.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9
Date...........: 2013-10-24
Family.........: Ploutus
File name......: pulsar.exe
File size......: 32.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Documentation..: https://www.symantec.com/connect/blogs/backdoorploutus-reloaded-ploutus-leaves-mexico
Entropy:
Binary Histogram:
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 144 0x90
blocks_in_file: 3 3
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 0 0
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 0 0
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 128 0x80
=== DOS STUB ===
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 3 3
TimeDateStamp: "2013-07-24 07:09:14"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 8.0
SizeOfCode: 30208 0x7600
SizeOfInitializedData: 2048 0x800
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 37966 0x944e
BaseOfCode: 8192 0x2000
BaseOfData: 0 0
ImageBase: 4194304 0x400000
SectionAlignment: 8192 0x2000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 57344 0xe000
SizeOfHeaders: 512 0x200
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 34112 0x8540 DYNAMIC_BASE, NX_COMPAT, NO_SEH
TERMINAL_SERVER_AWARE
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 4096 0x1000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x 93fc size:0x 4f
RESOURCE rva:0x a000 size:0x 600
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x c000 size:0x c
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 0 size:0x 0
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 2000 size:0x 8
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 2008 size:0x 48
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
.text 2000 7454 7600 200 0 0 0 0 60000020 R-X CODE
.rsrc a000 600 600 7800 0 0 0 0 40000040 R-- IDATA
.reloc c000 c 200 7e00 0 0 0 0 42000040 R-- IDATA DISCARDABLE
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0x78a0 0 0 736 VERSION #1
0x7b80 0 0 490 MANIFEST #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
mscoree.dll 0 _CorExeMain
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
StrucVersion : 0x10000
FileFlagsMask : 0x3f
FileFlags : 0
FileOS : 4
FileType : 1
FileSubtype : 0
VarFileInfo : [ 0x0, 0x4b0 ]
# StringTable 000004b0:
CompanyName : "Ploutos"
FileDescription : "Ploutos"
FileVersion : "1.0.0.0"
InternalName : "Ploutos.exe"
LegalCopyright : "Copyright \u00A9 Ploutos 2013"
OriginalFilename : "Ploutos.exe"
ProductName : "Ploutos"
ProductVersion : "1.0.0.0"
Assembly Version : "1.0.0.0"
=== Packer / Compiler ===
MS Visual C# / Basic .NET
=== Strings ===
File pos Mem pos ID Text
======== ======= == ====
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
000000000178 000000400178 0 .text
0000000001A0 0000004001A0 0 .rsrc
0000000001C7 0000004001C7 0 @.reloc
0000000002A7 0000004020A7 0 aaX ;
0000000002AF 0000004020AF 0 9#8wY
0000000002C4 0000004020C4 0 a +l7EXY
0000000002D4 0000004020D4 0 UKY z
0000000002DE 0000004020DE 0 MrG AB.m
0000000002E9 0000004020E9 0 AkaaYYaaYa
00000000032E 00000040212E 0 ,O s
0000000003E7 0000004021E7 0 LYXaa
0000000003FF 0000004021FF 0 zG7YYa
0000000005AD 0000004023AD 0 ZXYa
0000000005B4 0000004023B4 0 _laYc
0000000007C3 0000004025C3 0 FQyaa
0000000007D5 0000004025D5 0 '[aXYj!$
00000000089C 00000040269C 0 !LVY=
000000000906 000000402706 0 XaaXY
000000000C74 000000402A74 0 XYa _
000000000C7E 000000402A7E 0 I)bY 1m
000000000C9C 000000402A9C 0 SXaaY j!
000000000CB6 000000402AB6 0 XaaXYa
000000000CF7 000000402AF7 0 d@Y \J
000000000D13 000000402B13 0 Y qvzRXXa
000000000D40 000000402B40 0 +YXYaXYY h
000000000D6E 000000402B6E 0 |-a [
000000000D7A 000000402B7A 0 }Xaa4
000000000E11 000000402C11 0 [d?QYXX
000000000E20 000000402C20 0 %$dX
000000000E33 000000402C33 0 vYY ~
000000000E3F 000000402C3F 0 5Yaaa}
000000000EBF 000000402CBF 0 l~7lXX =
000000000FAD 000000402DAD 0 =$aXX V:pl
000000000FEA 000000402DEA 0 wX 2z
000000000FF4 000000402DF4 0 VLaX
000000001023 000000402E23 0 SXXX V
000000001035 000000402E35 0 qaYaaaXX_b
0000000010BD 000000402EBD 0 ZYYYaYaXXYX_bj
000000001134 000000402F34 0 q92 r
00000000114D 000000402F4D 0 fXXaY
000000001160 000000402F60 0 5,a l
000000001177 000000402F77 0 AYXaa_bY*
0000000011CD 000000402FCD 0 jvaaa eU
0000000011EB 000000402FEB 0 _aYYYX B
000000001204 000000403004 0 HXXY ]
00000000127B 00000040307B 0 6Y *P
00000000128B 00000040308B 0 0waXXaX
000000001296 000000403096 0 HaX_b
000000001331 000000403131 0 =X !
