Sample details: 7bdbf20ba1eb21def22d56fd0e277d69 --

Hashes
MD5: 7bdbf20ba1eb21def22d56fd0e277d69
SHA1: e9d5caaaf5184a2acda73a47e56fd0517cd3e91c
SHA256: bd61c1e25985c2877ced1d0b4ad8a232934311dcdceafa7db2530855731abf95
SSDEEP: 12288:Nv7kw3ABThY6aqFpK4WwqL2Abm+934Do:Nkw3sThYj0DWVLj683
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://prntimage.tech/image293.jpg
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
 *_12 
! P!8)Za8I
! I!4pZ 
Z &6xSa8
! }k'3Z 
! ,"[3Z 
& qw_| 4
AGnZa8$
+]+H 1
J@r%&8
 FztDZ 
sZ .@?`a8
^0Z P{
 }{;7%+
 +[ <u
 $At2Z N
~Z J!j
zgbZ 1.
 -o2xZ 
 Z 4YM"a+
Z gd2Da8
M%&	 g
 )pJf%+
 J}4c%&
& :/B[%+
Z VD8@a8
	+& 4E;z8C
Aj6a+k
 nj}n%&8K
 MZ |/
Viba8h
%	Z F8
\Z uBz
Z rj.ba8
\Q*Z <
 `^V[%&
 BH_6Za8Z
 2~"UZ 
xVZ <mH
& ad?p%+
5E(Z 9
& ad?p%+
$` Mmi9a%
(&%&8H
Z (xP4a8z
i&!Z [
Z ReOHa+
nZ hvu
& yM_;%+
 ZQ0P%&+ 
]{Z tXc
Nf%&85
 ZQ0P%+
37%&8z
 1yxR%&
 ZQ0P8
`;Xa8|
!GZ a^
 vXZ!Za8
]Z 6$n
 _+zwZ {
cUiZ $
 Cq1}Z 
 -r7o%&
9'Za8`
}z\Z n
{""%&8
%&z	 g
3rX%&8
 K99CZ gr9
eZ 1zY
9V?%&8;
 `Q47%&
'RiZ &\
-5Za8I
'GZ ,J}[a8
 hJi'%&
 =lUL h
3Z nwJ
+%&*b+
+%&*j+
+%&*f+
+%&*f+
+%&*f+
es\Z _
zhn%&8k
 f<ITZ 
%M&9}0Y
H_@?pXP
9y[	P>
OR n)|
IT._IW
 .Y2~Fg
wVNr^o
1e-D4l
"/La.)o
v3`&Kd
xlz	fN
=ct(bm
$Z2I;Oji
nUpu)Y6z	
*L&0-z3
s%v+;|~
XJdh_"
:;hO"@
XH@ K'
@6T{XV
'wI]VF
2qc0}?
&%X*Tz 
,"\'Hp
*W*|%ow
0Rc\PA
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADp
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
2#&aLj8mq
"sg%?'m
5T6l&#
[O<3bM5
M3dZ[Q(
7p`1{6
["_r:f*|
l.@7vM7
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
"/YDc8
+Fa;y*.
 6B3Dz.
aVPXZtx
]^$~ta2
n%YAu\K
 7I-wk	>
dnuH:`"
iC8hHW
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
|bP9WCz
}%MAik
p0sJ?w
*U{fcxD
6W}?lj!
k3jXnE
+m?YiS
3h(vQ0'
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
LwwwL7
z=1o6QU
;z<Zxd
^o"Zl`N
-U2M?1
_(V$%T
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
0ZJIB0
PG4	nl
_#{|FC
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
6]sL;1
`o	9`8
_"U+H%
U#Iy8keh
o]rC(H
l=d)!	
x:41W*v%
a"<B*;
2h{SV2
<~vN&	KS]
'b/?Oo
-p%DZ7
1;XZlKO
T3#rLc
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
IcK@xQ
aSj;:/
y[/e?@
<_m.k@8
<opnrr
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
\9Ac(_\E
yS^kEg
nz%O'U
)weTf7
u2RIU}
/1rtU;1
Z?z)ju
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
yv_4RmE
40[-Z"2
k8V{ot
ws6X_S
,%|MMX
<`XHgb
6Z<y2BJ
X=GU>=
=OC),X
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
N3=}8q:NwwwN
~L_+nwD(
&ymu@H
}++[V5Y`
'5])Px
&*iHf*
Eo;h?c]cOL
)4NCpK
XB@x*t
SwV26.
