.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ----  -------------.
!  WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS                                                            !
`--------------  - ---  ---------- -------- -------- -------- -------- ----------------- -  ---- ---- --'

                                           ATM MALWARE NOTICE 
                    d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9
 
Date...........: 2013-10-24
Family.........: Ploutus
File name......: pulsar.exe
File size......: 32.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://www.symantec.com/connect/blogs/backdoorploutus-reloaded-ploutus-leaves-mexico

Entropy:


Binary Histogram:


=== PEDUMP REPORT === 
=== MZ Header === signature: "MZ" bytes_in_last_block: 144 0x90 blocks_in_file: 3 3 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 128 0x80 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 3 3 TimeDateStamp: "2013-07-24 07:09:14" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 8.0 SizeOfCode: 30208 0x7600 SizeOfInitializedData: 2048 0x800 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 37966 0x944e BaseOfCode: 8192 0x2000 BaseOfData: 0 0 ImageBase: 4194304 0x400000 SectionAlignment: 8192 0x2000 FileAlignment: 512 0x200 OperatingSystemVersion: 4.0 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 57344 0xe000 SizeOfHeaders: 512 0x200 CheckSum: 0 0 Subsystem: 2 2 WINDOWS_GUI DllCharacteristics: 34112 0x8540 DYNAMIC_BASE, NX_COMPAT, NO_SEH TERMINAL_SERVER_AWARE SizeOfStackReserve: 1048576 0x100000 SizeOfStackCommit: 4096 0x1000 SizeOfHeapReserve: 1048576 0x100000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 93fc size:0x 4f RESOURCE rva:0x a000 size:0x 600 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x c000 size:0x c DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 2000 size:0x 8 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 2008 size:0x 48 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS .text 2000 7454 7600 200 0 0 0 0 60000020 R-X CODE .rsrc a000 600 600 7800 0 0 0 0 40000040 R-- IDATA .reloc c000 c 200 7e00 0 0 0 0 42000040 R-- IDATA DISCARDABLE === RESOURCES === FILE_OFFSET CP LANG SIZE TYPE NAME 0x78a0 0 0 736 VERSION #1 0x7b80 0 0 490 MANIFEST #1 === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME mscoree.dll 0 _CorExeMain === VERSION INFO === # VS_FIXEDFILEINFO: FileVersion : 1.0.0.0 ProductVersion : 1.0.0.0 StrucVersion : 0x10000 FileFlagsMask : 0x3f FileFlags : 0 FileOS : 4 FileType : 1 FileSubtype : 0 VarFileInfo : [ 0x0, 0x4b0 ] # StringTable 000004b0: CompanyName : "Ploutos" FileDescription : "Ploutos" FileVersion : "1.0.0.0" InternalName : "Ploutos.exe" LegalCopyright : "Copyright \u00A9 Ploutos 2013" OriginalFilename : "Ploutos.exe" ProductName : "Ploutos" ProductVersion : "1.0.0.0" Assembly Version : "1.0.0.0" === Packer / Compiler === MS Visual C# / Basic .NET
=== Strings ===
File pos Mem pos ID Text ======== ======= == ==== 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 000000000178 000000400178 0 .text 0000000001A0 0000004001A0 0 .rsrc 0000000001C7 0000004001C7 0 @.reloc 0000000002A7 0000004020A7 0 aaX ; 0000000002AF 0000004020AF 0 9#8wY 0000000002C4 0000004020C4 0 a +l7EXY 0000000002D4 0000004020D4 0 UKY z 0000000002DE 0000004020DE 0 MrG AB.m 0000000002E9 0000004020E9 0 AkaaYYaaYa 00000000032E 00000040212E 0 ,O s 0000000003E7 0000004021E7 0 LYXaa 0000000003FF 0000004021FF 0 zG7YYa 0000000005AD 0000004023AD 0 ZXYa 0000000005B4 0000004023B4 0 _laYc 0000000007C3 0000004025C3 0 FQyaa 0000000007D5 0000004025D5 0 '[aXYj!