Sample details: 12ddc42c2502ad0616fd3c94c15e38ec --

Hashes
MD5: 12ddc42c2502ad0616fd3c94c15e38ec
SHA1: ba2aeae96ec905774ce11b4549255ea4c1ef5a68
SHA256: 5f769d26197fc6e8d915edca7045e02eab396fe0fee1b9514d8e6be47f97c16a
SSDEEP: 12288:SlXhUYQqzNFxDYJDcwvucXh9oDMzyZwkQ:sXh1QmmJNXcMzyZw
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/win_registry | YRP/suspicious_packer_section |
Source
http://andigermaster.com/nino/krong.mdf
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
wknjrt34NfseHdgfM111
1ocFddr
rtu{lPrutecf
onmaJVieMOfF3le
Get_odu6eHa,dle
_teTgle[
u p1jgrbh cRgno?!be#vun#kn 
nx`@su
"QWjm:3
J8$d6X$h
`@sNSh)
^5`@C*
L!h'[@
u@C7MhK
E{[RP,f
U/$RP4F
n%`@sN
*Wj}#3
QW#lL$C
E+Y^[*
wt$cwt$cP
F[`@CFVW
:$Ppa5
~gu@CX
.D`@3+E
Q2#0v3
u@3	lh{|@
R#sD$kuC
-}t${|3
nqa@sv
Ao	9i}t
,QRrL@Q
SQ!FVU
]_%ZX[
SbQUW^
s5@p#(
nD;}m@
Kjn4Tm 
=B ?Wui
De=Tbe
Wq oWui
De=Sbe
3NhnOWq 
8dvZ]d
_RtQlmg
St1Egr,
@P:*dlW
0Bl"5rD^.rA3
:suC@hGN0Ce
fbe1;fi@0qy#2np
OA#G-dWc
l^ht}hqSZifl
FeOEnmV_md
K;`p?;rtAix
He"4Br
:sM$`tl
:sEM:mt
djCD/mt
@.daO_Dv
lsO/ke
GeOA`sO@qrT/
ksO.bmCkV
^se=kke,
0`b'_Si
_sFJ`dAOHqiQ/se
`fQN7qy
17fOC7mK
]re87x
@UA3K22U7kl3
66lcS:
MtvboV
QtG>sSOcsu@
nDT1DrQ]q
Yw0hns
cse 7bt
Wlb@Fnw
dnc0ncN/rT
/xIU3nr
xs?glIUjnr
PaO9EiU]Dx
[sh}3md~Hse
OaO4BoV^hn
RtA=gr2
[sh=3md=3ke5[le
,dn#.nc
ViQ,taW
qo?gbt
<[sC>*qe58Or
ls/*ke%?
DxC^md
]uiQ`mm^asS?-hn
]md~`uiA`mm
`sS/-hn\-V
KoP_kF
ReO;md4fEi7[
)da?YCi1Ybt
YEi1,sFJ`dA
2md@`ns
=3md5gwt=3keB
lsO/bpJ
ReO;hl^
niU)dr
-sE1/nr
W-srP_oi
-3qtN[kA
ks?.bp*2@
FeO:hlN
`oPb(gA
44dn32nc
,mv^1sS?1hn
0hpO,qA
6UaG7dE;C
teQ;Ua
fS^6UaW5dEK
,qiO:Bo>+s
nk^*HnM)qm
!_fOC_mK
0dV"(tel
`)dlW@we
<ha7,ye
haW+ye><
6xV*6su
(Le6)qyC
G`.;H0]
7sA8GsL$
>]A&?[_%#Z
]d+i)H
~S6AC$
Sv>lC.
/i=iNS
Mqdbrs
<#(bS'
;utG!5WUOe:
S~,AWf
h'TR"A
Mi5dW-
]}LjgM
*J*?Zz
d%!M"0[
tYl"b"7
,-rMYSL
S*0?!	n
THPlp",
Gp@)tMz
MST"=/g
k~!u.2
<rNg$.
:@01'A
e	8oi7
\:l.?#
d;u>!A
=`Oz(Xd
j^	yAP"
NXJxs0
L(#o2_
DpGcrY6
L:8Wc]
gMACW3
dHG&}[a
bUVpS]" 
FsY:L$`_
]R^4#d
Yrm1Ji
!~@bsE<
f?KT-R
:4>^k"[k
uhyTcy
jcqK$$n
N'-	--TBo
>r	VeJ
DSmM S7
=Y'(RF`
H&.7hy+
#m.8#S
^5d$|"-
.=;Brue
(F#}Au
5	>8Q-
O|	ie@"
u,J}hz~
6[x1(,)
(o{I4h
JxJJ!hk0D
 uY$$$
p*Z/eb
E^&YU`
&Gg,KnX
)GHb83[
&*9AJN
w>Os"n
<8g2SX
U!bEg3
THU_?b%.
]~d|RF
-;JYD|)X"24
WIK.!y
WLO!>X
5;6hkF
_4x%Vg
5_q0N9
6&m7-c
HS{<fg3b
nM	"Ho
>9j%NL
i@6I&Pn$
Hfd;&N
AqIuXlO[tH
VS4*'D
3EwUaF
;w'(8fTf
7Pt|xl
q<D=l7
/H 2j3
uj=C"O
1j.X&-Kwm
7\?2qd
",_'H e1
7hFPb<
=/((j` R
h8IsmA?
o4U=*n
>8HXT('}[
fDdXBl
=B]yLW
):n2Qx@
mO%h3,
AUp2V:
VTmc)R
=<YW\\
P45itv<
W	bH_,
gnQOujG
P>xCDKH
^nw8RK}e!> +(p'
>{r\Q	s
-/}A{q
5IweyT
jtMx>n
0 ]Ce+
XA-mzz@@
`=pgy*U
rD!2d@V
!@2fEf
K!a=p%
hB"`+u(}
|o<o	O
d9PcE6\FG}NRC(KA*%
pzQn_v
qC80vo|
|6=6q}*
h&Zh*r7z
W	!7<$
zT>%.q
9S'v%L;`
*|Rr!No
+5X]wA
h\Pn{0
Lus?<E
)hcfe5
|m~(/_TG
?f+)]^
8U(\^2C
D}C~<q'
!xq+\&]
w0"D{"
7p#<7 
Z	tyXq
`.S4t!
i=|ys[
}	pZ`r
A~BHM_P
oe\'5Cc
rPS7YH
!1L%?G
H(FCCX
}"<3qX
T03aP~
}s7r!7Uq
OljC	w5
SeG/1\h
NxLOR&
r {Q9j
P~yxu#
p UhA)oW
{l0Dc^5(
MUiI~E_
"l!cLns
`@T%VtE
$Fm+F:
'DHB&d
U"dBN_
TK hKa)
&QjL3>'
XxXM4f[SG
>P"5:x"
yZ~_*vj
WR$}(X
khBA]4
^?=YI4
sY9?;|A
(7A!nl
XIxQlk
|^1 t@
JtCx[["*
@O@RM" 
a6L_HS
~":ab$">
E"j	?P2
oQ>`nyzi
{Y=h+U
<})LRg
~4H3)h
+u?uAk
at[fBF_W.
R	OK{T
k7EK:#
<DXbHB
	~Ah:4
B2R`O	
<WX	x5
t]k]@Y
wuv4#m
'r:Dg,ya
t.IBxQ
Nv=G>zMEWzk5uz
rC;KvN
v9G:z]E|z
2r"p/vzxGz
uFzmqX~Lsw~
p+:52PS~
["9,=2k
4:6M(Y8a
1"?9c%
zFENzTtX
I-Zcuk
E##189
u#7wJyaj_
$91q==;y!H
B:vm	r)
%<	v#T
|]+'so$6
:U7eQ>%
*NXDTB
HvS@hgd
u5daOO>
Q:loPIU
OH#pxT
AVL\_p3
D}kuWur
f$1]C|y
S\j_l%x
k	tM@S
-;$CgC@
?9PoyBJ)
#JXRZ+
&-/*m$D
7,NAZv
<2A	60F
^w7/e#
^XGCM"
q9GKck!
