Sample details: b932f1a4b6c0c2ea0371fd413a369907 --

Hashes
MD5: b932f1a4b6c0c2ea0371fd413a369907
SHA1: a7117d230e257390dedb467996c810cdb7a02497
SHA256: 13f5f80ebc616b71f2ff5e6712308f925975dd1b85319023a4b78aea0ec70630
SSDEEP: 6144:wvAk2gVju+iXCH3mxDpdcV4nQmSq0U9Ncjat9w44miCwE:wUgyRpdA4vSq0mm+934S
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Source
http://prntimage.com/pictures293.jpg
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
%,L_-1
%&-a& 
%&,]& 
+:& P'
%&& 4%
%&& L%
-6&&&&&&&
,(&&&&&
&&&&&&&
%,I%,\
b{pBQ4
Qn*Qy9
plskyM
eKQgCu
C]cSta
@N%;z!
hMC{	\
e)	eM=I
[iH/Za
m$z'So
fXCs]S
"F\pL6
N.]=^}
$QKlD;5
8o'FVs
zmBG%T
=n0+H9
F>^C1>
R	eK["3l
+(8kjB
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
eZ/x=xJl	~`W
{Yv+[aY
Cu+YfL
i8XW_c
<9Hq+y
oSve0%
66;R.{O6
}q/=EX
P6Tzla
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
@sS@2h
neE,#d
z2ert:
z		eMgP
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
g2+@M;
?h^&iR
aA$Qp)
W"5Z!V
P\,fYo,
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
Zd`YvA
qwPMF7
]en<~c
=]Y-W.DH
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
f|2)nY
&]}IM~
;.{^Zc
7P7`20
}[@;lj
l5TmQ.v
. g_h($
bE^g8-P
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
D(Ltp,
RGx.k"
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
uIDAThC
r4DUQ}
f=B;a 
Hh$D:A
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
~q7|yj@u'
;2.P3'
F[|#${
<F:Y$|D
o#%t&M-
<`%FSC)
U>52m*
j# B6z
%]d\Rda
MQv]lNv
Aw;a0;
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
up$';|
4^=KVC
UTq|`#kZo
ehI5w:$
_RCN>&
7K;4?OsG
WyYsq[
IY$wz`
6~E9Kv
,/y*m`C
Q<Dz0"
/;qo8/
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
rtv_*9
1Ugraq
(FmTn6
'aR`V4
*q	vMUmijz|
He,QRH
I'&$m2
h-W)%(
 f9uS%
r{'G	Q
~{.e-h
6#zsBKB
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
,)F4"$3
glE8;=
:Y@|@a
vD45qcm
q5Qj1XC
G\.n:+
EO\jy"?vo]
#1qy3U
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
'o|t-W
6#.}vD
/f%f2l
FVDC/'Y1
c6Dh&Q
[ETAVJ
L_^Eer
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
k4NA#Qy
560HvD	
Lc^$S5J/5
L+GtPd
J4;BPh
0Tpa(4"
@1{I)>20:`
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
oIDAThC
\YZs)|<
?%e>>5/
.Gg|W$hs
o	UIE2
#3|e9(#
>lqU}*Ik
ZnW+"]
,@5)KD2
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
GV8o@~_
M|_AYb
/-Q			i[
}zut&.
 lTXZ] f
$m&ZUXata
6*qt=\
(Y3frS
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
)i$$FIJ
n-NRXb*
?UUdNy~
z~GH!P
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
nRud3r
?8@leOV
`JdBaNX.
@2=fl9n
dHLANF"
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
N"Xmv"
N2lI9-PQ
\A&1w\
9"ZJj9^A_
ZQ8QW=fO
e|Z6(C5
VcjTt-&
D[l]@b
.pk3]4{
5t*((]/
H/o)!{
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
g^_I)I!#
l,3"?k
ZU>*O7
6\NoUKk
E0)V4!
Dc^iO^
>DXSA+
!K\fYKW
ySGQQt
	Bzlyf
[O)E4|N
:58h!*M$7
J,^C<~
%7jZbU
sGWS`2
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
 _95A~7
p'xn*D
7/T-oQ
^v6>93
o|!Xf(
oD[Krx
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
(:<;j6>
T,e9)B
Pn:'Ri
uV~w;$
kS)GkK|
c##cP%
-[k``@
vo88LC
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
	M%NgSj
MT_lax
TBFi~6B
	Ik2WHBG 
FFvId0
BDOA0L
v2}`Bs
VnZVsT
{03J2g
;#$z#y
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
$M>Iy.
z7*{r7
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
,	UjB>
\w3F3s#
e,fT]1!S9M
7+	x.T_w
lu6Gv*
'Cpm>M
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
]hUW)r
/Ui'p&!K
H<b^I\r
lbJM!mV
6)rwfsM
[i&13Q
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThCc``(
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
f.>m>k
;&y-ts
.zpIs%+
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
pIDAThC
2CF6	!
