Sample details: 24abc2f83115b552a02c3b72970a76a4 --

Hashes
MD5: 24abc2f83115b552a02c3b72970a76a4
SHA1: f1e51b3bb796ad6fde3f666657ef494e04c47224
SHA256: 286a0434691ca43447aa2cc93b4d922361f90c933737033c41edb5fee6f483ea
SSDEEP: 1536:mrl1Ca477EKQ5vBWzhOJyN57SVg+aVH8d4POdyElSlmHuinG7LXEVn70SEV3q3my:m/CffEH5JMeVgkSBfXg0SExVoJE
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_private_profile |
Source
http://eapsaacademy.org/CsZxHA/
Strings
          	            !This program cannot be run in DOS mode.
@.data
@.reloc
T$D;D$h
<[$.O+
<[$.O+
<[$.O+
<[$.O+
D$ 4^b
<[$.O+
<[$.O+
<[$.O+
<[$.O+
D$xYr5
D$,G**c
Uhm1IdIW
VHtTHVZWw
1tjBENN2
\tLg7CU5rLt.bn
4fDYZ3g
2Lo2blYF
vSzQFV
PctQvRB
rP/En.pdb
RpcStringBindingParseA
RpcMgmtInqServerPrincNameW
RPCRT4.dll
GetWindowTextA
IsClipboardFormatAvailable
GetDesktopWindow
GetWindowLongA
GetPriorityClipboardFormat
FindWindowA
GetCursor
EnumThreadWindows
EmptyClipboard
SetTimer
GetCursorPos
USER32.dll
DeletePrinterDriverW
WINSPOOL.DRV
SearchPathA
SetCommConfig
lstrcmpA
GetVersionExA
GetPrivateProfileStringA
GetThreadLocale
GetStringTypeExW
GetUserDefaultLangID
GetCurrentThreadId
ReadFile
LocalAlloc
GetCurrentThread
SetThreadPriority
LocalFlags
SetLastError
LocalFree
KERNEL32.dll
OLEAUT32.dll
CryptCATAdminEnumCatalogFromHash
WINTRUST.dll
PathMatchSpecW
SHLWAPI.dll
6X93ouSj
6XM	ouSj
Vvu9WT
J	ouWn
	oySj!S
GrNW`\
5YS(Nw
>=,FucC
a\tb38
:jO#u.
Tbt1'-
rvSj,G
7A!:R?
Z`rN/]
A4XrVO
3P\'aK
Z@I"ou>
Nr\J?>@
`sRi,G
FL>K&V
;3Rd|9=
fgn+ruS
z|Q	ouS
<hq)`;
I{dtVw
	ouSjh
AD*oam
(%yK%f
a$6pOC
ICX]Io/ 6m
aItb3!
p]|-,O
NfRi,G
={,e9t
vO(Xx]Ln%
+du9^D
vXx%ou`j
sju9`D
vXi*ou[j
Dou9\D
T1AunX
vX|.ouZj
Etu9\D
uc4t0oa
n4Auy^
2zu9_D
	zuSjmZ$
uc4W1oa
4="/aD
vXxXouXj
4u0/aC
vX(douYj
vX^oouYj
40G/aF
vXM}ouXj
4[U/aA
uc4?4oa<
	vuSj9^$
N|9WD.
uc416oa5
4Iq/aA
N{9WDy
4Pz/aA
deg@,/
/a<h%3
I{Pt^ku
puSj,_
Nnoufo
	1uSj>
6Xu	ouxj
6X-	ougj
N19WD`>u
6XK	ou
ANu9xD
9WD/>u
No9WDc>u
9l'wlq]*
As/~txe1
&[W5)[n
)HU!?g
`5hLO}
x1sG2I
pg^"fl
*7(+XH~
"U4O&~
KNvShx
b"i|m}q
"i|m6<
;<$X3xV
fNrBj*,
m+m}z 
[@/"Q<
"	3jNn
'5fPA.
)>sxy9
dZ.->a
HYR)D?0
7Xk_D=j
jF@v#R.Q
 a\S7Mh
b+TF -
vBMMe?;
D*YVD>,c
Ja-LbX
XtL&r!
bit<A7"K/
:l[wAn
CDBBk}p
5dowyD
P '7-f
-=.O{Z
g$$ldF
:RhtOJ m
Yhu>qM
'?+>4Bs
Op/	BX'
8[1M\L+`
/XS\8&*<:nB
om=K>:d
4Fz,0jQ
q<@3D\`?
gx6dRe
|@7po=
_mgL!Q
^vqM-S)J
n@Ch4:
!'i<S<Y
P}Qc&+f
hv{!iP
"i|m}E
c>O{!.
#f]!2)
wPjY)>
$Bl:G~R
VSN#ONDf|
wn2vm#
BK)5#G
i0\h;j
>3:obo
3333333
""""""#
""""""#
3333333
""""""#
""""""#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<assembly 
   xmlns="urn:schemas-microsoft-com:asm.v1" 
   manifestVersion="1.0">
<assemblyIdentity 
    processorArchitecture="x86" 
    version="5.1.0.0"
    type="win32"
    name="program.exe"/>
    <description>Mx XP Program</description>
    <dependency>
    <dependentAssembly>
    <assemblyIdentity
         type="win32"
         name="Microsoft.Windows.Common-Controls"
         version="6.0.0.0"
         publicKeyToken="6595b64144ccf1df"
         language="*"
         processorArchitecture="x86"/>
    </dependentAssembly>
    </dependency>
</assembly>
2&3R3X3
7#8(838
9 979M9v9
<$<*<0<6<<<B<H<N<T<Z<`<f<l<r<x<~<
5X6\6`6
7 7$7D7
8h9l9p9
9,:0:4:T:
<<=@=D=d=