t.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 10/58 Related 2252
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 153.41 KB (157096 bytes)
Compile time: 2016-09-07 08:51:15
MD5: c94b85487d3acdb39d96185794728274
SHA1: 157eebec40f0adf0b92185f19e9b6a3d669ecd9c
SHA256: fa925577ed826e8abc5c6c21a5a02a863fdb87baceda9b90fe0dc93c5317a3ee
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2016-09-08 17:30:01
Last submission: 2016-09-08 17:30:01
Filename detected: - t.exe (1)
URL file hosting
hXXp://vibaavaacademy.com/images/t.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-09-07 07:28:33 [10/58] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1b474 114688 0ce2ec45167f960c78b19c755128a1e0 f49909bd47c6060c72a85a1972fc83b2ed9a05a3
.rsrc 0x1e000 0x6128 28672 647966b02c6950deb8f6bd0394fc233c bb9dc09167ec1b026ee910352d00afa69803c551
.reloc 0x26000 0xc 4096 efe69a242f45f3d329501430482984d5 a18f12f62838922596e2cbc9e9a2d2ccbe0f2c29
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x23c48 1128 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x240b0 118 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x1e238 756 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: V69jifkURPhnTag4NYBx1MLjn8TKiFuH1RDp8BLltWI6esHFgC.exe
FileVersion: 0.0.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: V69jifkURPhnTag4NYBx1MLjn8TKiFuH1RDp8BLltWI6esHFgC.exe
ProductVersion: 0.0.0.0
XOR
No XOR informations found in this file.
Signature
MD5: 9ac444f9382c790da9a34c7536af7371
SHA1: bbc1f0f7dfaf58522f0a8853ed4c47ae903f9be5
Block Size: 5544
Virtual Address: 151552
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://sche
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
String too long
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB9XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn5
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF6bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB4
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk4XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn3
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk48eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP6
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB6TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5
XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn7bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF6bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB4iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF9NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB4
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB9iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e65
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF9NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB4.Properties
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e65
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB6iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP4bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB5
TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB5
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP1
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk7TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq9
"Author">
:ZONE.iden
mmand> </
8KxmZufJRjCpVbz2ZENvHd1hqca
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk4
mCopyright
2.1.exe
.resour
sSrFYb2Dr6Z8pLRL9j0Gwjw9rz9yQ
OriginalFilename
ionTimeLimit
rue</AllowSt
InternalName
kDAvRMfYNTzBJUTpAcoCApzFVzt
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk0
-16"?><Task
snalName
ed> <Hidd
schtask
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk42
</Settings
Translation
<IdleSett
PK1o9bWJ10Y0BHGaiwZ3IfAKtdFkluRGWvrxG7bullef
Assembly Version
TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5
hor>[USERID]
label1
s> <Setting
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB9XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn5
d>[LOCATION]
Form1
eInstancesPo
ate>false</A
strationTrig
Aawezoevuk0A7S4adfAPDHbO9NhU
ndows/2004/0
al> </Princ
LegalCopyright
AppLaunc
ttings> <
iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e66
> <Stop
402uN9ujYE3ufhw2E