O9g+|w
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rIDAThC
}BEzM]JZ
f)s1s&T
bpfdQt
Wbc2/{og
1ts	PS
D^i?=l
WOw|!EG
 t#tRa
k5975=?!
pYnumV
d !$')
;WE>5~
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
8&s_'J
P!J!Is
IWl$Ne.
A	G|D5\c
l>DE#6 4
!4(=y|w
uU;wxZ
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
xGg9YH
R]Hn?l^
02Ah/3$
Z_EDI@
D)KJTiT
yRpJ3F
tNn&(g
{C.zRA
Wsksd	
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
~s;0gA7
'"$-Q}Y
:rw1;yA{
4X;,>!
$qbVwV7	=
vRvs$.
DDhY"}2Z;q
y@'kF-z
Dd0nlN
 {AOIG
U6a\[]
"nV0=>
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jIDAThC
pz;P^#
h,}:zXt$
-@:;Yb
-$]b|K
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
y55(@3J
\`10z3
a$:MLjI.
	[gkN`
gRd#.u
n];#WdB<
.pI@j=
C)~F}p
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
(2P4|R
p#0],h
r	S[[,>
;M*,(c
O6XqJxr
!MlWsB
 5]ss3
**[]]?+
6cj`7Xp
"_u2=	
'OS:S,
7qMg;z
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
NN;LNOw3
y6h*(Q3
}^|uV?Cb.
C_Q_n=
v)I*\f8.'
|3>)Gt|
KM('OP
#kGxysr
EuiI5>
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
us>[j^Lc3
Ms56Ps
VPJGx'G
5"9vF]
C-f]/f
j*j {$lA
VvB]x]
J3'341
Nk:A[|o
,{:eif
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
=r>e|;
Zm@*SV
i}{Mf~
{SQ}'ye
/aoDa}
OY6cFcG
i~$VA\
+I:C:(
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
oHRF"}<
3uB$_c	
Lmq?;S1
+V)&kM
L*}2x	
,e	{T_
XP'|Yc
#U;TRe
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
MOo!!a:
JzJn$E
If1b57
&=&zNs
|4euY1
^^,>c)-
aDo.[g
6Xj7h,S
%ny>hxW
#4aa2J
BkC32K
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
61111L
jmZ9fmWEP
7BhQb{
4])$<J
 IhC.y
Q+xdwlV
!5kKX'\
qg[AaX
3N~`9*
-;5%:m
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
-*d?!z
1)]`)Z~
&#5=?l
o[k#z7
J-5u^_
?TW^C%
9-b@%2
 VQdc'C2
}(+m7pj
za%Q	!
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
E"vX}f
k@kAke
9/u`Hp
Z>vqaH
?\>n'H
Sd,!}2
~b5@JNR
qAd5g*
X[Wo';
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThCc``(
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
?_?I6c
9wY63@PZ
Bo.V*7
&R"fX	x
A*NpVx
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
<M2`	X
Hcy_cf7
:9-J/>i
J8`:64s~
mu)((.
{rI&g?
(:Y$tb
zU6Xh!
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
	S5Pvk4
ygbMLS
O+9`^-
#gbj?7A@
wq2R<5
Q2@Qq=
bmthkq
sG(p5!%
wLRsLx
QgL1S#s6{
'zOCkE
<}M@FcjmL$
9,4<[&gx/
@}\(}2
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
tIDAThC
6Eo!R)
R)Ri3!1b2l
Nu9P2^n
`]v)pv]
<y`975
2h=Ts!
-;><nV
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
-YQfZSD
W^@KB9\
%:=`aq
Xh9bWf/
m+T`e0q1
}v-=q~
KSj9g31-dU
&2/_@;
#|R\(eZ
bjcGlb
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
$D=H5G5?
OF%$.%
@u$ycS
zF>epp
@OQ.`F
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jIDAThC
sLwwwNw
h'@e=Q
!@+b|n
\_@L?Y
8M)l1_r
iw/ }	
dleRwp\
Dl6Cai`
X`YL?;L
{@v+SP
w.6:n"v
8N-vax
YaR.	i
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
s_09^1.
 )eeMA
Nv}= 9	
<v(7lz
%gYf;w
lig)gK
[S[h6>f
	HCu#T:.9
qb8,-;
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
KK"f4n-
XG|QF<
?:U8[{u'
p}`4%U
1+?cga
X~]K}\
 )RdLdx
>:h}/N
{1~<'9'
E[{2ts
L|fyw^oPP
<'8XR7
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
2kM:8L
HGyzcw
=mR{JJ9
/O+^64<
qKz%')A
~S:5Jsz.
1.;*#L!
R7.40q
~]4dr 
.~%D~&
PuDC*Y
>68Sz\
Z>O.^s
yjw#pQ\-9
q<9/jn'i
O!2:AtD
\Sb8\8
|"%W,S
7H4I]=WC
Rc+pMn
s|UtlY
_m)xZh
1X+BYM
N<e35~
t}8@6.
jP1h,,
ASjdR.
-X *gZ
aE<>	&
,~o \~
 -=e#h
pnQ:t7n
1|q9(Y
=3JBtF+b
f~Lhc;q
rA8	=.
z,aFJJ)
gdOnPB
r538X]
9wdrMW
qC2I5v|
	BR0/z
Zfw:BV
mq)@aNw
9BrM+|
7.nFo@
I)T2t{
	%?BMXV
]+qxU]Z~
}^w7rQ
8>A`lb
iEA6Q9
U$\wPG
j,T,(7L
BX3+)g
$E"8!{
FJd<5*
._'%|D
C_IXk|
wv04}ao
6{0?B>
<Ck=5J
,+ooK2 |
k!=I&Ks
l(D@I)]
Ml;Gt]
6\TM=H&:o
Hi5*DsZ
{l<MSt~
`<@0JN%
WT!k]r
utV4 S
__wZ2w
zDFlN<
DBvf5(
g	]kObf&
vi=G2vM
p|fm_	
AYeK^t
I?= *sg
=v	GFM
Wx<;,Ku
d&7^H@
-at1p$
gY `m6
Q&b@jf
?BXq1=
gI|u{5
rM$qV%
lj,&s+(
"4A>W$
#Trr)i>{
d(Z0v<
A^,Zj@g
F_^iw[
^/-2RC
_b>oFW.a
9&T|E\
C~hw/)
auR@'=`
!vj](B
r3ksge@
=k464	;
mOFRM?
Qcq	Ay
|~#$YL
J!]#jk
[LDo9Q
W3|5[	d
KiR0Au
*Nh?dS
{oq$O/
H9`k>9
JmTNa6l
KB{	qe[M
252GM?
@8h\>k
ind"E{
v=q7BG
9=')K/zp
cmsrW3
hpYKh2
!(N*do
/)@N%.Us
QRT,:8
3L6YC{p
yVp(!f
u{~YH?
;9Zs!R
9n&y^s
M	I?b@
YR*&cmq
-[8<'p-\
ej6~ML
R`Wn8<
;@^C7hG
b5m>#>@l
1C]Qy)
Qkkbal
v2.0.50727
#Strings
7	S	Y	h	
cvgcfgfdvbr.exe
cvgcfgfdvbr
mscorlib
System.Windows.Forms
System
System.Drawing
kernel32
{f4068a45-f214-480a-9833-a0819a1b31f3}
a7334908-ba8c-35.Resources.resources
Jevipi.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
IFormatProvider
SecuritySafeCriticalAttribute
System.Security
Stream
System.IO
DateTime
get_Year
get_Minute
get_Second
IComparable
Combine
String
Concat
FileInfo
get_Length
Assembly
System.Reflection
GetManifestResourceNames
add_Load
EventHandler
AssemblyInfoAttribute
Attribute
Control
ResumeLayout
Directory
CreateDirectory
DirectoryInfo
Buffer
BlockCopy
SymmetricAlgorithm
System.Security.Cryptography
set_KeySize
OpenWrite
FileStream
Application
SetCompatibleTextRenderingDefault
MemoryStream
set_Capacity
Hashtable
System.Collections
get_Keys
ICollection
IDisposable
CreateEncryptor
ICryptoTransform
CreateDecryptor
Format
NumberStyles
System.Globalization
_Assembly
System.Runtime.InteropServices
ISerializable
System.Runtime.Serialization
StringBuilder
System.Text
Append
AssemblyName
GetPublicKey
c78ae8fec9b6d77d2012ef7971c83ae5b
c5f7830d0d36452f78c2aa737ded381c7
cdddc909ef2ed9eeb6cd58fe5556845d0
ICloneable
ICustomAttributeProvider
IConvertible
FileMode
FileAccess
Dispose
set_Item
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
ccf09f68a0e8553d8a97576e688c00372
c79e9af3ab94ed28c3aeb52d2d3f06833
c1a83872e27ef3378884d500e6d56d67a
MarshalByRefObject
IEnumerable
IDeserializationCallback
ResolveEventArgs
GetEnumerator
IEnumerator
get_Current
MoveNext
LoadFile
Monitor
System.Threading
Exception
FileLoadException
BadImageFormatException
c14165a7df9c5f530c2e08997469c09fd
c5d45ece7147406e97bec5039f39504f0
IndexOf
Equals
StringComparison
get_Item
Convert
ToBase64String
ToArray
set_FormBorderStyle
FormBorderStyle
WriteByte
SuspendLayout
_AssemblyName
GetName
StartsWith
op_Equality
ReadByte
get_KeySize
get_BlockSize
_MethodInfo
get_EntryPoint
MethodInfo
EventArgs
set_StartPosition
FormStartPosition
STAThreadAttribute
Encoding
get_UTF8
Version
op_Inequality
Process
System.Diagnostics
get_MainModule
ProcessModule
ContainerControl
set_AutoScaleMode
AutoScaleMode
Exists
CompilerGeneratedAttribute
ValueType
IContainer
System.ComponentModel
EnableVisualStyles
CultureInfo
get_InvariantCulture
IComparable`1
GetTempPath
IEnumerable`1
System.Collections.Generic
Substring
c25f134a4132f0ec591b03cadc97a38e0
c18be18078e87f17709faa3f6fea5018e
c6287a79789b681965ceecd2080c9a8d4
c610ac3c43ac57014b8413ac82b298c98
c9e4a2f9f42e177b0e5c843074f0462d0
c08cab641cdcef9a4cf1fca6060f7cdab
cc24c25cee12dddba8c28675da7d243d1
BitConverter
GetBytes
Reverse
cb78e16ca6599768eab5ed61c9ac75a0d
ce9d69693d17ac7e0d50ffe03b32278de
HostProtectionException
c398423dc60bb2d0464cf9f950327feee
DESCryptoServiceProvider
get_InputBlockSize
get_OutputBlockSize
TransformBlock
TransformFinalBlock
set_Position
DeflateStream
System.IO.Compression
CompressionMode
get_Position
c069cb29c2baa199cd6ea191fd51067e8
UInt32
CryptoStream
RijndaelManaged
Rfc2898DeriveBytes
Dictionary`2
ContainsKey
MoveFileEx
Class1
GetTheFuckingAssemby
InvalidOperationException
CryptoStreamMode
MethodBase
DeriveBytes
CipherMode
FormatException
ArgumentOutOfRangeException
SeekOrigin
GetCallingAssembly
set_ShowInTaskbar
ToString
set_Name
set_Mode
AttributeUsageAttribute
AttributeTargets
get_Location
get_Message
get_FullName
set_IV
set_Key
get_Now
get_Name
set_ClientSize
ToCharArray
get_Month
get_Day
get_Hour
Environment
set_BlockSize
GetManifestResourceStream
GetExecutingAssembly
IEquatable`1
GetDirectoryName
ToLower
get_Chars
Component
GetCurrentProcess
get_ModuleName
set_AutoScaleDimensions
Invoke
GuidAttribute
SuppressIldasmAttribute
$c7c096e6-07dc-4c0d-ab1e-3931b91bfa08
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>