^
E2pT
e`j[
w%}$
RX3c
$gh;*
BSJB
resourceCulture
^z|1
cC#{
{j`z
Vm ]B
ssN:
H-5E
'Symantec Time Stamping Services CA - G20
GetManifestResourceStream
*5tRG
!l^P
Q0G{
iZ>E
Whmcs
E
a>s
ed-
3l~u
?(FIW
'Symantec Time Stamping Services CA - G2
Y 8X
78+%
/7{{
=~4
_'mJ
+JRS
L77ze
5;5?
"9,J n7fq
<.*
?n/20
2n M
idh<
WN5Q
System.Linq
Symantec SHA256 TimeStamping CA
wLW3
UR Y
8 -Cm
#CbXk
:/x4
a#;p
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
{lJC
+XJR
&%w(
;94wM
XI Y
_)LUsbP
/5AF
BSJB
DXzJDH
kQ dK
;(9 X
`^*L'
iI5'
d; &
m`p
()jLA
e!Eg-+
>^c2
=b-k 0
FormClosingEventArgs
@O9 =
s;>0\a
?-%Bx
w8)X&9
uv;'
N]|o
0!0
%`Fm
xA7L
http://ocsp.thawte.com0
gr.r9x
h ]V
{ D;
T<Ur
sF<h
*1d
o<Ba
MethodInfo
Form1_Load
O{VIk
CompilationRelaxationsAttribute
m5P|#|@
Cc+/K
2& X
X91q
o{ Y
%N1,
<>c__DisplayClass0_0
Q; H
Z++J^
^A%LQxe
;q>!T}i
uncleT.Properties
Y4Gjrn"(
GN q
J/a.
f!LG
q (7
/LxV
Ki%
ps=;w
L Hn|LZH
IEND
HhNZ
f>5?
5I[x
?/aL
?Yf]C
nW50
RnN!FH
EhF$
X Z_
JDj
_'N
4&r`
Jl>RS
vdt72
_,]+|
p_^"
@?WcP
Kl[{
HWuA
g mta
200207235959Z0
xSK3
_.WA
15.0.0.0
&<{^_
u35^D
8]vX
Si l( f
7BaK
B"a_Y
= P^
^}TZV
MB Q
Concat
c#1M
StringBuilder
Xf Z
q,+d
b~<W
o+>Y&
eBE
}>(D
/V.@)
\~5~|
_CorDllMain
E)M
)`V"
#http://logo.verisign.com/vslogo.gif04
http://sf.symcd.com0&
,_e
>+]q
CompilerGeneratedAttribute
VIM.:
oX S
v4UN
FkO
hJ~b
>"hcS
*aM2
F%#<
100208000000Z
F)XMn6_
Iw?h4
f#l.
u9v|
4z1q
AssemblyFileVersionAttribute
q;"I
-t{*
System.Text
L'{
Pe_>
]/4M
System.Resources
DdNzd
cV~8
iu4t
L'p>JY
U@>E
QwH\Y
?nt20
c}(:
171215114803Z0#
171215114803Z0/
%b&]
v-o_
<|/?
Class1
;*Tx
V Y
#Jgq]
9/ Y
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
zsc!{D0
ybRF
nM00
O&|
ResourceManager
'&8l
hG<*
-2L<*:S"
231209235959Z0
B}rs
nL=0
Q0W_
i^<~
Ni~y
EhY:$
String
http://www.symauth.com/rpa00
UuJMpD
+Hu@w
IZp/
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
k <
0Mpr
t=j G$
r4#:U
DebuggingModes
j=1 z
InitializeArray
1 i/v
P{Keq
Mlz3
fs8"@
#O}E
TXt5
t,W"
@o>h
310111235959Z0w1 0
waME
R@7~
f)YW
EditorBrowsableAttribute
s 0BC
C{Z2I
201230235959Z0^1 0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
&p=o
NQZY
9]w&
http://s2.symcb.com0
.brv
8Jh@
|PSK
UDg1
P3U)
G2 F
,'w\
resourceMan
ay [
/0-0+
Load
3130
,d!)\
-C2V
WD p
System.Drawing
pdY
[oV3
gccS
OTU
_T_q
E:DC
C8+dl"
(Symantec SHA256 TimeStamping Signer - G20
FirstOrDefault
1k'-
v)X#
p]Y)
lP?U
]jxdE
\P%c
bbuq
*:6u
l>]}
iE^
*n9t
jr4 7
dSwBh_7
bR=\
D.]g-v
]\U_
y@b%
9LhD
yj},
~;{?
k>lC|JoP
Jdx~.)yD3
RuntimeHelpers
j2<(
>0te9
P? ;
8H x
ONAW
N>e
:J=v
Z-O;
xiVk
g?/zB|
Symantec Trust Network1(0&
Jm\a
Object
wK>u
hTtTg
5W&
Jm1
k:4z-
,5?*Q
b?cf&
ComVisibleAttribute
/! l
3System.Resources.Tools.StronglyTypedResourceBuilder
0"?o
Tr^
ny"k\\Y i
$cqU)a
R u=a
+>j"
4&M|
7+$EI
l"Sm
EditorBrowsableState
AssemblyConfigurationAttribute
+I-C
5X\L
V~[rm
Bl];
7@^V.
CultureInfo
1.0.0.0
/Q(8
o!HS
v-n5
FC gW4Y
<85J
U` C
#0!0
sfsdfaw.Form1.resources
y J6
/2W4U
" :p
BEC*Ik
d[d)
uncleT.Properties.Resources.resources
a8H
Stream
SZB"
g)Q,
S-R"
C$&
5dTY
sRGB
*l B>y
AO2~
1<Z)D|
lLv0
NY9&
mY 8{
1(c) 2008 VeriSign, Inc. - For authorized use only1806
SE(
Mw(|G
rKQq
t"^o&"
(ITj
get_Culture
-BaO
a4C sV0j7a<-D
Va]X@n
2z=.
3k+$
[5c1Fj
6H*xkn
lvi
,":D%s
https://d.symcb.com/rpa0
=VAH
+-G!
D m!
