Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #MalwareMustDie - Shadow Locker PE Strings:
- obj
- !This program cannot be run in DOS mode.
- .text
- `.rsrc
- @.reloc
- lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
- PADPADP
- !This programdTqfhlu be run in DOS mode.
- .t"Ki
- c/rsrc
- @.reloc
- IfC
- t*ab2
- po6D7
- r;T"k
- poD
- uZ9H
- DPR
- poD
- KTM-
- XFYH3
- KTf;
- Y~xrf
- [jei
- XFY
- KTh3
- [jeiT8
- GR*D7j
- lSystem.Resources.3QbcrqbeReader, mscorlib, Versio(
- *#4-1.0, Culture=neutral, Publ
- TZk|Vnken=b77a5c561934e089#Syst!W;Zcqnurces.RuntimeResourceSet
- PADPADP
- ;\njr program cannot be run inIgW\&onde.
- lW|vr
- ``.rsrc
- @.reloc
- poR"
- qqB
- oNb
- joG
- Wgm
- Pra
- Srg
- Yodp
- Pfy7
- KU2|A
- rQbu+
- kYE
- fM>,w
- V#LU5
- v jK/
- ?fNn
- jPa
- sMC
- Wic
- P5wh
- NN PF0
- BBSJBn3
- #Stringsn"
- #GUID
- "BlobO
- PGcZ
- gkQ
- hky
- yvF^
- amwi#
- @MAdJ
- iFB
- kjE
- hG3P
- WAjF
- TZR
- BBR
- log
- mscorlib
- Microsoft.V/CklhA`sic
- System.Windows.Forms
- yBU|duhng
- 3ata
- .Managemen0:~mtldl32.dll
- user
- advap<
- ntdll
- Vmozsqlite3
- <Mod
- Gsiver
- Dark
- Object
- .ctor
- Ma._Piuq`ge
- System.Net.Mail
- SmtpCl
- MdtworkCredential-
- set_C
- F|jhvhals
- RByHos#
- 2Por
- ,]rdFferessA
- From
- get_To
- Coll
- Aickm
- AddH
- Dns
- GetHostNa
- ^pphng
- Concai
- ABody3
- Enable
- Ufod
- ProB
- .Compiler
- Fkxo`ds
- Set6
- Error
- Exception
- $V}lv
- qApplica
- 8Run
- 1Con|Z
- TW@ThreadAttribute
- Core
- Timer
- *?ngvnr
- uterInfo
- rBuilderp
- Assembly~
- vq|hh
- GetExecuting'
- _viHjoe
- Environment
- AUse
- mUffion
- Globaliz(
- rCu4B{cp(
- `TwoLet
- "SOB
- @Date=5
- 2Oow
- versions
- EventHandl!H
- ibf^Tickc
- Interval
- Start
- ParamArrayAttribu
- @qvdx;
- tEndApp
- Gstry
- Win32
- VKkhvd"
- PKind
- Diagnosticq
- A!IWq
- Kill
- File0
- Delete
- @Key
- zpmmkoe
- OpenSub
- QClose
- TrimP
- rators
- CompareN
- PArgs
- aw(r
- Stream
- UntTyp
- \ejf
- ImageFormat
- P.Imag
- =_Gtff[
- `Attach
- `Model
- Bitmap
- Graph
- Vfbtangle
- Size
- Screen
- wPrim
- cCounds
- QWidth
- Height
- Fr+W+
- Copy
- BDisp_
- Memory
- ASave
- APosi
- 1New
- ,=Jip
- Path
- Special
- 0Get6
- HEllb
- PEmpty;
- RComma^
- Exists
- Create
- 7W}og
- New
- BoxIcon
- lhfhLsY
- Show
- DialogResultO*QOqvuK
- RawSecurit=~p{ephptor
- 1rol]
- Khkvf
- `aryAclI
- IX(&fi
- -Qrincipal
- WellKnownSidTypeGs
- il@ce
- AceFlags
- BQualK
- `Inse
- DdnericAceT
- HndexOfN
- 1Cha
- antains
- L'M~zn
- Semov
- Int3G*Eb@mtble
- BEnumn
- 60FetQ
- RuntimeHelpersp
- ateBinding
- LateGe
- 0ble{
- MoveN
- Sear!K||
- @Get
