Sample details: 03968c19d136ce6048c889c4f7cf2c7e --

Hashes
MD5: 03968c19d136ce6048c889c4f7cf2c7e
SHA1: 8079ab7949a6b8ade0c5e83fd2551f6328dc00d7
SHA256: 4a2425d47015c457e0fe3c5b58d725c4d0152c11c268028d0d2f353d61120d11
SSDEEP: 1536:ANBaHtHyedS4ldn3XU1ZD66BFAdSHdQ6bSIjzRUG6Kw5XIh4CPV3C:ANBSHld73UXD66BmdSq6bRi+w54h4qc
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot |
Source
http://nitindhanji.com/zdz7zb/
Strings
          	            !This program cannot be run in DOS mode.
;<Ii4aI
;<IRich
`.rdata
@.data
@.rsrc
fffff.
D$,;D$0u
L$(+D$89
D$H`&@
D$ ;D$$r
NIq+L$
D$ u:#'
D$8@Xf[
L$$5HN
T$`-r:
fffff.
fffff.
D91wXri1UWgBi.pdb
=rl5*FB
/J2gG~9
2*_0&\/
 V$31j
N/)^\g
3*_0&\/
&FebQX2r
#6?vNc^
#*?6NG
@5EebQ
9**nh%
,@daPb
ULon#_
mk4$CU
Cda:;8qk
{/RRg{
A,#V7F
9N,qkfj
OYULon
:=EebQ
^Lonmo
dLonGp
[LonQq
&#ULtn
dLon*r
rEebv.zr
?8ULtn
rEebP-zr
Eeb<.zr
8RULwn
bX<:rr5
(mEkbQ
^Lonmt
6mEkbQ
^Lon*u
b!W:rx5
,@mEobQ
GmEmbQ
Eeby2zrO
sRmEpbQ
b1o:r}5
ZmEmbQ
5q A,(
2z_Ecv
2d_/cl
!"qFeb
m5Y{@+")
ykDdaQ
(rjDda
ujweG^Dn-)^
t@+#V;
;YMhbQ
G^Dn3*_
"VBebQ`
OYULon
#oHu* 6
z2*_&c
mj[	:T
J.,ZIx
-|c-"5
t^puQ$Q
	m	$Bg"
un F[;
{+;_kL
g?q6GC
xMnVX'
1CrEYmG1
o`J\d>N
*S9=yQ
.<u1fz
 c"M)*#
0Z8B,$
wr=vu{
Ll]<{=c
x3'}%G
*\q\Li
ShellAboutW
SHELL32.dll
RegisterRawInputDevices
GetForegroundWindow
ReleaseDC
GetMessageA
USER32.dll
SetSuspendState
POWRPROF.dll
GetFontData
GetWindowExtEx
GetGraphicsMode
GDI32.dll
memcpy
wcscpy
ntdll.dll
RpcServerUseProtseqIfW
RpcMgmtEpEltInqBegin
RPCRT4.dll
GetCurrentThreadId
GetCurrentProcessId
FindAtomW
GetAtomNameW
GetUserDefaultLCID
ExitProcess
KERNEL32.dll
OLEAUT32.dll
PathIsSystemFolderW
PathIsRelativeW
PathAddBackslashW
PathRemoveArgsW
SHLWAPI.dll
midiOutPrepareHeader
WINMM.dll
RasHangUpA
RASAPI32.dll
_vswprintf_c_l
msvcrt.dll
CertFreeCertificateChain
CRYPT32.dll
A/^l:o
6Tc"M)*
p:E%A>T
4)3PUf
j*%~'d
U }jEX
RVU96/
V,Bv7J
/5G]>>
W;z9'(
5"bx(In
O{<+4P
fTLsF+
AQcM3?
@Pxj[J
2]>MHC
)^|q8(
@1EUf<
-=SP"b
j5+Msh
<Z1Z'6
|%0rWbJ
I6CS%c
*#|m2y
B&)"%CHS
#4L_EB
h$%kM#
cUp$.3
_Xkt3hh
5+dl0s
?2q%{^
Wg(Gd]
Zqw_K6
}^W5'5
Jt++Qz
D/whp!S_E
7C,dVo
g&@ZQ3
K3K$V|
qRt/OhC
#%klu"
F#5lhv
qR=eI+
MYQ	<F
E%>##r
Y0qw_K
FSRs)j}
Oano<4
g9j9Nz
e8=Q\$k
d-O6DKPL
p><6=3R
9uZ?@K
6#N3"p
7tlpYs4#~~
HASpAl
), ha#
VAy1p!
;(Z>0;"
k*!6aVV>
!V3 0c
"/eKAa
module{Regis{
=$EB	\
LMgthX
"""" p
""""r p
'""r"r'"'""r 
"'""r"r
wwwwwwwwwwwwwp
fhpr"w
"""z*r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
</dependentAssembly>
</dependency>
</assembly>