s.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 3/56 Related 2258
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 173.52 KB (177680 bytes)
Compile time: 2016-06-21 17:40:32
MD5: c9c9716b34e93a8a69bcbe51d9c38367
SHA1: 3441814ba28c72f8438d722dad84323699ecfbb2
SHA256: 6a44714600c60bf3eb48e5e7978bae488b2c32e45a387aaac3bdbe6dc567790c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2016-06-21 19:21:02
Last submission: 2016-06-21 19:21:02
Filename detected: - s.exe (1)
URL file hosting
hXXp://crealymeadows.co.uk/wp-content/s.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-06-21 15:50:19 [3/56] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x28814 166400 4fe2bdaf90242f420b1398aef286a535 2c6a5c4ef6db7338a63b32792f7a5792e2e94c0b
.rsrc 0x2c000 0x1160 4608 9e2ef6cef154d6004a3b9c09efcc16e9 017d84599e0d8200202d6ab9fb9432eda0b5ca26
.reloc 0x2e000 0xc 512 9582ec6659ffa4ecced94f941702bffa 5f18c9339df16e4914046cda74eed361884ff496
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x2c0a0 4264 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_GROUP_ICON 0x2d148 20 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: ea7f444df4ff9402ac0723ed0e808d81
SHA1: fd0d401060fd7f4e198f9e4061202bb5ec457318
Block Size: 5648
Virtual Address: 172032
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
ntdll.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://schem
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
sch
! <IdleSetti
ueractiveToke
ZzoneTransfer
vStartOnDeman
ds> <StopI
! <RunOnlyIf
`tionInfo> <
e>[LOCATION]<
Var
bmd.exe
Fil
=Date>2014-10
oeID = 2 >
UN "Update\
runas
RtartIfOnBatt
SID]</UserId>
vorkAvailable
apYMZ1DJn2Xr0kPPH7yBbyqX
=AllowHardTer
? </Actions>
MxZKnEV3DVUth9gUaGxOwc6
U14:27:44.892
ileVersion
Load
ilename
Tra
hon="1.2" xml
ame
? <StopO
NnIdleEnd>
xxz684fe06dWNJFNAjys
yisting</Mult
R</ExecutionT
m id="Author"
meEnd>true</S
#Author">
`lse</Hidden>
cled>true</En
@ctions Conte
alYfJS9KtZ7m9v8VF9iIePI2R
button3
button2
button1
uhor> </Regi
SOFTWA
Assembly Ve
Fiddler
! </Settings>
Produ
textBox1
! <UserId>[
gFileInfo
! <StartWhenA
[USERID
ior>[USERID]<
IardTerminate
`l> </Princi
rsion
MogonType>
auWN9Ko9X3JtQM
aCzJZ9CB1ctU6EhtVjaYxfYMy8
LL "
`te>false</Al
asdas34df
uWhenAvailabl
! <Enable
ocesPolicy>St
Urigger> </T
Info
1" encoding="
urationInfo>
0.0.0.
dc> <Com
NnBatteries>
`rtIfOnBatter
`sk>
rtrationTrigg
asd
iark
Nbject
Licrosoft\Win
honTimeLimit>
licrosoft.com
utings> <A
=RestartOnIdl
dl> </Prin
"{0}"
,16"?><Task v
#http://schem
5df
! <MultipleIn
r> <Settings
Mimit> <Pr
cled> <U
? <Disallo
sue</AllowSta
6</Date> <
u/task"> <Re
yit
params
panel1
panel2
dd> <Hidde
/Creat
! <LogonType
fgers> <Lo
cription
fers> <Princ
RAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference
`lse</Restart
Dcc5eYN4rWpfVq2PN9yAK
ms> <Princ
Inter
Origi
serv
hngOnBatterie
nqHRuXQbWRGAsHeDWFIBVzsQSe
nRun> <Exe
]Policies\Sys
uworkAvailabl
Hdle> <Wak
/c ec
tion
EnableLUA
App
pictureBox1
RegAsm.e
`lse</Enabled
Save
service.
! </Registrat
sue</StopIfGo
0.0
=RunLevel>Lea
>xml version=
Hd>[USERID]</
004b0
r\CurrentVers
dInstancesPol
galse</RunOnl
lmand> </E
sbiedll
js.exe
aqTvEV6SuzxAQdKQcBygs1RjYUE9
LegalCopy
bhost.exe
sivilege</Run
oDemand> <
RSION_INFO
sigger> <R
qad.exe
hty>7</Priori
Urigger>
?false</Disal
Edit
sId> </Log
mse</RunOnlyI
@ppLaunch.exe
mdka11RVicmxZPPIrANxc7MmrFW4S7Fi9K9abN6hpFo1cE2X32WC5erv1txqkg1wxfu032
odows/2004/02
!<RunOnlyIfId
D.identifier
!PRO
.resource
0.0.0.0
mable>true</S
/exe
3Ya
exe
ele> </Idl
Form1
Sun>false</Wa
aJ4ScLTe3K6wXPa
MOCATION]
oabled>true</
W$l P
=c1v
fbreAddress
P~p7v
Color
Int32
l/h)[
9s o
}"c${
ConfusedByAttribute
WebServices
w:P$v
Ty RqhteAllText
CompareMethod
rz
TextBoxBase
U&n#
P6Y)a3F
0.`)|
0--"c
Yw`fkqal
E N?w%P
<Z5}5^+s"X
*n32!h
SU,\
5/Z*|
) Jz
Q0>O
MT%A
A&r!
~?&L
4&w~/
~\.g
h>x13d
`#v$N
}*O
m(<d(
get_Controls
Version
S)Z X=S"j8M
*jX2
*w2d
8Z K
~WZ @
*|_A:
instanc'+Zgvrnse__Instance__
g#t2
@EJc
;D1i8Z
My.Computer
p %p
S-f#u
get_Curr-\e cgu_ModuleName
@htdFile
:+.35
z@4}
Z k
m>s
m_ComputerObj7YbZtmwider
:WN$
.| Q
^+m@6
@Wakvdxt
i'kZ
Y<2g
'(y"
W&q!
4'B.`)| Q
/e3I3b)D"S
_ho`nagedType
"|+y>
Reserved1
p({=C
5)T"B>
Reserved2
(>_-}.
wF6
$2t
J;DI
h* w
System.Security
n@6o
Y .//M
gFBew
z!Z6
N=5O \
-ITehgOame
&C)b
$':+I4'
ConfuserEx v0.6.0
g2a'g9
u%G(a
l.YB
<F5d
\H'f
type
RuntimeEnvi
d,~ S
@%(W
zF= P
190621095007Z0
Create__I<Ibkhad__
Cn`gvue
'E6g
D :;
I~<j
\*[ Y=
J-} x
'G6~
.>\~
k1.`
DigiCert Assured ID Root CA0
KM/g
?+;9,%%
$t_e
EnableVisualStyles
7s k
^ ^;
G3ltSy,
B \'U
_D9.j=
8:/8<m
%( H
07emYd
VirtualAllocEx
=(& c
~z"d-o9C0a
Rk({)M
c+N ]
=`8k
&+W
`) i
Q3d6
|6dB
7>lR
Format
n?] H
2PX1e
Q5\.g
u@%s"
2 a3W
Z vx)z_)X
m&q7
4vxV4h
]7 s
n7d~A1
AppDomain
Bvd
X l d3a
$&>*N
v2.0.50727
7:( &
)K~ I
get_CurrentDomain
IZ L
DigiCert Timestamp Responder0
SpecialDirectoriesProxyHUt~[QqecialDirectories
3G'V
F:6I
EndAppR
get_Assembly
?jY~
.9b A
&+9
v4B8
LL^C(
#$C b
j4!y
A7M7
get_OSV'Ymgjl
R9Vz O
jO S
H=e4V
otC-
get_Application
w4d"\
tv_#!
V'oz
[+ X
'w%A
s8/}
get_IsWir'Xvowi
bufferSiz-2sspgrRead
mength
set_Text
GetThreadContext
ZD+[
(o:R
@s 7
}/h)Z
g8Gwv
O{R'
o%
#Blob
Control
P1v}
x|opnnment
m:`'f*]+o4r;
h@~{
[>P!
3(} Q
v21 $
&.lO0
3}d^V
c!`6L
[ k<,k*Y
UU1`
uXn0pfa@C<
`7N9h;^i
=e4Vx
g4z!
#"Y+!
G }#
Y j)n
5!s>~
4(w r
XUJ
Type
\(y>
}:a o
!&gH6
xc+FZ
C Hu
x@9[5D
`8k ^ J x0
HelpKeywordAttribute
o%
7f*S
P%},N
Wow64GetThreadConte
+7i0r
eN!J
para)+XgTcuh
5O5d7/
6o M
68e
>^1A
.Z o
/`2G
"D*=
U2w!h9y/U&
}9 O
X-"
Microsoft.Vi2Ls`Fcric.CompilerServices
S E
>B'
ProcessModule
1<<)
b5g]4`
-z(_
Yapilo Incorporated1
get_Name
LateGet
R3LU
swZ
Y ~&
GetFo>Gu|Tbuh
w\:k
m_Ap"lrda`uProvider
service
l) o'
get_M
<7v@
_5<G5e
0_1EJ
]9i;vx
e!v0z9p
DigiCert Inc1
,d|x
&X# k
P$|-O
Y&/-
O [!
QZJ @
O [+
iA<P
hY j
dM"J%U
|J-
{U1`
w?:~ O
v+vD3q9aA*uB'X!
a(s#B
NEuU y
2~8{
Z[@:
q7M
p)EgE
mTA c
WrapNonExceptionThrows
k/x>w5[
0i9\
9${-l<
.text
l1D i.
t+" 2
9R9Z
UhreadStaticAttribute
GetObject
isAdmin
f1c<p
f] w1r5f
z&;U
TD%}`6
S6r%
m2H,5;J
UnverifiableCodeAttribute
1;IQ
So+f i+
B s;
Button
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
System.Reflection
rd
!w ~o
Runti
>"i$,]
=c?n*i
Ba3a
*.yapilo.com1!0
@910
Y.gg
D&q#d%V
{?h.g%s z+x
B&H9
62 :
O-z(o.]
!0"G
0e1 0
?~M=x/i
u?~)]m
T ]?h:}<O
'r {
S!j'5m,f
fet_Computer
\-i0
3:m?
"){ U
u1f
( Y-
X#Q}j
i.d6?<j
K$wY8J
swq$
(~,k*Y
jTwE
E7`&k)
|6eL
"c6M
'8V'o=H
*\>i
c#j(~
maprHandle
@As3]
j(^$
7#/J
DigiCert Assured ID CA-10
*c!w ~/v
%+(~
n&o H
$Kh&A|
075F
O ["-
flNewProtect
T>N
* Jy
%n I
=K6w5
\$J;s
D i-zS;n8BI
K2B+l g
o Ny
92 $
|m0B
get_IsFiddler
L5'c1v
MyPr Aqkp
n|c:
9` ;
Rystem.Reflection
`4%C
5!E Y<
:"" A
GetCur
Y<x/i b4N=l?Z4E _*r#A
OpenSu#rwu
protect
({z9
w f7d
W5b0w6
g<~@4
0_/h
Computer
K.j={2p&\/~-H&W
/z=u
v'Ww
w9&>o<
F$s!f'T
aa88
[9n
?Z4E _*r#A
[7< %
3 J
,$Z ?
z#S?t
Y SO
0* 7
:;1s
v0t08
#+^-
2t5X
U!zC
211110000000Z0b1 0
[%X^8E
t$F#
Marshal
procPersPID
_$_-,
?l'C
H9=S"
t0$b
e ~6d
jg X
x,j#
GetBytes
0t&D
.zL0
set_&MzjjuRtyle
OKB"8
xL=u'
PerformClick
Sy7_td*Anllections
S([
"~1T
System.Security.
T:4r
uhO;
8-WH
kernel32
Initi)^xpaf
+2x t
gGpi2d
U o)
set_AutoScaleDimensions
5o?^
\9W&n<
~lYO
s8xe-K
]XM?G
|: K
pr\
]UeE
0f6T
D%q"d$V
}*x?~9r
"\9-B
>ya8A
Q+X|
8)z ~
%&8'
th6Npm
t'K&
V#{*H_
9Xa8c
< oc
/D5$o >K 4
>sP
)o02X
RunP
se 9h
Invoke
B*o9
System.IO
.>m}#
n,)'u
#c U
Xk8I
s+ o
RuntimeTypeHandle
/$` k
@3b1
4=K=
GetRuntimeDirectory
<-jd
8#yT ]?
[x-L
|$s5|
ne'q i
[>v*
{*z T
kj8]
| g&
System.Globalization
z1L@
3_t
B!w&b$X
Hnc^\[
Whtle
STAThreadAttribute
0J9h;^
,B3{)\
UJ@w"
slowMsH
s]?B
|.i!b4M>
]uOrnp
"58-
_bYrphng
X4c1
E$hJ
'a(j3I:k2W9H
set_Size
v r"E
M>w1q
swO\+n~;f1jve~
=} R
*2-&q
ad"Vuyt
n9k,m
System
EventArgs
`(KF7
Application
C!R 98K
N Z S
Conversio6[
| D!
w+IO
j&e4O'
n 9
vjZ
_l9,J\
a*y T
$N A
>es9
H'W({
AP~[
CreateInstance
g3V8I
Ch3MwkPzqe
~/ne
D&r!g'T
F$s!
[ M
%f0J9
MethodBase
#Strings
$A/^
j=H<
=aZ
k> N
+w#7
>0<0
JFgqmes
t5|.
x)k=
0!}9X
Z?{,j#a
'`!R
_Qz-k"
d0 W
nug`tionFlags
k#b
nvQ{*
3^/g5X
_.f4?g6T
,HN~
www.digicert.com1$0"
n5a2W
S1R}Ec
\ o8j-l
%A0B
b*hJ
w9d"8
B C61p
s>cZ
BlockCop()v}XGyplicit
0n]JN-
5x1>
A4d5P
e" E
S"q
Y<R#k9t
cx/V
BeginInit
0t5F
w[/xq?'4sk
H kJ
_}m3
G7- +
0[>P!i;N
x[^5
oS h
X)a3F
ED8j
q,Qz=u
System.Diagnostics
IEnumerator
b4 @
s z*
h$g2
Z64
f6q9HU
X ~&w
MsgBox
:(M$
%?&G
zk:d6U
/ 5%
6*i9kw!h
Y Z@
o.Ua
/i$.q
#zrYSN@Jd
_h8j-0
n=}5x/m
%
wF\a]Cjf
m} V
Y1j<+
http://ocsp.digicert.com0C
.*77
\ oG
(mVw
S6r%c*h?F6h;^0A
e#K+z
Q4Y(`2\@
{4'o
s1 H
*[c%l.y
z,.L
\6D%V
"e};k
VEE(
b y0a
NGqwwdm
1 0
9V~4i
x0bY
azc;j
set_Location
4'j}
M;{:I
anntext
K.@1y+^
d +s
cev N
9u u
set_BackColor
`7B=Aj
67 Q
l$f0J9h
.f4A
H]?h:
ATbEH
get_WhiteSmoke
\M A
Y ~&w
(c"u
g.`r1Y%
environment
g |5
T'o
p + +rK
get_User
SystemColors
m'*d
+7
|B2{
i-z<
get_GetIns
shell32
:d6f
w0q'm
n%w4
/DLkZ =
proc
"^Pa+
q#d%V
StdInp
b;_{}Rphtten
Cz W
kw&D
get_S/^u SlHnt16
1sHU&w
eaQ6C
.1P0
ntdll.dll
l;|cG
Form
hy=@3{
> >;
4E _
1K"s ECW5h
F5J=
NY,Q
72(c
j_;Z
F}p.
