Sample details: 36430f68193b2a9d83dd6a3da47ed76c --

Hashes
MD5: 36430f68193b2a9d83dd6a3da47ed76c
SHA1: 0d04420a62f5690feb68590da9fc383946673a67
SHA256: 32ece35ba6eebe2e772163dddafb361caa4f0a4be1a9b7f6a2882ad8785936c9
SSDEEP: 1536:f55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:rMSjOnrmBTMqqDL2/mr3IdE8we0Avu5h
Details
File Type: PE32
Added: 2018-02-28 08:06:02
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Antivirus | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/network_http | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Crypt32_CryptBinaryToString_API | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API |
Strings
		!This 
m cannot be run in DOS mode.
`.rdata
@.rsrc
@.reloc
SVWj@h
D$DP,@
<}tK<=tBF
<}t)F<=t
HthHuo
<}tcG<=t
SVWj@h
SVWj@h
D$$PQh
D$$PWh
D$$PWh
SVWj@h
SVWj@h
QSVWj@h
0SWj@h
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
[T:$6.
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
PQAeS~
~4[C)v
8$4,6-9'$6.:*?#1pHhX~AeSlZrNbS
EHl\tFeQ
T~FbZwKi
,8$4'6-9:$6.1*?#XpHhS~AeNlZrEbS
FeQbT~FiZwK
4,8$9'6-.:$6#1*?hXpHeS~ArNlZ
EbS\tHlQ
FeFbT~KiZw
$4,8-9'66.:$?#1*HhXpAeS~ZrNlS
Ebl\tHeQ
F~FbTwKiZ
pub_key
DELETE}
{DELETE}
advapi32.dll
CheckTokenMembership
Address:
fabian wosar <3
Can't find server
aeriedjD#shasj
*******************
RtlComputeCrc32
GandCrabGandCrabnomoreransom.bit|
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
VirtualAlloc
GetModuleHandleA
lstrcpyA
GetEnvironmentVariableW
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
WriteFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
GetTempPathW
CreateFileMappingW
lstrcatW
CloseHandle
CreateThread
VirtualFree
lstrcmpiW
lstrcmpiA
SetFilePointer
GetFileAttributesW
ReadFile
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
WaitForSingleObject
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateThread
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateProcessW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
KERNEL32.dll
DispatchMessageW
DefWindowProcW
UpdateWindow
SendMessageW
CreateWindowExW
ShowWindow
SetWindowLongW
LoadIconW
RegisterClassExW
TranslateMessage
wsprintfW
BeginPaint
LoadCursorW
GetMessageW
DestroyWindow
EndPaint
GetForegroundWindow
USER32.dll
TextOutW
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
WININET.dll
GetDeviceDriverBaseNameW
EnumDeviceDrivers
PSAPI.DLL
IsProcessorFeaturePresent
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
1#1-171A1i1s1}1
2:2D2N2X2b2l2v2
3)333=3G3^3h3r3|3
4/494C4M4W4g4q4{4
5(585B5L5V5~5
6'6O6Y6c6m6w6
6 7*747>7H7R7\7s7}7
8#8-8D8N8X8b8l8|8
9)939=9M9W9a9k9
:(:2:<:d:n:x:
;5;?;I;S;];g;q;
='=1=;=E=m=w=
>?>I>S>]>g>q>{>
?%?/?9?C?M?e?o?y?
070A0K0U0_0o0y0
1'111A1K1U1_1
2'212Y2c2m2w2
3+353?3I3S3]3g3
4%4/494Q4[4e4o4y4
5#5-575A5K5[5e5o5y5
6-676A6K6s6}6
7E7O7Y7c7m7w7
7N8k8{8
<0<7<I<Z<b<
>0>U>[>j>w>
1S2]2d2u2
6(6Z6e6m6
8-989p9x9
:#:1:8:H:N:
=-=B=H=
>'>L>j>
0"0)030:0D0Q0k0
151A1I1Q1V1
6W6_6g6o6w6
7*757@7K7V7a7l7w7
8&8-878L8e8
:.:4:T:Z:|:
:/;=;q;{;
>&>+>1>;>U>g>
>N?\?y?
0(0-050=0g0m0
2!222Q2`2
3+3=3L3S3a3
4,494D4l4s4
:R:\:n:~:
>%>/>;>D>P>
0$000:0J0V0
1%1*1@1T1h1|1
232D2p2x2
5&5-5U5s5~5
6/6W6^6e6
6%7+707G7q7~7
808[8i8p8~8
9%989=9M9\9e9{9
:,:::N:\:p:~:
;";);7;E;X;i;w;
< <6<A<W<b<x<
<(=I=Y=h=q=
=!>&>B>J>
>B?b?m?
0 0P0b0}0
20292H2Z2_2s2~2
3&3-343S3[3
3 4*434<4R4^4f4r4}4
5*5R5Y5`5g5n5u5|5
6'6L6Q6Y6a6h6v6
:4:a:k:u:
;4;b;n;t;
=O>]>l>
>6?C?R?\?b?
0g0n0~0
0$1+1;1H1s1z1
2H2O2^2h2n2
3$333=3C3
7#7+7074787a7
9A9H9L9P9T9X9\9`9d9