Sample details: 90cb27c5883833dabbd354762fe2ae5b --

Hashes
MD5: 90cb27c5883833dabbd354762fe2ae5b
SHA1: 4827adcda9b35af68a60f6dba264a2713dc22770
SHA256: e8536c886962bb93da4529bd149c7eaaa09bf9b6e5717cf4519afaab0ce3cd6c
SSDEEP: 24576:S9rTPtL6pwtp6dF2tNgEO4AQGOKDGzB+99IiA+aH+5++++iHZX:ShTPtL6pwtp6F2tNg14bGOsG9+9iiA+e
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/disable_dep |
Source
https://lithi.io/file/6cc96f.exe
http://lithi.io/file/6cc96f.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
	1aaXY 
MVYao/
XaXab`
Qoaab`oY
Yab`oY
 Dbf5 v
a &Tj5aY G
 r;	D "
aYXa 5
$  ^O2a
LZfYef
_4aYe y
2ZaeY &
g1YfZ 
%X +%-
fX '~&
m2fZa 
fXeXa 
 v~v.aae%
 ^(>/%&
/ffXffef vq
 L"/j 
Nleeaf 
o]!5'^
 FD	J%+
eeffe 
!ZYX ep
 s J<Z 
@\!t-i
 H	]V!/^
y:xZ =o
 A7K}Z 
i 4<[da
Xfffff	fY 
eZaa x
:]ZXae 
XY 1BA
Xfffff	fY 
eZaa x
:]ZXae 
XY 1BA
O	sZ ^
	ef {,
%i@ZY 
1eafXaff 
#a+! 	
I_aYZff 
a +2/aea I<
XYaZZY
JXYZafY ^Q
ZXYYY 
YXaYe%
3%&	 jd
eefZ ^
wTdee 
OZYXfY 
ZaXeX W
X lG"VXf {t
fXaeXXfefee%
/ rZk*Z 
$YeaZ 
Xae hq
YaYYf a
1FCZ ^
aa	 PY
aXfYXY 
u sXgYZ 
eeaefY 
 j	ocX
 A=fZZ :
+ _Zmha
WzfaZaf 
 qfs{ZX 	$
ZfZaae '
PZXZ Vbg
B+ZaYaY 
(i8X ~)
 .P_lfe ,	
La O1<
ZYe _$
>Zaaffa 
fYe Fl
R'ZXfa 
7M%XeX j
aeYXe 
 .P_lfe ,	
La O1<
ZYe _$
>Zaaffa 
fYe Fl
R'ZXfa 
7M%XeX j
aeYXe 
Zfe uv
F0faeXa 
ZXYf -
xQba ~s
XYZYaaY 
-n6XafYfY [
Hr~aXYX 
_}YXX 
$Z ^([
aXYffZaef%
 =cHJZa8)
=CYeXaZ 
YYZeXa 
eYXYffe )x>
o'SZ N
=CYeXaZ 
YYZeXa 
eYXYffe )x>
befeZe 
faea 6
QhLZa8	
Z~bX ,Z
7C^XYaZaf '
vZaZZ 
GaeXfafYa 
ZaXff 
ZAJZf 
aYfaZX 
;X 5VV
afYXf 
-9jZa 
YaYeYfX
Zefe $8
ea lWZ> _
YaaXeXaYeY O
afXXY +
ST8ZX 
mZXaYfY 
\'7 R/
aXf lz
LXXaX 
4|aaXX 
`a W$vweaYf 
;jaZ je
ZYfYaYa
ZeaafYY%
%&	 TE
& \b!i%8p
fXaZ w
:ZXeZ g
?ff C-
aXeaa 
4ZeaZ 
h 4eCsZaY%
^eaa Eh+
n9aae 
b1X M*f
WXaZY 
~ZfX Z
Za Rwpu .