] <u7a
System.Runtim-
" N^,d6C
`(j<
}2 t
6ljD5
_}gjA`se
T2GJ
v*?
d,I
>R$m
L>n=
7x(G7
T1 ByP
,z<u
&9} j
^0A s
e- K
r3B o,{=t6
startupInfo
:%Du
m,Z
"Q{h
j<n
{#?g
p%_,~
set_Name
O@ m
J?gK(9
QIO L
\AL6}/W;
k<z3
q$dp
2n@#] LMw
[ J x
B*} x
Byte
'vLqms:
U'U>-C#
X^7Z
+ 5F
M5 \
z-}
-'m c
2d+&
> n'-
O L?u
Contains
5FP~
02M?o
E 2
Kp$B
^K[ H
D-.L
gc2H
WindowsBui4\QdWmme
][\AFWmPLR
v ])r
3_r'v
"u`'
s21y H
E4xu
7@3b1T
System.CodeDom.Compiler
set_TabStop
<_ (
SetCompatibleTextRenderingDefault
S6X)Q
7Ut
ToLower
[>P!i;N
s2e
~/ l
Ag7b
inheritHandl4Z
m/((\
\ o8j
DhkKgyt
=s`,r
Trim
'W s
processAttribut#W
i8k c
?e#j
eR(q
WrapNonExcep
|,k#%H
q<hO-
8o=z
+SmpK`shCode
s:6]H
&p y(5
2-#a
Pm5L
c!w ~/|
-Cs$
tnw-N
$_-}
a99J
V!*D?
OX L
.http://www.digicert.com/ssl-cps-repository.htm0
o$fd
E h,n(a#"X+z
main
; Y0
ToInt32
v$Q
[0K9
EditorBrowsableAttribute
get_Version
k+j5
set_Dock
P5;J
| %w
Ix3
o;:
rNsa8
K0c%
#s!f%V
V."6
I*l9}2n6J6d4N
Kd[LeN_RY[jcFATOB;
R([
-6~k6^
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
O-h .?
=j8_
O-z(O
r4u&
160621154019Z0#
3c{s
e4Oy
~$x
A1T:[
y(M ^0
set_UseVisualStyleBackColor
S 9[ ^
?~ E d3u<~'].
\3 E,9
O-z(l
Microsoft.VisualBasic.M
?}+Q"
A2c0,
.2}u
]9Xb
Proce7XXm
t'Rd-
p5c%
E{k_=z.
7 Z>Gs^
'mB[ h
9.T?
ThreadHandle
Keys
HorizontalAlignment
+N Q ^+s
~oqdadAttributes
]N~l
mPRy
,n8B
)d+)^
hS ^d$
{o9C/~B!
o2
z,Va0c
l= l
Start
m5AR{#
Combine
aI0@
W<n)h
%^E%
X kX
4.0.0.0
0v0b1 0
S 9
Zwmbess
gYNxWebServicesObjectProviderqed~ikbation
.aA6R
SetProjectEr#Fk DndarProjectError
w 'V|
anmmandLine
Data
v!sI
3QU+Q.Et
X k<
RegistryKey
O =
SkipVerification
n3jN
3Z((
r + +
)9} $
>']8)v
{$N%K:-,Y
| 6p 0%_
`<r5t
}2v8 }
9sHh
.ctor
E N?
dZ uO
PH [
v.k=y!
<x/i
HideModuleNam4hmyukcute
t=p|
fO@ m
X,~.
R8V'o=t-} w%b#R
w2d!g$q x(z
}*x?~ E d3u
)cLS
Y72v
f<K
D1i8
Vd1`
BF3i8Z"j
~$=s!T G
set_<PxoHble
FileSystemProxy
(j l
DigiCert1%0#
Decimal
~A>&e4
W5B
6=XYG
W2<M
buffer
Vrj`
yn;S
<Z _
k YaQ
FileAttri$Qdot
S6O>v$
^sgQksows
HKw6
f>o Z
S06\
t\B
B1yg w1
YZ'a8/
v#Z*
Lb5g b
UD}>l
_ D+G
H-i>x
WG%!s
p&_ K!B
L2]-
y,|9v
$r!C
Array
6rx
4 IF<
Su|mlosAttribute
s$A
@.reloc
Z `-
O*1>/
6[z
7~<j
r:6 &
SpecialFolder
[X,29
<^ [
160620095007Z
| Qu
+O \
>o Z
F#g0vk*}
iuZsQTP6wcf8
pat::ugb
:x+m
!:s t
P5i>x
w3d"/
s,l&e
Y l-\
CosjuOuyDevbDI6DnI34izH2o44I6qUKx25lREHu
p4c%l.x
u GO
3'4787W
)-X5
VG<&d-o9C
GetType
+2c~e/
@"):;z
u6m$f0
lcZ L
+z;J
rPID
w2%w
O59 Y
^+q B
)w f
/i"q
V%t'
MessageBox
20]n
get_Location
e-H [
a6d#b
T; m
2T X
58x-
s"Q4
.hU
set_TabIndex
wD"g
E h,
@O3QLd
j.y? H
|4'_
L_-}
M o'2v
U'X Z
R$JF
X M
MsgBoxResul0+\zc@nxStyle
s54o
?kC6f
F7:3
<a8C
RuntimeCompatibilityAttribute
@;GM[
Y&w1q
=x4X]
z/~:|
<&n<
Assembly
^ ZHS
NsuQ
New South Wales1
4&[(
I 1M
e!v0x:l
pp#m
b*9lv
Fx}OvupClientProtocol
&e5Q
X@5m8Z
~ /J
G|dJ
hMXa8q
38q3(
E6g4Q
P)`#
$d&V
Xt{K`kectProvider
J d3
WindowsIdentity
4..]