OnBatteries>
button2
button1
RENT_USER\So
fer]ZoneID =
uvUetvGF3uNhZaI8ZpAI2tmM
Trigger> </
?xml version
ion="1.2" xm
>false</Disa
HKEY_CURRENT
DR\Software\M
AppData
nabled>true<
VarFileInfo
ec> <Co
> </Actions
xisting</Mul
rivilege</Ru
vbc.exe
aSAFIvo89Aod1FMGuNZkHA12
trationInfo>
MvKeKakal0pdngNeEWB4RbQT
FileVersion
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB8
Qfg6Ww6BfGY83aQdZboW
XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn3v
qLomg9UfaPeljhE8EaNRwVvofaNY
nDemand>
leEnd>true</
/ P6pL
el> </Pri
acpSettings
thor> </Reg
<UserId>
checkBox1
checkBox2
bled> <
microsoft.co
alse</Enable
sFileInfo
false</RunOn
rembly Versio
FileVersi
leLUA
<MultipleI
notepad.exe
stem
snRVLuxhMd2uTGvuugoT25m11JILgoGs
ity>7</Prior
Id>[USERID]<
linkLabel1
workAvailabl
<StartWhen
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF6bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB4
4Y5GF85HFG54
hcies\System
ci73nmGb1S3VXoKrIkANj4Qzar1gTx
oRun> <Ex
eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP8
oDm3y8MQSysydMsv91B1wyvD3KroPqk
</Registra
`nslation
VpDof4uzsQbjJo2cwm0bjuqMqSRTjV19IkNdOqMiX5JAf
soft\Windows
checkedListBox1
"{0}"
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB7
Idle> <Wa
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk48
V69jifkURPhnTag4NYBx1MLjn8TKiFuH1RDp8BLltWI6esHFgC.exe
alse</Hidden
ProductVe
tWhenAvailab
SOFTWARE\M
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk46
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk47
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk9
6Dv3ht7lA2RCQGnpuuAFHQ1
0" encoding=
Fiddler
7</Date>
artIfOnBatte
bled>true</E
service3.1.e
osoft\Window
UNQNkow2ofpE5n0CISceYAwzLkPnz
Reg
0.0.0.0
lse</RunOnly
RtringFileInf
gers> <Prin
tworkAvailab
rentVersion\
/Create /T
"http://sche
svchost.ex
" /XM
echo [zoneT
ationInfo>
VS_VERSION_INFO
gxcFNoWYAqAw9m8IIDZrjPR4
<Date>2014-1
ION]
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
ingOnBatteri
y3tVQn66c3eN1nS
Actions Cont
> <Disall
wll7M8Wj0Xc7WvE0I3LjX3txroAqsPnTb1cWMg1Xe
serv
/-P?pR
<LogonTyp
ask>
ggers> <L
lable>true</
KoIV29cM4JDphMAA9MofQO
dle> </Id
`bleTaskMgr
RID]</UserId
srentVersion\
<Enabl
<RestartOnId
ncesPolicy>S
rId> </Lo
<RunLevel>Le
T14:27:44.89
O7eNeuYcXpdlXGDAu2b6nlH
cies\System
M0buwtPOG8ryRbrXZSZhnXGMDggeBeL
t/task"> <R
OnIdleEnd>
/0.0.0
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB4
teractiveTok
sbiedll
meDescription
[USERID]
WUS62pEqFwbsbRcfd1o3Y
Trigger>
Limit> <P
8f76dbK6xcA4rgVjEHpibrboP3B5wsObXVav
<AllowHardTe
Disable
pdate\
es> <Stop
StringFileInfo
NriginalFilen
<RunOnlyI
,/KPip
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk4XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn3
rigger> <
eqam5nOzi9PJ3SW4duN
alse</Restar
listBox1
cmd.ex
wStartOnDema
er & exit
000004b0
wire
ProductVersion
684NvaCHfVOhlMIG9y
FileDescription
LogonType>
rue</StopIfG
S</Execution
/exe
nsoft\Windows
HKEY
HardTerminat
re\Policies\
Run>false</W
WS_VERSION_IN
ls> <Prin
l id="Author
SFNuCmoD7YERZTOZdIZoYcwOzVtNzGVEBn
<RunOnlyIfI
StartIfOnBat
.ct)Y
c1|J
PNG
F<~4
oA8
A<|L(
V+i#
D[,k
fx>u!%m
M<o#
UnverifiableCodeAttribute
JmbalMachine
S]$$
E-o/
U%dz
3C:},
get_Controls
agyee
get_Items
1?6N
S3{K
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF6bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB4
ju"XP
Arma Inc1
E'l S
v"*q
atA.j
@/l-
path
}x$7
J1^P
,{pS
kgPS
)h d
-tO
\*U"J
V69jifkURPhnTag4NYBx1MLjn8TKiFuH1RDp8BLltWI6esHFgC.exe
op_Explicit
."h=
System.Security
cw:q%>|
tNJ]-
ms'Oooa-ell
YlpuHfWtxOQa7Aa1ryZwArlRvzG
ssocPersLOC
L^XO
xEg1e2z;X7
j w$U
\H'f
type
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk48eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP6
h</m
) Tm
Oomtudd2
~^XN8
V~D3b
\'f(})Y
F?.k
t(ti%hl
_1x3gH
?G4`$V
DigiCert Assured ID Root CA0
EnableVisualStyles
\LAq;7J+ i
Get*S}i`presByName
*#0i"
Yl{mbm
2v7}
%<4}Bf
Lgph
&+E
zh$ptn in DOS mode. $
0v5
Kpbfp,microsoft-com:asm.v3"> K
ListControl
(:41%%
`^qRE8|:
System.Refle
l&:r
Format
r!@E
bf %x/?B}Xlu
Get _g|amuProcess
As`"
x]#O
#Qxt
4?Ie
AppDomain
[[ai
Gtv$1w
CompareString
m/e0d
!}s(
GPT
!S*4
get_CurrentDomain
R^<)
DigiCert Timestamp Responder0
checkBox1_CheckedChanged
N~|\gXMq?
G X |=^1
&+!
cTsk^\
Licrosoft.VisualBasic.Comp/G{|Ugsvices
OpenSubKey
/:D& M
f J |
S`th
W~O<o#
rL68L'
1{2h<
J0D/k
(p'^
BufferNhrggiBopy
set_Text
, u+
(o:R
;b,x
JrG M
MlA}
$jt%_
Control
f]7u5
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB6TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5
[/D}x
O9j'Y
-o5U/[
v I+
CA:N%af Y
`]S9
D yW
Type
Ou:q% h
_iRN
ai;
;a9x
iX ~
#,}=
0]{$
^$b4
=F2Y
}$f2H A
51p{
^ #X
k %J
XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn7bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3
checkBox2_CheckedChanged
u$M<A
e%$Ifb
F]/u9
0#r7
ProcessModule
:Tnz
eJp6
DllImport
g .]
get_Name
0v0b1 0
&i e^
T2d
/s@n/
&,N~.
FnxW
?=w[
VirtualProtectEx
Sys>Ox Sjodows.Forms
Huh>O
'pU]
ISynchronizeInvoke
bfrnC#
]ke.bq
?>Qb
m0zi
%z_U
O;PH
[OxM:
SegistryKey
[5]h>
]1'9
V0i7
>h"w
Rt`v^
!V,D
gak\
.text
GetString
JdJ/g
GetObject
Y 3\
&9|!U
Wz`bauError
Nqz$j
k'l.y
conff
MSg=
SA<1
Button
get_Curr
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF6bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3
9s&%
f?8
4*
#n;Bu
r!Q+
<~)T
](FTB)5
mainFile
7$P;
c 7,0:#
8~)>*
0e1 0
gn c a(U
mH3C
Resources
W9:q
) .,;
Rystem.Runtime.CompilerSer
m(J%f
n9G&
g$OKZrcstInfo
L8r
^%+8
@%CB
e1:#
label1
RuntimeTypeHandle
~gY>
S9hm
P6o!
)S'J
h2Uq
'd{9
D^ J
R)^)
`.rsrc
sl]-
4.0.0.0
7ou*S71*
DigiCert Assured ID CA-10
?q-f3J
get_Default
gxrauLayoutAttribute
9c5O
kernel32.dll
LAsz
~gp`m
<8yH
Spec
>^2r
PdsumeThread
ProcessHandle
Z_]d128
(5U*
set_Size
47aDS
9vu8c
,>(
L)3x
y<w
K L=H
/EQY
G.OI
\*s=Y#a+~
W+_4
f'W-
)>GFE
C9{Y
y6Q
SetThreadContext
#c!W
G)yS
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB4iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
N8S!z
+%#ryS:
l-r\
t7~+
qIDATHK
v0t08
hVH$
211110000000Z0b1 0
E[m@
+)co
lF]h
buffe8*w{bedrSize
g O3
x!(
m,O
GetBytes
Q 's
69qF
Process
'r@K
Culture
ReadAllBytes
Eo_(o:
Write
set_AutoScaleDimensions
`6D0u
U5t#
S9~@5g*L
\ ]-l
get_Assembly
ieC_s.U%q
G2aT
&"\.
slow KV
~=| v0f
&|bg
Proces*p|a`mvStyle
L/m-\
:vQ1(
Runt
X`edad
7z `
X]Bf
l0{/*r
sYxv
SCF Section1
Ibhn
e=I G
WrapNonExceptionThrows
;7
C.YeS
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF9NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB4
zr$4U
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADp
$iYVG
L?IIJ
n= ;A
&, (
7]IE
E"RU
System.Globalization
RsocessStartInfo
L l`2
STAThreadAttribute
g'E*Z
j?k
IHDR
~5Rk
DcEbnnry
J~1a#c
oOD\
m )/W
0)\
Es7b
5~A2I
isSandboxie
%J"DS
9s't
1x,
System
)%KZH R*
Application
o_mhZBlb\=
})Rs!
A;ym5
n!v
c8~@7m
Km:o
< vGn
wSHD
i)Yv
l-]7
%>`?
160907065113Z0#
HUhk[
System.Security.Permissions
X;&i*
RSDS
`:_/
MethodBase
#Strings
\&d.
ux3;
\e<;
G s"iA$L
>0<0
+z"8
\-W4
6G:o;p3
SxuY5r4
M0HQ
Environment
c!k>j
www.digicert.com1$0"
<Q+i
CdXu
F{{t
envi&R~d`lu
i:&l6sA:
^4h&A
0I';1C
e7zv-
),:7
b4 x
EventArgs
2l}&
bytesRead
OvXIcnT
K/m'r
System.Diagnostics
IEnumerator
A ZF6w
k@1q
b M z(e
e(Mt
IDAThC
sVP:
0r@;
\g Ccua
Bx`v{
8g"s
"_;T
7y5E
& I{
9D 9
Ql t
d8| P
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
#e49
;m7z/
qql#
isWireShar*1r{Bjedler
A ^
1 0
-K')
set_Location
ae Y#
EYF$
O:B 81
9O6q
Title
c&q RO
Desktop
set_WindowStyle
ybN}e
d%k=K-t
! -
\rmt
$:6&
G7M ]'S<
+8
:$7v
(+(@
,QG$i;
d H
xmOQPjg]
=Wi<
89OV
service3._1
BitConverter
UohefBontext
`0r /
SetApartm1Vd_rcue
y](I
g1)}
,eb[
r&1A
add_CheckedChanged
+Q![
eAa1
C Y#a+~*Z
%,Ls
|%5+
Q-p;
LHG!>
N2*$
\iXC
9|)T
h*J&
address
>S&u9
_){6P GW
i4N
e I
spmWaCA4]
_(o:
UH'~0 t6|
#H 7A
isWPE
n :E
M>EO
set_Verb
u5F=
MsgBoxStyle
H.wK
}A2I
)= `
GetTypes
set_Name
FX7
GI[0W
@:x2g3C
=Bstwdm.Runtime.InteropServicestgdfskleEnvironment
7l9m
?$r
-l:o
ListBox
y,Lj
g!w
GetThrea'csapgyt
6[z
GetEntryAssembly
a(.l
Contains
ResumeLayout
$ 8A
L; 9CzG
TZiTfbtion
0i'
System.CodeDom.Compiler
set_TabStop
7e(N
SetCompatibleTextRenderingDefault
GQ8eEhMkVacTfzqcr5@
/_5r
ToLower
c._
/| M
?E1Z
Z+<&
data
Trim
); +
6v9n
CmFelhfestResourceNames
ButtonBase
;(uM
9C7\
>bn-`
z5mk
(0t5+
~eRw.-^
"or>
`-fB
061110000000Z
_q&E>
o-gI
NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB9iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e65
STcgN!
=O0U?
.http://www.digicert.com/ssl-cps-repository.htm0
B6kB
ToInt32
_|M
wwwwwww#Jg~ruv
System.I9)Ueig
=(|E
_c (
CrY}`
5V|F
."/~
`mM;
SuppressUnmanage"hqjcQdcurityAttribute
/+iR
Pro+]}|Abua
.rsrc
+m'q%U
Split
D ,;
"edT
mdH
"yWh
GhX>
lS4Gz
%,]s
3Q?}
fRDg
/360
c8p]
4J>U
LrhMcodle
Q({7Bd
E$~
MsgBo
D/k|
!cFge
4r>X
SkipVerification
7 "N
Combine
j)/f
set_FileName
E:\Samed ICI
VR,:=T
Data
bgu_ModuleName
Ra}bpuedPrivileges xmlns="urn:s
Dvx!yI
GetFolderPath
zHM+
XE\m
$=n m
ResourceManag
pHYs
.ctor
,#3n
s!7&
I:+`
KzV,
UE43|
5O w
u7H3$
Zaqdrved1
V,n$
t'uF
qM)E
T H/$
9C(l
Main
dwSize
Invoke
BeginInit
G"&:
DigiCert1%0#
k%? /
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk4XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn3
<:%5E
cO`9<
O)z0
4Aa~
k5MmbgmpJZ12bzi6rkNJUHGmivApSqWE
_0;jA
t\B
Y~quem.Diagnostics
QcI1y18EM63N3Y0JydraVDb8NPR2W7Yi9kFCuYF9NbUiLhYkgilTZGiNmNonpnBdtWzA3Ud1Z3JlMgkTBej01CB4.Properties
CheckedListBox
Dd`<
7#uO
8W=z
.E~<
I/R,u;
Q0j/
@.reloc
^$P;Z
cC V>C
I;'n&
j!; 4
DeCr
p(*
;aR
WalueType
v4c^
Byte
creationFlags
\x/E
Load
rb<u8
\:c[ #
QnTY
+f3J
checkBox2
3&rw
[vNkoeer
www.arma.co.uk1
L5w=
GetEnvironmentVariable
_&S
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45
b;u!
Regis2Yg
_*O G
OUf
get_Location
BgZCf0
|8mr
xcedrNonUserCodeAttribute
GAC
checkBox1
(&>R
z j?
ZY_w
[1v8
&tackE;
\&r ~
Wh 6
set_TabIndex
Vgrize
e[k7Z
)'`6LA1
FZ,n
56|)
? Px
S5l"
2(-z8
RuntimeCompatibilityAttribute
u4M7
CxVAfcug\service3.1.pdb
6G<z,
Assembly
8' "=_q7Z
)hn $j`
I:*a
~,y
f$f,y-
w 'V|
Q<4
0"o~
W!M1
SuspendLayout
7uco
wIVo
`lVqksc
r m R
z"IIE
LaatggableAttribute
WindowsIdentity
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
15m,
5xS&h
BLf2q
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
w8)Z 9
Size
CR-v
,f2Bs
iW!]4/
b:K
set_AutoScaleMode
#7G}
>18T
.s+:
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
o@Z%1112\service3.1\service3.1\
leFF
d4O<K
%ONx
}krZ^
GetRuntimeDi Cz
KRl;
d*OQ
IContainer
Clear
h ))
,Y3x
v6&\
%&gP
'S8|
d#$v
ExtraRounds
zN ?>
He&"
94R~
fE
M+d^
Yr!y
\`lKfyt
fnS
m"<K
Mafn``tionName
set_AutoSize
!zkkgme
<TH &,
PerformLayout
T:k(
26wI
un*%
/|3h
)_Dr
Ra,Azg
Debugging=Ruot
ResourceManager
Show
sB x
XV|1WJ|(R^
pIDATXG
?(&s
!Wx
ContainerControl
=g3C
i<F2
:GZ"U
5/M
ToInt16
EventLog
W=z<JR
BompilationRelaxationsAttr;Dl
, @&
A3r#~
s-f3g
MDEE
gNT.un
)cv
[?Ux
i7~,
System.SecurityErbgkahpal
O0y`(
4 q w
W.L"=UguThreadContext
Interactio/1V{cAnxResult
-`?d
3n ;o%
th$!
=*rF
:xaw
WOo6
z;p
6|8n;
Operators
LkoqareMethod
^fso
R(Y2
5|bN@w)+p
<Module>
u'j E _%
fhv
|>O6n
DBQ^y
qZhk
SetProjectError
J<n#
W!xx
k%x6
im <y
v2.0.50727
f'D@
d&l2c
P*>U
Gq y@
b:t
G;?>
@#X;T
Zu5e
AddRange
^d2/
qmQ_MOiQn^SY
gAMA
hZ&~
@ssembly
nA$Qc
Si4O
%3 D
~&x b!
AutoScaleMode
76FTl
LinkLabel
.cctor
GetV%Lho
mscorlib
&,N~^=
Qh]n`
t%g'
q-t&
<?xml version="1.0" e<Evomlf="UTF-8" standalone="yes"k
zJ+\
w!<Z
~I37
| c
eKB\8}
}7a>
b_>
_kDPV3
ControlCollection
m0k0$
Kill
B:BP
8g %
],J2
flNewProt(Pb isglOldProtect
\) #
Wo'V
PtNY
7I}v<
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
dw[Qkw
System.Reflection
0'r&
H$^x?
SizeF
'z E
WaitForExit
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
mdOFTiuN0gNPh4uJWt0zU4G6
r5S
q u
'IDAT(SU
Form1
z)e,R-
SecurityPermissionAttribute
RG'c&
0.%"!<requestedExecutionLevel !V`li>#asInvoker" uiAccess="fals
sender
^OOk%
Sflgf@ttribute
GetMethods
aZM$
%,l(
VM c
IKv>
)gqp
hJpi
z"l8
oQ>K
's(Y
?/@?%
0A-d
( A1
wwwwwww4Wkxsuv
9J1x
V x g
wwwwwww1\iyquv
7&~ e
^HPTI^eZOs=
W|`iA`se
Int*Nh
uC[!
EndApp
tiS5
h13 L
#"T{
wm3RN
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e65
~ !H,
{8fFc
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB3iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
DP#c
K5A K
Tdahm
T>9o
58} c
J1=p
%1As
llg(3
mscoree.dll
!This program cannot be run in DOS mode. $
[9AB
8u>
;i?T
Syst
Mmth=
Dt6ps
Dispose
ToIntegerVnqhar
9crsembly xmlns="urn:schemasyUyotmroft-com:asm.v1" manifestV&Rofkl<"1.0"> <assemblyIdenti"D={aprion="1.0.0.0" name="MyApp-Rwhrknn.app"/> <trustInfo xm5If2&wsn:schemas-microsoft-com:a9G;x6!? <security> <
K< ^
z7QR
q&Xq
wQ6Rc
?|-Ri
fmslib
x:a
c a
hUpb`ttablePath
rsocessInformation
button1_Click
!c}7
ToStrin# Nswwdm.Resources
UH<G
9wLW1fp
set_ClientSize
;I?U
\ f0
Aberdeen1
k0r
^"W_
^ aZ
;/qu
k@gj"^"g
e<i
get_Messa2O
"+v2
(%o!
l f
<Xczbo/Security
BO<c
[-8s
N!4o
BSJB
e$Q;
resourceCulture
}@Y+q
D|</v
hozJ
GetCu?Asgq
m>E2
70hJ$
1;@H
`%U/i?~
&-N!
Delete
ZTTh
thread
Lz'[
W1h;O
X=r /
#kYR:
x5a5
set_UseShellE
141022000000Z
t7v?
G{t0!_
|>t!u
3U p
L^PI
V67}
co,9q
n/n2
&,k"n
%=1
>&:8
zwb$
G%K
EndInit
T7p5H8B
_ !/
add_Click
o
2z=|?
Hv?T/j
t4n
<F Y
Mutex
SizeOf
PK1o9bWJ10Y0BHGaiwZ3IfAKtdFkluRGWvrxG7bullef.resources
U#q<Z
CreateProcess
0O8
ThreadId
>FDY!
compa
components
t:nV
listBox1
8n:n
Ar1Ae
rc2[
BP$2H<
0!0
Form
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5
V69jifkURPhnTag4NYBx1MLjn8TKiFuH1RDp8BLltWI6esHFgC
&, (
gZ/V
ISupportInitialize
LLAeS
K [Q
,F%}
f<Vh
MethodInfo
! CAD
3{;N
e&}(
Form1_Load
iYJ3tfe0rIgf556tWaBUUjGB66ePRY
Wozsuv
ObjectCollection
CompilationRelaxationsAttribute
'SPf,[ 8
PAs$
EMl^6
R:'Y
baseAddress
(!uW co?