$ 00000000089C 00000040269C 0 !LVY= 000000000906 000000402706 0 XaaXY 000000000C74 000000402A74 0 XYa _ 000000000C7E 000000402A7E 0 I)bY 1m 000000000C9C 000000402A9C 0 SXaaY j! 000000000CB6 000000402AB6 0 XaaXYa 000000000CF7 000000402AF7 0 d@Y \J 000000000D13 000000402B13 0 Y qvzRXXa 000000000D40 000000402B40 0 +YXYaXYY h 000000000D6E 000000402B6E 0 |-a [ 000000000D7A 000000402B7A 0 }Xaa4 000000000E11 000000402C11 0 [d?QYXX 000000000E20 000000402C20 0 %$dX 000000000E33 000000402C33 0 vYY ~ 000000000E3F 000000402C3F 0 5Yaaa} 000000000EBF 000000402CBF 0 l~7lXX = 000000000FAD 000000402DAD 0 =$aXX V:pl 000000000FEA 000000402DEA 0 wX 2z 000000000FF4 000000402DF4 0 VLaX 000000001023 000000402E23 0 SXXX V 000000001035 000000402E35 0 qaYaaaXX_b 0000000010BD 000000402EBD 0 ZYYYaYaXXYX_bj 000000001134 000000402F34 0 q92 r 00000000114D 000000402F4D 0 fXXaY 000000001160 000000402F60 0 5,a l 000000001177 000000402F77 0 AYXaa_bY* 0000000011CD 000000402FCD 0 jvaaa eU 0000000011EB 000000402FEB 0 _aYYYX B 000000001204 000000403004 0 HXXY ] 00000000127B 00000040307B 0 6Y *P 00000000128B 00000040308B 0 0waXXaX 000000001296 000000403096 0 HaX_b 000000001331 000000403131 0 =X ! 00000000133D 00000040313D 0 {XaY 000000001442 000000403242 0 M{AXY 000000001466 000000403266 0 ".4 MR 000000001472 000000403272 0 tYX R 000000001483 000000403283 0 ?XYa { 0000000014A1 0000004032A1 0 #YYa 0000000014B9 0000004032B9 0 ~YYaaYX(# 000000001513 000000403313 0 AT@_XY 00000000152C 00000040332C 0 ]}YYa 000000001535 000000403335 0 )YaX File pos Mem pos ID Text ======== ======= == ==== 00000000154B 00000040334B 0 xIYY 000000001553 000000403353 0 8aXa 2 000000001574 000000403374 0 ?sYa jo 00000000158B 00000040338B 0 ->GXXX B 0000000015A0 0000004033A0 0 maYYa_b 0000000016D9 0000004034D9 0 DY,3X 000000001ACE 0000004038CE 0 ]1XXX 000000001ADD 0000004038DD 0 p#ywX 000000001AE8 0000004038E8 0 aXYa 000000001AEE 0000004038EE 0 dY/ x5 000000001AFF 0000004038FF 0 |ZaYa_bX 000000001CEB 000000403AEB 0 FMc> _ 000000001CF9 000000403AF9 0 /aXXX_b 000000001D3F 000000403B3F 0 =YXY "9 000000001D51 000000403B51 0 yXXaXY_b 000000001DD2 000000403BD2 0 4YXaa 000000001DF4 000000403BF4 0 NdYXXY ,=s F_l:YYY_b 000000001E60 000000403C60 0 XYY R 000000001E70 000000403C70 0 8kYYY_b 000000001EBB 000000403CBB 0 mzX C 000000001EC7 000000403CC7 0 sYXaXY_cX* 000000001F3F 000000403D3F 0 80KGXaYX 000000001F50 000000403D50 0 |CYX ? 000000001F66 000000403D66 0 ,raY rb"~ X 000000001F77 000000403D77 0 ]ubYY -C 000000001F97 000000403D97 0 /YYXa 000000001FA3 000000403DA3 0 _!QY 000000001FBD 000000403DBD 0 bY ER 000000001FCD 000000403DCD 0 <aYaY 00000000201A 000000403E1A 0 XY MN 000000002025 000000403E25 0 dYa [ 00000000203F 000000403E3F 0 3 YX 000000002056 000000403E56 0 vXaX 00000000205E 000000403E5E 0 WaXaaaX 0000000020B1 000000403EB1 0 BiYY ! 0000000020CC 000000403ECC 0 'faa bQ>c 0000000020E3 000000403EE3 0 jYYa 0000000020F0 000000403EF0 0 4XYX 0000000020F6 000000403EF6 0 z\faYXXX , 000000002103 000000403F03 0 )&oZX 000000002128 000000403F28 0 bYY k 000000002133 000000403F33 0 *<YaXYY 0000000021B4 000000403FB4 0 QXX n'8 0000000021D1 000000403FD1 0 e gu 0000000022F4 0000004040F4 0 F(.|T 0000000023E0 0000004041E0 0 z0k'T 0000000025F1 0000004043F1 0 ?x"(BmfZ 0000000027E4 0000004045E4 0 XrXVp 000000002990 000000404790 0 ZsiGdAp 000000002B2D 00000040492D 0 Q[xYs 000000002D05 000000404B05 0 wbZ*X 000000002DEC 000000404BEC 0 'qe Z 000000002E38 000000404C38 0 RB::oGK 000000003079 000000404E79 0 UsOPfrQ[ 000000003106 000000404F06 0 4y_\z 00000000321A 00000040501A 0 7}fd@ 00000000333F 00000040513F 0 \%WA1 00000000347A 00000040527A 0 +J _"m 000000003567 000000405367 0 =zioS 0000000035E6 0000004053E6 0 hq.(kp6C File pos Mem pos ID Text ======== ======= == ==== 0000000036B4 0000004054B4 0 +~4Ks 0000000036F6 0000004054F6 0 /f(k? 0000000037DB 0000004055DB 0 S#Ft]- 00000000384C 00000040564C 0 V4*ui 000000003889 000000405689 0 lncOoW 000000003A75 000000405875 0 c23:J 000000003A7B 00000040587B 0 n!pd| 000000003C01 000000405A01 0 TZY+* 000000003C9B 000000405A9B 0 xKtHg 000000003CF9 000000405AF9 0 ;)3+=)8 000000003D0D 000000405B0D 0 /kL B5W 000000003E25 000000405C25 0 !aOLM 000000003E42 000000405C42 0 r_jlX 000000003F5B 000000405D5B 0 WG4zT 00000000428D 00000040608D 0 i_{;U 00000000439B 00000040619B 0 ka_rH 000000004475 000000406275 0 anL#/ 00000000448D 00000040628D 0 zd;.