updater_x86.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 44/57 Related 2476
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 165.50 KB (169476 bytes)
Compile time: 2013-05-23 15:50:59
MD5: cef16aaa56aa47e375bb35e9660230fe
SHA1: 2187ff7c898aba53e31be51fdd76ac73503be06e
SHA256: 1d7c8f12ca795cc9130b863796408e03c3cbcaad9d4b4186c806c8dba28252c2
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2016-01-04 10:37:47
Last submission: 2016-01-04 10:37:47
Filename detected: - updater_x86.exe (1)
URL file hosting
Antivirus Report
Report Date Detection Ratio Permalink Update
2015-01-31 14:14:17 [44/57] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xdf4 3584 2320239d56e0e931b7d61ea74f1f792a 6001c2341cdbf73e843ca5853749c8bf29e61e5e
.rsrc 0x4000 0x10e3e 69632 da6c1f656e7f2ce16a7bd4b9be9b92ce fe394f3279d9ec9a5bc821b9911e42a29ae60802
.reloc 0x16000 0xc 512 d0ab6720ae05d5934080a43f8617fef8 71cbf418e93ead2478c6f7a3a5b8c05a36663195
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x4130 67624 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x14958 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x1496c 744 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x14c54 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2013
Assembly Version: 1.0.0.0
InternalName: a9s8df7a9sdfas9d8.exe
FileVersion: 1.0.0.0
FileDescription: 7sd8asd8azshXy
OriginalFilename: a9s8df7a9sdfas9d8.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: 7sd8asd8azshXy
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
gtfo of my code!
VarFileInfo
.adf
U NO WANT ILLUMINATI??
wznny6tn
WHEN U C THIS
InternalName
Qc"Yc
Copyright
1.0.0.0
StringFileInfo
Translation
dfsd7f908sdfdjsf
Assembly Version
FileVersion
4VsUcKsBi7cH3S
a9s8df7a9sdfas9d8.exe
VS_VERSION_INFO
U WILL SHIT BRIX
000004b0
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
7sd8asd8azshXy
ProductName
qc'
BlamIk67l
2013
x/WX^
## <
530]
X2'X
~<j.
7 vOo
G7|m97h'
jf={{
"VI[
Wcz2
:v{D
k6KW~cxwjx
640VXUN
& >H
]sG6}vtNst
.Znz
~
A@;{VPI
X T;
%Y/,m
Object
X T?
W[\XI^
mscorlib
YE X1
FileMode
.+cs7{m
7%\m
Q P5wX
TAW[
P-7}}9
ComVisibleAttribute
B KK
b 0d
LI?
7>XS
^3TC
pDY:
6y!8>w
7T g Nz_
System.Runtime.InteropServices
U.^
OY c
KU*<XYC
TX{\++=G
0VTK
~~X'
_EHAT\ )
lZ _
Z*vy+h|k#
gX&ly
nXgwYby
i.u8 N]'
+)!b
Z3TC
ROAtEDBiEDAiDCAiA@>f>=:_985T('&=
oNXG
k>Xy'X
zz3W
x/WX'
IOdX
g9hm|N
sa3.
ynXKwXVy
Kzy]
3X5_v
1TBc,Y
:7t>
AQwN
xa >e
984l
AssemblyConfigurationAttribute
)kae
^ dG
1G N
F/oN!CnliD8
d:eu"7o
J1d|
yw'D2
A>7e
System.Reflection
ves9zx
|"G}
]Z5X
1.0.0.0
a Xc
[fx/
=&Y
,,cBN0Jb?Vc5)a?j'&al""5
Y ]*
ry?zq#.l%
y8'S
YVM
g>Xm'X
)
$1f2a3b44-7f7c-4282-8310-09f9b36e1f84
.$lC=Rs
C@2u
.-(\
X D
s9zxFk6s
s9z|7m>
Xc=d
s|N!U
i*Wu
Xhu&Y.
XdYs
sYO
USK
/-)SWTJ
X^OJ
C>XA'X\)
: "q
&

763j
oDXz5s
9$-v
J}Xd
_W$_
N/PMB
mnYgwXby
Append
yZqp}xge7ikxcxtv6`vm.:r7*{w9g67S
5^qKS
s9dX}
A?9~QLD
43WXF
MD/^
v+X!
a8zUaXllAsD
Edr,Q
wo:/yn4hXxe5#lkb=>
VRI
s&
o[X{
${\R @\
]b=X
X&a[P
C7w1<)64O7
g4$9
,|ljz=reXz
t$fl!&[
>A&2
N]jH$j
~e=m
zzhr
l! x)
{^GgXbK
AssemblyDescriptionAttribute
6d}
k993
RDx;ejIa*c7a>)+
UN%{
Ll,R
`~=-79~i
FB)O-)
bZmU
r=1/(
Z;N%
S5s"
*a^U
S#Gp
X^<)64?OXIz
A%fX
get_Length
Y 07\
7sd8asd8azshXy
X-#k4*(.`PZ
UNX
^7GX
:4 :
:83lOJB
}%>]a6
\f\a
GW\ZX@
AssemblyCompanyAttribute
Y" '
RBd=|4Xi=ycb.<j
C:\Users\Hackiosa\Documents\Visual Studio 2008\Projects\XCrypt\XCrypt\obj\Release\a9s8df7a9sdfas9d8.pdb
wfvjzw
lyl"rG^c
urx+
K6am|~9s9=v|
f}zU
y/`9-~}xz=9t>
#M)\
zvk :~yX
MP<wY
]tWdB
Char
:URI
$WY:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
YSqP
4rkkz
GuidAttribute
~9s9=v|
[ REk<
Z/3L8
ONdZ
7 Hc
&j97) h9&X^VJZx2dxFMM^w&9h
ToLower
-+(PYVM
RDx;ejU
,zij4w8
xy,kwm#
Xef?
ZMI!i9&U
4.SC(S9
5[-{R
L{wV
vO6u
xR-A{
6spe
m*`[
s*Y{_
!This program cannot be run in DOS mode. $
0/,Z
]ZS
8"%0F
i\N=Q
#Iu@J
$|vh
7z=ocX
K|.Q
File
xy,kwm# ng=49x~({~;ompa68ouynn#>xe5#lkb=yt7j|}
d`U
RJpk\=fD,omp},~t+.)
d*}>!
b2s|
,G}X
=nGu :
Jc3J
} `t
lol1337xDFuncGL
| "H
6vJXq
Jxzt7%a.
XB_X
AssemblyTrademarkAttribute
0(\z
ZV2 F
d xk
C7L!&
UOI#
!(7?U
'&"?vpd
IA C
N\=R\!
970^
L}QFe
LZ]K
Q)($|
k y`
G}Xd
G}Xf
ma*n7v!
&%#GSPJ
ToString
I.w)
86/Xpk\
)H()1
JOdZ
iu{?~yvl
]Z1X
#Blob
sI7S
_3|u9b
kQ[r6i
OIdY}
qRs1
}zc>B
[ WR .
{~GX gzL
qz,g?b!6
L kO
<UV.
ia.R
9,kam
h4Ta<~q1k}4]1yt=49Jo,;7j79Vm,7&a7-9?a-#k4*(.
7fyyGN
.-*UVQH
T xPA
6e[e
oX 6B
|H`do_
0vE"[
ThX2]_
~2 Xk
Next
TI1^
762w
$TTX
3JbgJk
IdX}
/WX^
BSJB
T| F<OX
S8 Yy
cB7D
8r96a4
$W{A)
HmjY
X= X
[Ktm
[&[R
nZcX
,+(PWTJ
qXmvwh1p95
f9 l1
ge+j?fe2d~{$<}~d*}>!uVX_X Z#9
4gXC
EC ZPU
]Z=X
vHX6
1m|
#<):0O:}>-qV}'/4Vd
5?Z'X
Copyright
X77x.99.x77x.99.x77x.99.x7
m(aJ
args
AssemblyTitleAttribute
]M#.}d7U
O,|lyK
/7[
F[{WxJ
L8G}Xf
ECX[MPBXT-
_C ^6( XcG
\yrZm
)FC=
Z58~ L
B KK9
# 89.pH*
u >
get_ExecutablePath
hbX{
[:cR
B]z-
'Z]iI
"" 1=<:\@?=`BA>bDCAdRO?o
v2.0.50727
!y<n
9/XF
Zv`,ex4^vkzx.'h?
?>X5'X
UnX_wXX
2W}Xd
jfZ
<jv2sv+}7+<
Z]UN
GSV%
L<RwPC@
Program
apXdaAoSlkDjXy8uhA
*[vX
<}XKy7z|
) ,3
y~ \W
x\X_
eGRX
L8.>%sx
>m^gC
-nl5s
*Stz
Uvix
ToChar
|=qr*kk
LMQ2^X
^\ZXq
.x77x.99.x77x.99.x
,ro,
q!S4
xpx`vmg;r7+z}v{,
_\.OI
dg/g7m
GetFolderPath
)nX;wX
^2W}^
G->Q
dBwX6y
RSDS
tv4b$p~
~d,kwXj<er+}9(<o9'v>7(
k$O}
0+ 0
i,.Uv
get_ASCII
*n[Gw[;
D[!w" X
Hib0iMG
S78W
0XTN
/XVP
.ctor
-TUu
Yz{
}xz9H~6d|zzU
4dv+}7%k
NOdZ
b^tte
mscoree.dll
=d7i
5fbV
.3<} }s1-3<j(;*2+(j$++1`e+}7+<92<({$+<
^H6_Z
DialogResult
S >8
k*:RX`zvj1ypb
'&#DVRJ
AssemblyCultureAttribute
rwxC
M Q.
Main
Y,{mkY4
.text
8:NT
= Y3
Invoke
021.Nec^
%?=6i
u9:;y*
"6 A
C|&AU
.g#G
.
M^w&9i
^ewo
3}d1;O
X>Wo
BinaryReader
Ljk*:V?kwm4x2dU
Convert
dX}72
h+-'"
+{9G
a9s8df7a9sdfas9d8.exe
- 5P
GE=s
GF=Z
DB<}
7|t4{*{rX`zvj=s
o dX}
G}Ed
E *FBR
2S.
zkR\
,Es
8xX|Y
==9
6s6[(
xca"
x>Xdo\
FileAccess
Tt|D
Bd=|4Xi
B""@
1Z=wv
set_Position
975\
UT \
*(#A`\P
iJa4veXx
1[=,J
440[
'Xp)
ZWuC
sj ,6
@.reloc
!(7?XTx6z|wzuCn(k#9o(g{1mxmg7y8 #nnyuqx*c4l|4ry;a}|jX'&j=-,8o/.
9z [s
$$!<
d:\J
MethodInfo
S2w]
e9vD
7ro`
j>)9A
IZk}:
z/ 2
z{ BO
(+=l"!o6
\(E;
wzu[r6im
CompilationRelaxationsAttribute
]9ta<r9U
O _J
Pak~1
b8{|y{5
SpecialFolder
Byte
2h6uA =orX+
^K-
?;&]=:
Vm,7&a7-
System.Runtime.CompilerServices
fXB
[MK@^
XO
*hW_d_
\%@
Vd'SfD
C *_9[
&%!@
-q7_*1
Random
`.rsrc
`NXG
MJBz
C@5y
>UP+U94
S aYePjS
}mpm+7Wj
aHPoR
+^]9+
,; (
- 9X
-XUL
UG,>B
[c X
*8FeX
+)>xX
32.Q
R|7_
YE'qZ
B=9Gx
MessageBox
6y^=PB
]Z5X
M VZ
mtb>~{=R
]nXWwX2y
/\u`<e{
4PNJ
30's G
d Hb
b|e=,
ADvZ
'nZ_
9> _
X 1]
yt7jpwib7t0{wrk<
System.Windows.Forms
*1U
Zb
@hp_
|pmk+7&U
q}v[
lbW
G/c[
*n+/_<
R,xe*m
W{ J
VD .
3']M\y
Exists
.)i-
+*&[
l}>!uVu2'lfA4+h#
F\1e
Ywsg
x(?
9xLv7v
RTx6`|zz1xyb.r|k(:v4go|
8r Px
u8ahShbXvyHa6tReQw
## =VQI
FileStream
8^O:;
S3pC
I7 \i
m1dY
RuntimeCompatibilityAttribute
HR=9
=q|Y
vmOA4
Z[x
,3|
&\- -
7x.99.x77x.99.x77x.99.x77X
;*U
960Yni]
7YZOYf
AssemblyProductAttribute
Assembly
Oc,' ?+)
9.x7-x.99.x77x.99.x77x.99.x77x.99.x77x.99.x77x.99.x7
RPI
V.ap}J1d|
[ T;
K9XRip~=Ky9
cH%m
J.www
<Module>
=;7lXSK
*)&IXTL
D_ .
[J_R j
StringBuilder
G@2,
mfb7#j
c|>U
l^bS
n\SFT?
GetBytes
|OgXB
A Pw
Z3I\
3TCNX
%: <
Stream
b~%)
XKKvRip~=Ky9~Jvb9e
WJ]x
JuY!
QA C-x+j9
K[>S\
JT37
8lzS
!
/`'Sd
2013
jY=6
z5Qz
4Q?Y
!>X#'X
u?&Y
/+,wo
wf9m~( zUa5
QpF9 .