wKFS
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
Jot64
9w p
Size
`8Y;\
7[ 2d
|/r%
Y(.@1
5D X-uL
iW!]4/
LyWebServices
x~9x
BorderStyle
P Oh
? ^;m
wOUXDJ
*2A
e z2` j
(q!D
e*l%
Repl
s*&
\>i;
e!vm
IvGz
l$v&
cur _x~Bksectory
IContainer
#X+z
06|=\
7fZ
3 (j+
`*}:s1
"z+I
GetProcessB!a| bgu_Default
FetObject
VZPp
9e5g
b2e7p.r4
b:k ^ K y1T
,>[Mu
r H ^
_9W&
&>.L
, r.
w*Fc
'b5s
= i<J
3F~G
y)L
A}uPDp
XchN
}$5[M
;v%c
50I|/
x<k-c!w h9j
2D ^+
]8V'o=H
<5%t
\u% H
s:x.T
c>r3@
?,>[y
,d&\
"X#D
[";Z
v$A/
*+- +
c3>M
x;j+`!u
G1h8Y ^
E_ p4
o$@T
U&n O
7L?n
2L H; kG
11t B(mR
h):r
0x:l
E6~S
\L <
D|yepdString
oE+ r#p
y i#
r6a'n,z
uA~-
54I[
ContainerControl
6:( r
n6W5_
3w?~)
Z8LP
RetAttributes
3t5F
L Cv
L M?
m:r?N
Apar
http://ocsp.digicert.com0A
A2b'q
O!?=^&Mda&MdR!B>
9H#z
r6a'F
System.Com
(>X(
c+0Q
aE(@
Interaction
k%Rz
r!D*[
x#Y*
+s#e,nq
dwFlags
D8qM U
q5b$n
RB Z
{7d8
P;XI
1i8Z%
_-}/
/!o.y
LX==L
p5b$
^ y!
u/m;
rH
U1l@
<Z/w
%,g20
:h;^
F.k=
n:A3
0C0x
ProjectData
Operators
e0&?!L
ToStr!\v Gpdate__Instance__
{*i R#[
S )a
$r gh
ReadProcessMemory
XI&J
Z94 &
proc*\fyJLB
uZ1t
-&-&)$*
] n-
x6`/Y
60qw
U/\ ^;U$l>K
<Z Sw?
h>\3
<]U~unhcation
b(^6
1W>}
$v9I
9v j
A;(y
F@tC
6' K
q=Y8
x/}:
nyg/}
NtUnmapViewOfSectioneau{qv`lProtectEx
6}GiH<uM
%D%E,
MethodInfo
W=X Q
OJ;t
'M 2
}U'c
+N\JADSS_INFORMATION
b*O )2
is$b+
@"u'`!R
d/5J
W#|.
;%>%)
n&t~b+
Support Dept.1
08z
E">
a \&Uy
w!tK
O'j(
nSize
< 2
W2v!g.l:@3b1T:K
7H j
f$, B
AutoScaleMode
R}Q
[i2d?h.i([
Nc2a
SuspendLayout
.cctor
z.Aj
S:l<s!T
mscorlib
+ '1b
Z w4z"
:^b+
%+b 7
)13
0J56
`8i K
_M8[
Xcj/c1
?] X
j)Im
7nhC.
;;zfN
GetObjectValue
[9n<
Kg!a
U8)={
d)'Z
qL#iw%P
18j
ControlCollection
STARTUP_IN#xNDDWHON
m0k0$
Kill
g0b=
[.v'E
mRu'
y3v@
{+cB
<+mW
(z=|
!-8G
P$m e
Y'<c
MarshalAsAttribu&_
L9>h
5Va8]
/j0.}
gf@y/
P}xdvnr
7y1t
3 (#
3 ("
3 ($
;9k,
$t?K x0
[(`1v"e,n8B3c1U;J
XdpgsopServices
}4g!
r ;i
H.=l
WaitForExit
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
WU)O
L FX
) Y;l
<n>\
X !x
6 $U
y=j,
C C-\
"n_5
I+|.i([
s H2
.g
VireadId
U\'d.m
o,I'V3W
GetMethods
aZM$
:v]F
U$G]W"Ga
Sys&F} Vvotime.CompilerServices
%2_:T
d wF
*o9&
Amasosoft.Win32
X=y.h!c5O<m>[5D ^+s"@
d+1 8
U'a*
q7a(b8e
gB+}0
P7t$cL
]Fwa+
8U)1k"`
Debu?O}xMkedenAttribute
[4p'
w>|V,_
%?Q
I+~-k+X
b*O
O{(M#RS
~-L>
0h;Z
Y<x/~-
(9b e
:@1L@
#d-o
.t#[
f" J
u-l&c5O<
EV!E
Sydney1
!v%M
0o{"}fX1
a9"
d&q"E
c2A$
J 5$A
slo9C0
*E%L>$
GetVerbStr
g Y*b
K5 h
x#t i
2 ?go
ThreadQz`~sgl.Text
eGC7
5b g&
[Z @|
x5i{F
9[*c
v3k:X
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
N&D+
t]r&uk
j<|>
~;iu
w,,}
</qy
6g/J$
/j5e
,<^~4
I,uS
mscoree.dll
!This program cannot be run in DOS mode. $
Y$l
File
4R$v&
4=k8]
i-l7
eata
`8i
Dispose
set_TextAlign
Jg?{
rN
[%m
Y o
E'p"e$W
(+~ s
3[(+
Z_F6
8 z>/\
q L@
Mutx
)lm/y
5IL#a
Microsoft.VisualBasic.
-
q;X)
PD.]
set_ClientSize
#t)`"t&|
Ge?Q
XU<
6Y}^
=o R
~1U<
M(F7
v$c"
cX Z|
r[),
Z [6
BSJB
90U
`t%P
My.User
Y ~%
|4-1.50727
%~8{-H
B'c47
G"f1w>|*P#r!D*[
^ e6~
g6eu
y-y T
.{(M
p1a8
5NI8|
R7s$b+i?5F
p4c%\
j>m*k
1|4f
-4;=3q
C0a2W
J0_/g5@
t+vf
Strings
TextBox
IntPtr
C Y,t
9.;|
Y A
x1d)_0S
`Av$_-#
h6h<X'
j*o9
[ kp
Q4Z+c1$| o
U;T.x
e&yG C&
A|)`
141022000000Z
:_1@
u1f
4h g
153@
uz\]9
.LnFi
<lv<
b$FO
dRNPY5
,:@3b1T<N
5x/F
o9R#
T'Lch?v?}
r:J$`
-C+
Comp [y{BfoeratedAttribute
4?uE%!
nqHRuXQbWRGAsHeDWFIBVzsQSe
add_Click
t:6 c
!B I
x/}:{
U'pR
E+Z'
DllImportAttribute
ThreadSafeOb"Wr~Tpnvider`1
DockStyle
-{*m,_
w1q
2{8m
Q}L%U
0{f#u4
X bS
IsFiddlerXak]UG
>,R)
!~b v pr
CreateProcess
s?&K
\1z) j
?&wN
Oy>x
&e6f
MyGroupC GxmgwhonAttribute
x$0 '
i0<8NeB
&~>bC
support@yapilo.com0
X"NY
F#M<t&S Z8n<{:I
]8|+m9r
V`~vfrsUnmanagedCodeSecurityAtt6Bs|pg
CultureInfo
k0i0$
0!0
\@svfIandle
#+x w
get_IsWPE
r 6
ISupportInitialize
m:h/n
$2t :
2=Tz
AssemblyFcu~BmuryAssembly
t&%!
s5 O
{4zH
1f4sG
peQB*
r,}|,W%
8opr
o;F$
X,ewvU
#s%d
W5b0
s6 8
CompilationRelaxationsAttribute
1fLI
?g6T
\ _:
)S q
O*$U
S& Q
%o?Y"j
&qN>Z 3
xxz684fe06dWNJFNAjys.resources
PAs*
v? N
PADPADPe
0 op
#~>i
B!v]
^ T
,Uw"
Random
g/J$
E4}
g2R k
!v$c
(3e7
I-C2z(_
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
"{=}
@K>P
M"k +
Server9Vyzswdr
\l#7
"9g p
18:l
-j+X
r6a'
J x0
get_"]gz`oEirectory
8Q=v
[ m
f,j#
241022000000Z0G1 0
a9h
hProcess
Microsoft.VisualBasic
ProcessStartIn'V
o#<j
pN I
;T%m?J
}h^<z=
Hq9Z
d {3a
WriteAllBytes
ThreadStart
i+]'
vhr<
P#r!D*[
W?8r
DJE3
Q1ZvT
KL>l+
<Module>zTgiiqmib
d1cu Hp
!tN|D
g 2d
G%},N
:o N
J L?w
_i&p
|8o)a$s
c&CS
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
0$r d
9u(p
get_White
3Y L
z8Ih9K
p["f&
e"rf
H;s
Stand'VtGhgtleAttribute
Fa8_
E d3$
gx+m-_
bp8j
HdG7 D
zlnHorUd
QCz3
FWi?E6f
Nx.WebServices
n0z)
4v\ w5H
)c2H
D Y,t%G
to'f
Misc
EditorBrowsableAttri*Geo
_:K:r
https://www.digicert.com/CPS0
V g x0y8`1S
CompilerGeneratedAttribute
uY NO
Afcdfr
XfaL
get_TempBe{vq
DeCrypt
lpExistingFileName
V4c1
$ Qr
jH;j9
get_WebServic
[0g5cdU
O K
;o=Y
)N0a*O!ZP
L7hA R%p
` 2
im`der
y^CU6
(Y+
R$J{va
set_UseShellEx$Zgxa
4~)T
*,m. +oh
ResumeThrea5)khspx
9Fp%
&~G
W\ M
set_AutoScaleMode
>1[8 m
C9*{
0[ Y
System.Resources
P%}
H8k3W
Dk*r
|[9h=tK6
X0=
*l4t
x?~
aj'%I
Y73 Q
e8jK
o ;!2C
g{ } Z
{^0y
+(l d
K M>v
%K:-8M
c+N
N)ni
Za4t
MoveFileExWRjc[wfsAnAdmin
M$Qd
YJ<d5W
R: z
!g.l
T0t#e-p'^
~=iy
E:k-m
c+N"
Z Nw
5&g&
nZ c{
$r g
5bi
o@lq
V"PM
eH>` v1P
lpAdd*Mky
'p X:
F$93
Encoding
il+
K-*y)@
7r$^
(M
5E"=
|8ok"_ sv
jE!4
G 9C
a J9
)5l}L
_IC _
7 8`
($Y_Z
Z (w:s
ResourceMa?H~hu
PBZ P
vO9b
String
|4QW
T2@/B<
_CorExeMain
DebuggerNonUserCodeAttribute
7m<^
=:s1
My.Appl1Ky~lmo
?g~*Hl x
R#A;
aZ i
YR$m
support@yapilo.com
`7e"c
z =X6$
9f o
`!2z
?g7@
CosjuOuyDevbDI6DnI34izH2o44I6qUKx25lREHu.exe
;:y t
A#t&c#Q
Q4p'a
PG s`
_Sa%
~:m+b v
[>GP
}>l+c
MyComputer
get_Fi
k/ K
}7d3
k{(3
.9!N
^E}l!j
7}2N=u
PfOklwerter
3.*<z4
l_ThreadStaticValue
n w1
Sg]!