%k 000000004785 000000406585 0 xJ@Fu 000000004A30 000000406830 0 \b.![} 000000004AB5 0000004068B5 0 -SGE) 000000004CBD 000000406ABD 0 0/:[K<U 000000004D26 000000406B26 0 f9rlSu 000000004DBE 000000406BBE 0 H=@ R- 000000004E00 000000406C00 0 k1vJ% 000000004E3B 000000406C3B 0 u;ut7.TcJ 000000004EF2 000000406CF2 0 Uw(VEB 00000000505F 000000406E5F 0 P_l\? 0000000050FD 000000406EFD 0 \wf2M 000000005188 000000406F88 0 Y6$o{E+ 000000005190 000000406F90 0 qD:q@ 000000005216 000000407016 0 12Z a 000000005230 000000407030 0 q'~NbZ 00000000552F 00000040732F 0 sF&$x 00000000557E 00000040737E 0 Kn}c- 0000000055A6 0000004073A6 0 Z_~5@ 000000005630 000000407430 0 !N}7! 000000005810 000000407610 0 o:zp 000000005AC4 0000004078C4 0 ;CR?8 000000005B73 000000407973 0 -HF>g2K 000000005BA0 0000004079A0 0 $WeZEcs 000000005CBC 000000407ABC 0 ~:7{Jv# 000000005D20 000000407B20 0 2z R\ 000000005D26 000000407B26 0 sHy4* 000000005DB4 000000407BB4 0 6c APV 000000005EBF 000000407CBF 0 5ZW,1# 000000005F6A 000000407D6A 0 n)n1aXz 0000000061D4 000000407FD4 0 v2.0.50727 0000000061F8 000000407FF8 0 #Strings 000000006218 000000408018 0 #GUID 000000006228 000000408028 0 #Blob 000000006AD1 0000004088D1 0 Ploutos.exe 000000006ADD 0000004088DD 0 Ploutos 000000006AE5 0000004088E5 0 mscorlib 000000006B07 000000408907 0 <Module> 000000006B10 000000408910 0 .cctor 000000006B17 000000408917 0 CompressShell 000000006B25 000000408925 0 Object 000000006B2C 00000040892C 0 System 000000006B3F 00000040893F 0 Module File pos Mem pos ID Text ======== ======= == ==== 000000006B46 000000408946 0 System.Reflection 000000006B58 000000408958 0 GetLenToPosState 000000006B6D 00000040896D 0 BinaryReader 000000006B7A 00000040897A 0 System.IO 000000006B84 000000408984 0 Stream 000000006B8B 00000040898B 0 Assembly 000000006B94 000000408994 0 Encoding 000000006B9D 00000040899D 0 System.Text 000000006BA9 0000004089A9 0 get_UTF8 000000006BB2 0000004089B2 0 ResolveEventArgs 000000006BC3 0000004089C3 0 get_Name 000000006BCC 0000004089CC 0 GetBytes 000000006BD5 0000004089D5 0 GetString 000000006BE4 0000004089E4 0 GetTypeFromHandle 000000006BF6 0000004089F6 0 RuntimeTypeHandle 000000006C08 000000408A08 0 get_Assembly 000000006C15 000000408A15 0 GetManifestResourceStream 000000006C2F 000000408A2F 0 .ctor 000000006C35 000000408A35 0 get_Length 000000006C40 000000408A40 0 ReadBytes 000000006C4A 000000408A4A 0 IDisposable 000000006C56 000000408A56 0 Dispose 000000006C68 000000408A68 0 Buffer 000000006C6F 000000408A6F 0 BlockCopy 000000006C79 000000408A79 0 Array 000000006C7F 000000408A7F 0 DecryptAsm 000000006C8A 000000408A8A 0 sender 000000006C93 000000408A93 0 ResolveResource 000000006CA3 000000408AA3 0 CryptoStream 000000006CB0 000000408AB0 0 System.Security.Cryptography 000000006CCD 000000408ACD 0 RijndaelManaged 000000006CDD 000000408ADD 0 MemoryStream 000000006CEA 000000408AEA 0 ReadInt32 000000006CF4 000000408AF4 0 SymmetricAlgorithm 000000006D07 000000408B07 0 CreateDecryptor 000000006D17 000000408B17 0 ICryptoTransform 000000006D28 000000408B28 0 CryptoStreamMode 000000006D3E 000000408B3E 0 BitConverter 000000006D4B 000000408B4B 0 ToUInt32 000000006D54 000000408B54 0 ReadByte 000000006D5D 000000408B5D 0 Exception 000000006D67 000000408B67 0 Decrypt 000000006D73 000000408B73 0 modPow 000000006D86 000000408B86 0 MethodBase 000000006D91 000000408B91 0 GetEntryAssembly 000000006DA2 000000408BA2 0 LoadModule 000000006DAD 000000408BAD 0 AppDomain 000000006DB7 000000408BB7 0 get_CurrentDomain 000000006DC9 000000408BC9 0 ResolveEventHandler 000000006DDD 000000408BDD 0 add_AssemblyResolve 000000006DF1 000000408BF1 0 ResolveMethod 000000006DFF 000000408BFF 0 GetParameters 000000006E0D 000000408C0D 0 ParameterInfo 000000006E1B 000000408C1B 0 Invoke 000000006E22 000000408C22 0 Int32 000000006E32 000000408C32 0 STAThreadAttribute 000000006E45 000000408C45 0 State 000000006E4B 000000408C4B 0 ValueType 000000006E55 000000408C55 0 Index 000000006E60 000000408C60 0 UpdateChar File pos Mem pos ID Text ======== ======= == ==== 000000006E6B 000000408C6B 0 UpdateMatch 000000006E77 000000408C77 0 UpdateRep 000000006E81 000000408C81 0 UpdateShortRep 000000006E90 000000408C90 