00000000133D 00000040313D 0 {XaY
000000001442 000000403242 0 M{AXY
000000001466 000000403266 0 ".4 MR
000000001472 000000403272 0 tYX R
000000001483 000000403283 0 ?XYa {
0000000014A1 0000004032A1 0 #YYa
0000000014B9 0000004032B9 0 ~YYaaYX(#
000000001513 000000403313 0 AT@_XY
00000000152C 00000040332C 0 ]}YYa
000000001535 000000403335 0 )YaX
File pos Mem pos ID Text
======== ======= == ====
00000000154B 00000040334B 0 xIYY
000000001553 000000403353 0 8aXa 2
000000001574 000000403374 0 ?sYa jo
00000000158B 00000040338B 0 ->GXXX B
0000000015A0 0000004033A0 0 maYYa_b
0000000016D9 0000004034D9 0 DY,3X
000000001ACE 0000004038CE 0 ]1XXX
000000001ADD 0000004038DD 0 p#ywX
000000001AE8 0000004038E8 0 aXYa
000000001AEE 0000004038EE 0 dY/ x5
000000001AFF 0000004038FF 0 |ZaYa_bX
000000001CEB 000000403AEB 0 FMc> _
000000001CF9 000000403AF9 0 /aXXX_b
000000001D3F 000000403B3F 0 =YXY "9
000000001D51 000000403B51 0 yXXaXY_b
000000001DD2 000000403BD2 0 4YXaa
000000001DF4 000000403BF4 0 NdYXXY ,=s F_l:YYY_b
000000001E60 000000403C60 0 XYY R
000000001E70 000000403C70 0 8kYYY_b
000000001EBB 000000403CBB 0 mzX C
000000001EC7 000000403CC7 0 sYXaXY_cX*
000000001F3F 000000403D3F 0 80KGXaYX
000000001F50 000000403D50 0 |CYX ?
000000001F66 000000403D66 0 ,raY rb"~ X
000000001F77 000000403D77 0 ]ubYY -C
000000001F97 000000403D97 0 /YYXa
000000001FA3 000000403DA3 0 _!QY
000000001FBD 000000403DBD 0 bY ER
000000001FCD 000000403DCD 0 <aYaY
00000000201A 000000403E1A 0 XY MN
000000002025 000000403E25 0 dYa [
00000000203F 000000403E3F 0 3 YX
000000002056 000000403E56 0 vXaX
00000000205E 000000403E5E 0 WaXaaaX
0000000020B1 000000403EB1 0 BiYY !
0000000020CC 000000403ECC 0 'faa bQ>c
0000000020E3 000000403EE3 0 jYYa
0000000020F0 000000403EF0 0 4XYX
0000000020F6 000000403EF6 0 z\faYXXX ,
000000002103 000000403F03 0 )&oZX
000000002128 000000403F28 0 bYY k
000000002133 000000403F33 0 *<YaXYY
0000000021B4 000000403FB4 0 QXX n'8
0000000021D1 000000403FD1 0 e gu
0000000022F4 0000004040F4 0 F(.|T
0000000023E0 0000004041E0 0 z0k'T
0000000025F1 0000004043F1 0 ?x"(BmfZ
0000000027E4 0000004045E4 0 XrXVp
000000002990 000000404790 0 ZsiGdAp
000000002B2D 00000040492D 0 Q[xYs
000000002D05 000000404B05 0 wbZ*X
000000002DEC 000000404BEC 0 'qe Z
000000002E38 000000404C38 0 RB::oGK
000000003079 000000404E79 0 UsOPfrQ[
000000003106 000000404F06 0 4y_\z
00000000321A 00000040501A 0 7}fd@
00000000333F 00000040513F 0 \%WA1
00000000347A 00000040527A 0 +J _"m
000000003567 000000405367 0 =zioS
0000000035E6 0000004053E6 0 hq.(kp6C
File pos Mem pos ID Text
======== ======= == ====
0000000036B4 0000004054B4 0 +~4Ks
0000000036F6 0000004054F6 0 /f(k?
0000000037DB 0000004055DB 0 S#Ft]-
00000000384C 00000040564C 0 V4*ui
000000003889 000000405689 0 lncOoW
000000003A75 000000405875 0 c23:J
000000003A7B 00000040587B 0 n!pd|
000000003C01 000000405A01 0 TZY+*
000000003C9B 000000405A9B 0 xKtHg
000000003CF9 000000405AF9 0 ;)3+=)8
000000003D0D 000000405B0D 0 /kL B5W
000000003E25 000000405C25 0 !aOLM
000000003E42 000000405C42 0 r_jlX
000000003F5B 000000405D5B 0 WG4zT
00000000428D 00000040608D 0 i_{;U
00000000439B 00000040619B 0 ka_rH
000000004475 000000406275 0 anL#/
00000000448D 00000040628D 0 zd;.%k
000000004785 000000406585 0 xJ@Fu
000000004A30 000000406830 0 \b.![}
000000004AB5 0000004068B5 0 -SGE)
000000004CBD 000000406ABD 0 0/:[K<U
000000004D26 000000406B26 0 f9rlSu
000000004DBE 000000406BBE 0 H=@ R-
000000004E00 000000406C00 0 k1vJ%
000000004E3B 000000406C3B 0 u;ut7.TcJ
000000004EF2 000000406CF2 0 Uw(VEB
00000000505F 000000406E5F 0 P_l\?
0000000050FD 000000406EFD 0 \wf2M
000000005188 000000406F88 0 Y6$o{E+
000000005190 000000406F90 0 qD:q@
000000005216 000000407016 0 12Z a
000000005230 000000407030 0 q'~NbZ
00000000552F 00000040732F 0 sF&$x
00000000557E 00000040737E 0 Kn}c-
0000000055A6 0000004073A6 0 Z_~5@
000000005630 000000407430 0 !N}7!
000000005810 000000407610 0 o:zp
000000005AC4 0000004078C4 0 ;CR?8
000000005B73 000000407973 0 -HF>g2K
000000005BA0 0000004079A0 0 $WeZEcs
000000005CBC 000000407ABC 0 ~:7{Jv#
000000005D20 000000407B20 0 2z R\
000000005D26 000000407B26 0 sHy4*
000000005DB4 000000407BB4 0 6c APV
000000005EBF 000000407CBF 0 5ZW,1#
000000005F6A 000000407D6A 0 n)n1aXz
0000000061D4 000000407FD4 0 v2.0.50727
0000000061F8 000000407FF8 0 #Strings
000000006218 000000408018 0 #GUID
000000006228 000000408028 0 #Blob
000000006AD1 0000004088D1 0 Ploutos.exe
000000006ADD 0000004088DD 0 Ploutos
000000006AE5 0000004088E5 0 mscorlib
000000006B07 000000408907 0 <Module>
000000006B10 000000408910 0 .cctor
000000006B17 000000408917 0 CompressShell
000000006B25 000000408925 0 Object
000000006B2C 00000040892C 0 System
000000006B3F 00000040893F 0 Module
File pos Mem pos ID Text
======== ======= == ====
000000006B46 000000408946 0 System.Reflection
000000006B58 000000408958 0 GetLenToPosState
000000006B6D 00000040896D 0 BinaryReader
000000006B7A 00000040897A 0 System.IO
000000006B84 000000408984 0 Stream
000000006B8B 00000040898B 0 Assembly
000000006B94 000000408994 0 Encoding
000000006B9D 00000040899D 0 System.Text
000000006BA9 0000004089A9 0 get_UTF8
000000006BB2 0000004089B2 0 ResolveEventArgs
000000006BC3 0000004089C3 0 get_Name
000000006BCC 0000004089CC 0 GetBytes
000000006BD5 0000004089D5 0 GetString
000000006BE4 0000004089E4 0 GetTypeFromHandle
000000006BF6 0000004089F6 0 RuntimeTypeHandle
000000006C08 000000408A08 0 get_Assembly
000000006C15 000000408A15 0 GetManifestResourceStream
000000006C2F 000000408A2F 0 .ctor
000000006C35 000000408A35 0 get_Length
000000006C40 000000408A40 0 ReadBytes
000000006C4A 000000408A4A 0 IDisposable
000000006C56 000000408A56 0 Dispose
000000006C68 000000408A68 0 Buffer
000000006C6F 000000408A6F 0 BlockCopy
000000006C79 000000408A79 0 Array
000000006C7F 000000408A7F 0 DecryptAsm
000000006C8A 000000408A8A 0 sender
000000006C93 000000408A93 0 ResolveResource
000000006CA3 000000408AA3 0 CryptoStream
000000006CB0 000000408AB0 0 System.Security.Cryptography
000000006CCD 000000408ACD 0 RijndaelManaged
000000006CDD 000000408ADD 0 MemoryStream
000000006CEA 000000408AEA 0 ReadInt32
000000006CF4 000000408AF4 0 SymmetricAlgorithm
000000006D07 000000408B07 0 CreateDecryptor
000000006D17 000000408B17 0 ICryptoTransform
000000006D28 000000408B28 0 CryptoStreamMode
000000006D3E 000000408B3E 0 BitConverter
000000006D4B 000000408B4B 0 ToUInt32
000000006D54 000000408B54 0 ReadByte
000000006D5D 000000408B5D 0 Exception
000000006D67 000000408B67 0 Decrypt
000000006D73 000000408B73 0 modPow
000000006D86 000000408B86 0 MethodBase
000000006D91 000000408B91 0 GetEntryAssembly
000000006DA2 000000408BA2 0 LoadModule
000000006DAD 000000408BAD 0 AppDomain
000000006DB7 000000408BB7 0 get_CurrentDomain
000000006DC9 000000408BC9 0 ResolveEventHandler
000000006DDD 000000408BDD 0 add_AssemblyResolve
000000006DF1 000000408BF1 0 ResolveMethod
000000006DFF 000000408BFF 0 GetParameters
000000006E0D 000000408C0D 0 ParameterInfo
000000006E1B 000000408C1B 0 Invoke
000000006E22 000000408C22 0 Int32
000000006E32 000000408C32 0 STAThreadAttribute
000000006E45 000000408C45 0 State
000000006E4B 000000408C4B 0 ValueType
000000006E55 000000408C55 0 Index
000000006E60 000000408C60 0 UpdateChar
File pos Mem pos ID Text
======== ======= == ====
000000006E6B 000000408C6B 0 UpdateMatch
000000006E77 000000408C77 0 UpdateRep
000000006E81 000000408C81 0 UpdateShortRep
000000006E90 000000408C90 0 IsCharState
000000006E9C 000000408C9C 0 OutWindow
000000006EA6 000000408CA6 0 _buffer
000000006EB3 000000408CB3 0 _windowSize
000000006EBF 000000408CBF 0 _streamPos
000000006ECA 000000408CCA 0 _stream
000000006ED2 000000408CD2 0 Create
000000006ED9 000000408CD9 0 windowSize
000000006EE4 000000408CE4 0 stream
000000006EEB 000000408CEB 0 solid
000000006EF1 000000408CF1 0 ReleaseStream
000000006EFF 000000408CFF 0 Write
000000006F05 000000408D05 0 Flush
000000006F0B 000000408D0B 0 CopyBlock
000000006F15 000000408D15 0 distance
000000006F1E 000000408D1E 0 PutByte
000000006F28 000000408D28 0 GetByte
000000006F30 000000408D30 0 Decoder
000000006F38 000000408D38 0 Range
000000006F43 000000408D43 0 Normalize
000000006F4D 000000408D4D 0 DecodeDirectBits
000000006F5E 000000408D5E 0 numTotalBits
000000006F6B 000000408D6B 0 BitDecoder
000000006F7B 000000408D7B 0 Decode
000000006F82 000000408D82 0 rangeDecoder
000000006F8F 000000408D8F 0 BitTreeDecoder
000000006F9E 000000408D9E 0 Models
000000006FA5 000000408DA5 0 NumBitLevels
