Sample details: 20495855f12481ca0d9b8b0d79e847dd --

Hashes
MD5: 20495855f12481ca0d9b8b0d79e847dd
SHA1: c66ecf25eebf15c4801087888d146be101b602e3
SHA256: 3b5e260a1db66a360c9e4c210fbccdb1aa197bffa4fd6344fff9ca9d21559566
SSDEEP: 1536:fFO1Nt+AF+2F8yZppMakhkwICS4AmFO+GP:td68yZLniOdP
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RijnDael_AES |
Strings
		!This program cannot be run in DOS mode.
RichTB@
`.rdata
@.data
@.reloc
WWWWWWWWj
!G(!G,
$VQRPh
jZf@Yf
PSSSSSSh 
SVu:W3
YYt@hH
OH_^[]
3^83^`3
3F(3FP3Fx3
3N,3NT3N|3
3V<3Vd3
~ 3~H3~p3
3^@3^h3
3F03FX3
3N43N\3
3VD3Vl3
^$3^L3^t3
v	N+D$
master_sk
decrypt_one_file
D:\re\rwdec\src\dec.c
file_decrypt_callback
dec_main
_vsnwprintf
stdout_hexdump
D:\re\core\src\common\debug.c
D:\re\core\src\common\system.c
is_ru_speak
0123456789abcdef
7 K;IE^X
,EEAP$DQ9,[6>bJF
`2(C'N_P
/F:`2T
00&0YS
EDbWQGcAU6";Z;=
M1?TW=F&IaH
"<IVc^8*)I2H\
"-T%QSDbWc4b-,,7KK*"F= W9E
3NMK_;
9&B\'_.@S
bSP;!" 
expand 32-byte kexpand 16-byte k
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
D:\re\bin\Debug\rwdec_x86_debug.pdb
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
SetEndOfFile
CloseHandle
CreateThread
GetModuleHandleW
CopyFileW
MoveFileW
GetStdHandle
CreateFileW
WriteFile
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentThread
GetProcAddress
SetThreadAffinityMask
lstrlenW
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
KERNEL32.dll
MessageBoxW
wsprintfW
SendMessageW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemInt
SetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetWindowTextW
USER32.dll
CreateFontW
GDI32.dll
SHGetPathFromIDListW
SHBrowseForFolderW
SHELL32.dll
GetOpenFileNameW
COMDLG32.dll
IsProcessorFeaturePresent
tU:Oks
d)UH#Y!
4&\.Ad
JIU<.u
iK~wm%
Ss?qM 
]G'OAK:J
{"all":true,"master_sk":"pFZaN/jar2rjbnp9OqZ+rlA91Pe5QrVxmOkDYAWAius=","ext":["5x1wfi82g","0e9y1","2p6ugb","385v367","51hso4c","6a253","76h1ioy9g","g57bd27f0u","k3qu9","lk15230","o6728b3l","p19pc7","q965e6fn","r5i03u6c2v","ri0o5l6670","1661l9l","m2w4i8","pr09wk4","5z4yqe7","ptpy31b82","84k5mc4y0","9j5fb","3k98c1v341","99xzc8jl","05gif0o8i","6m64fx2dc","3u3as8255w","57jy6","t7x72v","d163v7e1","51i8613r08","k0a1582e64","v3berrd","6fv9vhz44","t17y2vq82w","hsu0s8","28mv4eqbs","289o3qn","8rz93o0nxh","ogh804l","64759is6","4r261s","01b65xwn","cjbgll","0451x7cmzv","i3r4c9z7","9z10c37e0","021k8e0","c2835u9","0vdckkj","gv2e48nv","4h487","f9817209u5","l8p1w484"]}
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependency xmlns="urn:schemas-microsoft-com:asm.v2">
        <dependentAssembly>
            <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
        </dependentAssembly>
    </dependency>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
    <application xmlns="urn:schemas-microsoft-com:asm.v3">
        <windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
            <dpiAware>true</dpiAware>
        </windowsSettings>
    </application>
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
        <application>
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
        </application>
    </compatibility>
</assembly>
#010K0_0
1,1F1P1U1a1g1x1
122B2I2n2~2
373P3h3r3y3
4#4S4X4q4
5H5O5]5
6.6?6G6S6X6
7#7(7-74797E7V7\7e7k7s7z7
81888B8I8^8q8x8
:':-:A:N:X:s:z:
:";D;P;X;_;s;{;
</<6<><N<_<
= =%=C=T=e=m=
>C>J>^>m>
?6?_?m?t?
0$01090E0V0[0`0
171H1N1a1h1u1
2&2>2G2_2e2k2
3+3<3D3K3^3e3y3
404E4Q4]4i4u4
6#6,6H6V6]6
747C7I7Y7`7e7q7
858E8S8j8~8
9!9/9@9E9J9[9g9s9x9~9
:	:":7:>:P:g:m:~:
;!;&;0;5;;;F;_;u<~<
=,>@>N>u>
?3?<?B?G?V?\?k?q?
4#424f4x4
41585=5I5Z5_5d5u5
909W9q9
:#:3:9:M:e:l:q:
<(=/=4=@=Q=q=
>,>W>|>
272P2r2
2p3u3~3
6;6g6n6
:L:W:k:
;+;0;@;F;c;
9)989G9T9m9t9}9
:2:<:N:[:h:o:|:
;(;/;>;K;d;k;u;
<&<9<K<w<
>$>B>I>X>q>
?)?3?T?^?j?z?
0<0F0R0k0z0
151K1_1n1
3%30373G3R3Z3a3m3t3
515F5[5l5x5
636?6O6
6I7[7r7
8D8U8f8u8
0 0&0,02080>0D0J0P0V0\0b0h0n0t0z0
2%3.363}3