VI$:
y ' T,
azxd
1-=n
&0$0"
$yY)UHb
G$8*M
nCMAF
|i}
?7&{
x `w
R1S|
N0L0
=O)y
TN%b
VeriSign Trust Network1:08
F_z2
j#@
Oc1rg
')4u
$35o
'\9)S
?o%!
Form1_FormClosing
A\X
BAX
hkez
ResolveEventArgs
-?AI
;BfS
U%i0
z;T0S
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
$ri`a
LC|:7
| tOn!
Wo17
?M|-[
&M1M
]7lh
f T|
r 0_
mDE=w
-5+Mw1
'Y9
DecFunction
g\ _
tmka
ICD/
95`9
Oi0B$@
kHU.$k
8 ,O
jPJ\
X <
siVq
S;#Y
:?s~
eXYM
lN3
Efo9
mS.t
Sd`Is)
Wcro2C,
EndsWith
w'QU
<[<
ieb5
HDn
+^v'
a0Oe6L
.EAg
M+?<
z$Z#
B0v
E80
E/WX
j\0}
2oNW
CE904DE3617374361EFC8ABD539339211419D7B6
<)G7
O8Cv
Copyright
set_Culture
get_ResourceManager
}v$R!
~1B67j
<-v:oB
:c5o
W7'2F
7GBkLxRA
|X2O
(e bm
oU>1ukX
v2.0.50727
eQ^
n *C@
uRC+
m k&
,taP
TimeStamp-2048-20
Program
)2ZP
get_Default
%http://s.symcb.com/universal-root.crl0
~^ U;
%WpSiB
VeriSign, Inc.1
g '~
OKZ.s
z8S
3M&p]/5
$+0NY
T:,aQ
XqWMz:
`z2c
L2(G
add_FormClosing
6YBr
~CD9
GetTypeFromHandle
AuLp
Symantec Corporation100.
%jm(
#1-H;
{QP.L:|I;
4[-8
%VeriSign Class 3 Code Signing 2010 CA0
^dKL
Symantec Trust Network100.
s;!5
>9>
i.O7PFH
,X u
121018000000Z
]{[~l
AV*
>RIK
MAa`
(Symantec SHA256 TimeStamping Signer - G2
iYZ4o
sfsdfaw.Properties
nt30
,p02
\`j@T
{jiD9
9SyK
u3VfH
System.Collections.Generic
IDAT
System.Runtime.InteropServices
%C\X
[0Y0W0U
WF`'
mgd$
[6c@
.x1Y
+Symantec Time Stamping Services Signer - G40
#1'wF
Y:4
LJ[0
6Mvw
pcqXwD
_#*<
System.Runtime.CompilerServices
SuppressIldasmAttribute
CnAC
n T0
Wwn`m
U?KQ
D)<g\;CV
aW|WY
5_t"
I[VM
cH9@!
B;eYWk0
:[0{8
HEgpE>\
GetManifestResourceNames
q[ Y
i #8
)Fy]
[$BL(
-G0)
System.Windows.Forms
~.4k
>I"Gp
5chA
2-OXYo
} B4@9
YeNy
IDisposable
gO}_
!R`"\v7
jAE
Synchronized
l ",
>?|^%
&dnv
hl X
(5ye
mxP~
q_\*
QX=7
`cJ`S
@6;[
<Main>b__0_0
75t#
AssemblyProductAttribute
lcd2p
-Wa5e(
<Module>
V9X~
%9h8
dg;]Xm
7nq~
TimeStamp-2048-30
%KE2
g1U@
]?ZZ
%7'-0
'&O}
XCE?Y:
U:r.
@C[z?
^;2(
PXI=
l"<C
value
U(#oIm
SizeF
i! |
Symantec Corporation1
2018
)r)j
Wp0|,x5
aG
c|QmP,E&
Ij0Nd
0z=U
]\2"
;;A;
`V Z
%+be
sFIX1=
N2zb
14^r
'h$'
#GUID
'%}`
1H=E
a ~
u;?pT
Rf`a~1
'~ <8r_
2rO1Y
D}rr
dbt V
t;bf
&MO5
5j=
k0i0*
\yB|
ROA^tU)
mE D
!rW-
}0t%
#]~Be
PQWb.
-tP
ApplicationSettingsBase
Symantec Trust Network110/
&nP4
~mJ
/VeriSign Universal Root Certification Authority0
m)zz
u-L
EventHandler
']4
`sm0=
S?uuC
ScXA
S+z+
<4)o
PuOmpr
<eN;v
GpfE 3
UiqB
-0+0)
https://www.verisign.com/cps0*
+dg[]qG
DQJ
o=kA
XbXt"
3 x~
e+Rs$b
IEnumerable`1
o0%)]
GS8?A
F>I'M
\YxM
,u^J>
>wci
b+|2
7gtz
{0X>
b<p $
5,gH
h6YF o-
sfsdfaw.exe
)Jd{
5;db
7~6q
2 <e
sSII
NC_b
C]Jk
-4OR
dZ"<#H=
)sz<U
E
System.ComponentModel
`. [
Zq&m
`/JNN
<VeriSign Class 3 Public Primary Certification Authority - G50
Thawte Timestamping CA0
A1xO
%*#C
y,<xI
CEd@B
70:#v4p
' )
\6ExM0A
UFJ! ic
i("$XM
_>aI5a?
IEvidenceFactory
C8-T%n
NMi!
kxD:
|gDG
.c"y
2 OKY
4ki?H1
v'K\UV
X gX
K%s4:tb`+?
!NmnL~
}C !
i Cd
#/&Y Ks
/c^-
&~ox
\vnO^
3G}P
[ R>
bOt^rz
1 0
I5 b
svB:u
131210000000Z
;`vA
3M m
f+$on
Y2G~n
hQ C
q. :
System.Drawing.Bitmap
" [}
] }BT}t
lU_%
nZBtD
W$+s
qjSX
qA}\
V qR-~
D.W,
GeneratedCodeAttribute
disposing
2Yj@ Z
nU2
1)m
!4` Qd{
#}jd
:l n
|PfK
nq1c's/
~91I0n
x*$R
;owp<t'R
U*q||
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-03-19 15:19:11 2018-03-19 15:22:04 173

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-03-19 15:19:11 2018-03-19 15:22:04 173

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-03-19 15:19:11 2018-03-19 15:22:04 173

6 HTTP Request(s) detected

http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
  • Hostname: ocsp.verisign.com
  • IP Address: 23.37.43.27
  • Port: 80
  • Count: 2

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com

http://ocsp.verisign.com/
  • Hostname: ocsp.verisign.com
  • IP Address: 23.37.43.27
  • Port: 80
  • Count: 2

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: ocsp.verisign.com

http://crl.verisign.com/pca3-g5.crl
  • Hostname: crl.verisign.com
  • IP Address: 23.37.37.163
  • Port: 80
  • Count: 2

GET /pca3-g5.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com

http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEH7A2sOa42RrFJMnf3YaDsM%3D
  • Hostname: sf.symcd.com
  • IP Address: 23.37.43.27
  • Port: 80
  • Count: 2

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEH7A2sOa42RrFJMnf3YaDsM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com

http://sf.symcd.com/
  • Hostname: sf.symcd.com
  • IP Address: 23.37.43.27
  • Port: 80
  • Count: 2

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: sf.symcd.com

http://sf.symcb.com/sf.crl
  • Hostname: sf.symcb.com
  • IP Address: 23.37.37.163
  • Port: 80
  • Count: 2

GET /sf.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcb.com

#infosec #automation

TheSystem Itself @ 2018-03-19 15:21:07