,af$;l
roH3;	L
LNaozl
@4s5J6x
S4A/."4Pu
cqI&Dl
ZfutR/
q[qj^s
O,/-eR]
cTK:CA^2>d
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
y2?ob) 
R#6h(t
p|.;^E
8g*	6#.
"vk}&`
(9rJR	
W5cB<)
9zWs4q
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
waV-:B
iVgP'#
mq~T"K
R["Y(W*
? /;v`Y
B3>I56,
  E_ k
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
=W)j$0
@.UHv-
99 ,\=
[q\)*X 
;vN!Xz_
:iE	uX~
t7vP9d
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
1}8mN;1
oF=ab;
-u:GZ0
Tu-	c{
G+wDD1
mx@lS]Y
<CDPw5
9/p^3(7
Z+D<ZQ
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qIDAThC
'ySsF[39
VMv5]s
QI"q'v
p+t`#w
Pvf:*[
hcDWxHX^
LnL	Nb
Ke89PA
Dn2^Zh
]) Q/;P67WA
1fX@<;%
V\*+h\[	s
o1lXJH
`(xW|6
TcG+%5
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nIDAThC
;3#{sV
B(8z{I
E|25l[
"ij}y}
|6C/as
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mIDAThC
S~1tlW()
ro0A\5
-~6fMxP"ar
8"a]uz<&
e`UlrY
VVu2Xv
ZE8bF$x
(iRKF`
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lIDAThC
"UIpj6
)<}O`\
'Je@	'
LbBA<B
m#MT=N
E.A>a6
BpdDzE!
u.bd\T
%*BF|.
g\QSMs
^1; yF-
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDAThC
[X2dd^
,cF\2^X
C~Rp	%e
~S:5Jsz.
1.;*#L!
R7.40q
~]4dr 
.~%D~&
PuDC*Y
>68Sz\
Z>O.^s
yjw#pQ\-9
q<9/jn'i
O!2:AtD
\Sb8\8
|"%W,S
7H4I]=WC
Rc+pMn
s|UtlY
_m)xZh
1X+BYM
N<e35~
t}8@6.
jP1h,,
ASjdR.
-X *gZ
aE<>	&
,~o \~
 -=e#h
pnQ:t7n
1|q9(Y
=3JBtF+b
f~Lhc;q
rA8	=.
z,aFJJ)
gdOnPB
r538X]
9wdrMW
qC2I5v|
	BR0/z
Zfw:BV
mq)@aNw
9BrM+|
7.nFo@
I)T2t{
	%?BMXV
]+qxU]Z~
}^w7rQ
8>A`lb
iEA6Q9
U$\wPG
j,T,(7L
BX3+)g
$E"8!{
FJd<5*
._'%|D
C_IXk|
wv04}ao
6{0?B>
<Ck=5J
,+ooK2 |
k!=I&Ks
l(D@I)]
Ml;Gt]
6\TM=H&:o
Hi5*DsZ
{l<MSt~
`<@0JN%
WT!k]r
utV4 S
__wZ2w
zDFlN<
DBvf5(
g	]kObf&
vi=G2vM
p|fm_	
AYeK^t
I?= *sg
=v	GFM
Wx<;,Ku
d&7^H@
-at1p$
gY `m6
Q&b@jf
?BXq1=
gI|u{5
rM$qV%
lj,&s+(
"4A>W$
#Trr)i>{
d(Z0v<
A^,Zj@g
F_^iw[
^/-2RC
_b>oFW.a
9&T|E\
C~hw/)
auR@'=`
!vj](B
r3ksge@
=k464	;
mOFRM?
Qcq	Ay
|~#$YL
J!]#jk
[LDo9Q
W3|5[	d
KiR0Au
*Nh?dS
{oq$O/
H9`k>9
JmTNa6l
KB{	qe[M
252GM?
@8h\>k
ind"E{
v=q7BG
9=')K/zp
cmsrW3
hpYKh2
!(N*do
/)@N%.Us
QRT,:8
3L6YC{p
yVp(!f
u{~YH?
;9Zs!R
9n&y^s
M	I?b@
YR*&cmq
-[8<'p-\
Qkkbal
&C}b!M
BkVtNo
.H|,M4:PA_f
v2.0.50727
#Strings
	6	O	q	
winfrm.exe
winfrm
mscorlib
System.Windows.Forms
System.Drawing
System
kernel32
{0d3123d3-95d5-4218-9894-ab20738bb992}
winfrm%
a62e7f87-3b00-ee.Resources.resources
Cytaeshi.Resources.resources
<Module>
RuntimeHelpers
System.Runtime.CompilerServices
InitializeArray
RuntimeFieldHandle
.cctor
Object
MethodInfo
System.Reflection
Class1
GetTheFuckingAssemby
Assembly
MethodBase
Rfc2898DeriveBytes
System.Security.Cryptography
SymmetricAlgorithm
DeriveBytes
CipherMode
MemoryStream
System.IO
RijndaelManaged
IDisposable
Dispose
CryptoStream
ArgumentException
Stream
ICryptoTransform
CryptoStreamMode
EventArgs
EventHandler
Control
ContainerControl
AutoScaleMode
Application
STAThreadAttribute
CompilerGeneratedAttribute
ValueType
Exception
Encoding
System.Text
GetManifestResourceStream
Dictionary`2
System.Collections.Generic
MoveFileEx
ResolveEventHandler
FileStream
String
ContainsKey
get_Item
set_Item
FileLoadException
BadImageFormatException
Process
System.Diagnostics
ProcessModule
AppDomain
ResolveEventArgs
Version
StringBuilder
Attribute
AttributeUsageAttribute
AttributeTargets
DESCryptoServiceProvider
FormatException
DateTime
UInt32
AssemblyName
GetCallingAssembly
TransformFinalBlock
SeekOrigin
ArgumentOutOfRangeException
InvalidOperationException
Substring
NumberStyles
System.Globalization
BitConverter
GetBytes
Reverse
HostProtectionException
System.Security
DeflateStream
System.IO.Compression
get_InputBlockSize
get_OutputBlockSize
TransformBlock
set_Capacity
set_Position
CompressionMode
ToArray
get_Length
get_Position
ModuleHandle
BinaryReader
MulticastDelegate
GetTypeFromHandle
RuntimeTypeHandle
GetExecutingAssembly
GetModules
Module
get_ModuleHandle
FieldInfo
Delegate
DynamicMethod
System.Reflection.Emit
MethodBody
DynamicILInfo
ResolveTypeHandle
ResolveMethodHandle
RuntimeMethodHandle
GetMethodFromHandle
MemberInfo
ConstructorInfo
TryGetValue
CreateDelegate
SetValue
SetCode
SignatureHelper
LocalVariableInfo
IEnumerator`1
get_LocalVariables
IList`1
IEnumerable`1
GetEnumerator
get_Current
IEnumerator
System.Collections
MoveNext
GetSignature
SetLocalSignature
ExceptionHandlingClauseOptions
GetTokenFor
NotSupportedException
SetExceptions
ParameterInfo
get_ParameterType
OpCode
OpCodes
GetGenericArguments
OperandType
get_MethodHandle
get_TypeHandle
get_FieldHandle
get_MemberType
MemberTypes
get_Size
get_OperandType
Concat
set_KeySize
SecuritySafeCriticalAttribute
CreateDecryptor
set_IV
Invoke
ISerializable
System.Runtime.Serialization
get_Module
Append
ToInt32
ToSingle
ResolveSignature
IComparable`1
get_ModuleName
set_Text
_FieldInfo
System.Runtime.InteropServices
ResolveField
add_Load
IndexOf
IComparable
Convert
ToBase64String
WriteByte
GetName
Exists
OpenWrite
get_IsPinned
AddArgument
get_IsStatic
set_BlockSize
EnableVisualStyles
_MethodInfo
get_EntryPoint
SetCompatibleTextRenderingDefault
GetFields
BindingFlags
Environment
GetValue
IConvertible
ToString
_Assembly
IEquatable`1
ToLower
SuspendLayout
GetCurrentProcess
ICloneable
get_FullName
ResolveType
add_AssemblyResolve
ReadByte
MarshalByRefObject
ReadInt32
GetMethodBody
GetPublicKey
FileSystemInfo
Directory
CreateDirectory
DirectoryInfo
IReflect
MakeByRefType
set_Key
op_Inequality
ToInt64
Component
System.ComponentModel
get_MainModule
set_ClientSize
ResumeLayout
get_CurrentDomain
Monitor
System.Threading
get_Month
get_ReturnType
GetDynamicILInfo
get_Now
IEnumerable
get_Message
GetParameters
get_KeySize
get_BlockSize
set_Mode
get_ExitCode
get_Value
ResolveString
StartsWith
set_AutoScaleMode
ResolveMethod
get_Chars
ICustomAttributeProvider
ResolveMember
IEvidenceFactory
Format
CreateEncryptor
get_Name
LoadFile
_SignatureHelper
GetLocalVarSigHelper
get_IsValueType
FromBase64String
get_UTF8
GetString
get_DeclaringType
ToDouble
Buffer
BlockCopy
set_AutoScaleDimensions
op_Equality
set_Name
get_Year
get_Day
get_Hour
get_Minute
get_Second
GetTempPath
get_LocalType
GuidAttribute
$98548b6c-1f6a-4f69-96ab-5f4ea92c81b9
_CorExeMain
mscoree.dll
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD