Sample details: 99ec675d4c4d1217f584b77b57d6ac34 --

Hashes
MD5: 99ec675d4c4d1217f584b77b57d6ac34
SHA1: 748906294e7ca619e96c290834ad32999eebb72d
SHA256: 54336c423a69453e9797e1b256808c6ba628d1af560e6438932030506ea7c83d
SSDEEP: 12288:bs42uEABDn4IrMsQfr8BCHGBc8m+934a9:euEs/QfrH6cN8379
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://prntimage.tech/image293.jpg
http://prntimage.tech/image293.jpg
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
 *_12 
! P!8)Za8I
! I!4pZ 
Z &6xSa8
! }k'3Z 
un3a8|
! ,"[3Z 
& qw_| 4
AGnZa8$
+]+H 1
J@r%&8
 FztDZ 
sZ .@?`a8
^0Z P{
 }{;7%+
 +[ <u
 $At2Z N
~Z J!j
zgbZ 1.
 -o2xZ 
 Z 4YM"a+
Z gd2Da8
M%&	 g
 )pJf%+
 J}4c%&
& :/B[%+
Z VD8@a8
	+& 4E;z8C
Aj6a+k
 nj}n%&8K
 MZ |/
Viba8h
%	Z F8
\Z uBz
Z rj.ba8
\Q*Z <
 `^V[%&
 BH_6Za8Z
 2~"UZ 
xVZ <mH
& ad?p%+
5E(Z 9
& ad?p%+
$` Mmi9a%
(&%&8H
Z (xP4a8z
i&!Z [
Z ReOHa+
nZ hvu
& yM_;%+
 ZQ0P%&+ 
]{Z tXc
Nf%&85
 ZQ0P%+
37%&8z
 1yxR%&
 ZQ0P8
`;Xa8|
!GZ a^
 vXZ!Za8
]Z 6$n
 _+zwZ {
cUiZ $
 Cq1}Z 
 -r7o%&
9'Za8`
}z\Z n
{""%&8
%&z	 g
3rX%&8
 K99CZ gr9
eZ 1zY
9V?%&8;
 `Q47%&
'RiZ &\
-5Za8I
'GZ ,J}[a8
 hJi'%&
 =lUL h
3Z nwJ
+%&*b+
+%&*f+
+%&*f+
es\Z _
zhn%&8k
 f<ITZ 
%M&9}0Y
H_@?pXP
9y[	P>
OR n)|
IT._IW
 .Y2~Fg
wVNr^o
1e-D4l
"/La.)o
v3`&Kd
xlz	fN
=ct(bm
$Z2I;Oji
nUpu)Y6z	
*L&0-z3
s%v+;|~
XJdh_"
:;hO"@
XH@ K'
@6T{XV
'wI]VF
2qc0}?
&%X*Tz 
,"\'Hp
*W*|%ow
0Rc\PA
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
o1WRo1WSo1W
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
))9F#0
tjK6/q
)a;`G+-*
Ji-q*W
hgDv'J
v. WY'
/nX"n;
cU]pW~
*=(mR,
_1yBqa
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
51;NMw
3dQo{7
yS3d`x
7LZC\`
b{`<q/
ME&?(dt"mg
~+<X9To
HG5.*/
\4azcM
oZ:tq~q
wN2Ni~
heBd/H
xyYUT+
YQnsq}
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
icNww3
ilv+8R
h;Z2<Opv
 .	lX5+
Gt;;r4u
B>+;B;
M>5dG~<)
)M6MH,Az
_tdz|/UPA
@gLUsS9
|"W7&aW
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
&x` XPoi
H8}gi"
'Q1STb
,~,"ut|U
x#$Li6
47cJqn
d9tllw
bx&4e39x
hglv!i>TI6
>+@=D%W
&reB;gd
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
L$_yd3
0v+G[m)\
:Q^kqB)ibY^
TuW%cq
$6BDc{
h($\Vt
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
f&ET|Q
E(<I,-DI
.$KYQ$N
^Gt_O_
2 Awy2
S]}lUbB2[8r
5{rj[i
3oIoqw
~wl#XWSa
`2kzw|}VF
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
^ZOm* 
vaw'z<
&^z?OC
)gf^j>	
TI8FB}#^
.\L]B'
VscY/k
Wx0&	W
u"oE*8
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
*m]/Ik
.(tJ@*
ro/FZW
*\h4t$
bXz%mc
QL$=2aq
"~9uii
/'s,>R
u'Q*[(tu
I1Mpt$]
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
>>oy'S
Ph!(?f@
Mx\mIo
8NNaax
5<*D/kb
pcfwSe9d
,IypKK
y#J9)#
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
OYUnrXJ&
n&Jy^,
~1N~P'
mYj9tH6M
cZVUs1
X4>/ @d
nrGV&v
5D%>B!4+5-
(]g#f'Zf
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
?c1Dc;
4Ei0]He~)li
_}r@Bb
@bG\$f
0Rl~$}
eE9U3X
Zyi;f	
q!&OYM
oj	}zo
i7|+xG
D\,VQS;
h{>_Vg
;z22-k
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
*r<J?[v
,8VV0t ?
JNhD{cLksy`&cy
CD3j4WI
NuhM2fj
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
@?3s)S
l3}f.6
TL!M~5p_
>2hsR?	
'S=I;H
4T0_:.:
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
+bmle:
XBp:>R
wb	En:b
2b7u>lq
biCo&%
&}ozsQ
cAs1K{
X@]lPQb
AO3i?.P
Y5aJ<1
o@a"Yi-.
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
kU2~U[
&Jx!'%*w
E%d/YO
	X/	D|w
3c"=h c
 ES^j8
A@8n8bi
LYk^0C
,`$:-5\7
u_uZYD
N`:B)d|?
cVmZJ|
L5/|Hr{
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
ei/):xM=
phjxe0u
OPIN uU
tTIiHt
A6v."Jc
}>dX$Rk
b5-$ZE
%,e=,l
;)Ac\/
xNj^z{&#
}R,*]`
pQ,0	j
z=p#DO
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
u[k,o]
{^rU[,2
P\t(uvp
*lzp/\o
jZQhn0
}\@,'O
O8_HzJ
HcMazn#/1n
fjE@(S
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
b,:lr`(
2,jZ^7RQVk
wzQm}M
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
g%I ~u)
#YoO_[
<f?ZBHvP
ecWt}3
2u~Bo?
X3"zQ8
XY o,c
q}cd{S
)=@Hw"
2:Z^7{
4XnJ'-M/
c/[G<*
$aJd-k
l|T~cI
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
w"#Y[k\
zJ:r7Y
X@SUCo
vdQ0!2
'yFGb,)
p	lw(OZ
Q@C?^%
,{YjI@
f(QzD1
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
%g|I60
)h$N2p
~3'jn 
r(-mGj
ot[>h<
+OUaruW%
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
9LwwOw
z8@P2~
W`L/6:_
U}R+Zz
^T llv
o+[YIr
525fx,m
O&)rA&
35Y-{v
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
_54NvS
i2`8>sf
=Fk@Zfv_s
'$~Fw;
3kS<G0
RavdIl
ri2"-?
jdY93e]
o=@LD#}
DBEYMM
FYO?C;
) VC}k^
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
,99Lx5
2XWZvU
z1Of)iv
.V4u+O
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
ob0)SY
[.8>H^
7	uN}l
SWVhJy
NH"$1(
dm$1'<
jg#Rdn
4,f^&;I
sd->-P,
h]wP	r
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThCc``(
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
iIDAThC
1(V~a\}
@fOFZ|
H	5";>
pWnHax
`uj)jA
	FZOvL(
K-	R{X)
Ex{V[E
Dqn+[S
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
4hdm%lR
Y\z')ck
2/#KEP
SI$3f9
PsS \H
=jjSR@
J^hWh; 
^PWwc}2
R3K?51'
}A	uF1<
>?$v3I\
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
q'8^0v
v=+)lp
jonAX2
0SDz*{
5h>	4:@
	";W |
~9l#r;
2gq!xGr
]z2M=4
"ubed8
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
oB-_(|
"KkyqB
*O~/:"^R
lt;#iw
nSKkef]5
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
Z}5XWi
*Fn5aJ8
7pj,F,X
7JB+[1\OLK\
!Iz$s7
,A}{V$
rI0 ;%
'm%T/L
C;0;%t
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
sIDAThC
[BZ:Gw
t}e0<>
_(%0'A
	Q*UbK
 u0o,Xv
;eghx+
hHkTyiG
ZuANA,
JDm4'{
;`7d?]
/r`?y]M
^5grg_
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
kIDAThC
`gc+_K6Q
> cT9k
8H.'\ulN
fg<KZ	#
rQ{tZ@
3|@iq>ke7<
r.y5i]
Js0D4r
H>phi7G
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
1Dewr%{
WYD)`L
zrN;R}1
6W?Y7L5q
Z0?>w!
sGRImC
,i\N)&v
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
b gs`2
~S:5Jsz.
1.;*#L!
R7.40q
~]4dr 
.~%D~&
PuDC*Y
>68Sz\
Z>O.^s
yjw#pQ\-9
q<9/jn'i
O!2:AtD
\Sb8\8
|"%W,S
7H4I]=WC
Rc+pMn
s|UtlY
_m)xZh
1X+BYM
N<e35~
t}8@6.
jP1h,,
ASjdR.
-X *gZ
aE<>	&
,~o \~
 -=e#h
pnQ:t7n
1|q9(Y
=3JBtF+b
f~Lhc;q
rA8	=.
z,aFJJ)
gdOnPB
r538X]
9wdrMW
qC2I5v|
	BR0/z
Zfw:BV
mq)@aNw
9BrM+|
7.nFo@
I)T2t{
	%?BMXV
]+qxU]Z~
}^w7rQ
8>A`lb
iEA6Q9
U$\wPG
j,T,(7L
BX3+)g
$E"8!{
FJd<5*
._'%|D
C_IXk|
wv04}ao
6{0?B>
<Ck=5J
,+ooK2 |
k!=I&Ks
l(D@I)]
Ml;Gt]
6\TM=H&:o
Hi5*DsZ
{l<MSt~
`<@0JN%
WT!k]r
utV4 S
__wZ2w
zDFlN<
DBvf5(
g	]kObf&
vi=G2vM
p|fm_	
AYeK^t
I?= *sg
=v	GFM
Wx<;,Ku
d&7^H@
-at1p$
gY `m6
Q&b@jf
?BXq1=
gI|u{5
rM$qV%
lj,&s+(
"4A>W$
#Trr)i>{
d(Z0v<
A^,Zj@g
F_^iw[
^/-2RC
_b>oFW.a
9&T|E\
C~hw/)
auR@'=`
!vj](B
r3ksge@
=k464	;
mOFRM?
Qcq	Ay
|~#$YL
J!]#jk
[LDo9Q
W3|5[	d
KiR0Au
*Nh?dS
{oq$O/
H9`k>9
JmTNa6l
KB{	qe[M
252GM?
@8h\>k
ind"E{
v=q7BG
9=')K/zp
cmsrW3
hpYKh2
!(N*do
/)@N%.Us
QRT,:8
3L6YC{p
yVp(!f
u{~YH?
;9Zs!R
9n&y^s
M	I?b@
YR*&cmq
-[8<'p-\
Qkkbal
v2.0.50727
#Strings
	)	:	K	Y	j	
cvgcfgfdvbr.exe
cvgcfgfdvbr
mscorlib
System.Windows.Forms
System
System.Drawing
kernel32
{f4068a45-f214-480a-9833-a0819a1b31f3}
f8b22868-5876-ca.Resources.resources
Lewyzhixyzho.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
Version
op_Inequality
SecuritySafeCriticalAttribute
System.Security
Stream
System.IO
get_Position
IDisposable
SymmetricAlgorithm
System.Security.Cryptography
CreateEncryptor
ICryptoTransform
CreateDecryptor
AssemblyInfoAttribute
Attribute
IComparable
ProcessModule
System.Diagnostics
get_ModuleName
String
ContainerControl
set_AutoScaleDimensions
WriteByte
DeriveBytes
GetBytes
StringBuilder
System.Text
Append
FileInfo
get_Length
set_AutoScaleMode
AutoScaleMode
Format
ICloneable
ToString
IFormatProvider
CultureInfo
System.Globalization
get_InvariantCulture
Encoding
get_UTF8
IEnumerable
System.Collections
Concat
Hashtable
get_Keys
ICollection
DateTime
get_Now
Buffer
BlockCopy
set_FormBorderStyle
FormBorderStyle
IContainer
System.ComponentModel
c78ae8fec9b6d77d2012ef7971c83ae5b
c5f7830d0d36452f78c2aa737ded381c7
cdddc909ef2ed9eeb6cd58fe5556845d0
_Assembly
System.Runtime.InteropServices
IEquatable`1
Assembly
System.Reflection
FileStream
FileMode
FileAccess
Dispose
set_Item
AppDomain
get_CurrentDomain
ResolveEventHandler
add_AssemblyResolve
ccf09f68a0e8553d8a97576e688c00372
c79e9af3ab94ed28c3aeb52d2d3f06833
c1a83872e27ef3378884d500e6d56d67a
ICustomAttributeProvider
IEnumerable`1
System.Collections.Generic
MarshalByRefObject
ISerializable
System.Runtime.Serialization
ResolveEventArgs
GetEnumerator
IEnumerator
get_Current
MoveNext
LoadFile
Monitor
System.Threading
Exception
FileLoadException
BadImageFormatException
c14165a7df9c5f530c2e08997469c09fd
c5d45ece7147406e97bec5039f39504f0
set_Position
Component
Process
GetCurrentProcess
IEvidenceFactory
MethodBase
get_EntryPoint
MethodInfo
GetTempPath
Directory
CreateDirectory
DirectoryInfo
get_Message
Control
set_Name
IComparable`1
ToLower
get_Name
Invoke
ToCharArray
Application
EnableVisualStyles
set_ShowInTaskbar
add_Load
EventHandler
SuspendLayout
EventArgs
get_Year
get_Month
get_Day
get_Minute
get_Second
NumberStyles
MemoryStream
set_Capacity
STAThreadAttribute
GetExecutingAssembly
AssemblyName
GetPublicKey
StartsWith
Exists
op_Equality
set_Mode
CipherMode
CompilerGeneratedAttribute
ValueType
SetCompatibleTextRenderingDefault
get_MainModule
c25f134a4132f0ec591b03cadc97a38e0
c18be18078e87f17709faa3f6fea5018e
c6287a79789b681965ceecd2080c9a8d4
c610ac3c43ac57014b8413ac82b298c98
c9e4a2f9f42e177b0e5c843074f0462d0
c08cab641cdcef9a4cf1fca6060f7cdab
cc24c25cee12dddba8c28675da7d243d1
Substring
BitConverter
Reverse
cb78e16ca6599768eab5ed61c9ac75a0d
ce9d69693d17ac7e0d50ffe03b32278de
HostProtectionException
c398423dc60bb2d0464cf9f950327feee
DESCryptoServiceProvider
get_InputBlockSize
get_OutputBlockSize
TransformBlock
TransformFinalBlock
DeflateStream
System.IO.Compression
CompressionMode
ToArray
c069cb29c2baa199cd6ea191fd51067e8
_Exception
UInt32
CryptoStream
RijndaelManaged
Rfc2898DeriveBytes
Dictionary`2
ContainsKey
get_Item
Rijndael
MoveFileEx
Class1
GetTheFuckingAssemby
InvalidOperationException
CryptoStreamMode
FormatException
ArgumentOutOfRangeException
SeekOrigin
FormStartPosition
GetCallingAssembly
IndexOf
IConvertible
get_FullName
get_Location
GetDirectoryName
Equals
StringComparison
get_KeySize
get_BlockSize
OpenWrite
AttributeUsageAttribute
AttributeTargets
get_Chars
GetManifestResourceNames
set_IV
set_Key
set_StartPosition
GetName
Environment
get_Hour
ReadByte
ResumeLayout
set_ClientSize
Convert
ToBase64String
Combine
GetManifestResourceStream
set_KeySize
set_BlockSize
GuidAttribute
SuppressIldasmAttribute
$47a2b5ec-71cb-4735-b127-b6932c302c71
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="gup" type="win32"></assemblyIdentity><description>GUP : a free (LGPL) Generic Updater</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><mssv2:trustInfo xmlns:mssv2="urn:schemas-microsoft-com:asm.v2" xmlns="urn:schemas-microsoft-com:asm.v3"><mssv2:security><mssv2:requestedPrivileges><mssv2:requestedExecutionLevel level="asInvoker" uiAccess="false"></mssv2:requestedExecutionLevel></mssv2:requestedPrivileges></mssv2:security></mssv2:trustInfo></assembly>