Sample details: 1dec1df99daf267f50821c261d3942e2 --

Hashes
MD5: 1dec1df99daf267f50821c261d3942e2
SHA1: c2c39a7b804795195c7c391d8fd09cf1ce2ebbdc
SHA256: cdfab644db1e6a0ad6e8159adb7e63ec0baa723573b175d58f14a6b505ba5e54
SSDEEP: 1536:HJ77tiwVXjy2NlUnNXUrE7XHoChlR18LMzKkmThva4iRnaHbXJVvGq:p/tPFG2NanNXUgk08iKkmThB0aHbXHT
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_V80_Debug | YRP/Microsoft_Visual_Cpp_80_Debug_ | YRP/Microsoft_Visual_Cpp_80_Debug | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library |
Source
http://fhasbargen.de/VOhhhbFXx/
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
c4D9Do*
.reloc
.code12
@.rsrc
@.reloc
D$0kML
D$05KT
L$(3L$(
+D$,9D$
L$D5pXZn	
fffff.
D$ Y{/
T$\+D$\
D$` f_L
D$D-wR
D$45UI
D$@5,N-&
D$<:\$7t
L$,iT$H.@
fffff.
E)05%d
ZCH2UB
97mt%~
C/A6jm
@kO BuU|q
c|.ZaG
SHAppBarMessage
SHGetDiskFreeSpaceExA
ShellAboutW
DragFinish
SHELL32.dll
PdhOpenQueryA
pdh.dll
JetDelete
JetDeleteTableA
JetMakeKey
ESENT.dll
LZClose
LZ32.dll
ImageList_EndDrag
COMCTL32.dll
waveOutUnprepareHeader
WINMM.dll
WS2_32.dll
SetJobW
WINSPOOL.DRV
StrStrW
SHLWAPI.dll
InternetSetCookieW
WININET.dll
DispatchMessageW
GetCursor
UnhookWinEvent
CloseClipboard
EmptyClipboard
USER32.dll
RasGetAutodialEnableW
RASAPI32.dll
RegSetValueExW
OpenSCManagerW
ADVAPI32.dll
SetComputerNameExW
CommConfigDialogW
SetCommState
GetSystemTimeAsFileTime
PeekConsoleInputW
FreeConsole
GetOEMCP
GetLargePageMinimum
lstrcatA
KERNEL32.dll
[p(,OF&
xVxne6
4p7iGh{E$
Gb9\&UJ
?cu\&UJN8Y
 F+gCuiV
&8A^2	
Q~;SE?%R
'vT`L>
g>f\m.
p}FSL7
$Mt{G 
)=GH[\
?+h2Q U
d9k}:K
RLbU~z{
z2`_)Oo
z-ruP,
Oo23b	
#)K<PY
a#aDX1u
2}u}Iq
4;BK}mI
Xy0,hD 
$I:.&?
r--jC>ak
}cXcl-
[kQ!e*IU
Z77%=px
gFb3,{
cLJf\Lb
w~@7W}	
3@G;nr
X^[6]{
_>n,QL
/7X)rL
=;QDKk
y~!:uz
{L\K=,X
=>EA{0
U'whx$
3&sFc-4
(1l"ueQ%E
B-R-(@
(6+k% 
j7JyLU^
4Rj^y\
,<m`sbY
~*XjUv
ps7Y*c
*+X~9M
Wnc!GV
n)K(QY
)ga9!M<R
(V4xT[G
E.idw)
Pn,o^A
\Yb0B1o
5%058"
`G<{@oq4
'vT`L>
Pnt_PA
IQSM3`
=wjab?
{L*4B!|
BJLF,Y
kEX?/<
Q~;CE?%R
4}SCX2
sf!s%O
0edmD7
JERJERB
ERJERWGW
ERHERJW
JEREHE
REHJER
\system32\ntoskrnl.exe
Zkal@magl.com.pdb
/>c>t>
3$3*30363<3B3H3N3T3Z3`3f3l3r3x3~3
>$>(>,>0>4>8><>@>D>P>T>X>\>`>d>h>l>p>|>
? ?,?0?4?8?<?@?D?H?L?X?\?`?d?h?l?p?t?x?