Sample details: 4859c5beb46ff5a4385ecc90ddaf9f44 --

Hashes
MD5: 4859c5beb46ff5a4385ecc90ddaf9f44
SHA1: af6467fed5aeb4065b0ce70ef3a15f6daae03b65
SHA256: 3e5f77c40e8a5c4348b98bac24c7695a48698300f24bca36d35918efef4501b9
SSDEEP: 12288:mD9UDevpMtdoe83GWLh6iVMGPWtYLwqYZy4e:hiq/H8hh6O9WtqHYZS
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/create_service | YRP/win_registry | YRP/win_token | YRP/win_files_operation |
Source
http://dewirasute.com/KHZ/diuyz.php?l=pryc2.tkn
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
u&hLmD
URPQQh ,@
;t$,v-
UQPXY]Y[
Tt1jhZ;
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
< t1<	t-
QSSSSj
u0jAXf;
u0jAXf;
Wj0XPV
QQSWj0j@
D8(HXt:f
D8(Ht5F
SSPQSS
u kE$<
>:uBFV
WWWPWS
u-PWWS
SSVWh 
f9:t!V
|VWj=S
j,hxFD
PPPPPWS
PP9E u:PPVWP
v!j"X_^[
PPPPPPPP
v	N+D$
v	N+D$
|xvY"O
]Is]v`9
`h"puI
O)B<&7
R,8$,NO
K,j>H~1
J9v|\3dU/E
r[6|#7
"b2jP)
Jg)*L/
v6yMRK
?`E.93
f u6q;
))+~AB
DVSpknf
czf\f[
3DMuM^
F4k7YN
vANAEu
l	<W'(
(P2?])
N\b@;`
Q(JmAx
QmF@U<\
fNk;Rf
g{:JjyP
~<l@`@F
j\0/au
PTvjhP
 )))-<6}
T)H}"D
gp){U[3
 O_r8n(
unT)juu
NcdygS=)
+C-XVX
vw^VYW
Sv'	S{
I,-_FE
naj|Z=q
Sj E;AR
j9{xA%
P05WsA
a"~L}h
81@AD(
fjJEeE
]rMj,L8
,tT#,;
))A<um
A;uPtE
s+f4 P
Z$^JBb
Gp0byP|
	]bu,B
zmqwW_
0vPjVE
W"iR8N
/uWAU 
 p4	6.
EMH2_j
1]M_,u
AV/Ptj}
/ ?on>{}a
~\<	qR
r8r:~]?
9G&c|i
tvvCux3
1Cd3tT
fU ]VV
9YAG$_
Wt ts~9
(;]MVS
uVuuV\tt
3y~uh9
nEE:]f
VWdP@M
CQ3EmE
$6j4st
EJE fj
AYEu`W
PY9=<uj
D$8;D$4wZr
D$8+D$4
D$<9T$
D$@9t$Du
T$ +t$,
eM	U:y
IADDEpF
Unknown exception
bad allocation
bad array new length
Main Invoked.
Main Returned.
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
AreFileApisANSI
CompareStringEx
GetCurrentPackageId
GetSystemTimePreciseAsFileTime
LCMapStringEx
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
CampTe
InvokeMainViaCRT
"Main Invoked."
FileName
ExitMainViaCRT
"Main Returned."
FileName
Microsoft.CRTProvider
c:\She\very\Wheel\let\DivideMust.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
VirtualProtect
GetEnvironmentVariableA
LocalAlloc
GetSystemDirectoryA
CreateThread
LocalFree
FlushFileBuffers
KERNEL32.dll
GetCursorPos
RegisterClassExA
GetWindowTextLengthA
AppendMenuA
LoadIconA
EndDeferWindowPos
SetParent
SetFocus
IntersectRect
CreateWindowExA
ExitWindowsEx
CallWindowProcA
SetWindowLongA
SetMenuItemInfoA
GetClassInfoExA
IsWindow
GetScrollInfo
InflateRect
GetFocus
SetScrollInfo
USER32.dll
SelectClipRgn
ScaleViewportExtEx
CreateRectRgn
GetPixel
SetViewportExtEx
OffsetViewportOrgEx
CreateCompatibleDC
CreateFontA
ScaleWindowExtEx
GDI32.dll
PropertySheetA
CreatePropertySheetPageA
ImageList_LoadImageA
COMCTL32.dll
OpenServiceA
OpenThreadToken
RegOpenKeyExA
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
ControlService
RegCreateKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
RegDeleteKeyA
QueryServiceStatus
StartServiceCtrlDispatcherA
RegCloseKey
CreateServiceW
SetEntriesInAclA
SetSecurityDescriptorDacl
ADVAPI32.dll
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WINTRUST.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
CreateFileW
GetFileType
CloseHandle
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
SetFileAttributesW
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStringTypeW
GetProcessHeap
WriteConsoleW
HeapSize
HeapReAlloc
DecodePointer
SystemFunction036
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
lt)J|k
08H0T"
M=h4*V
G6utF_
8qZqv*
\1LOV8;V
:`B)7-X"
Sq7 9W
bB'P>q
h?}%MGN
Eh`n!dj
$xsyoA{E
 JiwmD
cXZ(cMDo
;&X\2D
Q]:juf
:]B^7c
Q>CP>C
G}J	}4
"@-PL,h
JQQ`(/
7\csOD_g
#tvPU#
?LQAey
&\:_gxk
bHO)$-
P1QPfqu
CWWgScm
5o}3q,TWVY
Yq3YykR
,K/}v^>
@i!O~t
fL-&\\&\(
83!Tj)
)JjTt}.
}+5gSW
Kt+5lD
@r,{<sk%0
@'[Gr4
("h*u(
{]Q;+U
<Uea9`
u`i5`i5dn)
J"M)!!J
k-k?6[0[
UE=0|m
V`%;6I
nW"N.p
i+JXZSll	
Dbt&O#
dQ&O%I
n'i2+(
>w}|?7
GKh_S*
-36Uf`$
nJrb>8&
(30R@+
3kl.58z
n+$lG`
cwM1ux
?>Uelz
v=)Vru
	TIDAT.
C2UYz)
u-RtZr
1a2)31363G3M3S3
4)4O4V4p4{4
5.5E5T5
5$6R6c6h6m6
8$8+828:8B8J8V8_8d8j8t8~8
:C:X:_:e:w:
<9<_<h<n<
<J=i=s=
>T>]>b>
>/?I?O?h?
0#090C0Q0l0w0
1^1m1t1
242K2f2
3%353M3x3
8%818m8}8
9-9=9B9G9}9
:C:H:M:t:}:
:.;6;A;N;d;v;
=#=>=O=[=w=
0I0O1V1
1E2S2k2t2z2
3)373C3O3]3m3
414E4N4
R0n0r0v0z0~0
0"0R0z0
;3;E;Q;Y;q;
"0A0k0
1'1,171B1^1g1
1	2#2]2
4'4g4y4
7>7Y7d7
8!9,9{9
< <%<6<<<G<O<Z<`<k<q<
=*=]=c=u=
:E:b:m:
:	;<;O;[;
<W<S=g=
?8?D?U?^?
0+0:0E0I0Q0W0]0c0
2$2/24292Q2r2
3 3<3G3L3Q3l3v3
4%4A4L4Q4V4q4{4
6#6(6-6O6]6l6
8186839l9
9):;:q:
><>Y?u?
:$:#<S<
3	4%4X4u4
9=9D9[9q9
:.:A:K:l:
:$;:;u;|;
0/1>1|1
748>8c8
919<9D9L9T9]9f9n9|9
;1;6;<;G;Q;h;p;~;
>/>6>d>l>
6+6^6e6l6s6
6%7]7x7
:N:c:q:z:
>&>:>O>
0+1D1q1x1
1)2;2M2_2q2
3"343F3X3j3
<Y=b=z=
8H8O8y;n<v<
:|;.<[<
1Y2k2}2
Q0]0q0}0
1"1?1O1[1j1n2
353I3T3
5;6<7L7]7e7u7
<)>c?~?
7-7K7_7e7A;^;B<^<4=G=e=s=!?X?_?d?h?l?p?
<&<-<A<a<k<p<v<|<
<I=T=]=
=Y>`>u>y>~>
>9>W>n>z>
?9?P?V?\?b?i?r?
2)2=2L2v2
737B7}7
7	878=8D8X8d8j8s8
8A9K9_9j9v9
9-:6:F:L:Q:W:^:t:{:
;-;3;:;D;J;V;b;l;t;z;
<+<;<W<^<e<k<
T9Y9_9e9k9q9v9{9
:%:+:1:6:;:A:G:M:S:X:]:c:i:o:u:z:
;$;);/;5;;;A;F;K;Q;W;];c;h;m;s;y;
<#<)</<4<9<?<E<K<Q<V<[<a<g<m<s<x<}<
@2H2T2X2\2`2d2h2l2x2|2
3L3P3T3X3
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6`=h=p=t=x=|=
0 0$0(0,00040
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:`:d:h:l:
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
l8t8|8
9$9,949<9D9L9
=(=,=<=@=D=L=d=t=x=
3 3$3,3@3`3
4(4H4d4h4
5(545P5p5
606P6p6
7,707L7P7
1 202@2P2`2x2
9 9$9094989<9@9D9H9L9