Z 	ultYXX 
ZXaaY %
o,:a u
ZYfX s
ZffZ Im
cXZXeYYeY l5
yZfaX 
?aaafYXY W
Z aN:%a+
 a8)R 
~QXanZX
a!`	Hh
u.YaXdm
 D~7] 
7YaYdm
 g'+[ 
 Mbez 
L v[a_Z
 NtCoT
X ntinT
 ntdlT
uX '$u?a
 *Iy2 
 N3b[ oA
X ntinT
 ml, Y
 NtCoT
 ntdlT
X l.dlT
V >V-/X
X l.dlT
'Pv}z<*
c.f_^/~
2?"T>:
v2.0.50727
#Strings
ArgumentNullException
System
Random
System.Drawing
MemoryStream
System.IO
ResourceManager
System.Resources
Assembly
System.Reflection
Thread
System.Threading
ThreadStart
EventWaitHandle
EventResetMode
Button
System.Windows.Forms
NotSupportedException
EntryPointNotFoundException
ListBox
set_ClientSize
WaitHandle
WaitOne
get_Items
ObjectCollection
Environment
get_ManagedThreadId
Stream
SeekOrigin
ButtonBase
set_UseVisualStyleBackColor
String
Concat
Dispose
get_CurrentThread
GetTypeFromHandle
RuntimeTypeHandle
Control
set_Text
GetTypes
get_Controls
ControlCollection
set_Name
set_Location
Object
GetType
set_Size
DateTime
get_Now
ListControl
set_FormattingEnabled
SuspendLayout
Application
SetCompatibleTextRenderingDefault
ContainerControl
set_AutoScaleMode
AutoScaleMode
Activator
CreateInstance
Delegate
op_Inequality
add_Load
EventHandler
ResourceSet
GetEnumerator
IDictionaryEnumerator
System.Collections
CultureInfo
System.Globalization
get_CurrentCulture
ResumeLayout
AddRange
SettingsBase
System.Configuration
Synchronized
get_Assembly
EnableVisualStyles
set_TabIndex
add_Click
set_AutoScaleDimensions
GetResourceSet
UsbMux.exe
UsbMux
mscorlib
ntdll.dll
kernel32.dll
<Module>
Dictionary`2
System.Collections.Generic
DeflateStream
System.IO.Compression
MethodBase
AppDomain
get_CurrentDomain
ResolveEventHandler
add_ResourceResolve
GetCurrentMethod
MemberInfo
get_Module
Module
get_MetadataToken
ResolveSignature
RijndaelManaged
System.Security.Cryptography
Create
HashAlgorithm
ComputeHash
SymmetricAlgorithm
CreateDecryptor
ICryptoTransform
CryptoStream
CryptoStreamMode
CompressionMode
BitConverter
ToUInt32
get_Length
ToArray
GetExecutingAssembly
Encoding
System.Text
get_UTF8
GetBytes
GetString
GetManifestResourceStream
.cctor
ConstructorInfo
ParameterInfo
DynamicMethod
System.Reflection.Emit
FieldInfo
ILGenerator
GetFieldFromHandle
RuntimeFieldHandle
ResolveMethod
OpCodes
Newobj
OpCode
get_DeclaringType
get_ParameterType
GetParameters
get_IsInterface
get_IsArray
get_FieldType
CreateDelegate
SetValue
GetILGenerator
Ldarg_S
MethodInfo
get_IsStatic
get_ReturnType
Castclass
get_Name
get_Chars
Callvirt
BinaryReader
ReadInt32
ReadBytes
Buffer
BlockCopy
IDisposable
GetManifestResourceNames
ResolveEventArgs
IndexOf
sender
Attribute
IContainer
System.ComponentModel
EventArgs
Action`1
Invoke
List`1
Enumerator
get_Current
MoveNext
Predicate`1
Exists
ToShortTimeString
sThiMShhcSjlanohsdhIiFUHMoPf
CompilerGeneratedAttribute
System.Runtime.CompilerServices
IEnumerator`1
IEnumerable`1
IEnumerator
Boolean
set_Item
get_Item
ICollection
get_Count
UInt32
IEnumerable
DebuggerHiddenAttribute
System.Diagnostics
System.IDisposable.Dispose
DictionaryEntry
get_Value
System.Collections.IEnumerator.Reset
System.Collections.IEnumerator.get_Current
System.Collections.IEnumerable.GetEnumerator
STAThreadAttribute
Resources
UsbMux.Properties
EditorBrowsableAttribute
EditorBrowsableState
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
ApplicationSettingsBase
TryGetValue
Marshal
System.Runtime.InteropServices
SizeOf
MulticastDelegate
ProcessHandle
ProcessInformationClass
ProcessInformation
ProcessInformationLength
ReturnLength
NtQueryInformationProcess
NtSetInformationProcess
hObject
CloseHandle
IsDebuggerPresent
OutputDebugString
GetEnvironmentVariable
FailFast
ParameterizedThreadStart
set_IsBackground
Debugger
IsLogging
get_IsAttached
get_IsAlive
thread
lpAddress
dwSize
flNewProtect
lpflOldProtect
VirtualProtect
GetHINSTANCE
IntPtr
op_Explicit
get_FullyQualifiedName
ConfusedByAttribute
AssemblyTitleAttribute
AssemblyDescriptionAttribute
DebuggableAttribute
DebuggingModes
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyConfigurationAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ComVisibleAttribute
UnverifiableCodeAttribute
System.Security
SuppressIldasmAttribute
<<UGPh">
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
14.0.0.0
UsbMux
WrapNonExceptionThrows
$776a5292-c816-4676-8886-5ff12918f9a7
1.0.0.0
Copyright UsbMux 2018
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
Confuser v1.9.0.0
_CorExeMain
mscoree.dll
U,,*~330
[ZZq]\\
$$!]ttm
...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...	...
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD