anonpop.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 21/55 Related 2098
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 32.00 KB (32768 bytes)
Compile time: 2016-06-24 19:33:11
MD5: cdd68c998c57e3c8a26f94c3aaacc580
SHA1: 2026347367baed2925ee967fd4e0733fa63df880
SHA256: 879fc214c53f27097fa0a975046ff3a2435f602c8f64f1030c412ad14a656105
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 ~[ CbN .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-06-24 23:15:02
Last submission: 2016-06-24 23:15:02
Filename detected: - anonpop.exe (1)
URL file hosting
hXXp://s3-us-west-2.amazonaws.com/content.tobi/anonpop.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-06-27 07:50:08 [21/55] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
~[ CbN 0x2000 0x4e4 1536 816c00b913b3a728376d58fdc76acf6d 953ed6a1e18e7df635fcf289ba709eeb5c94c2fd
.text 0x4000 0x6b98 27648 6c0d772a0cc0d5ae87a8e50f9ff7ab77 c7caf1b22a30d6a2a7979169f38017625a0b725c
.rsrc 0xc000 0x5d8 1536 983bde29f24de74407c842d211086e3b f34af7d3db50cc057389e77d5d59911bed93cdcf
.reloc 0xe000 0xc 512 8d6073656c33326170e05710d91dfb6c 2c75ab729d78b88ddd251feb620ff13096626b4d
0x10000 0x10 512 5cb69bb18d22fab0d883dcfb77cd8dd0 50684b40710c8324c614041f9a8178be8ad418c2
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0xc0a0 840 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0xc3e8 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 Hewlett-Packard 2016
Assembly Version: 1.0.0.0
InternalName: anonpop.exe
FileVersion: 1.0.0.0
CompanyName: Hewlett-Packard
LegalTrademarks:
Comments:
ProductName: anonpop
ProductVersion: 1.0.0.0
FileDescription: anonpop
Translation: 0x0000 0x04b0
OriginalFilename: anonpop.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
http://www.kipibank.com/i2.html
anonpop.Properties.Resources
VarFileInfo
Comments
Q2R
http://www.kipibank.com/i2.html
shutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
anonpop.exe
My app
InternalName
Hewlett-Packard
1.0.0.0
I1N
StringFileInfo
Translation
anonpop
webBrowser1
Assembly Version
Hewlett-Packard 2016
FileVersion
Copyright
VS_VERSION_INFO
Form1
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
CompanyName
/s /f /t 240 /c "Pay Your Ransom to Get Your Files and Computer Back. Shutting Down In 60 Seconds. Email: supportfile@yandex.com for assistance."
LegalTrademarks
000004b0
ProductName
OpenSubKey
set_BackColor
X +J
Dispose
AutoScaleMode
@.reloc
X +-
ElX[!|
set_Name
ApplicationSettingsBase
ImageLayout
anonpop.exe
AssemblyTrademarkAttribute
.cctor
6hH\&T
ckCPp
Object
FormBorderStyle
set_FormBorderStyle
CompilationRelaxationsAttribute
mscorlib
_bj2
Registry
OPi'
Byte
get_Chars
UInt32
SetCompatibleTextRenderingDefault
get_Red
Load
ComVisibleAttribute
STAThreadAttribute
MemoryStream
EditorBrowsableAttribute
ResolveEventHandler
?_b`
da
set_Dock
Form1
ResolveEventArgs
ToString
System.Runtime.InteropServices
op_Equality

System.Globalization
#Blob
Control
SetValue
ResourceManager
set_Opacity
ControlCollection
`.rsrc
4.0.0.0
Attribute
set_MinimumSize
91D1
get_Default
ContainerControl
set_AutoScaleDimensions
System
EditorBrowsableState
AssemblyConfigurationAttribute
get_Module
kernel32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
+4xe
BSJB
FormWindowState
Type
resourceCulture
l*Q6
System.Reflection
Form
Culture
_CorExeMain
DebuggerNonUserCodeAttribute
set_ControlBox
1.0.0.0
set_BackgroundImageLayout
ReadByte
Resources
RuntimeTypeHandle
anonpop
\'u>
webBrowser1
get_ResourceManager
ConfuserEx v0.6.0
CbN
Settings
set_Culture
h!7lib
AssemblyTitleAttribute
Y_Y
set_Url
DebuggingModes
InitializeArray
System.Configuration
W}A#
Marshal
#Strings
IDisposable
IntPtr
Stream
defaultInstance
Hewlett-Packard
get_ExecutablePath
System.Runtime.CompilerServices
CurrentUser
Buffer
System.ComponentModel
AssemblyCopyrightAttribute
v2.0.50727
Size
set_ClientSize
op_Explicit
RuntimeFieldHandle
SettingsBase
get_Name
ba

RuntimeCompatibilityAttribute
Program
Microsoft.Win32
VirtualProtect
AssemblyProductAttribute
Assembly
String
ConfusedByAttribute
set_TabIndex
Hewlett-Packard 2016
+
Application
<Module>
get_CurrentDomain
P.[;
Synchronized
n`xYd
W<8<
_bY*
Default
resourceMan
11.0.0.0
anonpop.Properties
get_Controls
(
8)52
SuspendLayout
Start
set_WindowState
$<8<
get_Length
EnableVisualStyles
System.Diagnostics
Process
get_Culture
Math
Point
0HKa
fUAECWkUDFuDlYiBNrrHmhqRaZQf
value
.ctor
SizeF
set_Size
System.Windows.Forms
F; 4_
add_AssemblyResolve
{*36S;
anonpop.Properties.Resources.resources
get_FullName
VY R5
CompilerGeneratedAttribute
/?Yh
AssemblyCompanyAttribute
RegistryKey
DockStyle
AssemblyDescriptionAttribute
ResumeLayout
Write
WebBrowser
{h<7
_b`
Main
.text
$b96b4695-16f1-43d1-93a9-6a66de164988
CBO8t
Read
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
ValueType
DebuggableAttribute
System.CodeDom.Compiler
u t
GuidAttribute
GetHINSTANCE
3System.Resources.Tools.StronglyTypedResourceBuilder
#GUID
GeneratedCodeAttribute
disposing
BlockCopy
AssemblyFileVersionAttribute
!Copyright
InitializeComponent
get_Assembly
IContainer
set_AutoScaleMode
AppDomain
_cX*n
<|-J
GetTypeFromHandle
J pq@L
get_FullyQualifiedName
System.Resources
CultureInfo
RuntimeHelpers
anonpop.Form1.resources
set_Location
Uecd
Color
System.IO
mscoree.dll
!This program cannot be run in DOS mode. $
WrapNonExceptionThrows
Module
UriKind
. 5
components
Array

System.Drawing

#infosec #automation

TheSystem Itself @ 2016-06-24 23:15:02