Sample details: 3db88b7f162fe682252a5bc5c5f1a74f --

Hashes
MD5: 3db88b7f162fe682252a5bc5c5f1a74f
SHA1: 5caeb799cd70ef7b0b98bceacbe9551c351118b5
SHA256: 72056a993ab9568a481dc25756839229e6014fbefd573919296f971e251508bb
SSDEEP: 6144:4f29fDemAcRO0bdyxBprkCNVNV7j3W5qalhGtoyqZQjcLbUFE:2QLQ0ByxBpH/e5XhkohIc/D
Details
File Type: PE32
Yara Hits
YRP/Obsidium_v10061 | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/Str_Win32_Winsock2_Library |
Source
http://goldmaxstudios.com/wp-admin/js/quote.exe
http://goldmaxstudios.com/wp-admin/js/quote.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
QQSVWd
jXh@:B
f-00f=
tWItHIt9It 
t*=RCC
;7|G;p
tR99u2
Y;=(YB
j hp<B
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
v	N+D$
tRHtCHt4Ht%HtFHHt
	X 9} 
;t$,v-
UQPXY]Y[
URPQQh
j h0=B
t"SS9] u
v4;5L]B
vL;5d]B
<+t"<-t
+t HHt
v	N+D$
PPPPPPPP
PPPPPPPP
Gryphon 920C GlbalAttributes Attempts Dust accommodate Cursor print nCreateInputCnnectin.
meanwhile happily traceback Subflder bolt Globalization ImagesToBeShared.
366 substiitutin typewriter.
WriteFile
kernel32
WriteFile
kernel32
ReBarWindow32
Popup(c)
/N[y7f%
Bb[FmM
ou5#oZ	
7Ris!?J!p#
^3oW^b9'
z}>Kc_&
qOYw"I~y?
/fHaWZJB
Contex
vector<T> too long
invalid string position
string too long
deque<T> too long
invalid map/set<T> iterator
map/set<T> too long
bad allocation
Unknown exception
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?Dj0Q:W$=
5s3R6=
<8bunz8
l,kg<i
<@En[vP
bad exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
?_nextafter
_hypot
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#QNAN
1#SNAN
RSDS(u
C:\source\imprvement\snap.pdb
lstrcmpiW
lstrcpynW
GetShortPathNameW
lstrlenW
HeapAlloc
GetProcAddress
LoadLibraryA
HeapCreate
GetStdHandle
GetFileInformationByHandle
GlobalFree
LockResource
LoadResource
FindResourceA
GetLastError
lstrcpyA
GetModuleHandleA
KERNEL32.dll
EndPaint
BeginPaint
DefWindowProcA
PostQuitMessage
MessageBoxA
SetClassLongA
CheckMenuItem
MessageBeep
TrackPopupMenu
GetSubMenu
LoadMenuA
CreateWindowExA
MapWindowPoints
LoadImageA
CopyImage
IsDlgButtonChecked
SetCursor
LoadCursorA
InflateRect
GetMenu
GetDlgItem
UnionRect
SetRect
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjectsEx
ClientToScreen
GetClientRect
OemKeyScan
GetClipboardData
DefMDIChildProcA
GetWindowLongA
GetMenuItemInfoA
GetSystemMenu
GetScrollRange
DialogBoxParamA
LoadIconA
USER32.dll
GetStockObject
SelectObject
EnumFontFamiliesExA
DeleteObject
BitBlt
GetTextExtentPoint32A
TextOutA
GDI32.dll
SHGetFileInfoW
SHBrowseForFolderA
SHGetDesktopFolder
SHELL32.dll
OLEAUT32.dll
WS2_32.dll
NetAuditClear
NETAPI32.dll
AVIStreamWrite
AVIFIL32.dll
acmDriverClose
MSACM32.dll
SCardGetProviderIdW
WinSCard.dll
mmioSetInfo
WINMM.dll
GetAdaptersInfo
IPHLPAPI.DLL
StrToIntExA
SHLWAPI.dll
TcDeregisterClient
TcDeleteFilter
TRAFFIC.dll
RtlUnwind
RaiseException
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
IsProcessorFeaturePresent
DecodePointer
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
HeapSize
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`:pHV/4uJx
Q!7vW}%
jr;6H 
R|[*o<Z
WgYb3C
^0;f'y
YHKt"Y
;}3^B!l
>[$4_I
ubOr1=]
5"'[tX
PLuo:@
jJTA\W
;\q<#;j
KN7k'agNLB
kkUYZBTci=qD
Ld>e(7
EV-!7c
	=h"l,Q
-ui&_|
<R1Oa?
B]U*(M
CA-xf9
W61Atq
xfPTL|#
3N"n8n
lc*w H
j$%dhP
GJZA3)&
/	6@/FS
h.a&2~^
5>l2*y
`zE2	C
Kg"=g	s
x]nm"w
]r0Zx\
*!kCrB
X):Zm)+
yafYq0
J=YBT7
-3g&xn
"A-mBbS(D
zF5ZaI0FOM_
ngimy%L9*
 DMTe3
(=*z"~
jJ7]"G
OZ&;6P
2uJ(C}
mLCGFw
#OZJ$1
QxJ?Ob"
N"Vowv
's?1zH
tGCMFr
UpB5ZW
Lg ]]^/!
'9dCgR
bRB`J\7
9"	A)9
7N^|}<7
:W(FUtk(t
PHkcBp
=>D4>]t
#vDo*:
WK(0nC
S:@yNr
1S3,hQPN
[U%}>2|t
;Cl07f1
`aL\%z
AP	OV>
A*gm2p
oRPs(1
Dy{\+$
"";Nnux4
LM	oAH
z?fZO^
d8|CvW}
~u,:	C
:OX*)wZ<
C:ObiQ
LG(aGZJY
31g=>}B
||BVz+_
b},oVp
H<Zsea
<n6-_`
/oR$&d
$kM6hN
yh=P0FS?
\x0]4y[
nPlU&.
`DR"LJ!
 7)>{cp
]plyjU
l'd)'y
"3v'R/
}|$Z5e
8(a{Xm
{:E8WH
D*7U_	
/1L^i 
vJA<4#
8"Bf>=
('?X#u
1?D+kb
*yCZGm
(=)/F}Qg
MPpt5G
#d:?D!
uB~9E"*
cB_KndT
2@"%"!
";TIoG
=ngLeo
XR!J4U
O~50hB
*]N~-l#<
M.ye]5
aHfQ*>0
Y6N:C5vv
@P]T2Lb[
o$Ff[L
rm.#Lxr
:tY[Hp
4jf&#{9
$J=/vx1?
~`]T{J
RG_?`X	r
{,9[7Y0?
%PnXuX$o
GG/gb=$#
rGw;-[
/8tH|[*
}"|a1q
G4AdH1
XhDAs|
?w&RrQ
NfjS1Z8
7TeY;t
}Mc^V=
vD?g6lh
).=>@S
pP<]r,7PM
;lKLl^m
Jn.OF7
NPX~1Iz
)!C;	(
7.|_qj7
t>P{Mn
m{ u3C
Dsc'Od
%t\MY3`
y)VSKj
7_pqJe
Q%mA#Q
S?iTr/
FK5J=;	}
:_	nX3
7{9.8<:;
'u 0zXa-
(1z"`n
GT?sP4i
B8^x;B
r!He R=
psKGCV{ypTl
tq0l3Y
zi&iYH
")B<{da`e
p/ zl6n
<?B}O 
9xFGB'
NZ8>I\
F.<]8q_
_MBXyn
/Uog:B
dP8 !-B
JGO<Jw2]T
TvJgt$
lDPU{c
 R)~,O#fzN
ng4}-!
Z)Yn3k7D
QM}$AT
yaU !O
|)m8+u
w`WQSy
E!ncNm
1sv=bTui
APQmA0
nHD/(m<
	Rwa O
5z2+x$X
 ALe!H
inVu)p
Y P+,PR
7L&A)+
L9E|Q9v
!Cw"#(
6]yO7_
BbxP9c
%?I'Xu
TwrS!'b
8?Q!n{
-::a@F
#wl);S
PBK0^9
SKI<s9
`h"rx=
t}n::l
WR`8=M
pk80$n
lAFG'C
"d=f;{
y.&<:EJ
1Uf*3S#$
hGxP`i
5?lj@N
s+:?Rt+
C~jh"l
iv(DZ^neQ
Mb~|:Ko
nif #m_}E
nh(VZ8
+I($C^F
P.}lXXZ
dSkCJE
y7]!!}
q2[S]4B
c']bPo
v.8\jTU}+
,	%1<~"(z
ogf.Ht6
FGE|I;
xM0^Vbd=
0NhIhs3
{a]HZuf
{:tQ>I?
xK~I hWe
(GF)$L
2;c"V+}
2ktT%1
6HGRgm
1=dsgHR
 UynEMC
8QsERE
[bW"BF
`sL,4~
YUf0;J
vMi;i 
o\RU$%
	?[wjH#
L3WaS%
<wgsG_
b`Z@Jp
F3k6QJ
nJp4_6
fh,O8W
7-AnI|
~_Mf(]
~o^TTfy
	T@)"]
7|9Nu#
'^?=5[\
b!T+\f
c~]DV-K
?[6[6A
S+\.P&]
gSrEb_
6'Qf.h
-y7et:
@<o.H*
6M(~Ht
!YNg1? 
58gFWEl
?&kpG,
RW"pw'l
dI!S 2ia
j)K+tb:
ZJ.R@![}zk
Pwnj)a
C^<m<FL
BriWp}
D/05U>C
j/\y,R1
l^9mf,
vy[RUl
`X2]`&F2
 G_x":X
4dqr,tw
9}E4p&
>BU3Fo
Q<Yrzk
.QHY>QA
uaB	6[
3h{::R)
n92[Xx
yfsh4d
0-6oF4
>S21X.
DV-!_c
e<5ZT^]
T.XZ.q
|95nuy
sbI,hOe
,H2Cjv
 ac|PKy|
8*}4E8
8|wpUo
%f"DaM
@$wMO_
!	>fqw\
A`^EV'*=
{&hAA4
emfaIZG
`V|-/"
<g$OjU
y!93cz
]a"#F1I
B~	="E
f(	DKO
0]8851L
j1?T)|
lP0OYc
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD