Sample details: 0d92cadd6a309f9a461cd0690daac0d3 --

Hashes
MD5: 0d92cadd6a309f9a461cd0690daac0d3
SHA1: 542ccdf59b815ef3c4aa991b7903291f125b2282
SHA256: 3f2e404786029b5ee444c4adeb0c898f1b2f26a9172a215780b125b4a8f19d01
SSDEEP: 6144:DKw7aoJr+lF5iwQF8EZw6kZehhCk/pkNfbMXxaZB2l:DKwGq+BiwTl6BtWUl
Details
File Type: PE32
Added: 2019-10-09 13:49:30
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation | YRP/TEAN |
Source
http://smoketravkueveryday.tech/klop.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
J+J|t	
j7h`rA
URPQQh
;t$,v-
UQPXY]Y[
^$+^8+
<et	<pu
W8^.u:
W8^.u:
rr	jrZ
rr	jrZ
< t1<	t-
YYhXrA
<xt"<Xt
Wj0XPV
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
xg;5h{H
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
x7;5h{H
x7;5h{H
v	N+D$
v	N+D$
xicenaperi
kernel32.dll
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
[aOni*{
~ $s%r
@b;zO]
v2!L.2
IND)ind)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU
333333
?333333
?UUUUUU
?$rxxx
UUUUUU
?333333
?333333
?UUUUUU
?$rxxx
RUUUUU
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
1#QNAN
1#SNAN
?ZEM-'^
?{yK+;
?765@Z
?e')lW
i^^?(>
Y:/(A6>
_hypot
_nextafter
?5Wg4p
"B <1=
C:\jiruvapa_tebijikesehefad-tof41-fahabexelozamanuwece.pdb
epuziburu.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.tls$ZZZ
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
GlobalUnlock
LocalAlloc
VirtualProtect
VirtualAllocEx
HeapAlloc
HeapWalk
GetShortPathNameA
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteAtom
LockFile
GetFileSizeEx
RequestDeviceWakeup
GetFileTime
GetSystemTimes
PeekNamedPipe
CreateMailslotW
lstrcmpW
lstrlenA
OpenSemaphoreA
LoadLibraryA
LoadLibraryW
GetModuleFileNameW
GetFirmwareEnvironmentVariableW
FindResourceExW
EndUpdateResourceW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetCurrentDirectoryW
CreateDirectoryExA
DefineDosDeviceW
GetFileAttributesExW
DeleteFileW
CopyFileA
IsBadStringPtrA
GetDefaultCommConfigA
FreeUserPhysicalPages
OpenJobObjectW
QueryInformationJobObject
ReleaseActCtx
GetCalendarInfoW
SetCalendarInfoA
EnumDateFormatsA
GetUserDefaultLangID
ReadConsoleInputA
AllocConsole
KERNEL32.dll
ReplyMessage
SetClipboardViewer
ToUnicode
GetMonitorInfoW
USER32.dll
ClearEventLogA
GetNumberOfEventLogRecords
ObjectPrivilegeAuditAlarmW
InitializeSid
AreAnyAccessesGranted
DeleteAce
AddAccessDeniedAce
SetSecurityDescriptorControl
GetFileSecurityA
GetFileSecurityW
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
GetServiceDisplayNameA
RegisterServiceCtrlHandlerW
ADVAPI32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
GetFileType
GetStringTypeW
DecodePointer
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
LCMapStringW
SetStdHandle
GetProcessHeap
RaiseException
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
$BEWYU
0'0-0M0Z0q0}0
0b1j1v1
3"363P3^3n3w3
414=4N4S4i4n4t4
5/5;5[5`5k5
6/646N6Z6_6z6
7#7+787_7
8$858C8H8S8j8p8{8
9,989>9N9Y9g9m9
: :*:4:;:F:N:X:a:g:l:r:}:
;";(;6;<;K;b;j;o;
?-?2?7?X?]?j?
0M1`1s1
3'303=3l3t3
6=6Q6n6
6l7u7}7
8&818:8I8T8j8s8~8
9!9&9,969@9P9`9p9y9
0G1O1a1
4!4-4I4i4w4~4
5/575a5}5
6@6L6Q6V6}6
7!7-777I7N7l7
7U8o8x8
:N:k:v:
:	;t?}?
1T2X2\2`2d2h2l2p2V7r7v7z7~7
:!:%:):-:E:
;!;%;);-;1;
4&:[<c<
8O8V8|;5===t={=
?E?I?M?Q?U?Y?]?a?e?i?
='===O=b=
=G>\>e>n>
0#0[0c0|0
1'1-131
6N6S6]6b6m6x6
848;8G8Z8_8k8p8
9U9g9o9y9
:<;E;q;z;
0 01070B0J0U0[0f0l0z0
8:96:J:
<'<8<A<v<
1B1_2{2
>,>3>Q>
<0V0e0s0
1 1.1<1G1]1q1y1
4$515]5e5
6)757=7I7
Y0e0m0
031b1j1r1
4<4H4T4`4l4x4
5&575@5X5d5p5|5
616<6G6M6V6
727]7u7
=$>3>E>W>s>
?(?7?A?N?X?h?
0%2R2s2x2
5&6+61666
7E7L7W7e7l7r7
8B8[8j8v8
9#9>9H9d9o9t9y9
:#:(:I:Y:u:
;0;S;^;k;
<'=6=D=a=i=
=$>+>{>
?-???Q?c?u?
8'8S8q8|8
;0;B;o;
60+131j1q1v4
2=6@7Q749?9O9
4#404I4e4
1:1B1_1o1{1
383U3i3t3
4-4L4_4
7$8C8e8k8p8v8
>'>E>S>
080?0D0H0L0P0
2 2$2(2,202D2H2L2
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5
9 9$98><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
: :$:(:,:0:4:8:<:@:D:
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8
? ?$?@?`?
0 0@0`0
1 1@1`1l1
;0;<;@;D;`;d;