4x|r=~Y4o4~a=
/ 2
?vsn6{i
hQNde*
**'D
tAN\
(SV4B
XA}X
:[sX
,> O7
c%x 7%
E*x_
bBnc
9zf-y|=j+
x+z6
^gDNl
f,z{>gu|R+
J|7VZ
>X8
dccp
r4bEv~=yK;atto6s
n?B
Copy
#GUID
AssemblyFileVersionAttribute
_7wZ
a Xc
nS2p\
System.Text
Zv`,ry,#M`~=-79~iug;vc1aw6vu``/#
J&89
q, X
-]QI
hq]lNyy
#IG>q
{9w|k
-K(bl~g69u1`
;W[F[EZ_
RZdy
yWX^
XIG(
2ar
9*jxmoX
+\XO
:}>-qQX
-S
System.IO
=j4Jg6t
WrapNonExceptionThrows
>N)j
: j^
w7< F
-K+yp7z c
ReadInt32
KX*1Q
E N/.(x
XI\M.X
2NY2
azr}
P}>!uVXB2h6uA
012|
6_b-<
#8NB^
AzT 7H
FqSa~
863g
i$++1
QOG
yQxY
8d_U
?;Q )Q
a_Xb
{|>,
0_]R
T7`m|`,:[=`~mfb72<
d G;G+(
<h$=
>;3~
xy,k
[m^2
))&<WUQ
o
G^XMK@^ $%X\XI^
!y 8
v|5:b*b|wm7sr<
,zi#!w
NHqUH
[ [Z
<*!U
X G^
B BTV@XY
a6cr6z4M
~s&~
- 6
9X
X+
/SRM
Length
5T>
*PNF
*><4m
X/Z^
w>Y}'Xh)
Nie[
Qa+c-x+j
&eO`
hLy
Whs
4YP:
Show
J=Q|X
,1}XXJ
Encoding
zKY5R
,.[7
jXV]
l_ l
~t*~
AssemblyVersionAttribute
k ~
U^
N\Q
[^^[
JF8 \
;J =FX
"B@9i
System
a; :(
Application
_'XJ)
^>#T
+)$H
(>c /.%
>X.'Y
RTx6z|wzu[r6imq4x2sU
String
xi 4g
QV] -7}}9
X.99
_CorExeMain
0 8#"
K[\W6
+*(EWTO
ReadByte
FDF=
DA2
0 U'
:_]T
$+<92<(l
]UBXYD =
XI\M.w(2h6uA.
+*'K^YP
43WYcr
,WTK
a9s8df7a9sdfas9d8
b1tv,gvw
IV] 78xFMM^w&9i
>OY X
WJ]x{v!kk
DebuggingModes
LR5YH
vE8?
MethodBase
#Strings
p~.#9
u9
863Y
/yn7{(
I.5IzC7
F> F
Xz*3[.x[ xvUv
X7:>.;7R,xe*m;
AssemblyCopyrightAttribute
j#\S
$lSG
~*\|h],
=;4czug
/LnX%wX
)(#Avqc
% l
KH@|
,'Y9)
dr*#X~k6c-x+j
OgWR
1/+YUQG
Environment
X3}Xd
gk|m,xe!.76z7e
WZ6]
OA38
J=9h
cuoh
g)X4U
XG}U
8 #nnyuq
XG}R
27}Xd
Z|G_
ZIGY
0.)P
J9cv
6WX'
E#XMQKA
2><4s
get_EntryPoint
R4dv+}7|v=
&j9 7>
0ka4
P9)
"MJAz}xh
r|?_X
x77x.99.x77x.99.x77x.99.x77X
6WX^
]Z=X
2/,YVQJ
XVa7g}
='X()
v(~upm9c~7`6a#/``uhvkcube4kwza<rsX
Load
:x>Q
5]sw[
System.Diagnostics
!'X<)
OF O
+kmF{*{7X-
Concat
AnXCwX^y
A@2
^%P9
%@~a
6[O\Q
;_ Q? P
!grb.xi~X{~;ompa6
r6O}}|=d
[7x?i
Rs ef:
~&&%
Ycqi
M7yc=`m4B=yp,f#9
7LMz
~<9Ci
DebuggableAttribute
1;Q;)Q
hQ%H
XkwXoN
4Wb9
,+(Q
*)&HYUM
8x V
y NXG
<omxQ9qc=|
.6,IHgU
q^hh^q
XMHX
\sR{
L9BY
b{#b
3?Xb
{~S"
40 4
20*O
4*YU
j9cv
9Nuq7z E
h n5oV
;:3]
2h:ec
P+}7 Y
-$TzF8+^
Open
get_BaseStream
S|.Z

#Ransomware #Zerolocker

Davide Baglieri @ 2016-06-21 11:59:04