0 IsCharState 000000006E9C 000000408C9C 0 OutWindow 000000006EA6 000000408CA6 0 _buffer 000000006EB3 000000408CB3 0 _windowSize 000000006EBF 000000408CBF 0 _streamPos 000000006ECA 000000408CCA 0 _stream 000000006ED2 000000408CD2 0 Create 000000006ED9 000000408CD9 0 windowSize 000000006EE4 000000408CE4 0 stream 000000006EEB 000000408CEB 0 solid 000000006EF1 000000408CF1 0 ReleaseStream 000000006EFF 000000408CFF 0 Write 000000006F05 000000408D05 0 Flush 000000006F0B 000000408D0B 0 CopyBlock 000000006F15 000000408D15 0 distance 000000006F1E 000000408D1E 0 PutByte 000000006F28 000000408D28 0 GetByte 000000006F30 000000408D30 0 Decoder 000000006F38 000000408D38 0 Range 000000006F43 000000408D43 0 Normalize 000000006F4D 000000408D4D 0 DecodeDirectBits 000000006F5E 000000408D5E 0 numTotalBits 000000006F6B 000000408D6B 0 BitDecoder 000000006F7B 000000408D7B 0 Decode 000000006F82 000000408D82 0 rangeDecoder 000000006F8F 000000408D8F 0 BitTreeDecoder 000000006F9E 000000408D9E 0 Models 000000006FA5 000000408DA5 0 NumBitLevels 000000006FB2 000000408DB2 0 numBitLevels 000000006FBF 000000408DBF 0 ReverseDecode 000000006FCD 000000408DCD 0 startIndex 000000006FD8 000000408DD8 0 LzmaDecoder 000000006FE4 000000408DE4 0 m_OutWindow 000000006FF0 000000408DF0 0 m_RangeDecoder 000000006FFF 000000408DFF 0 m_IsMatchDecoders 000000007011 000000408E11 0 m_IsRepDecoders 000000007021 000000408E21 0 m_IsRepG0Decoders 000000007033 000000408E33 0 m_IsRepG1Decoders 000000007045 000000408E45 0 m_IsRepG2Decoders 000000007057 000000408E57 0 m_IsRep0LongDecoders 00000000706C 000000408E6C 0 m_PosSlotDecoder 00000000707D 000000408E7D 0 m_PosDecoders 00000000708B 000000408E8B 0 m_PosAlignDecoder 00000000709D 000000408E9D 0 m_LenDecoder 0000000070AA 000000408EAA 0 m_RepLenDecoder 0000000070BA 000000408EBA 0 m_LiteralDecoder 0000000070CB 000000408ECB 0 m_DictionarySize 0000000070DC 000000408EDC 0 m_DictionarySizeCheck 0000000070F2 000000408EF2 0 m_PosStateMask 000000007101 000000408F01 0 _solid 000000007111 000000408F11 0 SetDictionarySize 000000007123 000000408F23 0 dictionarySize 000000007132 000000408F32 0 SetLiteralProperties 00000000714D 000000408F4D 0 SetPosBitsProperties 000000007165 000000408F65 0 inStream 00000000716E 000000408F6E 0 outStream 000000007178 000000408F78 0 inSize File pos Mem pos ID Text ======== ======= == ==== 00000000717F 000000408F7F 0 outSize 000000007187 000000408F87 0 SetDecoderProperties 00000000719C 000000408F9C 0 properties 0000000071A7 000000408FA7 0 LenDecoder 0000000071B2 000000408FB2 0 m_Choice 0000000071BB 000000408FBB 0 m_Choice2 0000000071C5 000000408FC5 0 m_LowCoder 0000000071D0 000000408FD0 0 m_MidCoder 0000000071DB 000000408FDB 0 m_HighCoder 0000000071E7 000000408FE7 0 m_NumPosStates 0000000071F6 000000408FF6 0 numPosStates 000000007203 000000409003 0 posState 00000000720C 00000040900C 0 LiteralDecoder 00000000721B 00000040901B 0 m_Coders 000000007224 000000409024 0 m_NumPrevBits 000000007232 000000409032 0 m_NumPosBits 00000000723F 00000040903F 0 m_PosMask 000000007249 000000409049 0 numPosBits 000000007254 000000409054 0 numPrevBits 000000007260 000000409060 0 GetState 00000000726D 00000040906D 0 prevByte 000000007276 000000409076 0 DecodeNormal 000000007283 000000409083 0 DecodeWithMatchByte 000000007297 000000409097 0 matchByte 0000000072A1 0000004090A1 0 Decoder2 0000000072AA 0000004090AA 0 m_Decoders 0000000072B5 0000004090B5 0 ConfusedByAttribute 0000000072C9 0000004090C9 0 Attribute 0000000072D3 0000004090D3 0 ___.netmodule 0000000072E1 0000004090E1 0 Ploutos.Properties.Resources.resources 000000007308 000000409108 0 Ploutos.Panel.resources 0000000075D3 0000004093D3 0 Confuser v1.9.0.0 000000007632 000000409432 0 _CorExeMain 00000000763E 00000040943E 0 mscoree.dll 000000007B83 00000040A383 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 000000007BBC 00000040A3BC 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 000000007C07 00000040A407 0 <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> 000000007C49 00000040A449 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> 000000007C81 00000040A481 0 <security> 000000007C91 00000040A491 0 <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> 000000007CD7 00000040A4D7 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"/> 000000007D1E 00000040A51E 0 </requestedPrivileges> 000000007D3C 00000040A53C 0 </security> 000000007D4D 00000040A54D 0 </trustInfo> 000000007D5D 00000040A55D 0 </assembly> 000000007323 000000409123 0 Can't Read 1 00000000733D 00000040913D 0 ___.netmodule 0000000078A6 00000040A0A6 0 VS_VERSION_INFO 000000007902 00000040A102 0 VarFileInfo 000000007922 00000040A122 0 Translation 000000007946 00000040A146 0 StringFileInfo 00000000796A 00000040A16A 0 000004b0 000000007982 00000040A182 0 CompanyName 00000000799C 00000040A19C 0 Ploutos 0000000079B2 00000040A1B2 0 FileDescription 0000000079D4 00000040A1D4 0 Ploutos 0000000079EA 00000040A1EA 0 FileVersion 000000007A04 00000040A204 0 1.0.0.0 000000007A1A 00000040A21A 0 InternalName 000000007A34 00000040A234 0 Ploutos.exe File pos Mem pos ID Text ======== ======= == ==== 000000007A52 00000040A252 0 LegalCopyright 000000007A86 00000040A286 0 Ploutos 2013 000000007AAA 00000040A2AA 0 OriginalFilename 000000007ACC 00000040A2CC 0 Ploutos.exe 000000007AEA 00000040A2EA 0 ProductName 000000007B04 00000040A304 0 Ploutos 000000007B1A 00000040A31A 0 ProductVersion 000000007B38 00000040A338 0 1.0.0.0 000000007B4E 00000040A34E 0 Assembly Version 000000007B70 00000040A370 0 1.0.0.0 00000000004D 00000040004D 0 !This program cannot be run in DOS mode. 000000000178 000000400178 0 .text 0000000001A0 0000004001A0 0 .rsrc 0000000001C7 0000004001C7 0 @.reloc 0000000002A7 0000004020A7 0 aaX ; 0000000002AF 0000004020AF 0 9#8wY 0000000002C4 0000004020C4 0 a +l7EXY 0000000002D4 0000004020D4 0 UKY z 0000000002DE 0000004020DE 0 MrG AB.m 0000000002E9 0000004020E9 0 AkaaYYaaYa 00000000032E 00000040212E 0 ,O s 0000000003E7 0000004021E7 0 LYXaa 0000000003FF 0000004021FF 0 zG7YYa 0000000005AD 0000004023AD 0 ZXYa 0000000005B4 0000004023B4 0 _laYc 0000000007C3 0000004025C3 0 FQyaa 0000000007D5 0000004025D5 0 '[aXYj!$ 00000000089C 00000040269C 0 !LVY= 000000000906 000000402706 0 XaaXY 000000000C74 000000402A74 0 XYa _ 000000000C7E 000000402A7E 0 I)bY 1m 000000000C9C 000000402A9C 0 SXaaY j! 000000000CB6 000000402AB6 0 XaaXYa 000000000CF7 000000402AF7 0 d@Y \J 000000000D13 000000402B13 0 Y qvzRXXa 000000000D40 000000402B40 0 +YXYaXYY h 000000000D6E 000000402B6E 0 |-a [ 000000000D7A 000000402B7A 0 }Xaa4 000000000E11 000000402C11 0 [d?QYXX 000000000E20 000000402C20 0 %$dX 000000000E33 000000402C33 0 vYY ~ 000000000E3F 000000402C3F 0 5Yaaa} 000000000EBF 000000402CBF 0 l~7lXX = 000000000FAD 000000402DAD 0 =$aXX V:pl 000000000FEA 000000402DEA 0 wX 2z 000000000FF4 000000402DF4 0 VLaX 000000001023 000000402E23 0 SXXX V 000000001035 000000402E35 0 qaYaaaXX_b 0000000010BD 000000402EBD 0 ZYYYaYaXXYX_bj 000000001134 000000402F34 0 q92 r 00000000114D 000000402F4D 0 fXXaY 000000001160 000000402F60 0 5,a l 000000001177 000000402F77 0 AYXaa_bY* 0000000011CD 000000402FCD 0 jvaaa eU 0000000011EB 000000402FEB 0 _aYYYX B 000000001204 000000403004 0 HXXY ] 00000000127B 00000040307B 0 6Y *P 00000000128B 00000040308B 0 0waXXaX 000000001296 000000403096 0 HaX_b 000000001331 000000403131 0 =X ! File pos Mem pos ID Text ======== ======= == ==== 00000000133D 00000040313D 0 {XaY 000000001442 000000403242 0 M{AXY 000000001466 000000403266 0 ".4 MR 000000001472 000000403272 0 tYX R 000000001483 000000403283 0 ?XYa { 0000000014A1 0000004032A1 0 #YYa 0000000014B9 0000004032B9 0 ~YYaaYX(# 000000001513 000000403313 0 AT@_XY 00000000152C 00000040332C 0 ]}YYa 000000001535 000000403335 0 )YaX 00000000154B 00000040334B 0 xIYY 000000001553 000000403353 0 8aXa 2 000000001574 000000403374 0 ?sYa jo 00000000158B 00000040338B 0 ->GXXX B 0000000015A0 0000004033A0 0 maYYa_b 0000000016D9 0000004034D9 0 DY,3X 000000001ACE 0000004038CE 0 ]1XXX 000000001ADD 0000004038DD 0 p#ywX 000000001AE8 0000004038E8 0 aXYa 000000001AEE 0000004038EE 0 dY/ x5 000000001AFF 0000004038FF 0 |ZaYa_bX 000000001CEB 000000403AEB 0 FMc> _ 000000001CF9 000000403AF9 0 /aXXX_b 000000001D3F 000000403B3F 0 =YXY "9 000000001D51 000000403B51 0 yXXaXY_b 000000001DD2 000000403BD2 0 4YXaa 000000001DF4 000000403BF4 0 NdYXXY ,=s F_l:YYY_b 000000001E60 000000403C60 0 XYY R 000000001E70 000000403C70 0 8kYYY_b 000000001EBB 000000403CBB 0 mzX C 000000001EC7 000000403CC7 0 sYXaXY_cX* 000000001F3F 000000403D3F 0 80KGXaYX 000000001F50 000000403D50 0 |CYX ? 000000001F66 000000403D66 0 ,raY rb"~ X 000000001F77 000000403D77 0 ]ubYY -C 000000001F97 000000403D97 0 /YYXa 000000001FA3 000000403DA3 0 _!QY 000000001FBD 000000403DBD 0 bY ER 000000001FCD 000000403DCD 0 <aYaY 00000000201A 000000403E1A 0 XY MN 000000002025 000000403E25 0 dYa [ 00000000203F 000000403E3F 0 3 YX 000000002056 000000403E56 0 vXaX 00000000205E 000000403E5E 0 WaXaaaX 0000000020B1 000000403EB1 0 BiYY ! 0000000020CC 000000403ECC 0 'faa bQ>c 0000000020E3 000000403EE3 0 jYYa 0000000020F0 000000403EF0 0 4XYX 0000000020F6 000000403EF6 0 z\faYXXX , 000000002103 000000403F03 0 )&oZX 000000002128 000000403F28 0 bYY k 000000002133 000000403F33 0 *<YaXYY 0000000021B4 000000403FB4 0 QXX n'8 0000000021D1 000000403FD1 0 e gu 0000000022F4 0000004040F4 0 F(.|T 0000000023E0 0000004041E0 0 z0k'T 0000000025F1 0000004043F1 0 ?x"(BmfZ 0000000027E4 0000004045E4 0 XrXVp 000000002990 000000404790 0 ZsiGdAp 000000002B2D 00000040492D 0 Q[xYs File pos Mem pos ID Text ======== ======= == ==== 000000002D05 000000404B05 0 wbZ*X 000000002DEC 000000404BEC 0 'qe Z 000000002E38 000000404C38 0 RB::oGK 000000003079 000000404E79 0 UsOPfrQ[ 000000003106 000000404F06 0 4y_\z 00000000321A 00000040501A 0 7}fd@ 00000000333F 00000040513F 0 \%WA1 00000000347A 00000040527A 0 +J _"m 000000003567 000000405367 0 =zioS 0000000035E6 0000004053E6 0 hq.(kp6C 0000000036B4 0000004054B4 0 +~4Ks 0000000036F6 0000004054F6 0 /f(k? 0000000037DB 0000004055DB 0 S#Ft]- 00000000384C 00000040564C 0 V4*ui 000000003889 000000405689 0 lncOoW 000000003A75 000000405875 0 c23:J 000000003A7B 00000040587B 0 n!pd| 000000003C01 000000405A01 0 TZY+* 000000003C9B 000000405A9B 0 xKtHg 000000003CF9 000000405AF9 0 ;)3+=)8 000000003D0D 000000405B0D 0 /kL B5W 000000003E25 000000405C25 0 !aOLM 000000003E42 000000405C42 0 r_jlX 000000003F5B 000000405D5B 0 WG4zT 00000000428D 00000040608D 0 i_{;U 00000000439B 00000040619B 0 ka_rH 000000004475 000000406275 0 anL#/ 00000000448D 00000040628D 0 zd;.%k 000000004785 000000406585 0 xJ@Fu 000000004A30 000000406830 0 \b.![} 000000004AB5 0000004068B5 0 -SGE) 000000004CBD 000000406ABD 0 0/:[K<U 000000004D26 000000406B26 0 f9rlSu 000000004DBE 000000406BBE 0 H=@ R- 000000004E00 000000406C00 0 k1vJ% 000000004E3B 000000406C3B 0 u;ut7.TcJ 000000004EF2 000000406CF2 0 Uw(VEB 00000000505F 000000406E5F 0 P_l\? 0000000050FD 000000406EFD 0 \wf2M 000000005188 000000406F88 0 Y6$o{E+ 000000005190 000000406F90 0 qD:q@ 000000005216 000000407016 0 12Z a 000000005230 000000407030 0 q'~NbZ 00000000552F 00000040732F 0 sF&$x 00000000557E 00000040737E 0 Kn}c- 0000000055A6 0000004073A6 0 Z_~5@ 000000005630 000000407430 0 !N}7! 000000005810 000000407610 0 o:zp 000000005AC4 0000004078C4 0 ;CR?8 000000005B73 000000407973 0 -HF>g2K 000000005BA0 0000004079A0 0 $WeZEcs 000000005CBC 000000407ABC 0 ~:7{Jv# 000000005D20 000000407B20 0 2z R\ 000000005D26 000000407B26 0 sHy4* 000000005DB4 000000407BB4 0 6c APV 000000005EBF 000000407CBF 0 5ZW,1# 000000005F6A 000000407D6A 0 n)n1aXz 0000000061D4 000000407FD4 0 v2.0.50727 0000000061F8 000000407FF8 0 #Strings 000000006218 000000408018 0 #GUID File pos Mem pos ID Text ======== ======= == ==== 000000006228 000000408028 0 #Blob 000000006AD1 0000004088D1 0 Ploutos.exe 000000006ADD 0000004088DD 0 Ploutos 000000006AE5 0000004088E5 0 mscorlib 000000006B07 000000408907 0 <Module> 000000006B10 000000408910 0 .cctor 000000006B17 000000408917 0 CompressShell 000000006B25 000000408925 0 Object 000000006B2C 00000040892C 0 System 000000006B3F 00000040893F 0 Module 000000006B46 000000408946 0 System.Reflection 000000006B58 000000408958 0 