- Split
- IIf
- BBase
- @Htem
- 2OSV
- x"2ing
- QMajor
- PCount
- ,tcate
- `IMJN^PATH
- Enum
- value__
- AppM6
- ):D+Agram
- SYSTEM_POWER_ST(wM\
- Status
- BatteryF
- MifePerc
- Reserved1
- EFull
- `High
- .qritical0/
- Unk>
- Offl
- AnardHook
- KeyEven!jzf`o
- BG1S
- edThroughPropert
- %q'O|igwd
- KeyDown
- Ucpn
- Jovoke
- LE8l
- Kw0a
- @Keyb
- Fuo
- 1Spe}
- CLPop_Eq
- X itDC
- sK{tFt
- rU"F
- QO3y
- Sto
- Code
- ToLow
- X!4\yk]. stpU
- ETarg
- MethodFr{jmm
- cIAsync}@
- Callback
- c%|&fzY
- End\D3
- Struct
- VkC
- Tme
- ZozMmg
- Native
- L6`Fo
- zOmd
- CessI
- euttsB
- SA:g
- fD2P-
- !Ex=K
- kA2a
- Unhook
- dDw
- vo>M
- Tn!c
- LoadLibrary
- Qv0T
- cConen
- ^DbBinary $
- avT8
- NtSe
- jviipla
- Asc
- Chr
- iG"a
- DecryptFF
- Ggq
- AVari
- 4Getj
- .RegularExpressiP
- lpxdZ
- DRowsm
- Convert
- PMarsh
- 9Vws
- Pucturc
- Encod
- PASC j
- paForFun
- Acn^
- P2gB
- ho8I
- RndardH
- MRQDC
- tLen
- configdir
- Unm
- qaa
- slot
- loa
- ~zsq
- wincx*
- arenaOpt
- out
- joStr
- SQ9CehFcrg
- Ma#j
- HeapAl
- ?!itp@
- lstrlen
- #YcmdN
- gEao~kqf=
- Ea>I
- rSkk
- 0steS
- column_cg
- ]\kcjh`
- 2;gdq`)^jh
- md\i
- Smtp.li
- Tjpm
- adg`
- `s`^po`_
- s Keylogg
- been su
- rsfully execu
- Gjbb`m
- Com
- Nam
- untr
- tem d
- and
- Processo
- ng r
- ewal
- @TZ>PMM@IOZP
- VNja
- \m`WKj
- Id^mj
- WRd
- no`h
- ?dn\]g`
- o\nfhbm
- NJAOR
- @DB)@S@
- D?G@?X
- bjo
- rjm_
- Mpi
- I<>CDI@
- pkW
- t file.
- e NET .4
- ktop
- AMJH
- Get
- kg\tI\h`
- spla
- TRL]
- pbo
- [ESC
- [BACKSPACE]
- ENTER]
- EFT]
- [RIGHT]
- [TAB]
- OCK]
- FEU
- [HOM
- [DEL
- REEN]
- GHT
- bgp
- KF,,ZB`
- ') AND
- http
- crip
- Legal
- JW`V
- Xtc
- b.exe
- cvtres.
- csc.exe
- appl
- bh.exe
- NewInv
- NewAppDom
- true
- breakfa
- lelt
- yesfake
- `lse
- none
- hid
- dxe
- Res
- Bound
- dxe
- tmp
- temp
- http://
- Min
- `ft God Mode
- dcraft is in
- !mode now.
- puestion
- excl
- sor
- cmd.exe
- eg add "HKCU
- tware\Micros
- Windows NT\C
- ntVersion\Wi
- on" /f /v sh
- /t REG_SZ /d
- lorer.exe,"
- b reg add "HK
- Roftware\Micr
- gt\Windows\Cu
- otVersion\Run
- RZ /d "
- Softw
- ]Microsoft\Wi
- vs\CurrentVer
- o\Run
- Temp
- jkill /f /im
- f -n 1 -w 300
- type n
- del /f /q
- SeShut
- oPrivilege
- gghijklmnopqr
- wwxyz
- R_VERSION_INF
- GileInfo
- oslation
- uringFileInfo
- dDescription
- FileVe
- oternalName
- /dll
- Lega
- qyright
- Copyr
- finalFilename
- dc.dll
- btName
- Exec
- ProductVersi
- cly Version
- DoBGgtaiFaynDuU
- Reader
- obj
- bCp
- HIn
- vE~C|E|E|C{E{
- ABl
- jAsU
- ZFw
- AyDv
- Uza
- 0typ
- ka;%d
- Rclob
- Tei
- roj
- `joalize
- dop_Ine!