M!lO0e;
6|Mz!b
^K29-p`!
=.K+2MI
M2pi(Q0`
[w:?Ws
wM;(BB
YvO1ng
%hromh
K3 N+F
`NTH:CFS
'C;:C[H
>Yci>I
Q&?UuI%cW
yq+2bwO~1
64_pC"
;fP$a|
fRN;mm
kj$q0j		
5ehnA	
a.*8 ^g
.n/S,6W
y+I313&
i@/W55
$>H_:vC2
YI$LY,L_l'
F0*Tc-Wo
MA? 65i
+27"M7J
7G7Gyl
e}It;$
m1t#.=Z 
RB	rKM`
q$>M?@
&| -hq
>LFq9F
CI{1{e
[Lf)1>#
-0Qw3u	zpFq
dH>PMJ
G02H3'
E}q1D2
rG;GZU
.~iG's
X7@%`c
dY9_+$*N
,'/hl&
&^!3G@
v|E_DxQ
-r?:tD
]/UIz]
2[KKDB8=
8C{j7M5H 
;Eogsb=
BlW_07
 =/mcZ
Gr:V=;
1$Ep"#
hGu2yU
w=IJ\'@
Ws$8Fg
^V 98!#
%vfi0$
r^67@_
'FsJR1
HcLum1J
lUQIMV
Ih!6u6
|oHROO
',PWd%
87i+tq
U7cKKsn
mtIH [
UtY[&?
o{_f*P
^;]Be?S
s4@hNWX
n6#FiSR
-Z4p4-
+n82g,s
BFjaP@
#H<Ys4
5]:PwOP
fe<*~x~F
@BVDJE
%\<BgY(
pU$F#:
9z(@9y
3XJ"c=	
ne=_	l9
~&VZ=:
W[,8**
KxSH5D
i+BAL1
+"J <C|
o;1WQvfR3
)N@(O%
O`v0=C
ypM[3Y
"oXE8`
?6phvD@3u
 1< Az
2Y)nE,
~CCNzn~
tA$>VG
Bne*3j
K6*?\E
NF=iW3
|7Yh"7
jK3mi[
zATt^=
V6PfIJ
3d:Ipy	
+3%.qg
v/IuD+
t&|u`|R
v	+?+4
[/sI>D-
dpdNjy=7
-S]s?+
QV>o>"
{qh;]i
D2,Eg#
[]ITK`
	 Gp`Mv]
;/Kh*hr
kdq@=H
&!D\+0S
w'+}**
VGFv7Y(
V.T=TK
DDLpVbA
~vS!V!
;=7x	B
<+;K.Ff
woojc}
`e)2q7
#,$;#84
NAu'fh
N22nXg
-w0k)}
H8Xl+:L
:_oW,y
4$)QaBI.
<{auk=
( S*rD`N
&p%]9~
]E6	P+
Api$>h
Lh4l	%y_
/%SiJ.
O/dHCP
esj}u9
C&3r"B
[s/Lw#
3Lj!0-
gi:OUiQ
YQqbI,
ep:X;PTF
i}{Jf!