000000006FB2 000000408DB2 0 numBitLevels
000000006FBF 000000408DBF 0 ReverseDecode
000000006FCD 000000408DCD 0 startIndex
000000006FD8 000000408DD8 0 LzmaDecoder
000000006FE4 000000408DE4 0 m_OutWindow
000000006FF0 000000408DF0 0 m_RangeDecoder
000000006FFF 000000408DFF 0 m_IsMatchDecoders
000000007011 000000408E11 0 m_IsRepDecoders
000000007021 000000408E21 0 m_IsRepG0Decoders
000000007033 000000408E33 0 m_IsRepG1Decoders
000000007045 000000408E45 0 m_IsRepG2Decoders
000000007057 000000408E57 0 m_IsRep0LongDecoders
00000000706C 000000408E6C 0 m_PosSlotDecoder
00000000707D 000000408E7D 0 m_PosDecoders
00000000708B 000000408E8B 0 m_PosAlignDecoder
00000000709D 000000408E9D 0 m_LenDecoder
0000000070AA 000000408EAA 0 m_RepLenDecoder
0000000070BA 000000408EBA 0 m_LiteralDecoder
0000000070CB 000000408ECB 0 m_DictionarySize
0000000070DC 000000408EDC 0 m_DictionarySizeCheck
0000000070F2 000000408EF2 0 m_PosStateMask
000000007101 000000408F01 0 _solid
000000007111 000000408F11 0 SetDictionarySize
000000007123 000000408F23 0 dictionarySize
000000007132 000000408F32 0 SetLiteralProperties
00000000714D 000000408F4D 0 SetPosBitsProperties
000000007165 000000408F65 0 inStream
00000000716E 000000408F6E 0 outStream
000000007178 000000408F78 0 inSize
File pos Mem pos ID Text
======== ======= == ====
00000000717F 000000408F7F 0 outSize
000000007187 000000408F87 0 SetDecoderProperties
00000000719C 000000408F9C 0 properties
0000000071A7 000000408FA7 0 LenDecoder
0000000071B2 000000408FB2 0 m_Choice
0000000071BB 000000408FBB 0 m_Choice2
0000000071C5 000000408FC5 0 m_LowCoder
0000000071D0 000000408FD0 0 m_MidCoder
0000000071DB 000000408FDB 0 m_HighCoder
0000000071E7 000000408FE7 0 m_NumPosStates
0000000071F6 000000408FF6 0 numPosStates
000000007203 000000409003 0 posState
00000000720C 00000040900C 0 LiteralDecoder
00000000721B 00000040901B 0 m_Coders
000000007224 000000409024 0 m_NumPrevBits
000000007232 000000409032 0 m_NumPosBits
00000000723F 00000040903F 0 m_PosMask
000000007249 000000409049 0 numPosBits
000000007254 000000409054 0 numPrevBits
000000007260 000000409060 0 GetState
00000000726D 00000040906D 0 prevByte
000000007276 000000409076 0 DecodeNormal
000000007283 000000409083 0 DecodeWithMatchByte
000000007297 000000409097 0 matchByte
0000000072A1 0000004090A1 0 Decoder2
0000000072AA 0000004090AA 0 m_Decoders
0000000072B5 0000004090B5 0 ConfusedByAttribute
0000000072C9 0000004090C9 0 Attribute
0000000072D3 0000004090D3 0 ___.netmodule
0000000072E1 0000004090E1 0 Ploutos.Properties.Resources.resources
000000007308 000000409108 0 Ploutos.Panel.resources
0000000075D3 0000004093D3 0 Confuser v1.9.0.0
000000007632 000000409432 0 _CorExeMain
00000000763E 00000040943E 0 mscoree.dll
000000007B83 00000040A383 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
000000007BBC 00000040A3BC 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000007C07 00000040A407 0 <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
000000007C49 00000040A449 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
000000007C81 00000040A481 0 <security>
000000007C91 00000040A491 0 <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
000000007CD7 00000040A4D7 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
000000007D1E 00000040A51E 0 </requestedPrivileges>
000000007D3C 00000040A53C 0 </security>
000000007D4D 00000040A54D 0 </trustInfo>
000000007D5D 00000040A55D 0 </assembly>
000000007323 000000409123 0 Can't Read 1
00000000733D 00000040913D 0 ___.netmodule
0000000078A6 00000040A0A6 0 VS_VERSION_INFO
000000007902 00000040A102 0 VarFileInfo
000000007922 00000040A122 0 Translation
000000007946 00000040A146 0 StringFileInfo
00000000796A 00000040A16A 0 000004b0
000000007982 00000040A182 0 CompanyName
00000000799C 00000040A19C 0 Ploutos
0000000079B2 00000040A1B2 0 FileDescription
0000000079D4 00000040A1D4 0 Ploutos
0000000079EA 00000040A1EA 0 FileVersion
000000007A04 00000040A204 0 1.0.0.0
000000007A1A 00000040A21A 0 InternalName
000000007A34 00000040A234 0 Ploutos.exe
File pos Mem pos ID Text
======== ======= == ====
000000007A52 00000040A252 0 LegalCopyright
000000007A86 00000040A286 0 Ploutos 2013
000000007AAA 00000040A2AA 0 OriginalFilename
000000007ACC 00000040A2CC 0 Ploutos.exe
000000007AEA 00000040A2EA 0 ProductName
000000007B04 00000040A304 0 Ploutos
000000007B1A 00000040A31A 0 ProductVersion
000000007B38 00000040A338 0 1.0.0.0
000000007B4E 00000040A34E 0 Assembly Version
000000007B70 00000040A370 0 1.0.0.0
00000000004D 00000040004D 0 !This program cannot be run in DOS mode.
000000000178 000000400178 0 .text
0000000001A0 0000004001A0 0 .rsrc
0000000001C7 0000004001C7 0 @.reloc
0000000002A7 0000004020A7 0 aaX ;
0000000002AF 0000004020AF 0 9#8wY
0000000002C4 0000004020C4 0 a +l7EXY
0000000002D4 0000004020D4 0 UKY z
0000000002DE 0000004020DE 0 MrG AB.m
0000000002E9 0000004020E9 0 AkaaYYaaYa
00000000032E 00000040212E 0 ,O s
0000000003E7 0000004021E7 0 LYXaa
0000000003FF 0000004021FF 0 zG7YYa
0000000005AD 0000004023AD 0 ZXYa
0000000005B4 0000004023B4 0 _laYc
0000000007C3 0000004025C3 0 FQyaa
0000000007D5 0000004025D5 0 '[aXYj!$
00000000089C 00000040269C 0 !LVY=
000000000906 000000402706 0 XaaXY
000000000C74 000000402A74 0 XYa _
000000000C7E 000000402A7E 0 I)bY 1m
000000000C9C 000000402A9C 0 SXaaY j!
000000000CB6 000000402AB6 0 XaaXYa
000000000CF7 000000402AF7 0 d@Y \J
000000000D13 000000402B13 0 Y qvzRXXa
000000000D40 000000402B40 0 +YXYaXYY h
000000000D6E 000000402B6E 0 |-a [
000000000D7A 000000402B7A 0 }Xaa4
000000000E11 000000402C11 0 [d?QYXX
000000000E20 000000402C20 0 %$dX
000000000E33 000000402C33 0 vYY ~
000000000E3F 000000402C3F 0 5Yaaa}
000000000EBF 000000402CBF 0 l~7lXX =
000000000FAD 000000402DAD 0 =$aXX V:pl
000000000FEA 000000402DEA 0 wX 2z
000000000FF4 000000402DF4 0 VLaX
000000001023 000000402E23 0 SXXX V
000000001035 000000402E35 0 qaYaaaXX_b
0000000010BD 000000402EBD 0 ZYYYaYaXXYX_bj
000000001134 000000402F34 0 q92 r
00000000114D 000000402F4D 0 fXXaY
000000001160 000000402F60 0 5,a l
000000001177 000000402F77 0 AYXaa_bY*
0000000011CD 000000402FCD 0 jvaaa eU
0000000011EB 000000402FEB 0 _aYYYX B
000000001204 000000403004 0 HXXY ]
00000000127B 00000040307B 0 6Y *P
00000000128B 00000040308B 0 0waXXaX
000000001296 000000403096 0 HaX_b
000000001331 000000403131 0 =X !
File pos Mem pos ID Text
======== ======= == ====
00000000133D 00000040313D 0 {XaY
000000001442 000000403242 0 M{AXY
000000001466 000000403266 0 ".4 MR
000000001472 000000403272 0 tYX R
000000001483 000000403283 0 ?XYa {
0000000014A1 0000004032A1 0 #YYa
0000000014B9 0000004032B9 0 ~YYaaYX(#
000000001513 000000403313 0 AT@_XY
00000000152C 00000040332C 0 ]}YYa
000000001535 000000403335 0 )YaX
00000000154B 00000040334B 0 xIYY
000000001553 000000403353 0 8aXa 2
000000001574 000000403374 0 ?sYa jo
00000000158B 00000040338B 0 ->GXXX B
0000000015A0 0000004033A0 0 maYYa_b
0000000016D9 0000004034D9 0 DY,3X
000000001ACE 0000004038CE 0 ]1XXX
000000001ADD 0000004038DD 0 p#ywX
000000001AE8 0000004038E8 0 aXYa
000000001AEE 0000004038EE 0 dY/ x5
000000001AFF 0000004038FF 0 |ZaYa_bX
000000001CEB 000000403AEB 0 FMc> _
000000001CF9 000000403AF9 0 /aXXX_b
000000001D3F 000000403B3F 0 =YXY "9
000000001D51 000000403B51 0 yXXaXY_b
000000001DD2 000000403BD2 0 4YXaa
000000001DF4 000000403BF4 0 NdYXXY ,=s F_l:YYY_b
000000001E60 000000403C60 0 XYY R
000000001E70 000000403C70 0 8kYYY_b
000000001EBB 000000403CBB 0 mzX C
000000001EC7 000000403CC7 0 sYXaXY_cX*
000000001F3F 000000403D3F 0 80KGXaYX
000000001F50 000000403D50 0 |CYX ?