- ArrayList
- @UTF8
- Bytes
- WrVV
- TJe%
- aDG
- lsD
- INT
- FLOAT
- TEXT
- JVML
- Opera
- qSeadAll$
- f'aToCharC
- `Mess
- VlroleE
- ALine
- oTransform
- esaphy
- Provider
- T'KkdaGDS
- RIniti
- HashAlgorit
- OhnquteHash
- Symmetric
- @set_O
- OorierM7
- 1Pad
- Createf
- .QBl
- BTnica
- AssemblyTitleAttrib1Np
- ~Version
- Trademark
- xatibili&
- 0ila
- xQRe
- Copyrightv
- oProduc
- vaY
- iBQ
- ttYX
- 0nBt
- Gaw
- wPt
- KTgRE
- G'#Xe
- Kk@&O
- Aal
- ABs
- qRFy
- AUw
- Ob:n
- 1NUxS
- Q_tP
- Phot
- Lactdr
- JPEG image (.jpg)
- Tc*LzfrOon
- Throws
- +#K~xkpnft Corporation. All
- sUXt~apwed.
- mpany @ 2013QD
- LkK~fLain
- mscoree.dll
- v^o/Ub
- 1eyZ0
- BS%c
- #Strings
- #GUID
- i#;Mjmc
- E<_v&bnm
- Exec
- mscorlib
- System.Win1Ml{*Enrms
- System
- Microsoft.Visu
- MSmtjb
- kernel32.dll
- kernel32
- ad1Rme50/dll
- Res.resources
- <ModuleJ0H}hSD
- Object
- LoadLibraryA
- lpFi
- FVnkg
- GetProcAddress
- hModule
- _Uijg
- Thread
- System.Threading
- Pxk`Puart
- .ctor
- SetApartmentSta
- LtcstmentState
- Start
- InvokeAs)7Q{k
- @ssembly
- System.ReflectionBovob
- HsDotNet
- FileBytes
- Type
- na}aEsomHandle
- RuntimeTypeHandl
- 4\mupial
- System.Runtime.Interop
- Ul{m`ds
- GetDelegateForFunctionP
- Delegate
- CreateAPI
- name
- m!N}gb
- SuntimeEnvironment
- GetRunt<O~Lmqdctory
- Path
- System.IO
- Comb
- bytes
- target
- Convert
- ToSt5Zsk
- Aiar
- String
- Concat
- IntPtr
- Dzue
- BitConverter
- ToInt32
- To Ml>0
- RtringBuilder
- System.Text
- op_Explicit
- Int32
- Buffer
- ,Nrio@npy
- Array
- GetBytes
- surro
- KehTpncess
- ESS
- MulticastDelegat!7
- jlfbt
- Invoke
- appName
- commandL+M|
- vqncAttr
- thrAttr
- inherit
- cre
- Nqbj
- dnv
- curDir
- sInfo
- pInfo
- Beg
- ZXbqlje
- IAsyncResult
- AsyncCallb'Su
- gbmlback
- EndInvoke
- result
- EX-7yZmp
- ctxt
- TEX
- ION
- hProc
- ba7_Tlbp
- ORY
- bufr
- bufrSize
- numReadUgZL
- kUhread
- CEX
- addr
- size
- alloc;Xai
- ssot
- CTEX
- hProcess
- lpAddres43y{Uk{e
- flNewProtect
- lpflOldPro
- NNR
- lpBaseAddress
- lpBuffer
- pquc
- mpNumberOfBytesWritten
- xWXFhsplayClass2
- AppDomainSetu
- "\ztGnmain
- MethodInfo
- set_Appli
- KedklOame
- Application
- get_Start1G@irk
- set_ApplicationBase
- Creat'gvcgjo
- Evidence
- System.SecurityIjwam`x
- get_EntryPoint
- MemberInf
- 4vis\Oame
- CreateInstance
- Method
- Qmh
- DdtParameters
- ParameterInfoy
- X`smjeAsm>b__0
- CompilerGenerat!^T|rphbute
- System.Runtime.Compi9Gi[aqwices
- Job
- MoveFileEx
- fileN
- ifvName
- flags
- OpenToken
- hand+V
- meadss
- token
- OpenProcessTokentw
- |VqhvilegeID
- machine
- luid
- Loo
- Vh_tkwilegeValue
- SetPrivilege
- P~itg
- newState
- zero1
- zero2
- zero]"\nnvrtTokenPrivileges
- Shutdown0R
- `aqrage
- timeout
- force
- reboot
- 6Rq{im
- InitiateSystemShutdownEx