1|ckAzm0
"=;#5o
]vdX-H
Cy!&	m
VWD&ZR
4uD>#wRe
IJ@h >
RaQedeM
oC/js?;n
4D;pKL
!HZla"*;
hXAKy8
8XA[y:
8YA_Y9
1H!`aH
-H	`]H
'd_|,K
@F;Y  
zXO*QN
cxR}]s
hS	%g@D
lzC&#R
t[n#A?
cL Tmu
S	Hp{&q{
3)Rvq++
d+	1	 l
gN`aw1
 9Wty1
cEU8x!AP
"#9{wXO" ^
:jD+ts
;K)xHZ
d6AF1Ng[
zuFE&/(
;Z	r>5
r02Fk?)
bp\r;E
	Ej|xH
8L'aw|
k^(rT	)
H;m.QK
O^-8{cG
.L6K<5C
z`x(Ed
<$ACHED
{cL	?)
TWo!Nc_Z
OUOpGh
1^x,1=
?K{p\|d:"
QYW"?I
+/v ;e
J2@h:4xV
^ZFX?mt
7xY:5^
\|]@<q
YEn${?H
54{dH'A],
;3irc2h0R
Hu7U9/)
GetModuleHandleA
GetProcAddress
LoadLibraryA
KERNEL32.dll
CharLowerA
USER32.dll
GetStockObject
GDI32.dll
RegQueryValueExA
RegOpenKeyExW
ADVAPI32.dll
Shell_NotifyIconW
SHELL32.dll
>qEn8|x
Fxt:iC
^G|~J]
dV?usGQ
b3_.6o
waYzi]+
O+r{pS
I[jZ_Ec
`$$.!S
VirtualAlloc
kernel32
pnkii2n
0+=<@NR@#A>.
SSqqsq;tyyNh
SqqqsKVryzyT3
SSqsssJtyyzze
KqqqsKXTyzzz
SSqqsqJtyyzt
SSqssNVtyzzU
SSqqSFIKyyy{
SSS?SOFKtw
1;<*>C:
1;<*>DF8
1;<,>DFSw
1;<)>DFi{
1;0$-DA}{
10/%.@f
/#7k4l
`o6IjJh
** -.O
*+!-,[
#'e=\`a
KMM78Q9<?N``
T@I	c-
8h9f:K)EY
R*XkBx
BBi5u7
S xN$bG
yq0m7+
:^D{N 
(I AG/
TXo6X4
ZsMU3:/
RJlv[,
g^_3t<|Z_
Wp@6:'
W@4S2"
RAOoHzz
Xo6PJ!
wGGFQ=
16j}{m
~X=Ns?$
wWYz7t
Q^0F),
ftX9>f
F36Zcv~
R0:2j"
5:1E@Q
R2Y	lZ
~~+J{&
AFGLcO'
y'%x@u$
1?_'MSZ
.8W@;V
=sEktk
HbV9wR
ICYH~sr-
6mbrrrx
coaWx-Wt
KX[A{v
%i&i')D
/,UPh\
OP[Asn
DkS*lM
piY~)p
R:4,>0L
gy@O"L
lRqyonI:U
{pPlXI
Z<%Fy>i&4
7=e{@y
("Cu$h
lXZS:Q
	})Lvv
ze"&!7X
xDcR7x
:D`>_0
pB2O=Z
	J/Bb$
Yv=B!%
Zdh)nKt
!\E;a#
RNL&SP
,!8z0-
XtC[E5
k*o\I@
@yz%<p
dtXY3aa
|\Ab3l
ah}/hq
o/h2\\
@tGFR0
][Kyci?
$vM<K+
`)FDhu
J5/g{i
T10aOC
0^o/Jh
C_r$Hc
Kig*McV<P]
0@&(Rip
 FbRJp
!-)-\vw.]xw0\uu
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="amd64"
    name="WinAbility.FolderGuard.FGKey"
    type="win32"
<description>Folder Guard Key utility</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="amd64"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
		<security>
			<requestedPrivileges>
				<requestedExecutionLevel level="asInvoker" />
			</requestedPrivileges>
		</security>
	</trustInfo>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
		<application> 
		<!--The ID below indicates application support for Windows Vista -->
		<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> 
		<!--The ID below indicates application support for Windows 7 -->
		<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
		</application> 
	</compatibility>
</assembly>