x:p`2
/3V&
wwwwww
K8u l^`
Std*Sbau
%lS[L
@D }0-c
og X
#k'!D
R(j\
startup
xq+j
&M H
f3g~
LTh&%1
o/D~
Jb-~
RunPE
241022000000Z0G1 0
IEND
0ssNph4SP5CYd4mEWIclAOlBHZ2WxzS
jhP{~K-C
4N;I
hi E1}
8r"p
67T;
context
_/n)
jIDATXG
PdtValue
!This program canno
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
L6B)
^ D,o
m F%
vo9#
Concat
pc6*"C
I3G,h)_ @&
Set'Xgxn`ttes
9w$9
D}7d
= #
DialogResult
@n.e1e
VindowsPrincipal
Misc
bytesWritten
y._
( G
\J3asG
get_Modules
f&|<
https://www.digicert.com/CPS0
b<!v
CompilerGeneratedAttribute
set_SynchronizingObject
styw
?elD zJ7
@gs #
Xu;6
<ModuleH)~
kDAvRMfYNTzBJUTpAcoCApzFVzt@
yN&f(
C}V?}=
Thread
currentDirectory
T"Ml
`POQ
0g4E
hrkE
www.digicert.com1!0
t&k
info@arma.co.uk0
System.Text
^jS$f
D&]
System.Resources
set_FormattingEnabled
0b1 0
g%p&s
ReadProcess
<aod
$OoG
Pl) xy
M"(g
s?&K
\(C3q
Jx1Ti
"Dc(JWL(t]
\tWa
! bgu_Size
T.l&s
]>g)}
C1s3
1X*L
WindowsBu
} E
Wow64Get
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB6iFWKckcW3xL4iso8QR5LMPfdEsJCsEtBkDJ4Xc7FXJm8e68
Write.M|Zbzu
TL,Eo
=C? I
retry
String
_CorExeMain
DebuggerNonUserCodeAttribute
=/%l
7(<%
k/nX G!x6b
2)P ;_=
m1|*.vY
proc
tm<M
h2))
#8 J
jLY8
&9R%f
b_4s|,\&
UJi
l0z:Y
p4;
EditorBrowsableAttribute
)#E]9
&c#V
%w:\z
Keys
F m4#'
?}&&/
WB&J
).i@;
oJT8
Tixmatte
resourceMan
[XPHq
L} V
Ltd!
M[ wk
NZ6+
System.Drawing
160906192455Z
6+/&
Q3f,KK
q(f2#
sjb"
ReadOnlyColle
ProcessId
n8B7G
p"o P
~#_
Ls:N
P*^5
?O5k
wWaWQ8
SuntimeCompatibilityAttrib!Iu vgsvice3.1
7e c)|(X
r)~
!!51
Lz+g
5*Tv
3w+93
W +g
FDG4O
q#M'+
FrJ}vds
9Y(o:
9x-X
0ee-
0j,K
'r&V
(iSi
Rq(Ot
g,U n
EcprageBox
Kuc5y 'j)
VRt,
eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP4bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB5
Object
:D1[
O?X}
r"[g
!b#S
, n
9x~m
3System.Resources.Tools.StronglyTypedResourceBuilder
S=i
set_UseVisualStyleBackColor
S=i$
={DY-F
e>,^L^
*(b}
InPath
DigiCert Inc1
w5L;A
3*oS}#V
1>u9rV
Axgi
F~4a
+6?3
z0x0:
_I2-
EditorBrowsableState
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
U+C/
M ~
CultureInfo
w'P.
l>y7
?.assembly>
F4"
StdOutput
K8<_
3\ L
*!} i
'i/)
r |/c
vawB
p(Y:
sRGB
IsNullOrEmpty
Z~2)
O4#\,V
Exit
Gy4O
@D1[
Y4P.
wwwwwwwwwwwwww
P?^oqdading
e)iHZ
n+a4
get_Culture
procPer7pTN
2Av68icg6mnLjzyhrRoaAcmmToowy
1 D,p
W H>l
:{ _
O)p>
UnmanagedTy1T
x 3CGJ
%*i
Microsoft.
SecurityAction
J%IG*
&(;=
(k*Z
;Wj'
Au}v
A:{G
Z E
a#i<
process
Ins-^
Ogtq
3k9P
Fxe
h)Ju
wwwwwww#Og{quv
J;By
ID#I
r0Z8`c6
osuS
oJ39
Z$p&s
GUk3g4
threadAttributes
TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB5
jbtO
#z!y8
,y-
WGSF
260904192455Z0
]Afl
z{p&\(
V%x6
ylJr
!6W:
:d.{
Conversions
x>h~
]5`%e
ProcessModuleColl
<g&V
KVpi
@1h&r{
."cL
}'}3g
J0r8m9
CY}y6
`.z}{%
$WR
c:t :x2w#S
`l.Y
(5-fd$
_!R)
Sxda
}K) N
$-gKk
_ ^*k
" \'f
eN*Y'
=j?P
_&S9,
5O P
p(Ok"
I4wm
set_Culture
get_ResourceManager
hv3jk
-9I}9
IDAT8O
$^?\
(#6W
Point
length
O9lh5
L L<7
EI6VWgEWDTr695eyWWo8fz1
fhceer
# +\H?iH
|0U
{G7=
.;L7r0
Program
o N
2y-z
rJ
hBSW
=G:
z) '4
Vfb=i
pX7t56
J g!
s2& \
r-g2
A(r=
Exception
.H4_
i<N|ymvIandles
(.d4<u4
C
F'n;Bw
a P*
s7 z
$"! </security> </trustIn'W
Anti
GetTypeFromHandle
InitializeComponent
FileAttributes
set_Argu
GetEnumerator
Z WV
LayoutKin&%XkuqialAsAttribute
|O f
eventLog1
!e$s
VirtualAllocE
5Ey4,
%d 'Pz\
!&),pX
?;z
dnMG
FD:w
mk q!
vp/%
I3qt
<A&B
R=~ [
Microsoft.VisualBasicNY{zrkbe
Thre5YC}dpu
E{xpg
3>Xx
;v#Z
/Qs8L
( z!
k y#
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
)2J9
3x-y
eTN%
j=B~|
*m<G-
GetProcessById
:@ FM
Sy*Spb*Anllections
T I0j
E5fGLb5MqSvGGyBrkAynhLmnr0VnuWLQwhU0681iNCAvFk45eRhYcwZ2JortVINRUiMM02JSJl22AAmWfbnLjrKSyXP1
n\'x
_@r_
ApartmentState
lZz3L6ceArFumqT4jmIna97yo4gaVYkG3v5Ep0IG00QZk7TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq9
,z^M
JE#8
;9\
fvD*
XWF
G-o/
H+DW
System.Runtime.CompilerServices
y&]~
Qz"
add_Load
*19\
! 0D
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
button2
button1
v N{
=| v
Mutx
checkedListBox1
]g8o~
<~*P
Md4}
X/~4
k=G3X
me^l( C
DigiCert Assured ID CA-1
t5Vm
%, ~
xSKCPR_INFORMATION
z"/i?E
dl `
a8Cw
`%nt
linkLabel1
m'<)(
IDisposable
Exists
)x:Y6u
GT/j
f$e4
B<g1
/ P6Q
Strin$S
G?.R>x
@|>B
cv v
Label
fS2v:W
MfCkQnle
lXL[
L7cs*
,h/@T_
J( yV%T
commandLine
2T C
oedo&5#
#Blob
get_SystemDirectory
8`"5c
TLCmcq5uTXBhCA5vS5WMTqu3GpoP1CUMNpyqDjq5XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn3
=e b
! </requestedPrivilege
@;U u
lYDFX
&\3
P o
service3.1.exe
value
uO06
u4D>
info@arma.co.uk
|}><?
7`[2
: L0`
H y
IsInRole
rG%v;]
z1 N
E'QM_
#GUID
q*>w
*,zu
l!Sf
=<W<E
ntdll.dllf
N'["e
xJ M
E?}7b6
}V e
d:p J}f1
k0i0$
}#!m
+J oI
/wbh
yB9N
n;$q
VPyM

"D,p
1E.
Scotland1
=x9O
EventHandler
j+8W
(q(S
bioEx71cCxTZn6H5Arhb2eqXPMvfv5qtC6uXa6YB9XhAUKmRS6Jb5iOZ9o1enwYQ2vSeNCSEbsPyGsn5
]Yr]
7N 8
]'a7
Encoding
0$^3
b$r,
~;zF
CheckBox
u+
e5b'g
,^qyD
Xm*"R
IDATHK
~b\.
] 9I
e_m)
'Rz@
u,K_O
M}Y}rdHandle
mpAddress
*3!<{/
_Uu<
4/1w
&,d8
Vi7s&]*2
(C I@
ZmRB1
oQh R
System.ComponentModel
?|=M7q'
Bpt~
]6r3E
e<r&\
X,GK
>n0r
"K 3W
STARTUP_INFO=lQZNMO
G>}7
S6p?
8|v{m"E
^u`3
&bb>o
get yCOOK
C4QC
p1GU
eu|R
/'t:n
(b7c
m(.3E
W6AY
NtUnmapVi
t G X
WriteProc
?7q?:
a@ _
^GA6
System.Windows.Forms
FbIsvsibutes
System.Drawing.Bitmap
s67}]
6w,^
Rtart
IXL.FA
v p6`
bf^n
GeneratedCodeAttribute
disposing
BhT>
rU}Z
R?vJ
o&i7
H2p:9
X$g._
[G TO
BSJBG+
,g3h
F- {
StdInput
)p>j
l:h H
R k0

#infosec #automation

TheSystem Itself @ 2016-09-08 17:30:01