Sample details: 0d2cc8d8a04892e0627aadf4f4f5d48d --

Hashes
MD5: 0d2cc8d8a04892e0627aadf4f4f5d48d
SHA1: 4988dda5da94efe9a9694a8666ba8e1601551fc4
SHA256: 9c11345f212f7df1e72a81d3e9367ee485793df046f580a4ac0b5533cd9f14f6
SSDEEP: 6144:wQM24gXkm/7uBCzjbII2KSBAIkA/n8ggAp+xinYhvqosP6XfkexyuiJ+:bDt7uczT2K7jA/8RAp+xinYhvqosP6XC
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://snapcrackleshot.com/wp-content/uploads/pwWylYVOl.exe
http://snapcrackleshot.com/wp-content/uploads/pwWylYVOl.exe
Strings
		!This program cannot be run in DOS mode.
.vmprote
`.Resolut
@.Resolut
1M8*j|
{xVSGI
T[js[D
)qws!6
5%x h9
	ZmbQw
Z-6e&@%
gU'G`X&[
w;!iKsO
PKE}AA
nMnv`{
=R	H,Q0)
XEt/81
7C@SUC6m*
P)(W~i2
IcF5YNA~+
^`x2Q;w
J9Z8_'
gBEH2b
\\0fB+H
Gx8C;7^
#Xw.&m
a)EsWw
L&:_>Z
lt?Qw;
z}h\^sY-
2OPS=*P4
kh?}Dm
8=cZdB]
Qi.!8&E
x-Cf?xY
ksi.T[-E
:E &-	
_vbAK+
z|1t&D
4!7C?Z
w\eE[68
#q?1V6
!0K"*_]
Z}d`oo
"B8mtM 
$b*.-r
pfbk8p
9Es@#*
^=Trr99[i>
8KqX!MA
{M"Q?=
3?Sv'-
/dCCq!)R
#z-	/O^
~P]U=o
GF?bM$
PtA29"+P
U0_Bk[
']L]8L
}hmDf,
5x5%A9
5@6NRm
/'^^Cp
zMwM_Q
@`CN[X
#k"3n H
<j<S@p
T!0k-DPE
aPW"ts
<bO"p,Q!@
:i9(,x
cVR=)D
AuWH<6
!q [>|
^<}hcJ9
mD4km0K
o(~{9!
~lJTCy
hV`Rp;
ojt(3T
bu~o|1H^
tG3TfrYo
n7T>OP
/1D}Y9
?Br[Kd 
~SJx_fC
TM;25X8a
f zyCE
"G83[x/
DM(NUhU
7A_&a,D
MuM"H G
,+^p5:
?S83c] 
T6fQ_JX
om;bAl
Qt_f;nf+
q`$^wB
/XenuX
<EM"4^
*^goYuGlC
t65:7@
z]!d3@
YT7["xY
Xe2f/Z
1TA	,Xe
wcLg.I
'x+8H&
rf`]\EKQ>
p@zV8H
J3`W7t
i~M0Ic
u._&!G
3JA`9s
'o^+RU
TM:-`U
<1lUxC_#
i"2&={~
T3D$Gg;U#
b:Ok:H
f3:Y#COh
-G{NVB
c7u3':T
bKj+!5
%~m^e~w
]g=8Za
.0ZQL?J
0Vzz@0C
n6.ndsNl
@X e$N
+R()2Hv
N	dP~h
&nmD8MI
iv6GW 
+{bACQ
^04,*%
&w~b@x
BLnB	:
E 7C&!
M9!-UY$
ME2e$q
B+K!UW~
^\allwzV\
kg3Z15
@I	=I&
X:TD_3[=
tr AB.
9;iU5:
$	pTdi
93/FNL
Pe10Fj
cAu;W6tQ
{:cm6BC
joS9v]
 kcx[R
2t,`qB
!Ex0ar
3/`fm 
],@Ecw
.=`@}?
JN2T[ L6{
6I${N3
:V=(R`
&(,9t2\
f#*[4}
;oc%q`Cj
a0$ X1
^8f+j1T
HY6_("
1f]yg)
wjS*;5
H|<l]q
d;8;#1%.`l\	,
"8)j({
OXyO}[0
3\0{cEj
;.o-U/
".L]}ck
c:2vRA
dcf@h/
-(pn\q
LgzLs;
rBa2=Qkj
E(ba-6
NgZkA&
N#?(9-
_6G8~H
/:1u.y
P7#]BGX
\]>myb
#y&K^3
: 8:b[K|{
bv-|y3Y
;Rqa.8sW2U
YKHoy<`
fG\QvGn
5qW\xm
'sT}t]
q4yL[lE
J<#0x\r
eG74di
7oV_m6
r-Kiw*
*\I5Gj
]8+K]d
@PyO%o
=oC5[,
Iq}BtXM
}G@orN*
oo`#PN
W%CRDz
&R{-xh
fSs^Bb-U%
)`{HYb
-'Q=$a
3Z	rS-	
;}FPT-
**tS)/p
uO<o&h K
0GjzcL|
G#_9sBY
*U_OZk
6:+)Yn
9QJnd&pkQ
uAo8X~
/?IaLy,
F]xfI{
0e0v48
AY(M[@U
kBKc~qQ
tNBy"E
i|+Xb8
DHQX.N
L|ORTG
5QkoWR
byF;{}
ho,Ttn1
!A?1\;
q6;-sIj
Cd7B3L
%Dcf;	I
,Qm85}])
2rIk(B
=eL;}t
"6;O,W
1PF&zPy
<3Pl1U
'H_Q]2h
bk9P0t
3L'u1r
ft]a|4c
'UN}xV
\*I2><{
_6/@Kl
}Ztv v
/;J6'H
qWfB8+m
0 ,iDh
(4+`oGB)
YhdRI9
\Y4I,'
h{$>(GJ
	X@NZ\T
ZI%`pQ
6|X{\I(F+
fYeYe a
XeXeaefXf 
v4ZfeY 
tZeYY 5Wh
ZYXeef 
FYfYY 7Y4
XZeXaee QL
]fZYaY 
 yCS	_
 yCS	_`
j]Z 'X6
 eo}[a
nTZ R}\
 "/9BZ 
WZY La
<ZYYY 
<l w)^1ZXaafffYY S$f
k1Ye A
7XZ #b
GZXaa 
-YaefXa 
:ZYf /e
B8fe b
!e kM,
*XY Oak
XeaYa '
qy$Za !
48efa [
ZYa Y#
XfYfXYaYXf 
 |R"mXe 
7tZZYf !
1[	YXe 
xZXea 
3ZffY 
Y	3fe yN
YYefY O
l!!fXaY G%y
afee d`
$,ZXY +
H)YYXYeYX 
eXXf "
XeYfYX 
ZeYXYX 
MuXaae 
,DYYYYY 6
faeafXY 
4CseeY R)8h x]
Zfa o=
fafXaaa 
jOe iw
YXfafYZY 
:4nef 
ZXYea -vn
ffaYYY 
XYeXY 
 Dzwp%&
RfeXZXa 
GZXXfYY%
XZeeff ?A
TZYXff 
PYfXYY W
 z1Zef%
AZ h	.fa
;XeXff '
Z GYcw Z
`Yfa ]}
aaZ *.
$ZaXe 
7ZfXYaYXXfY 1
ZZ apv
/fZaXeaea !
@XZY C_p
jZ o>L
/OaeaXeXfeXe 
eaZf iIv
>faXXXXe 
MfY C/
aeYef%
eaeafZe !
a w('GeX 
XfYee 
XZaZeaaee 
wnQZY 
Yaefe 
>ZXeZeYYf
ZXYe O
mUVef %
1Zee -
ZfXefZ
IWZaef 
feefY e
&aeeaefa 
(XaYe W
eafaaa 
omfffeaXY 
ZZeYYY 
2( KG=
G8^XXYY # 
9ujeafYefX E
=DZXee t
qMZZY )
>GZaYYYe 
ZfZZa r
Xae a'
Zfe )e
'd 9am
ZXYZYaZ
ZYfYf RkzDfeeY T:
uYXYe _)f4Z%
sGZXaef 
ZaXaef 
fYXae 
+X P)jC 
#XXf b
$"YYYe 
^'/ZX -
XY	 U(S
afXff 
EaYZY 
(ZafeXae i
9wfaXY 
ZZfaY 
I5Za 5
WZXaXZa O
eYaffeY%
:ZaYae s
Tw{X j
uZfYX 
.mYa 0$
2Ba e2t0XaYefaaffe Q}
NrNZ oB
5qZeZ 
#ZaYYa 
eX ;|t
SfXXZ &(
9fYeeaZX 
efZ WA
^Ze Sb
|feaaY 
YaYX 57
XYXeYaeYY K
Naa rv
3ZfXafaf%
# 9Xu%Z 
YXf [ 
/-Y Tw!GY 
fffXfa
vkZYaY 
a Gr1W 
_8XYeYf
feYYe 
aYZXfXe 
sZfeY 
ae 9|_
ffeYa 
aYaae%
JeZ e^
hZX 9oo
VX O}Y
XXffX [
 veI8aeYZXaYX 
/91YYaa '=I
&Zaae 
M<eae 
4ZYXa ZI9>YXY 
BZf pd
XfeYf 
-eaae 
aYaXfY ]!
M k)D@ae 
YXaXZ I
pXXZefaa 
fXZZa J
6ZfeY 
 /F_LY 
N>ZffaY 
YffX ZU
eXeeX a
kfYfa B
	fYffaY y
vXa #k
XfaXX 3
aafXeffaX 
>eeXe 
qZYXaZa 
)#` >	
XYeYfa 
ZfXeY%
afYee 68Jl E}
ffXXX t
aefX ]{
)RSZY C
NZf j&1
3YXYZeY 
Z d$J@a
!{KZf 
SXefeXf 3"
yZafe 
aX B{@
C6Z ]P
effeYe A
	C}eXY 
Xf 0Yk	eYYa 
XfYX ]~.
)!ZZXa &sRWX 
5Mfe DF
eeXXeYYea 
0uZ Q^
 a20t%+
jxXefYe 
ZfaYZa US
;ffYY%
Zaf )&
ZYX  	
YXafZ 
faaXe%
ZXfZa i0
{jYeY V
?P9Xa 
9Zaeaa O
0Zfe ]
v2.0.50727
#Strings
mscorlib
UnverifiableCodeAttribute
System.Security
SuppressIldasmAttribute
System.Runtime.CompilerServices
Assembly
System.Reflection
.cctor
ResolveEventArgs
System
ValueType
Object
Stream
System.IO
System.Windows.Forms
IContainer
System.ComponentModel
Splitter
StatusStrip
ToolStripStatusLabel
RadioButton
TabControl
TabPage
EventArgs
Dispose
ProtectedByAttribute
Attribute
ConfusedByAttribute
BabelObfuscatorAttribute
CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute
DotfuscatorAttribute
EMyPID_8234_
NineRays.Obfuscator.Evaluation
ObfuscatedByGoliath
SecureTeam.Attributes.ObfuscatedByAgileDotNetAttribute
SmartAssembly.Attributes.PoweredByAttribute
Resoluti0n.Client.Attributes.AssemblyAttributes.ProcessedByResoluti0n
YanoAttribute
pwWylYVOl
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
STAThreadAttribute
GWNWaNdMyoOh.inc
WhiaITPINLTu.inc
dOWWJhPSMisa.inc
LOdsdBdDgOPR.inc
WddyahRZCLMO.inc
uRDLPZdTBgiT.inc
qdyPdPaPsunO.inc
GdPNLuaduLyg.inc
dnPiiaNNOdDP.inc
JoPMNdyaRSIi.inc
yPgddHTRdiRy.inc
dLMiyswdgiGy.inc
FJEZdsdFPEuP.inc
NNaadODoMOgy.inc
LIsyNsTBysWa.inc
sdMANdPSMsOn.inc
oRKTeuNQeoLT.inc
QBRdNedRPAid.inc
wCOydMSOTRIs.inc
iasssAeNLTgP.inc
WRiKdaIoOsnu.inc
LyedMTdadSMR.inc
adyPaRPdZsMa.inc
LgWZOwOqayTW.inc
dMCQTZRDuMMA.inc
sOFZPSdMuZuL.inc
sinZuRdnsONJ.inc
MZsagdeSQQyW.inc
sSEEdiwBdRNy.inc
uWsPDPqZWaHR.inc
sdLRuiSiddgg.inc
yaRnOMwhyBWO.inc
aPPySLauJSsD.inc
WLdDsEdaMQFe.inc
dDdGWOdyCaiL.inc
ROMOdHZSBMui.inc
MdRuMZnOsMgP.inc
dTdnddAZahOO.inc
ZeBFhPqdsIQu.inc
WRNHdWCyisig.inc
dudoMsaNLDuN.inc
QMWPRdNaduaO.inc
iTNgNHgaRNZQ.inc
iThhuIQRLaMP.inc
asPsEENJadAW.inc
MWqeagddNBPd.inc
dTnPgGaBuigF.inc
TTPEiOMySWid.inc
iNWisRdsuNHR.inc
dWiQdahyysoD.inc
QsdDsGaFSNKO.inc
LZTPEsgDLdni.inc
LSKSyWZMOROQ.inc
SNdMRBawJREq.inc
gysaEaTZROTR.inc
aEdaPdiWoahP.inc
aQOJssWWEsOa.inc
sZuishaIZShy.inc
wCGOKPTyLLAP.inc
MsaSTsHyhidR.inc
wQZMNMSgaisa.inc
SssWNdLdZsSN.inc
uMLaJJKNqRLS.inc
OiOnMQTyQAAo.inc
sMSOuhZLCGOC.inc
aZhMQTQBaTdd.inc
dLRBhdauOyda.inc
SssFWaPaSJTR.inc
eyyAiaGuCsPs.inc
sQsMKPLdWTZZ.inc
uPGaDsOsQAsS.inc
CZQMqeQoJGiB.inc
aZTynwZoiOaO.inc
TsueaissNuLN.inc
udaSsQOhsFQy.inc
GMNTuZdLniwT.inc
DdgoOdgiODIw.inc
uIisiiCORShJ.inc
SawnMahSaDPd.inc
yiIHnOaCyMNu.inc
LALTaPCLAZMP.inc
iPMOgOduNDBd.inc
qWMeZNdeyBEO.inc
MyTsBDdKNNiL.inc
wJsZNWdgagRi.inc
wsNgZNguysdy.inc
WRdOeSsOOiCL.inc
siMPSqMyygMe.inc
MZNAiuGZMPBa.inc
ZddEsiQTZiyd.inc
BngCKRWyCZag.inc
qsoPZgTKaPOQ.inc
SFsCMNdiyisd.inc
SDKqPPddsCyL.inc
CFasOaFMHLLF.inc
HTZyNhQZLnhT.inc
shdRSKZNdTay.inc
dLNJwdeFTFNW.inc
nFQ8uBUnkKU.inc
MDG7cENSUA.inc
MemoryStream
ReadByte
get_Length
UInt32
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
RuntimeMethodHandle
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
get_FullName
get_Name
String
op_Equality
Buffer
BlockCopy
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
Control
set_Opacity
set_ShowInTaskbar
NumericUpDown
CheckBox
set_Enabled
get_EntryPoint
MethodInfo
MethodBase
Invoke
Exception
GetExecutingAssembly
Concat
GetManifestResourceStream
op_Inequality
get_Message
MessageBox
DialogResult
Encoding
System.Text
get_UTF8
GetString
IDisposable
ToolStripItem
System.Drawing
set_Size
set_TabIndex
set_Text
set_UseVisualStyleBackColor
set_Location
set_Name
Padding
set_Padding
set_AutoSize
set_TabStop
ButtonBase
ContainerControl
set_AutoScaleDimensions
set_AutoScaleMode
AutoScaleMode
set_ClientSize
get_Controls
ControlCollection
SuspendLayout
ToolStrip
get_Items
ToolStripItemCollection
AddRange
set_SelectedIndex
EventHandler
add_Load
ResumeLayout
PerformLayout
 n l j 
Resolution Lite Edition
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
						
_CorExeMain
mscoree.dll