GetLenToPosState 000000006B6D 00000040896D 0 BinaryReader 000000006B7A 00000040897A 0 System.IO 000000006B84 000000408984 0 Stream 000000006B8B 00000040898B 0 Assembly 000000006B94 000000408994 0 Encoding 000000006B9D 00000040899D 0 System.Text 000000006BA9 0000004089A9 0 get_UTF8 000000006BB2 0000004089B2 0 ResolveEventArgs 000000006BC3 0000004089C3 0 get_Name 000000006BCC 0000004089CC 0 GetBytes 000000006BD5 0000004089D5 0 GetString 000000006BE4 0000004089E4 0 GetTypeFromHandle 000000006BF6 0000004089F6 0 RuntimeTypeHandle 000000006C08 000000408A08 0 get_Assembly 000000006C15 000000408A15 0 GetManifestResourceStream 000000006C2F 000000408A2F 0 .ctor 000000006C35 000000408A35 0 get_Length 000000006C40 000000408A40 0 ReadBytes 000000006C4A 000000408A4A 0 IDisposable 000000006C56 000000408A56 0 Dispose 000000006C68 000000408A68 0 Buffer 000000006C6F 000000408A6F 0 BlockCopy 000000006C79 000000408A79 0 Array 000000006C7F 000000408A7F 0 DecryptAsm 000000006C8A 000000408A8A 0 sender 000000006C93 000000408A93 0 ResolveResource 000000006CA3 000000408AA3 0 CryptoStream 000000006CB0 000000408AB0 0 System.Security.Cryptography 000000006CCD 000000408ACD 0 RijndaelManaged 000000006CDD 000000408ADD 0 MemoryStream 000000006CEA 000000408AEA 0 ReadInt32 000000006CF4 000000408AF4 0 SymmetricAlgorithm 000000006D07 000000408B07 0 CreateDecryptor 000000006D17 000000408B17 0 ICryptoTransform 000000006D28 000000408B28 0 CryptoStreamMode 000000006D3E 000000408B3E 0 BitConverter 000000006D4B 000000408B4B 0 ToUInt32 000000006D54 000000408B54 0 ReadByte 000000006D5D 000000408B5D 0 Exception 000000006D67 000000408B67 0 Decrypt 000000006D73 000000408B73 0 modPow 000000006D86 000000408B86 0 MethodBase 000000006D91 000000408B91 0 GetEntryAssembly 000000006DA2 000000408BA2 0 LoadModule 000000006DAD 000000408BAD 0 AppDomain 000000006DB7 000000408BB7 0 get_CurrentDomain 000000006DC9 000000408BC9 0 ResolveEventHandler 000000006DDD 000000408BDD 0 add_AssemblyResolve File pos Mem pos ID Text ======== ======= == ==== 000000006DF1 000000408BF1 0 ResolveMethod 000000006DFF 000000408BFF 0 GetParameters 000000006E0D 000000408C0D 0 ParameterInfo 000000006E1B 000000408C1B 0 Invoke 000000006E22 000000408C22 0 Int32 000000006E32 000000408C32 0 STAThreadAttribute 000000006E45 000000408C45 0 State 000000006E4B 000000408C4B 0 ValueType 000000006E55 000000408C55 0 Index 000000006E60 000000408C60 0 UpdateChar 000000006E6B 000000408C6B 0 UpdateMatch 000000006E77 000000408C77 0 UpdateRep 000000006E81 000000408C81 0 UpdateShortRep 000000006E90 000000408C90 0 IsCharState 000000006E9C 000000408C9C 0 OutWindow 000000006EA6 000000408CA6 0 _buffer 000000006EB3 000000408CB3 0 _windowSize 000000006EBF 000000408CBF 0 _streamPos 000000006ECA 000000408CCA 0 _stream 000000006ED2 000000408CD2 0 Create 000000006ED9 000000408CD9 0 windowSize 000000006EE4 000000408CE4 0 stream 000000006EEB 000000408CEB 0 solid 000000006EF1 000000408CF1 0 ReleaseStream 000000006EFF 000000408CFF 0 Write 000000006F05 000000408D05 0 Flush 000000006F0B 000000408D0B 0 CopyBlock 000000006F15 000000408D15 0 distance 000000006F1E 000000408D1E 0 PutByte 000000006F28 000000408D28 0 GetByte 000000006F30 000000408D30 0 Decoder 000000006F38 000000408D38 0 Range 000000006F43 000000408D43 0 Normalize 000000006F4D 000000408D4D 0 DecodeDirectBits 000000006F5E 000000408D5E 0 numTotalBits 000000006F6B 000000408D6B 0 BitDecoder 000000006F7B 000000408D7B 0 Decode 000000006F82 000000408D82 0 rangeDecoder 000000006F8F 000000408D8F 0 BitTreeDecoder 000000006F9E 000000408D9E 0 Models 000000006FA5 000000408DA5 0 NumBitLevels 000000006FB2 000000408DB2 0 numBitLevels 000000006FBF 000000408DBF 0 ReverseDecode 000000006FCD 000000408DCD 0 startIndex 000000006FD8 000000408DD8 0 LzmaDecoder 000000006FE4 000000408DE4 0 m_OutWindow 000000006FF0 000000408DF0 0 m_RangeDecoder 000000006FFF 000000408DFF 0 m_IsMatchDecoders 000000007011 000000408E11 0 m_IsRepDecoders 000000007021 000000408E21 0 m_IsRepG0Decoders 000000007033 000000408E33 0 m_IsRepG1Decoders 000000007045 000000408E45 0 m_IsRepG2Decoders 000000007057 000000408E57 0 m_IsRep0LongDecoders 00000000706C 000000408E6C 0 m_PosSlotDecoder 00000000707D 000000408E7D 0 m_PosDecoders 00000000708B 000000408E8B 0 m_PosAlignDecoder 00000000709D 000000408E9D 0 m_LenDecoder 0000000070AA 000000408EAA 0 m_RepLenDecoder 0000000070BA 000000408EBA 0 m_LiteralDecoder 0000000070CB 000000408ECB 0 m_DictionarySize File pos Mem pos ID Text ======== ======= == ==== 0000000070DC 000000408EDC 0 m_DictionarySizeCheck 0000000070F2 000000408EF2 0 m_PosStateMask 000000007101 000000408F01 0 _solid 000000007111 000000408F11 0 SetDictionarySize 000000007123 000000408F23 0 dictionarySize 000000007132 000000408F32 0 SetLiteralProperties 00000000714D 000000408F4D 0 SetPosBitsProperties 000000007165 000000408F65 0 inStream 00000000716E 000000408F6E 0 outStream 000000007178 000000408F78 0 inSize 00000000717F 000000408F7F 0 outSize 000000007187 000000408F87 0 SetDecoderProperties 00000000719C 000000408F9C 0 properties 0000000071A7 000000408FA7 0 LenDecoder 0000000071B2 000000408FB2 0 m_Choice 0000000071BB 000000408FBB 0 m_Choice2 0000000071C5 000000408FC5 0 m_LowCoder 0000000071D0 000000408FD0 0 m_MidCoder 0000000071DB 000000408FDB 0 m_HighCoder 0000000071E7 000000408FE7 0 m_NumPosStates 0000000071F6 000000408FF6 0 numPosStates 000000007203 000000409003 0 posState 00000000720C 00000040900C 0 LiteralDecoder 00000000721B 00000040901B 0 m_Coders 000000007224 000000409024 0 m_NumPrevBits 000000007232 000000409032 0 m_NumPosBits 00000000723F 00000040903F 0 m_PosMask 000000007249 000000409049 0 numPosBits 000000007254 000000409054 0 numPrevBits 000000007260 000000409060 0 GetState 00000000726D 00000040906D 0 prevByte 000000007276 000000409076 0 DecodeNormal 000000007283 000000409083 0 DecodeWithMatchByte 000000007297 000000409097 0 matchByte 0000000072A1 0000004090A1 0 Decoder2 0000000072AA 0000004090AA 0 m_Decoders 0000000072B5 0000004090B5 0 ConfusedByAttribute 0000000072C9 0000004090C9 0 Attribute 0000000072D3 0000004090D3 0 ___.netmodule 0000000072E1 0000004090E1 0 Ploutos.Properties.Resources.resources 000000007308 000000409108 0 Ploutos.Panel.resources 0000000075D3 0000004093D3 0 Confuser v1.9.0.0 000000007632 000000409432 0 _CorExeMain 00000000763E 00000040943E 0 mscoree.dll 000000007B83 00000040A383 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> 000000007BBC 00000040A3BC 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 000000007C07 00000040A407 0 <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> 000000007C49 00000040A449 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> 000000007C81 00000040A481 0 <security> 000000007C91 00000040A491 0 <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> 000000007CD7 00000040A4D7 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"/> 000000007D1E 00000040A51E 0 </requestedPrivileges> 000000007D3C 00000040A53C 0 </security> 000000007D4D 00000040A54D 0 </trustInfo> 000000007D5D 00000040A55D 0 </assembly> 000000007323 000000409123 0 Can't Read 1 00000000733D 00000040913D 0 ___.netmodule 0000000078A6 00000040A0A6 0 VS_VERSION_INFO 000000007902 00000040A102 0 VarFileInfo 000000007922 00000040A122 0 Translation File pos Mem pos ID Text ======== ======= == ==== 000000007946 00000040A146 0 StringFileInfo 00000000796A 00000040A16A 0 000004b0 000000007982 00000040A182 0 CompanyName 00000000799C 00000040A19C 0 Ploutos 0000000079B2 00000040A1B2 0 FileDescription 0000000079D4 00000040A1D4 0 Ploutos 0000000079EA 00000040A1EA 0 FileVersion 000000007A04 00000040A204 0 1.0.0.0 000000007A1A 00000040A21A 0 InternalName 000000007A34 00000040A234 0 Ploutos.exe 000000007A52 00000040A252 0 LegalCopyright 000000007A86 00000040A286 0 Ploutos 2013 000000007AAA 00000040A2AA 0 OriginalFilename 000000007ACC 00000040A2CC 0 Ploutos.exe 000000007AEA 00000040A2EA 0 ProductName 000000007B04 00000040A304 0 Ploutos 000000007B1A 00000040A31A 0 ProductVersion 000000007B38 00000040A338 0 1.0.0.0 000000007B4E 00000040A34E 0 Assembly Version 000000007B70 00000040A370 0 1.0.0.0
=== DOWNLOAD ===