Sample details: ce432adb4628e32151b15970c55e7c12 --

Hashes
MD5: ce432adb4628e32151b15970c55e7c12
SHA1: 5e2c58b667f0e8fd083750ce079281f43e3da89f
SHA256: 2e3abe6aaa94adb22bb5179d338114c3c0dc6a5f6ef2f136cd8a7ae57402bc58
SSDEEP: 12288:SZe+VXSS4HkeC1xiG+9zfCg8wGfbeqegi:SZLCS4gkfH8wGfjeB
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/contentis_base64 |
Source
http://aboukangaz.com/zhzhzh/kck.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rsrc
@.reloc
K^Z Vp
a3r%&8[
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA!
NiN?NjNmN,N
N`NqN\N?NAN!NsN9NYNyN
NyNzNsN
NFN?NINuNHNWNeN
NHN<NmNnN%N
NJNZNtN
N)N=NfNHNgN<NmN
N7NfN0N?NiN
NzN'NINiN@N@NiN~N
NINkNKN@N&NlN
NDN+N:|
NMN}NRN4N5N
NSN-NrN8N(NHNbN
NjNTN2NhNGNVN
N.N6NcNONNN{NJN
NQN0N+N-NANZN/N9NXN"N:N^NTN/N^NpNqN
N!N&NBNTNDN
N!N7N+N~N
NkNyN	N+NMN`N3N
N.N1N'NAN
NcNVNGN}N0N8N&NNNWNuN
NCN'NtN5NoNYNaN
NQNyN@N-N5N
N)N-NIN.NfN$N>N
NMN{N+NQN`NBN[NWNmNJN
NCN$NMNqN
NMNUNTN'N+N
N3N7NMND
.)NhNhN*N
NJN&NJN
L*N0NPN}N
NmNyN8NDN
N]N6NFNXNCNtN N^NtN"NkN&N
NRNeNSNON.N
N9NpNCN&n
N!N-NQNfN
NfNiNnNYN
NMNPN_N
F5N:N|NmNdNKNCNHNUN
NUN|NzNiN)N}N:NeN
NkNhNwN
N{NvNmNHNA
.8NGN*N'NEN'N+N4N<N/N!NRNLNhN,NWN N^NzN$NoNcNXN
N_NSN>NINjNTN)NyN
N.NnN3NVNONbN4NpN]N
:@NYN0NRNsN8N9NKNqNQN
N	N|NEN<N
NTNINxN
N-NmNqN`~
6MNEN%N/NnN7NTN]NDN
N`N~N!NcN
NFNbNwNDNiN&N
NXNINiN<N?NYN
NGN?NBN
N5N6NiN:NlN2N5N
H_N5N&N`N
N"NuNsN
N.NBNNN]NiNvNjN
N@NPN"N
NmN!N!NrN
F`NZNQNVN
NvNLN)N
NcNBN!N~NVNuN=NeN
N\NeNbN
NRN.NZN
NsN#N)NUNnNINGNT
2aNpN^N
N(NXN4NrNGN)N
NxN<NlNGN?NbNbNTN
LgNONaN"N[N$NKNcNuN
N:NjN+N>N;N!N$N`NhN
NENoNBN@N{NmN
*iNtN,NpN4N
NZNgNvN`N-NBN3NXN_N%NjN
:!xcp6
QcF`51
gG2Yl>
X+E[yA
z'd4+|Cp
cF,N!D
A6y{/`
2x7[gC2a-
v,g_$9
u]:|;hm#
:p^$*J
ntm3sW
0(0A&l
sV\Vx<
._FkKc
}Gmrk[
0(F>/a
%FmV29
,P;"zx
RixH>;
RZ</X5
7f6Asj
5&WD1}
NyBHAjW
<,$A%T
=;#R^];<"
&>L^G!
q%y#3V
3[S2|8
0|sy`Pi04G
UL5a ~Q
7Hvbyc
!O%hpA
Z8:>os1h
&=4n2i
DstYwmM
MK"~xW
H/< wj
`Uzf1,|
p.+2Ku
:{&`A0
8=I1{A[
9CpD$R
Kpc( n
R\%%=r
v=*qxE
%$)2iih\
)"x-h.4
tqb{rE
wE<DwQ
o,dL@P
i_TJZH
YYU^<M
8	]Z]!T
VB|]$~O
Thanm+
gBQj86
4M9zBu
jteqlv
j)S	q/
Hxdfa.$R
lRr:i@
 H8O@I
.68NP|$
h7:t+8
;d/6%9zl
\]VF}P
>,	y?{
|,^N W%
)W G2T
Z,&*	}
/ zUkR
:FFn	0
ta1/lg4
!x{"is+
[`2D6(m
 vB_6c
~sG\YP
;SoL0]
Fa@5'%
 <T1y.
9A7H1c{
Rb{,Hy
6{4S@P9
3C3\qak
L6}zUaM3
#(H-]~]
l7'KQ\
#9V4zZ^
x1zwbp2z
s+!e]p
1b&>H8O
Oods^	
.+[k{op
voKQ!q3G?
dB-Pt0
t3 _O-
	C K"(
Ie[y3p
~$=++/2
&>Ha"Z
ScV)gF
lB*)S|
\n28RK
jW{<,g
&999yY
{*'"#{d
e&[4T#Z
LD?VK(G
^X:j%6
9~1"A8
kI5b :2
+Ve>_T
:MljCH6P~
`nQ1nj
i!zXSs
dxTwfF"L
G\hHIT&
G	e(TBc"
6&. A)w;
ZQCG^(
14]|T&
C<rOPY
QdMj.7B`
,4+tXSFX
3d!#S.
_P+i)2^v
[A!Tu*
`,!m1t
"_fsg#
<Cb:Sl
D%K`.l&
+e>X 6
v6B35:7n
.5#M#]
Z9AH0^
V{s]m[
C%X:r\
OACUwLZ
;ht)LS;c
mg,?7<
Tj`I8z
1;HdQ@d
!oT}(2?
6v_Da`F
7K"hzx
`*5.r-#
mwXbz#
Fl:`I2r
E+{3PS7Y
	dz^^4
$m!HqY
?H[9rw!o0s
]AbC\^
G&#XFa<
 gm?G/Z
%_1=VX
lWs.'_
*H'EBq4<
h!F)z5
N|?cd*
j(&`qI
JJ$i_;
>iMJ9f
x_V#~$
8O	Y	z
!)nIC!
8w@R7{
#4Xjj0
[l3riW
:H~	eKI
"/Tu`=P
T)|2I*
RVVF"6g0]
l$U?$3
U$4-62O
;~>K6L
=.	R>EK
e]nA+}
g7KqUT
4vKJBJ
Mcr EbE#g9X
+@'[_/l
e@-*Unp
^',gdx'u
:oF$mS	
wz03\]d	A
j\<;_Ch
Fju\K`ern?
}ywqt:|j
_+w;V"W
|y	@Z'*;
q|?wCMF
8x|[x/|
T0y'9c'
gMf6hY
fE{({I
uD |9f
HL"Hd<
u"S2mXi
pNx;XTL
U/x ~Ayp
fvo_iF
}{H63yj
paWY?0 ^
&NsFvO_	:
FbQCX*{
yF]'w8d
c6b[}C
MVnh0K
>*6&G:
mmDj#*[
od:Xmz
%|O1,L
Rhz#i^x
~7f~&;B{
(KU1	%k,
H<*J4whfq0a
xlc%<3$
G#%0:=
QB!TSp#
GmJN8[
lJ#&08
C9)1>2T
()E;O>
	LZs[l]Z
:9if"~
fCxO0RUL
{5~p&D
%k0"zj
Z_.!)]
I\;7`d
pd`6u-L{0x
e*fNgM
S"'Qq<
e	u0Bp
}o!-be
z3_|iso
A];"25
47\?BW
v EqR=/
WW!~AB
17^TX+
.j5]m\e
d84A%]v
on=T1I
<{7^w`
NM3.*f
+,7RrB;
.j;3gy1S=
geGT-Db4
]0J-*T
(>Tz/J
&c;)6T
~27 HR-
D~EG$?&7
`;/H/`8
xJ)2h?
|rth-pF
<	z^cim
kmU[v"
9LFlY2
ZabP1|
)qfO-Te
(k:L4v
%-&1@^
t4\xq( 
{RPd"K
!C		"W
eT&zfxOc
y>aUZ\"G
*DMtjV#z
xZ3]W]S
i8Wa?;
_g~;UV.e
,L|ODC
LgQaX`A
&,\#0?
0UZG!7
('YEqG/2
4 )rgp
M*[A.~]
"y<z/YA
'wH[bh
zN_	[Q
h/a.~V
wT(*d>
ZUKPeh[Tx
g'kUwO
=_p,sQ
!&Z5}4
5D72&F
naV/P.>
%kk}5I
*=^o{0N
,	v!#{
z&	.70?
i3zl_:V
}yn+NO
oIHD+E
IS+l)2z
vw;G^wL9/f
H":#v\
rX=Luw
m\D9Gp
~0Q-Wp
n_\$Oj
Nq{&WM
c$<)om
qZt:hA
x+^vH!
&Hf~Z5
I=R2u4q
LAxqt4
>lWJ. 
'=t,O-y
 !PoR;
 ']Y%J
0^Y_|U
bA*om*
_C`81j
`|Hvs"
mh3	5?
x@uosK
7Ssva=,
oW,&[~
boZE?N{
$PJ,c8
2_YXPQy
\=,$LF
"CV8/6
UIBR"6
7z(T't
Tv?(hI
D(FTH{(
E1,!iR
j 2 )yy
gCU26=
`E+BYG
dixMZ,
XTeaLox:W
RpV3Ubg
:'<dJ'
;~58_`
Ae/e"~
7is0"i
/ne(*80
Kp"*cw
R		4NqH
\V	yJf
s2NJXTg_u
3XA[2H!
{2{'v,
Z5d"dE
rTo86r
) 0Qu/+
Fm=_N.MYO
N-LnW0a
LW3GiWE
`Fc?yH
%N['=_
`^`Fw0
<0v)Ppk
)qOYH^
WRYMe(
yLExq?R
sF:R.y
(?Zh}1M
t\9Lxt
]xcU4h2
Ts3;&`
2Vy`*v
fSFJx2
HYn<GS
_[,g$K
+k`oE	
/{mey?\Q,
Z(dez&w
"g@qB[
9{V@UX
2B6-ID
$EtvBT
q(kv")
H\C^"	Aq 
-7Lgzal
wDF]og
\PINEv
ugjE4=7
eUPH}7
ft[x'bA
?]\K(ZhE%v
H`O\Q0
<AkE|`
{G;Uyg-u+
S(Y2sy
<krd#(
|cyJ(d
BzTWM~
+=':<2M
wd~r}Y
ygUKPDo
R>/+sow=!
quv4(J
yXkb=$(
`MY3K9x
iUl'MG
3xfA1<}
fH',u<H
NLD%g4
DK=)v<
	pwm]7
WFS6cz7
C5%l4m~
ft;zY3
nB/S1Xo
RTK>x	I
`rW+dW5
%h#[':rD
l>"NL0
`e}QFC
oQ;m bM
4t_t^n
ct9I>Q I_
Ud`/W:\:
vlFSLTS+
!bVz-h
KEMK/S4
R\EH9K
d_-|<D
f,US>J
`n2qFC+
%s!fvkJ)
~["C;vN
WIPWn^
1`2K%B`
$NH`fT
h~?v^yI
U%`*dx
!uTtd=
GP'dqSzUG{
Rgw&bIEP
]j!1Xi62
9^t	g3s
d/@$O~/Z
?}&c_n
PJ~I?W"
6@&%)v
Hel-K4
8	1dc5X
KFz<1# 
W:HM/Lu
<P_tNl
o9"9/J
0@,H?-f
`!C"SB
=Wm_A.D
;}Qg=31(
39_'|1
+	i1s9q% c
Z@PXKeqL
:v:U:!
ileJ23
sr]=bAQ
#pRAp6
JSc6{_
E1K<Vt_
Kz3K0S^
;-;p9W7
;'\x`'
m`T9W+I]
vM`{;z
;Zbq\`
C-_ku4u
K-{"Fk
c&w&1og
<;Ft]tL
_F_0w[u?
Ut.pz\=h
C(76rX
<u9[Fu
+Lnpo8
'/zj@e;G
7	x=o}
p-e7[p
ao?NgR
IsI*HD
\kAJ	9
,0u>7P
CC3[k>\H3s
@X{|GX
(yJ]O&
*L(9{3
q?Ku(4
+:_-Bn
'Ty#ce
!PYdWg$
ET*o}P
YlCYyD
D`+ 1J7
M?-74_c
DpMp$z
oH>_xa}f
!I4oB/
<`~e,$
8Cbrm>
nX8]~q
Pnkf"[
VdrX)?
'9PM%rs
hPvqk@
)j}zyh
hX|ryh
lPRk\;
GHb.~Y
v4.0.30319
#Strings
Qh66aiYk8C3XC5GGxb
mscorlib
System.Windows.Forms
.resources
oUIsUMc62be3mmbZsq
MZ5GCrQGQngB5E59k0l
.cctor
QgHeow6xAc5etiY
WLMfCmQfUp43
Object
System
y2rQiNa1462TxnmEG
MethodInfo
System.Reflection
6PRTnaPTCS7x7VHHr
iPQStNidpE9s5Rnl
pjMR30DeP3A
Assembly
ntwSHWEvXXv0GQh4i
oi99yFxYf6zSQ
CnsQ1k52SbCkSImdS
ResourceManager
System.Resources
SymmetricAlgorithm
System.Security.Cryptography
ICryptoTransform
AppDomain
Exception
6oZnW4d2R2lIZGoT
l3AIGkanpFgDXnUe
s2yrNEfwLl
aCUtg2eXEcHLYF
T6EBzOLoK7b1
Hkg0FGyLfx
ajw8YZaPQO8jP5
ConstructorInfo
E8vpFwQa1X2ZS
xDLkiY4iii
sGmWFhCmGpN2IVlx7X
PropertyInfo
e6qXQNmxSEalJaQEg
pRjfRs1ZYsZMm7bnz3
OlquV5o3OroFezrNx
u8xN7hhHFmrZbUaqm0
MRTsuUZ1ExB
oUNEemYcX1uk
zCWU5ruOcQ9Lc
9my7NFoVwYdR8if
mhS93AC6xQLJG2ilzT
Q6fDjflXKxEz8c
GetType
GetMethods
MemberInfo
get_Name
String
op_Equality
MethodBase
Invoke
Thread
System.Threading
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
GetObject
set_Key
set_IV
CreateDecryptor
get_CurrentDomain
get_Message
MessageBox
DialogResult
GetConstructor
GetProperties
wXucFmGbFn4Eop
4bRHB4sDcCA0rD1c
ca0bsY1eVPAgcCpAu
zSyOP0iCPePACV
su8lgLFDFq
An9qWh7dVYQBA
hQaNRsBBsaHsl1KW9HI
hYCPSxFOqyCl
y9lRBaMIBfMxh
zTxYXjvYUGAfpOgB1nv
92m7dZLJEU6gcbOtH
qewPEF3Pwkl9cQ8
8dzvUgOJk9Lc2V
aolnyVmmVtFTWbEsZj3
c8lrVTxlE4IJhk
1eeGHOVyl3X
yNNdt9bGsMg
MWi61U6gphSoRSf0
HqpwbwRGKEK2D6w
QMgQ0WC6Z7rdJLRVUz
MzAWQFlprgvIyPx
C9QLghdZQ7
7895cUmdLMnB
IkKLpQXDvHKVublA2
qRvxatyqq3
SgbsFa6ITvqdG
ylohpiS0XbxQduFm
m1hXWySRdce
LqjLL1CaC1CCC
q1d8M4zgAxn128
V6CPEwbrLRh1gbO
R97yYjgUol
m6y19VF849dyWD
TTAe01wg414HBZLhWp
7inDjzSnGukHZJ5
Y5zWDbKn9tiMEsXXp
HKz2x7hEboFsm82Y8xc
5PmqDs8C5RvUUSwgJ
AispqPCNHo7YdmnW9z
zjo9TI4CuHB7
euYgZCP0gBUMNdj6
tD56SSEoKDu
Ho1ayJuJa5fUW0EDp
xGM8SaeKWZkuNoRe
HGHTUpj7onnZCpM
wlW8KIJoDhAmtizrnjV
TsNTPqEVFsHvWiVMwt2
7U2kP02qlcu
v1R0T7nJt4TQPg7
chwybGq8lU4LiERlta9
G5ctHdtreEKc36G
yBiL0ZO7eJ
SQdcmgvlQ37GsP7
0NPMsBQ8kekXobnw9GE
MuluUFgpco6o2PKo
1vNqfrb6SarZ6G
icuXUElOPkDozp1
HhOokGSDe5a5RsF
TmwIR7DqPNgYS4
BYSbjbUhEYTK
lvzbFdGHixzLDOOR
2qoFvs1Bve7aOB
jqKdL1znjSHmUHFM7Cr
RP75sfAkaKZPUzED0v
OVD1eJCcoLd9nT5UJ
CqZjNfPzu2
dw8AqZz0K5gQ2W
8KutAPCPtvhk7nl
A355Jfnb90H9iUADMhh
9wk0WE3gCfiWn9GI7Z
XlLtX3CWOVDWLpQ7OS
TgxaDVYfSo
rHybZPj7I7HwcEoCml
ez53wFmiulwHayHL7ox
1JStuNf8KTqy5FuV
VlXzEaGZkZL
YaFtGucT1VfQQQSl
XUd3SsMPOnU6OMlTy
yvhkIXlj9txGeOvNI8Z
o9BTzKNIl645iEk5E
9WAxsCh4v7AXlx
UMxPXdM6C7ranUPkWct
rdBNehsx16OGA5AD7vL
aZNboS0bVJpm
c5xwZUZwZtNm
PE57ytFMNObQJ
nNIaBoWgqjAWMf
HWq7YwbWMvtC
Ib7SMzuf73wj7
EHv1gQApivE6Q
vLNLbrKDl9
XuwKI8KVH5CETMcB
jAp2Hu0hzy33G
vbhTxOWPnCaXzAhy2w
yvLMXz9sEWHB
wtnzhcwh6JdbK4whqV
1GcTGITmxb9iY7
LqsprIq9vHZW
a75WHg6gJA
IX6J16ORQQswr0L31
8NpzEgvEIETwremW
ySyoQuewD861S7ct
LVAWkKxmmu9mvpS
fnlIUIKut0jmA5Zo
TxF0sw39LqqrDhMchbO
IeatTvWQ4M
S0E2M8XebnONIJ
EAWtxO6tmW
OvNPRz2Imdp
qvTxsH9gFnW41
RuntimeCompatibilityAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
System.Security
7MNEN%N/NnN7NTN]NDN
N`N~N!NcN
N*NNN?N$N-NcN
NvN7NXN-NGNHN%NaNEN
N}N:NRN
;@NYN0NRNsN8N9NKNqNQN
N	N|NEN<N
NTNINxN
N-NmNqN
I_N5N&N`N
N"NuNsN
N.NBNNN]NiNvNjN
N@NPN"N
NmN!N!NrN
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
PWWG0==
!MhiiA]]
	*--L~
Fuu5*++
Hmm-6m
lze#jkkS
Ccc#Z[[
M")wDdz
O'2J >
v'Lz]R
}	'Ziii
cV=X6!
%V__O{k
B!DwR;
H,yj g
c$c|/Jd0
VGR!.r
!|ZOj"M
7MMMhmmE
o>OYWSSC
bEQ	{8
[ZZ0{v
$eq_;^
mP='rr@ph
@ @II	
MS32> 
nGAAAF%
IM?U,R"
\V8\FX
AQ Dmm
^\?s.^
~(ihh@
/w_uu5
Sd<.QWWG\h?>
7`HKMMM
R[[K477
 MJmm-
7 -J$k
i(++CYY
;[hiiASS
B.rHo0
(++CYYY
~}}uuvn	3
~}|uuyyt
U98>owyz{s
7y{{{q
2hklh3
\]ZYED,
]ZYPNMH
0FOSS{J*
'~LT20,.yl
'taeg[d\w'
}^hiWx|
"&+jph|
)$,?	Y
9[zmWk@&
TUeVl&l
u/[-_N
=H"aQ{
66P]]Eyy
477g]s&ttt0}
n=aTE"
RW[AME
PVYIIi	
N5e+[\
VRRQEIE
SVUGYU
LdLJ	`
y|x<>4
x<Noo/
BQP5m0
WREBz	
hhB q2
+osquuu^
x|x|~4_
~ncY?2
==(B!:
S`II	MMM
TUTECS44M
P4m0 (
4YRJL]
P(tD;~:
l4B(h^
pyvV@`6
[,XPX&]
#100@ww7
555tttLx_
:6Gqq1
IJJj6k
[;?@HH
NII!77
trSwS^^
PXXH||<K
;w(//g
iG g6n
Ciu\JEE
h4RYYIyy9
ILL$##
:Dttt##
"..Nq}
*jkkEmmm
3GDFF*~
]YYIAA
Fpp0!!!t
.$<<\iu
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>