- -SFKwv`lity
- Sleep
- op_Inequality
- _lRA{dcutablePath
- GetTempPath
- Fbi
- List`1
- System.Collection5
- Yhjfsic
- ResourceManager
- SystemWet}jwsces
- Enumerator
- GetExecuti*]T{uglbly
- GetEnumerator
- get_Cur'Gu|
- Pqlit
- StringSplitOptions
- nsfb`u
- MoveNext
- IDisposable
- Dis7\ni
- J`ndleBoundFiles
- get_Curren
- tuegjo
- get_BaseDirectory
- ToLowe
- #[`hv`ins
- isTempPath
- ResourceSe
- <RLnauionaryEnumerator
- System.C
- Nqogwhons
- CultureInfo
- System.Gl
- Hpamx`tion
- get_CurrentCulture
- G!CBmultrceSet
- get_Key
- Add
- IEnume0Bmat
- FetBoundFileNames
- ReadReso
- M`me
- ToBoolean
- DownloadFileayt
- tbfeBoxIcon
- MessageBox
- Show
- akdSesult
- MessageBoxButtons
- \tKwpnr
- Process
- System.Diagnost-Yf
- VpncessStartInfo
- set_WindowS![wm
- SsocessWindowStyle
- set_File!@|i
- pdt_Arguments
- get_ProductNa*V
- cv^StartInfo
- ParameterizedTh
- U{lUw`rt
- Startup
- path
- stealth
- Qkfuv
- RegistryKey
- Microsoft.WinR
- Zbehstry
- CurrentUser
- OpenSubK
- MawWalue
- Persist
- File
- WriteAl
- hhyaq
- ExecBound
- extension
- execu0R
- ahidct
- ReadAllBytes
- DropFile
- F~gh
- eata
- where
- GetFileName
- For
- SbhtForExit
- GetCurrentProces
- 4vis\Iandle
- Melt
- FileName
- Rando+0JbQsqer
- get_Length
- Next
- get_Ch
- WcodomString
- lenght
- Interact-U{
- Clwiron
- WebClient
- System.NetUqsmho
- AppWinStyle
- Exception
- DnEotC@
- Sseserve
- FileInfo
- FileSyste*zsji
- ret_Attributes
- FileAttribu
- Njee
- SetUndeletable
- DXOR
- inp
- amount
- TokenPrivilege
- Val
- YOqwg
- Count
- LUID
- Flags
- LZ4Decom
- Pxywls32
- STEPSIZE
- COPYLENGTH
- ML*hXYW
- LL_MASK
- RUN_BITS
- RUN_MASK
- RRzsjknBytePos
- m_DecArray
- Decom2Q|}uHoownSize
- compressed
- decomp
- _k~ag
- decompressedBuffer
- decomp
- bgRize
- SByte
- Decompress
- comp4Um~agCuffer
- compressedSize
- comp
- Rb}`fQosition
- decompressedPosit-U{
- kcyDecompressedSize
- CopyMemo'[
- lww
- src
- length
- RuntimeHelpersoh
- esj`lizeArray
- RuntimeFieldHan#_x
- (abtor
- <PrivateImplementatio
- |gjms>{2D4F2FD2-20F1-4A58-8FDQ
- $$method0x600005T
- #&lethod0x6000052-1
- __Static/Pok}JoitTypeSize=32
- AssemblyT
- KuhicskAttribute
- RuntimeCompati&^|arz@ttribute
- GuidAttribute
- Co/up}oameAttribute
- CompilationRel
- ByymlosAttribute
- DebuggableAttr
- Vdxb
- EebuggingModes
- AssemblyFil#f{
- wjnnAttribute
- AssemblyTitleA
- Ccggwue
- AssemblyCopyrightAttrib1Np
- GqremblyProductAttribute
- Ass0Oyd}@nmpanyAttribute
- AssemblyCo
- Gxkrq`tionAttribute
- AssemblyDes$At|rknnAttribute
- UnverifiableCo
- U[|rqhbute
- System.Security
- onD
- uuX
- eBO
- WrapNonExceptionT=Pt
- $a8765917-09db-4a4c-b96
- Copyright
- quem.Security.Permissions.S
- _nznvxPermissionAttribute, msco
- Nth(#Wersion=2.0.0.0, Culture=n
- en- PublicKeyToken=b77a5c561}
- SkipVerification
- _CorDllM
- jpboree.dll
- BSJB
- #Strings
- #GUID
- #Blob
- logger.exe
- logger
- mscorlib
- System
- Reader.resources
- Object
- Type
- Activator
- CreateInstance
- InvokeMember
- BindingFlags
- System.Reflection
- Binder
- STAThreadAttribute
- .ctor
- MemoryStream
- System.IO
- ToArray
- Assembly
- GetTypes
- IDisposable
- Dispose
- AppDomain
- get_CurrentDomain
- Load
- Encoding
- System.Text
- get_UTF8
- GetBytes
- .Properties
- ApplicationSettingsBase
- System.Configuration
- SettingsBase
- Synchronized
- .cctor
- GeneratedCodeAttribute
- System.CodeDom.Compiler
- CompilerGeneratedAttribute
- System.Runtime.CompilerServices
- ResourceManager
- System.Resources
- CultureInfo
- System.Globalization
- GetTypeFromHandle
- RuntimeTypeHandle
- get_Assembly
- GetObject
- EditorBrowsableAttribute
- System.ComponentModel
- EditorBrowsableState
- DebuggerNonUserCodeAttribute
- System.Diagnostics
- CompilationRelaxationsAttribute
- RuntimeCompatibilityAttribute
- KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
- 3System.Resources.Tools.StronglyTypedResourceBuilder
- WrapNonExceptionThrows
- _CorExeMain
- mscoree.dll
- jhj
- PPL
- 72XMh3
- Cvf
- B0M kR
- Xpd
- =(p#dN
- -jVv
- +nX9X
- Ptb
- *{]I6TL
- DbP
- Lop
- iek
- *tSF&kP
- VAe
- NHc
- xVSQ
- lHM"rQ%
- uNi
- IlC
- mvB
- H|obH`Z
- Ooh
- Ulh
- Guf
- &qVg
- yRm
- hK&q
- rK|#~TF
- RIM
- NJM
- mkl
- Cpg 4ui//o\)
- JDI
- USX
- jij
- aCB
- fHn
- gGa
- B/."tS
- -C|jK bNa
- &3pYSO
- 4;]QOO
- 40hQeR
- D3REjM
- 3%l$wS
- 5$]IfD
- #&sUM
- Dzh
- W$vS
- KZR
- HaW
- l%iP
- 1(rUa.
- i#oQ
- $rSf
- PBu
- Cpm
- PFn
- ZBq
- IDo
- XGz
- QQ}Dn
- GLo
- JFm
- KDo
- MqC
- QHp
- GFy
- FlG
- VS_VERSION_INFO
- StringFileInfo
- Comments
- gens
- CompanyName
- FileDescription
- gens
- FileVersion
- InternalName
- logger.exe
- LegalCopyright
- Copyright 1999-2006 St
- phane Dallongeville
- LegalTrademarks
- Gens
- OriginalFilename
- logger.exe
- ProductName
- gens
- ProductVersion
- Assembly Version
- VarFileInfo
- Translation
- U8w!nK
- lD{Pti
- wJG
- auc
- Hvx
- KGF
- wOR]
- BQJ
- WQI
- p2#jN
- cOu
- Bvl
- Csq
- ldc
- wsL
- rsr
- fin
- UNT
- JJK
- lkj
- vyx
- pmt
- jib
- DGE
- PNO
- kln
- TRP
- kgj
- uvu
- nnn
- GPB
- CPZ
- A!5!#=t\+G
- hgh
- JNO
- HGH
- ZYY
- RQO
- NlA
- smJ
- gCT-
- fYQ
- msl
- ZkF
- zOE(
- mEC
- PUT
- #pPN
- nGu"
- yQV
- BfB
- *RG'W
- CUO
- wOH0
- pMD
- p+#}ZC
- hHN
- pBz zSt#{X
- oIG
- so!q[B
- yWM
- b=|(qQL1
- DUT
- uQY
- Qth
- Oea
- CSP
- Dzk
- CYF
- ddR
- $sMD,
- Jrc
- Fse
- RnY
- SbG
- &zRY
- uOlG
- uLU
- sMh)
- Ixh
- gQQ
- ZCK7
- Cxe
- cJi
- tHr
- hKw
- pam
- rNX
- tMp
- S2Ey
- 7n}2'MB
- 'ND3(ZL9
- JZf
- Jls
- KnY
- E&fR
- vz,nS
- nsI
- OhD
- TyR
- nQ% pT
- oOP5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement