Sample details: 4e19f3a28224122f48a168c4ba000842 --

Hashes
MD5: 4e19f3a28224122f48a168c4ba000842
SHA1: 2dbf8267a4b5fee689ac9323e8326fdeb8e55f80
SHA256: 252b784a8ac3f2396791e679ceb89d8fb58f4cf2bc738d1bf91a3a448cc1a8d8
SSDEEP: 6144:91qky6JoqSHH9+hAmtCBCsBkyr7qq/+/Zl+/hirGMwEceGhM94/nhcMNN1wzNOZO:WkhOx+ACC7DqqZdEcqGhcSN1w0rla0
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://prntimage.com/pictures293.jpg
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
@%,c_-?
%&,e&8
%&&+E 
%&-k& t
%&-n& 
%&,F& 
/]+I 4
%&-q&	
	,. H!
%&& 4&
%&& L&
%&-F& 
+;& x(
-9&&&&&&&
-(&&&&&
&&&&&&&
'%,-Y+
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
&_(*^6Ph
{*'|w8
dx~F"1
q(K$! 
dU~5!f
1@@.	 
)zg@OJ
"G^&my
_bZY!A
hC?g2YpR
jJ?i&E
[LtF]*L)O9
Xddw.5
(ToV4{M
R]&x`OIj$I;1
>f!yd\?
}"O'V;W
00wK3:
,+W?"S
ZP8dj".u
>3AYx*
S-G8sNJ
a6!|Cq
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD4qD(5qD(8qD(9qD(:qD(;qD(<qD(=qD(>qD(?qD(
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
r2h~n~
/]sv|f
HEXJ%^/J%
KAyCR2
yE;T/O
mPa,Jd/\
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
j`_`A)
N4urSE
[pPdig
V+uKzR
Z8 W'z
PHB3=t
aV?Q_u
DojD'S&
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
D	9Sm} 
XC8=KOH
$v)P_?5
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
b77o	|%
K8~a56
^ZNlmB
Zf"5*j:
L5w$zI?IP
5EH_8/
LQ(>Ob
]wZ %V
F])%,(
^5$\I>3
]uwvku{
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
)m) &OK
||4(@C
'#^3KgD
TV"c(1
c8"G%V
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
eIDATXG
';f:&@
 fqY$|G
xX1S.V
d5:68?Q
%vtM<'
k+FckZ
0aVpok
2zcPSVa
isBxmA 
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
V,/A=L
db$|v%.
)+K*=>U
saJn}wlW<
w)N;#A!,
0@Zn+I
*n>8>"+jU'
$#[87<Y9
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
>#-]Z}
zqhv{#
z)`;7M
}l"pjZ
XC<P&#%
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
G>zs{i
&mEW:	
{=?b`b
xqw3QK
y@&1#T
au;1$-
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
/]yh4Mb
%Sd#F~c:
DnH/ci
OFq:z+
S Gg"Z
.hu-(R
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`IDATXG
rn~A%9
F.5/fh
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
w{qlaX>:mJ
;S1s^d
r^57A-
!YNOph
j#4.)&IZU
w$b4V h@d
mt=NKe]
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
eIDATXG
Q|(?K=k7mp
M\z'/q
D=%A	J
]`Uu	vm
rk$$t?k
RX]kS(%\
Q:z5z-
0SsV=J
vHADyU
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
fIDATXG
j	j^jX
8CZks[H
']k1"o9;/
/xyvXF
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
3}k:-8
FxPB#p
5mhT8LQ
8asW4c
*`|2?CJ
^RdO8wX
Iv	|T6
,8b`3G
nY},ew
wey5XK
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
i3&NMN
&eUy.(
0HkFt[
-OmzlAR
O:_bSHw
VWs)	Vv?
fCc;='
|:(0C_bY0
&9(%)-9Uq
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
fIDATXG
xeFPK 
ki?.+n1
NWAvt4
$Tc]vFq
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
szb85]'
 z|I&sR
:wnN4j!
F^]R:1
sA{f5!
w/pj=#
w{}9S92
 jg)ph1
+O|$	y
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
^IDATXG
TRjw g
sn,k]N
50!oJ+l
[n`jRu_
TYz*f1
:a*6C;_U
~Cy3o-
Z-L]ly
o=S 2<,K&
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`IDATXG
V[jtTd
	d`c)`
n-bymSQJO!
	E3RT!\
'#7'h^
jO?	 D
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
T#dFj\(P
Lc^&PY
^	gcO/
E1a}1E
\J4vT~a
o@eE32
v,{@/0
siC#LG
RiFpTRO
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
(k(vh%
WRt	ax
t^6#C#
d!0)[FV
-tVkoFN	
gG:yc)]
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
:J9~d#F
y%4+Zzs
^g!aTQmI{
.#,Ma>jC
s"*xXo
4K2[c*e
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
dIDATXG
fT]NWW+
7Ug^J 
<S0Ag{
KJ%INv
]RBF[x<
>^j{Gx
XoFXd7
wiZT UH
4487?_|
NbcN	I
C!7_2qjZ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
+|FcK"U 
pm9#zJ
lk%UBwus
igC1yV
B0@r"$<
=VFJ8C
u2*nf\
}F't<'X
t/MwYIQ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATXGc``
rfv8eO
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
fIDATXG
	HwwH7
Hww)9F
^4i\DYu
y2	Z"-J
rKr$"P
`na_"Z
l&e?O,
n}UJ $j
x}#),g
d|LA#0
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
cuKyd3
>tgK=j
k5sX1_
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
B1KQl?}
_^?{1|
0+Va(mn
*X V~9
s(tloD
NpP5S}h-
y3,kge,
m K?5L
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
]IDATXG
twwOo:
tY$J|/
}Q/3+RD[
y0f~`0
@`.i;8
~Z{2 w>V
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
>5;cfK[
i8O/m?y&
-1"_h5
cYL	v1}
PJ_<_u
>[TfY8
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_IDATXG
2]nj/_n#7p
y%Ra-y
 K.r)z
{vTs?c
7g3?ysT
i4`b$G
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`IDATXG
p)N~OK
nv5Dpj]6>)
KaW(G(
`|U*qM
E;L^qu
yD32ww,
4:CvJ3
x1BPH-
;#*U/M
X%]T7c
N6xXE4]
*8nqnV
$Imx]3
g:MmN~L=
{mgJ-/6	
\DgsUu
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
eIDATXG
;+{oqJ
n ;br0
ub[.k4T
TNkdS5nHq
:7JY|	
e/odwxs4
dUG'mT
(HdUhP
_;Y\;IQ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
na]aoxc
xhv5Mk
XKe@dG
vUI_t1?No
uf-IT.
 $~DN<}
S4q$@x
:R"|4	
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aIDATXG
!yV+_O
(	==\Q
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
-*dH}W
?na6"iu
dt)[.k?b
B;.5%v
sCOg58
XNF)i_
.o-z I
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
cIDATXG
?q7W>S*KO
9%d={j
-&b%s~c
	w4dX 
p>K\T\]_
rKnR;3
EC+WHD
vOE2v6
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
eIDATXG
!0&$Us
[,N&_a
URz?m?S
iR\FD)
>'Wp<d
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bIDATXG
bjG*	J
nXV!hY
}rDvmr
Mwc>'/
Y8qji O4
X3cY`ux
x_yN<q)
KO6b(R
_RH80*
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATXG
rm(;yEVlG
C?=,@f
Ea(B(Q'
]edYBn[
'Xx]pN
CM6B;U
t%v@p	
|T6@FTj
dMA>tQ
p-(cAu
YCp+cd
jL1G[pt
g6a|*2
1QdeD-
?@Y_\~
rf/*jDz
.N@%g-6-1
"'(tES
$]RU!|
n".%\/
>Iv?5I
Ue3^ZH
`%^ip1
/2nQhB
G,?7VV
i\|N`v%
WkiaSm
	G>i$1|j2
EvnxDg
,5Ok{a1
0TB8cd5
-ZN3#Ks
}^(?>+g3d
9;e6P{
# )gdc
m|dEq6
9X*S-|bk
6GdUc3'>f!x
y f:4@
vOCdf!`-"
8JIi$(
;KYwmW
-jFbxt]
%y_++f
>+#G[u"
dD&?Rk
ar;VvN{
qzQ'Gknv
}HW\<=
W*B<7Po
Bu8eOl
*q,tX!7
+lB&BR
vL:`Nm
b3w*z}
K\=(@=j
^+q	ByP
Q2/c@?~
eW.@xg
>GcKYN
*8SCg8
'HW"z)
wJ	FRO
@0hN	?
Hn:B&b
t13cHz
AzQ%rO
N1:Fi81
yWvprS
hM8zMC
nOA%5|
an'Xt|
!\[SQ?~b
XO/H.^-
teF|Z.ia
Z/%+@L
U0fhPMI
(,;x#I
Y?qyb`s"
z=zf1P
t<BL`,
.[ Tl1
cx$nTq
3|WNDb
z?1-=Y
8cEey	Dg
`!I'-4m
R=Z1T$P=,B
y _6^L(
g@7J@bl
	$?z`V$
Wjz/z"
,TeXNx
	g?I$;Z%
>,vmhX
=G$|XI0
+alxhCbA
cgYg+b(i
/:uSzUz\n
Ce2^2Y	0
	`8}jMW
`}"[9=
)uh$_D\
 J$5x 
"1(zK@
@N^VNh
l?I40f
P;L;u'
}pa}p\
c7v^|'
A?h`{k
X93R[g
(l+j/1
9+h1@d
7YF*}*
v|KuNd
|!f@r4!
Z]P!ab
GuSct{
;:ah"<
cF*9PJ
q((gw4
vO;WK{X
{|2/~6
_;;Ohm)
Yx3] m
Yul5B}
MX>*@jl
_v)HN-
L/`5nS
,VF#P\9
D !oIa
hdngnl
b:KnNG
'dC-.F1	o>
G1_)AR~
dX8aDDx
!+z@6wl
Ah0pE[
s/GtJ~p
W4S #9
5Yt:qoG#
H?N:T	
Qkkbal
+J{U"g-
.EYUJX
w1oOAy^
v2.0.50727
#Strings
&	R	g	
winfrm.exe
winfrm
mscorlib
System.Windows.Forms
System.Drawing
System
kernel32
.resources
{01c1c9cc-e329-4f38-bf58-759dda822f88}
winfrm%
b7da9a63-8cfb-07.Resources.resources
Vyhecixo.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
Attribute
MethodInfo
System.Reflection
Class1
GetTheFuckingAssemby
Assembly
MethodBase
Rfc2898DeriveBytes
System.Security.Cryptography
SymmetricAlgorithm
DeriveBytes
CipherMode
MemoryStream
System.IO
RijndaelManaged
IDisposable
Dispose
CryptoStream
ArgumentException
Stream
ICryptoTransform
CryptoStreamMode
EventArgs
EventHandler
Control
ContainerControl
AutoScaleMode
STAThreadAttribute
CompilerGeneratedAttribute
ValueType
Exception
Encoding
System.Text
GetManifestResourceStream
Dictionary`2
System.Collections.Generic
MoveFileEx
ResolveEventHandler
FileStream
String
ContainsKey
get_Item
set_Item
FileLoadException
BadImageFormatException
Process
System.Diagnostics
ProcessModule
AppDomain
ResolveEventArgs
Version
StringBuilder
AttributeUsageAttribute
AttributeTargets
DESCryptoServiceProvider
FormatException
DateTime
UInt32
AssemblyName
GetCallingAssembly
TransformFinalBlock
SeekOrigin
InvalidOperationException
ArgumentOutOfRangeException
Substring
NumberStyles
System.Globalization
BitConverter
GetBytes
Reverse
HostProtectionException
System.Security
DeflateStream
System.IO.Compression
get_InputBlockSize
get_OutputBlockSize
TransformBlock
set_Position
CompressionMode
ToArray
get_Length
get_Position
ModuleHandle
BinaryReader
MulticastDelegate
GetTypeFromHandle
RuntimeTypeHandle
GetExecutingAssembly
GetModules
Module
get_ModuleHandle
FieldInfo
Delegate
DynamicMethod
System.Reflection.Emit
MethodBody
DynamicILInfo
ResolveTypeHandle
ResolveMethodHandle
RuntimeMethodHandle
GetMethodFromHandle
MemberInfo
ConstructorInfo
TryGetValue
CreateDelegate
SetValue
SetCode
SignatureHelper
LocalVariableInfo
IEnumerator`1
get_LocalVariables
IList`1
IEnumerable`1
GetEnumerator
get_Current
IEnumerator
System.Collections
MoveNext
GetSignature
SetLocalSignature
ExceptionHandlingClauseOptions
GetTokenFor
NotSupportedException
SetExceptions
ParameterInfo
get_ParameterType
OpCode
OpCodes
GetGenericArguments
OperandType
get_MethodHandle
get_TypeHandle
get_FieldHandle
get_MemberType
MemberTypes
get_Size
get_OperandType
Concat
set_KeySize
set_BlockSize
SecuritySafeCriticalAttribute
GetFields
BindingFlags
CreateDecryptor
set_Key
set_IV
Application
EnableVisualStyles
ResolveString
_MethodInfo
System.Runtime.InteropServices
get_EntryPoint
SetCompatibleTextRenderingDefault
set_AutoScaleMode
ToSingle
ResolveField
op_Equality
IEquatable`1
get_ModuleName
add_AssemblyResolve
set_Capacity
GetDynamicILInfo
AddArgument
get_KeySize
get_Value
get_Module
get_DeclaringType
Invoke
ISerializable
System.Runtime.Serialization
Append
IEnumerable
Monitor
System.Threading
CreateEncryptor
get_LocalType
get_IsStatic
get_IsValueType
Environment
get_ExitCode
set_Mode
SuspendLayout
IConvertible
ToString
op_Inequality
set_AutoScaleDimensions
set_Name
set_Text
ToDouble
add_Load
Component
System.ComponentModel
GetCurrentProcess
ResolveMember
IndexOf
_AppDomain
get_CurrentDomain
get_Chars
ReadByte
WriteByte
GetMethodBody
Directory
CreateDirectory
DirectoryInfo
IComparable`1
get_FullName
Exists
_SignatureHelper
GetLocalVarSigHelper
get_IsPinned
GetParameters
GetString
ToInt64
set_ClientSize
ResumeLayout
get_MainModule
IComparable
get_Name
ReadInt32
get_Year
get_Month
Format
_AssemblyName
GetName
GetPublicKey
get_Now
get_Message
GetValue
get_BlockSize
ResolveSignature
Convert
FromBase64String
get_UTF8
ResolveMethod
ToInt32
Buffer
BlockCopy
StartsWith
ResolveType
ToLower
ToBase64String
GetTempPath
get_Day
get_Hour
get_Minute
get_Second
OpenWrite
get_ReturnType
LoadFile
MakeByRefType
AssemblyDescriptionAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTitleAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyConfigurationAttribute
ComVisibleAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
$ed96afad-3208-4a70-9047-fe63241f5166
1.0.0.0
winfrm
Copyright 
  2017
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>