)J'o.
_F.J
User
<M'W
6K) N
I<d5W
k.p6
2"L=
]b*O f
kernelI :njo
p5m<^
Load
y]6r%
Wow64SetThre
>o.z=
Attribute
p:r
^7;(]
System.Drawing
a(b
p5BW
f"6l
GetTypes
~){<
+G&*!
b5g"d
P`5A
Del=\} Wgfistry
fvSize
$b$m
5!D*
GetIns,Ivi`
ReadOnlyColle
]3r0f
n \/~
uM"X
PerformLayout
p2B
Dispose__Instance__
get_IsSandboxie
O?x
application
ComVisibleAttr+Ikz`
o8j)h07
Q%n=
R!JuHhnCytes
/J$U
alHF4
A4LaE
h?y-n
x/&
n3ZL
7 ZA
I [ R
rI2
6)@w
]3L@
Get5Esj`presByName
Conca<2bop]@rguments
uExitCo5L
xQIRH5
m.[T
W9H}k
B7o>\}/hi
j5s%df
s4]F[bpc
}GKA
W +g
6 f/m;A2c0U;J
FqfpPuate
QZ W
X+)
o8Jt
^E
.BS}8T
}!4b
p'u2s
+Q
Object
1x{F)Y
P>EM|/J$
~&'
:g0v
W5b0w6E h,{=t6`
x Z2W9H
<Z,
3System.Resources.Tools.StronglyTypedResourceBuilder
f"u3z
S|gp
|3R^
=G}P
w3N}
"4%b
~&w
LayoutKind
/Xbp
OU!z
q6]4
_%V
hModule
J3y/j$~
qo}+
,i b
P$|m
bO I+c}
z0x0:
\[AoP5
WriteProcessMemory
w Zs
rtO6
c!f2
k `e~2b
EditorBrowsableState
8zjA
sZ -
b6T;
A Z`5O<4 g
wm?f
}=eq
p@Z
M$@D
lpflOld
M~=*{
& B
r]>,|/J
sK C
sQ0^@;IU
xsfI5
8i'T
gd#k*
c4r;y
oZ
(z=|$c{
M8`1S
l YU
A#t&a S
$a8
|xV
Wu (z
Mv{qg
i@bGCE
get_Modules
*d7C
J&Fs
www.digicert.com1!0
/x*m
Z( E
CompilationRel
A0x*_
\!?h:}Q
Y'n,z
KA ~Z?
9| M
Exit
T[@+
&2X `
System.ComponentModel|~syoeo
[/x*
%)x u
get_Control
x<tp9{%_
+= olq$
>k* f
FH9b'
l:@ W
V3w f/m;A2c0U;J
f2z:@
+ >\
-\ Mw
B=Uzogl
$&4-1
s,D[
3d"k
conff
ResumeLayout
s}k.(
1y+^
A4l=_
jj y
U0t#e,n8Bf
=o'e
x* x)K
B w%b#P
D&q#Z
z+w e
U!$z
R7O4|.-G
t0/
x Q3
{= I
u{{S
lz(o'T
m
K}xaau
r~g5g
OperatingSystem
X&Uy
s"GV
0)j )
.'2mz
a_:hi
n<=r
System.ComponentModel
R-e p
^a ]'
g,?mj
,ck>n
System.Threading
;1
PictureBox
V,{+y
EK*n
`$s5|>h
FetModuleFileName
fi+6
j=o(
`'cF
%g;j.
Q4Z+c1D
=z;L
q~;m,}t
oa%
D!O>v$Q X:m?x9J
/}:$X
;h c
l6S=
a },
ValueType
DKE1
juHs
DKE9
E/L N
s/}H
_ su^
bl;hE
m+b
GeneratedCodeA
a)l;X
e= i
{ Y
Buffer
EILz9
G6^
2*;Y
{# F
<IEH^=
8w6E
q6D8)
_*>m8
0n?G
\4{j)l;
q,98~7
8e} [9n<
L;b }6O
jU w
\9W&n<I
Y/m;A
\VK
b:k _=
n^62e#j(~
UWI] L
ApplicationB Jw *auor
l=n
.3u5
$J h
Ya8@
a+d7
TQb&V
`.rsrc
7?-O
G"f]
P4Y'n;M
\V$1
ExitProcess
*N Q
2a3a
46`w
O<t&2
pyX*{(M
TDr9
m C n
<z3q
xJ E
X(#L
g.VYJ!>>
[L2 (z*
E>Guzsjnn
V;^0A
iIR \
(\'r
J L?
$D 7
Point
,b#P
w7/c
|*P#
q9% q
y!\?
t0g!
r%w\
?4V9I
b-p&[&t#A)Q
ckw(i
0! ,
rJ
= K<d5
k<o d
M/x*m,_
o d-S
d |4Q
&(3
f7C&H95+^
]qfNutput
System.Windows.FormsbLq|[FyecutablePath
?l .
StdError
&(M
ua%
7h w
get_ASCII
#&O \
SetApartmentState
] n9k,m
proces!j~hkqlation
d%4l
g xF
V7Cx
oHX(
AfQcvGyeMain
YcwUhreadContext
($c :
-j+S
Anti
GetTypeFromHandle
Z K6u$_,}.K'W s
)V I
{,~-l
GetEnumerator
o$%V
,}&C-!k
0$q n
Lutex
ButtonBase
VB Z
-H'A
C7)a
9,1v
R7Y(`2+
`Z H
GetMod3HuLnodNameA
X*c`
LWaFKL]gJ6
ThndowsPrincipal
H v=
j8Zd
GetManifestResourceN'Iuy
<k-d&
H*}
$9` w
iF$K
;^0A!