000000001F66 000000403D66 0 ,raY rb"~ X
000000001F77 000000403D77 0 ]ubYY -C
000000001F97 000000403D97 0 /YYXa
000000001FA3 000000403DA3 0 _!QY
000000001FBD 000000403DBD 0 bY ER
000000001FCD 000000403DCD 0 <aYaY
00000000201A 000000403E1A 0 XY MN
000000002025 000000403E25 0 dYa [
00000000203F 000000403E3F 0 3 YX
000000002056 000000403E56 0 vXaX
00000000205E 000000403E5E 0 WaXaaaX
0000000020B1 000000403EB1 0 BiYY !
0000000020CC 000000403ECC 0 'faa bQ>c
0000000020E3 000000403EE3 0 jYYa
0000000020F0 000000403EF0 0 4XYX
0000000020F6 000000403EF6 0 z\faYXXX ,
000000002103 000000403F03 0 )&oZX
000000002128 000000403F28 0 bYY k
000000002133 000000403F33 0 *<YaXYY
0000000021B4 000000403FB4 0 QXX n'8
0000000021D1 000000403FD1 0 e gu
0000000022F4 0000004040F4 0 F(.|T
0000000023E0 0000004041E0 0 z0k'T
0000000025F1 0000004043F1 0 ?x"(BmfZ
0000000027E4 0000004045E4 0 XrXVp
000000002990 000000404790 0 ZsiGdAp
000000002B2D 00000040492D 0 Q[xYs
File pos Mem pos ID Text
======== ======= == ====
000000002D05 000000404B05 0 wbZ*X
000000002DEC 000000404BEC 0 'qe Z
000000002E38 000000404C38 0 RB::oGK
000000003079 000000404E79 0 UsOPfrQ[
000000003106 000000404F06 0 4y_\z
00000000321A 00000040501A 0 7}fd@
00000000333F 00000040513F 0 \%WA1
00000000347A 00000040527A 0 +J _"m
000000003567 000000405367 0 =zioS
0000000035E6 0000004053E6 0 hq.(kp6C
0000000036B4 0000004054B4 0 +~4Ks
0000000036F6 0000004054F6 0 /f(k?
0000000037DB 0000004055DB 0 S#Ft]-
00000000384C 00000040564C 0 V4*ui
000000003889 000000405689 0 lncOoW
000000003A75 000000405875 0 c23:J
000000003A7B 00000040587B 0 n!pd|
000000003C01 000000405A01 0 TZY+*
000000003C9B 000000405A9B 0 xKtHg
000000003CF9 000000405AF9 0 ;)3+=)8
000000003D0D 000000405B0D 0 /kL B5W
000000003E25 000000405C25 0 !aOLM
000000003E42 000000405C42 0 r_jlX
000000003F5B 000000405D5B 0 WG4zT
00000000428D 00000040608D 0 i_{;U
00000000439B 00000040619B 0 ka_rH
000000004475 000000406275 0 anL#/
00000000448D 00000040628D 0 zd;.%k
000000004785 000000406585 0 xJ@Fu
000000004A30 000000406830 0 \b.![}
000000004AB5 0000004068B5 0 -SGE)
000000004CBD 000000406ABD 0 0/:[K<U
000000004D26 000000406B26 0 f9rlSu
000000004DBE 000000406BBE 0 H=@ R-
000000004E00 000000406C00 0 k1vJ%
000000004E3B 000000406C3B 0 u;ut7.TcJ
000000004EF2 000000406CF2 0 Uw(VEB
00000000505F 000000406E5F 0 P_l\?
0000000050FD 000000406EFD 0 \wf2M
000000005188 000000406F88 0 Y6$o{E+
000000005190 000000406F90 0 qD:q@
000000005216 000000407016 0 12Z a
000000005230 000000407030 0 q'~NbZ
00000000552F 00000040732F 0 sF&$x
00000000557E 00000040737E 0 Kn}c-
0000000055A6 0000004073A6 0 Z_~5@
000000005630 000000407430 0 !N}7!
000000005810 000000407610 0 o:zp
000000005AC4 0000004078C4 0 ;CR?8
000000005B73 000000407973 0 -HF>g2K
000000005BA0 0000004079A0 0 $WeZEcs
000000005CBC 000000407ABC 0 ~:7{Jv#
000000005D20 000000407B20 0 2z R\
000000005D26 000000407B26 0 sHy4*
000000005DB4 000000407BB4 0 6c APV
000000005EBF 000000407CBF 0 5ZW,1#
000000005F6A 000000407D6A 0 n)n1aXz
0000000061D4 000000407FD4 0 v2.0.50727
0000000061F8 000000407FF8 0 #Strings
000000006218 000000408018 0 #GUID
File pos Mem pos ID Text
======== ======= == ====
000000006228 000000408028 0 #Blob
000000006AD1 0000004088D1 0 Ploutos.exe
000000006ADD 0000004088DD 0 Ploutos
000000006AE5 0000004088E5 0 mscorlib
000000006B07 000000408907 0 <Module>
000000006B10 000000408910 0 .cctor
000000006B17 000000408917 0 CompressShell
000000006B25 000000408925 0 Object
000000006B2C 00000040892C 0 System
000000006B3F 00000040893F 0 Module
000000006B46 000000408946 0 System.Reflection
000000006B58 000000408958 0 GetLenToPosState
000000006B6D 00000040896D 0 BinaryReader
000000006B7A 00000040897A 0 System.IO
000000006B84 000000408984 0 Stream
000000006B8B 00000040898B 0 Assembly
000000006B94 000000408994 0 Encoding
000000006B9D 00000040899D 0 System.Text
000000006BA9 0000004089A9 0 get_UTF8
000000006BB2 0000004089B2 0 ResolveEventArgs
000000006BC3 0000004089C3 0 get_Name
000000006BCC 0000004089CC 0 GetBytes
000000006BD5 0000004089D5 0 GetString
000000006BE4 0000004089E4 0 GetTypeFromHandle
000000006BF6 0000004089F6 0 RuntimeTypeHandle
000000006C08 000000408A08 0 get_Assembly
000000006C15 000000408A15 0 GetManifestResourceStream
000000006C2F 000000408A2F 0 .ctor
000000006C35 000000408A35 0 get_Length
000000006C40 000000408A40 0 ReadBytes
000000006C4A 000000408A4A 0 IDisposable
000000006C56 000000408A56 0 Dispose
000000006C68 000000408A68 0 Buffer
000000006C6F 000000408A6F 0 BlockCopy
000000006C79 000000408A79 0 Array
000000006C7F 000000408A7F 0 DecryptAsm
000000006C8A 000000408A8A 0 sender
000000006C93 000000408A93 0 ResolveResource
000000006CA3 000000408AA3 0 CryptoStream
000000006CB0 000000408AB0 0 System.Security.Cryptography
000000006CCD 000000408ACD 0 RijndaelManaged
000000006CDD 000000408ADD 0 MemoryStream
000000006CEA 000000408AEA 0 ReadInt32
000000006CF4 000000408AF4 0 SymmetricAlgorithm
000000006D07 000000408B07 0 CreateDecryptor
000000006D17 000000408B17 0 ICryptoTransform
000000006D28 000000408B28 0 CryptoStreamMode
000000006D3E 000000408B3E 0 BitConverter
000000006D4B 000000408B4B 0 ToUInt32
000000006D54 000000408B54 0 ReadByte
000000006D5D 000000408B5D 0 Exception
000000006D67 000000408B67 0 Decrypt
000000006D73 000000408B73 0 modPow
000000006D86 000000408B86 0 MethodBase
000000006D91 000000408B91 0 GetEntryAssembly
000000006DA2 000000408BA2 0 LoadModule
000000006DAD 000000408BAD 0 AppDomain
000000006DB7 000000408BB7 0 get_CurrentDomain
000000006DC9 000000408BC9 0 ResolveEventHandler
000000006DDD 000000408BDD 0 add_AssemblyResolve
File pos Mem pos ID Text
======== ======= == ====
000000006DF1 000000408BF1 0 ResolveMethod
000000006DFF 000000408BFF 0 GetParameters
000000006E0D 000000408C0D 0 ParameterInfo
000000006E1B 000000408C1B 0 Invoke
000000006E22 000000408C22 0 Int32
000000006E32 000000408C32 0 STAThreadAttribute
000000006E45 000000408C45 0 State
000000006E4B 000000408C4B 0 ValueType
000000006E55 000000408C55 0 Index
000000006E60 000000408C60 0 UpdateChar
000000006E6B 000000408C6B 0 UpdateMatch
000000006E77 000000408C77 0 UpdateRep
000000006E81 000000408C81 0 UpdateShortRep
000000006E90 000000408C90 0 IsCharState
000000006E9C 000000408C9C 0 OutWindow
000000006EA6 000000408CA6 0 _buffer
000000006EB3 000000408CB3 0 _windowSize
000000006EBF 000000408CBF 0 _streamPos
000000006ECA 000000408CCA 0 _stream
000000006ED2 000000408CD2 0 Create
000000006ED9 000000408CD9 0 windowSize
000000006EE4 000000408CE4 0 stream
000000006EEB 000000408CEB 0 solid
000000006EF1 000000408CF1 0 ReleaseStream
000000006EFF 000000408CFF 0 Write
000000006F05 000000408D05 0 Flush
000000006F0B 000000408D0B 0 CopyBlock
000000006F15 000000408D15 0 distance
000000006F1E 000000408D1E 0 PutByte
000000006F28 000000408D28 0 GetByte
000000006F30 000000408D30 0 Decoder
000000006F38 000000408D38 0 Range
000000006F43 000000408D43 0 Normalize
000000006F4D 000000408D4D 0 DecodeDirectBits
000000006F5E 000000408D5E 0 numTotalBits
000000006F6B 000000408D6B 0 BitDecoder
000000006F7B 000000408D7B 0 Decode
000000006F82 000000408D82 0 rangeDecoder
000000006F8F 000000408D8F 0 BitTreeDecoder
000000006F9E 000000408D9E 0 Models
000000006FA5 000000408DA5 0 NumBitLevels
000000006FB2 000000408DB2 0 numBitLevels
000000006FBF 000000408DBF 0 ReverseDecode
000000006FCD 000000408DCD 0 startIndex
000000006FD8 000000408DD8 0 LzmaDecoder
000000006FE4 000000408DE4 0 m_OutWindow
000000006FF0 000000408DF0 0 m_RangeDecoder
000000006FFF 000000408DFF 0 m_IsMatchDecoders
000000007011 000000408E11 0 m_IsRepDecoders
000000007021 000000408E21 0 m_IsRepG0Decoders
000000007033 000000408E33 0 m_IsRepG1Decoders
000000007045 000000408E45 0 m_IsRepG2Decoders
000000007057 000000408E57 0 m_IsRep0LongDecoders
00000000706C 000000408E6C 0 m_PosSlotDecoder
00000000707D 000000408E7D 0 m_PosDecoders
00000000708B 000000408E8B 0 m_PosAlignDecoder
00000000709D 000000408E9D 0 m_LenDecoder
0000000070AA 000000408EAA 0 m_RepLenDecoder
0000000070BA 000000408EBA 0 m_LiteralDecoder
0000000070CB 000000408ECB 0 m_DictionarySize
File pos Mem pos ID Text
======== ======= == ====
0000000070DC 000000408EDC 0 m_DictionarySizeCheck
0000000070F2 000000408EF2 0 m_PosStateMask
000000007101 000000408F01 0 _solid
000000007111 000000408F11 0 SetDictionarySize
000000007123 000000408F23 0 dictionarySize
000000007132 000000408F32 0 SetLiteralProperties
00000000714D 000000408F4D 0 SetPosBitsProperties
000000007165 000000408F65 0 inStream
00000000716E 000000408F6E 0 outStream
000000007178 000000408F78 0 inSize
00000000717F 000000408F7F 0 outSize
000000007187 000000408F87 0 SetDecoderProperties
00000000719C 000000408F9C 0 properties
0000000071A7 000000408FA7 0 LenDecoder
0000000071B2 000000408FB2 0 m_Choice
0000000071BB 000000408FBB 0 m_Choice2
0000000071C5 000000408FC5 0 m_LowCoder
0000000071D0 000000408FD0 0 m_MidCoder
0000000071DB 000000408FDB 0 m_HighCoder
0000000071E7 000000408FE7 0 m_NumPosStates
0000000071F6 000000408FF6 0 numPosStates
000000007203 000000409003 0 posState
00000000720C 00000040900C 0 LiteralDecoder
00000000721B 00000040901B 0 m_Coders
000000007224 000000409024 0 m_NumPrevBits
000000007232 000000409032 0 m_NumPosBits
00000000723F 00000040903F 0 m_PosMask
000000007249 000000409049 0 numPosBits
000000007254 000000409054 0 numPrevBits
000000007260 000000409060 0 GetState
00000000726D 00000040906D 0 prevByte
000000007276 000000409076 0 DecodeNormal
000000007283 000000409083 0 DecodeWithMatchByte
000000007297 000000409097 0 matchByte
0000000072A1 0000004090A1 0 Decoder2
0000000072AA 0000004090AA 0 m_Decoders
0000000072B5 0000004090B5 0 ConfusedByAttribute
0000000072C9 0000004090C9 0 Attribute
0000000072D3 0000004090D3 0 ___.netmodule
0000000072E1 0000004090E1 0 Ploutos.Properties.Resources.resources
000000007308 000000409108 0 Ploutos.Panel.resources
0000000075D3 0000004093D3 0 Confuser v1.9.0.0
000000007632 000000409432 0 _CorExeMain
00000000763E 00000040943E 0 mscoree.dll
000000007B83 00000040A383 0 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
000000007BBC 00000040A3BC 0 <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
000000007C07 00000040A407 0 <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
000000007C49 00000040A449 0 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
000000007C81 00000040A481 0 <security>
000000007C91 00000040A491 0 <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
000000007CD7 00000040A4D7 0 <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
000000007D1E 00000040A51E 0 </requestedPrivileges>
000000007D3C 00000040A53C 0 </security>
000000007D4D 00000040A54D 0 </trustInfo>
000000007D5D 00000040A55D 0 </assembly>
000000007323 000000409123 0 Can't Read 1
00000000733D 00000040913D 0 ___.netmodule
0000000078A6 00000040A0A6 0 VS_VERSION_INFO
000000007902 00000040A102 0 VarFileInfo
000000007922 00000040A122 0 Translation
File pos Mem pos ID Text
======== ======= == ====
000000007946 00000040A146 0 StringFileInfo
00000000796A 00000040A16A 0 000004b0
000000007982 00000040A182 0 CompanyName
00000000799C 00000040A19C 0 Ploutos
0000000079B2 00000040A1B2 0 FileDescription
0000000079D4 00000040A1D4 0 Ploutos
0000000079EA 00000040A1EA 0 FileVersion
000000007A04 00000040A204 0 1.0.0.0
000000007A1A 00000040A21A 0 InternalName
000000007A34 00000040A234 0 Ploutos.exe
000000007A52 00000040A252 0 LegalCopyright
000000007A86 00000040A286 0 Ploutos 2013
000000007AAA 00000040A2AA 0 OriginalFilename
000000007ACC 00000040A2CC 0 Ploutos.exe
000000007AEA 00000040A2EA 0 ProductName
000000007B04 00000040A304 0 Ploutos
000000007B1A 00000040A31A 0 ProductVersion
000000007B38 00000040A338 0 1.0.0.0
000000007B4E 00000040A34E 0 Assembly Version
000000007B70 00000040A370 0 1.0.0.0
=== DOWNLOAD ===
Mirror provided by vx-underground.org, thx!