MalShare

Sample details: 4d8e5e62108ff3ca67b41c23d2a20adc --

Hashes
MD5: 4d8e5e62108ff3ca67b41c23d2a20adc
SHA1: 2946e502fb5de29e884dc5fcb0e9995f78f58714
SHA256: 41dbe814ee603d737c0607d7651d6a500fa85abd60bab9f8fd14c24df4d4a7f9
SSDEEP: 1536:JjRKYL2FsM2Cj7uJJHD17OuLbwsBznjDQEQ6+3uTBm07/dJ:14YL2FsGYHD8wMsBbjcEXTBm0n

Details
File Type: PE32

Yara Hits
YRP/IsPE32 \| YRP/IsWindowsGUI \| YRP/IsPacked \| YRP/HasDebugData \| YRP/IsBeyondImageSize \| YRP/HasRichSignature \| YRP/domain \| YRP/contentis_base64 \| YRP/Check_OutputDebugStringA_iat \| YRP/anti_dbg \| YRP/screenshot \|

Source
http://bobbymohantyfoundation.com/3oVDWwu/

Strings
!This program cannot be run in DOS mode. I}Rich `.rdata @.data @.rsrc D$ fQZl D$X{{a> D$L;L$8rq D$4%Hy L$D+D$h! L$T-G}\|I D$PZvRg c(09D$ >&;D$0 D$d;T$@ gBpLt9x7b4cU.pdb :@',t~ ',$T6W S%OSJz X B,aKM= C~&~5%O EWBs O gl$c>CU P6Uhx6 P"0D3!i &AQ"\N% 7I9&1UE :~yisc sP,<[Q A6HN0E :Fyqsg A6HN0E FH\|H~jm cCzXh^ IG`5R< P%O7Wz .p?O_wz J0',<T m5',)T -HeOs/z ,$TYW) ,$TYW) * )CV2 k;\|P\]O kO\|PH]O P%O7Wz -,$T4W b,$T\|W +,$T!W JDBe/ S'rH#\$ G6nW'\|$TbW C'jH#\, V6Xl4)~ <\+1s? 8-/YI+ <2\K2 IJ j[p& 4xjEZZ fkKt<` 0H\=~\|a !]Z/]c HwCGT6 S^n,fN TORJI\ jz#t j V{&Ih\ Buk 4 30r> K5] \|:QI0q UP~'ZC, DrawEscape SetPixelV GetFontData GetGraphicsMode GDI32.dll memcpy msvcrt.dll DeleteAtom GetDiskFreeSpaceExA VirtualProtectEx GetTimeZoneInformation OutputDebugStringA lstrcpyW FindResourceW lstrcatW lstrlenW lstrcmpW FindAtomW KERNEL32.dll ImmGetCompositionStringW IMM32.dll SetupDiCreateDeviceInfoA SETUPAPI.dll RtlInterlockedPopEntrySList ntdll.dll PathFindOnPathW PathAddBackslashW PathRemoveArgsW SHLWAPI.dll MprAdminInterfaceSetCredentials MPRAPI.dll MessageBoxExA SetWindowsHookExW HideCaret GetCursorInfo wsprintfW GetForegroundWindow ReleaseDC GetMessageA USER32.dll _k1:4%A mKta"s {UVz-Y OB.^;5 Rsr^qM) ]Nl%bO 35T${l <9YwJU ~d4LNy um.xKV 5Co.<9 W[r VT7 A:5,I6\'U YS#v'\ [[)(hz F61kf $i8Luc yN}`fA g_{&ImyW LUBRjn PY0u'%~ wpe$ma [Nl%YC sV>pTN\ vClf) .X"[vn 6HI0km& <"'xbWP ^F+_1 lhhVe R2,~xhJ {XPN\|. zspV_T @\|o)5- 0PYS#v <\+1s? U0B9ES 0PYS#v <\+1s? LZFv)4 D+}vNo cz0L G _VSTW8 5gf,F6 module{Regis{ =$EB \ LMgthX """" p """"r p '""r"r'"'""r "'""r"r wwwwwwwwwwwwwp fhpr"w """zr <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" </dependentAssembly> </dependency> </assembly>

Strings

          	            !This program cannot be run in DOS mode.
I}Rich
`.rdata
@.data
@.rsrc
D$ fQZl
D$X{{a>
D$L;L$8rq
D$4%Hy
L$D+D$h!
L$T-G}|I
D$PZvRg
c(09D$
>&;D$0
D$d;T$@
gBpLt9x7b4cU.pdb
:@',t~
',$T6W
S%OSJz
X	B,aKM=
C~&~5%O
EWBs O
gl$c>CU
P6Uhx6
P"0D3!i
&AQ"\N%
7I9&1UE 
:~yisc
sP,<[Q
A6HN0E
:Fyqsg
A6HN0E
FH|H~jm
cCzXh^
IG`5R<
P%O7Wz
.p?O_wz
J0',<T
m5',)T
-HeOs/z
,$TYW)
,$TYW)
* )CV2
k;|P\]O
kO|PH]O
P%O7Wz
-,$T4W
b,$T|W
+,$T!W
JDBe/ 
S'rH#\$
G6nW'|$TbW
C'jH#\,
V6Xl4)~
<\+1s?
8-/YI+
<2\K2	
IJ j[p&
4xjEZZ
fkKt<`
0H\=~|a
!]Z/]c
HwCGT6
S^n,fN
TORJI\
jz#t	j
V{&Ih\
*Buk 4
30r>	K5]
|:QI0q
UP~'ZC,
DrawEscape
SetPixelV
GetFontData
GetGraphicsMode
GDI32.dll
memcpy
msvcrt.dll
DeleteAtom
GetDiskFreeSpaceExA
VirtualProtectEx
GetTimeZoneInformation
OutputDebugStringA
lstrcpyW
FindResourceW
lstrcatW
lstrlenW
lstrcmpW
FindAtomW
KERNEL32.dll
ImmGetCompositionStringW
IMM32.dll
SetupDiCreateDeviceInfoA
SETUPAPI.dll
RtlInterlockedPopEntrySList
ntdll.dll
PathFindOnPathW
PathAddBackslashW
PathRemoveArgsW
SHLWAPI.dll
MprAdminInterfaceSetCredentials
MPRAPI.dll
MessageBoxExA
SetWindowsHookExW
HideCaret
GetCursorInfo
wsprintfW
GetForegroundWindow
ReleaseDC
GetMessageA
USER32.dll
_k1:4%A
mKta"s
{UVz-Y
OB.^;5
Rsr^qM)
]Nl%bO
35T${l
<9YwJU
~d4LNy
um.xKV
5Co.<9
W[r VT7
A:5,I6\'U
YS#v'\
[[)(hz
F61kf 
$i8Luc
yN}`fA
g_{&ImyW
LUBRjn
PY0u'%~
wpe$ma
[Nl%YC
sV>pTN\
v*Clf) 
.X"[vn
6HI0km&
<"'xbWP
^F+_1 
lhhV*e
R2,~xhJ
{XPN|.
zspV_T
@|o)5-
0PYS#v
<\+1s?
U0B9ES
0PYS#v
<\+1s?
LZFv)4
D+}vNo
cz0L	G
_VSTW8
5gf,F6
module{Regis{
=$EB	\
LMgthX
"""" p
""""r p
'""r"r'"'""r 
"'""r"r
wwwwwwwwwwwwwp
fhpr"w
"""z*r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
</dependentAssembly>
</dependency>
</assembly>