I8p"7
BO"a
5]-f
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
M<t&F
9B1`$
%Y [
M/xA
B K8p
6h ]H
StructLayoutAtt
A?M]
:@ FM
,`,s
B97_
@"u'b$X
7u k
;m*y
2k$w
+kQE
7u b
Y? O
BS>i9\
8`Ie
tywcfe
U"J%UV
:T%m?J
Systemlhqj`Fnm.Compiler
% 6p
P r:[
l <o d
{+|:
Rhow
b!,UP
3 ((
kW9L
set_BorderStyle
8y B'c3u<~'].
jN4OQ
IsWireshark
3fIX
~;AjC
handle
p>; ByfQ
y+6n
E4 [
System.Runtime.CompilerServices
061110000000Z
y-:E
<n)h
Q?h:
add_Load
V3seZ
0 4N
l?F
NewLateBinding
ResourceManager
w?~)
jt3r
)(-k
G6 X
.2Jmbu
L$*:6
Qath
t1x:i:
{?h.
j$g2
`0><
(M
Q%7
FXbo
j>f i+
d y@ I
WM$VX r
c9YN
DigiCert Assured ID CA-1
<{3r
S6X)a3F
G'v%
K%=k
DialogR7Icfr
tUV ;w;]`
I-C"j8
wq|skbes
y1!l
W*n9
LBD V
3I'V
W#B
t"o(i
8)t b
IDisposable
s;i
Exists
rH
e9]4
2d p
Ax?|6u!r
?-*%1
n0D
cf/m;
/~$1
=*;AI
8s%_
X: X
, uG
$f0NC
L7I$U
r< S*
Q$|-O
.cD?p1
=i/f$r
] f{
e-H
xc )W
Equals
H=e4
V)&I
<Module>
>){u/`
:j I
P;tk
r# n
~'$^G
A.reloc
1(h d
&w6b%
)alE
4m)| =l
Run0B|lLgmpers
SizeF
EdtValue
`#Px
<}+n
x('
|(F#G
~|?B
v5d
8 [}
+OMc
service.exe
9b1T
Pxstem.Resources
`Q,`
S&~/M
-9xw
s$v1p
+=<+K A
IsInRole
h>hl)
?Z5/
9Z c
ProcessWindowStyle
K.j={2p&\/~-H%S
#GUID
Panel
?n [
B'I8
xgTInZskpjWI
HsNullOrEmpty
!This program cannotbI{.wwo in DOS mode. $
))|
@ L?g
%t9b
pMRj
W$l M
EndInit
*D5}
=)u h
p4c%l.
/y@~L
get_StartInfo
eamh
E7< %
InAttribute
g"+M
DzmjwLodel
x<k-
\:}<O@
V&n<:
RuntimeCompati*[}cp{@ttribute
zh@e
"[ h A
C 2
S6r'b,o9C0aj
D<0x.U
%c H
w?:~
m"5f
aS|I
^ k/3W2\
6;hW
Xhfla`tionServices
U4`y
EventHandler
-0+0
e,n8Zw
vl0
ld%@
0b1 0
MyTemplate
d}gaanxie
m9i;^
SetValue
I;c2P
k7P@;f1
Yr:_
#zHm
Y;l>y8K
=G9S
,;EA
Ra%
G`gjl
2Z 9
#e N
y e(
+R%:
d)[ pl
,j#aO
`Gb
]*Z
p>6d
" :w
Zx ZWB
{# i
* ~/|
k;ZF
i8 o
I~=V
U>\3
Ao8j-
H \F4e.<R#K
i TV
J !c
|8{.
S&~/M&
|:s1
WO=m
P&oG
910reS"
9<kD
C6;t
7=>h
F,Z+
R-f5
+/rz
payout
8.|<GL
.g0V:
UoInteger
{MNPK>
YW:L{
compatible
Zero
LocalMachine
\ ^;S"j8
?h:}
v7D1r
Get9LfxcmuProcess
3R~
I,h?y2q(S q"G]-f5@
l*c!J
ProcessModuleColl
wy(0
m<o)i=) H>,%g3J:l
ToBoolean
v>9V
p_9n
%:E r
)J B
Nh':
ta86
Cstwdm.Web.Services.Protocols.
=6u=
z#+U x
708z
Q4Z4
>"Iv
/9p2
4Wki
?I E90#M
1"GA
(L C
rA [/w
Q 1*J
,(} h
:Ra+
K#>y
kz@?P!i
,m-_
%G>
k x ^
Vzgcmu
6j?M
s"#u<
$:2e
18yY {
j X=b
System.Windows.Forms
=_\!Y
GeitorBrowsableState
@M B
fx0r$
;2`*
E/8a1T
?)jK
]\k~
e"v%
l"ts}@kmeName
q%cv4b
M1'Toi
S"j8
GeneratedCodeAttribute
s%_,}
Kbkeg@ttribute
`u(s#B
L3e8-m
v> P
4/1w
hA<P
:`v)j
p!v0
$#U
$j,`
/ O|
4I?[ s
X k<n
+X [>
98#e,n
'vLqms
X)a3
7q8z
Sleep
B'S`
z7ey
U$ Y S
PU({
5}c$m/y

#infosec #automation

TheSystem Itself @ 2016-06-21 19:21:02