Sample details: 525ec54e96383bd7d44dbe3aa5d57197 --

Hashes
MD5: 525ec54e96383bd7d44dbe3aa5d57197
SHA1: 9f9ec5d5ff68f86b934997cbe60caa81ad981ac1
SHA256: 556997201b41a3cb6e4b5eed14b3da732489c8efcc67565854354c7a79f48275
SSDEEP: 12288:+MlgLM7VHX6EkymTahpAAXKURX/QU9v1JDZVLLqsX:llgG0ahpFXfvF9TpX
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://flippychenges.org/423i6fnwj.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
URPQQh
tK<_t<<$t8<<t4<>t0<-t,<a|
<z~$<A|
E<$uMR
MwnhL^
<0|L<9
tE<A|2<P
t9<_u5
t.<_u*
<A|,<P
vj@hde
<$u"8F
YPShtV
<0| <9
<0|^<8
;t$,v-
UQPXY]Y[
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
^$+^8+
^$+^8+
^$+^8+
^$+^8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
F(jgYjGZ
F2jgYf;
<0|H<9
x(j$Xf9
< t1<	t-
j"^f91j\^u8
j"^f9q
t/j=[f;
QSSSSj
tyPVj@W
_tcPVj@
u#j,Xf;
u0jAXf;
u0jAXf;
<xt"<Xt
u/jAXj
uFVWhd
>=umF8
Wj0XPV
taj*Xf
WWWPWS
u-PWWS
VWj\^j:
WWWPWS
SSVWh 
f9:t!V
|VWj=S
}VWj=S
QQSWj0j@
<0|o<9
u	!FX@
u^9^\t/
VX9^`tT
;N\u\W
j	PjYV
u2Vj@h
9C`u99C\t4
9C`u5Wj
jA[jZZ+
SVjA[jZ^+
jAZjZ^
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
mSjA[jZ^+
8jZZf;
SVWjA_jZ+
uBjAYjZ+
D8(HXt:f
D8(Ht5F
Wj5_f;
v	N+D$
v	N+D$
gericubasisuyolezogazegisohu.txt
tonutiranosevimogebugubuyuwuhetu
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`template-type-parameter-
`generic-class-parameter-
`generic-method-parameter-
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static 
virtual 
private: 
protected: 
public: 
[thunk]:
extern "C" 
short 
unsigned 
volatile
std::nullptr_t 
std::nullptr_t
<ellipsis>
,<ellipsis>
 throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
char16_t
char32_t
wchar_t
__w64 
UNKNOWN
signed 
 volatile
`unknown ecsu'
union 
struct 
class 
coclass 
cointerface 
volatile 
const 
cli::array<
cli::pin_ptr<
{flat}
CorExitProcess
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetActiveWindow
GetCurrentPackageId
GetDateFormatEx
GetEnabledXStateFeatures
GetFileInformationByHandleEx
GetLastActivePopup
GetLocaleInfoEx
GetProcessWindowStation
GetSystemTimePreciseAsFileTime
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
GetXStateFeaturesMask
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
LocateXStateFeature
MessageBoxA
MessageBoxW
RoInitialize
RoUninitialize
SetThreadStackGuarantee
SystemFunction036
UTF-16LEUNICODE
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
_hypot
_nextafter
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
GetProcAddress
LocalAlloc
GetProcessAffinityMask
SetProcessAffinityMask
GetProcessTimes
GetProcessIoCounters
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
GetLastError
GetFileType
GetTickCount
GetSystemTimeAdjustment
LoadLibraryW
GetProcessShutdownParameters
AddAtomA
GetCPInfo
KERNEL32.dll
SetScrollRange
ShowScrollBar
GetPropA
GetCaretPos
USER32.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadFile
ReadConsoleW
EncodePointer
DecodePointer
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
.?AVtype_info@@
H.7}h'
xG?tRh
z>$]M=
dbQ%5G
v@j(I#u
+rZqlB
s\Jj~7
|qxkQ$
p~:vA>
*Tz~~XY
65N)v*
:'1/_6
cu*[XP
c8ou}M
l0%/S_
pXsc@T
,7nz4cs
%AQ74\
m*&V]'~N
DE;/QW}
+f]	#?
xE]/Ih
:gH=:B
Rdh-#0
J21+3I;
vp`!	36
D:il5J
Cy"E~0
;_C*%I
t|v8O~
oq#SLU&6
OBt^JK
BI6nNBT
T	bf-iMl
W8Qp^4
6yq~vl|?oW_+
15j?gY
*s~HN|
7@B8Xx$a
T	n?5%
cs;8/V
en'U8W-
q/@Tu%m#
+b/95	
qAtmV#
DSte{%$
2Bx^wH
Y-/m.A !U
~:Z{a)
(,HRiD
ja6i'}
{~pow1]w
xpK]zWR
H)o!d^NFJ
b(l`#7Q=
 7.1+h
fPq8W[
u1UhJr
l]0\l>
ZIl epb
-A?bIn
v9,)=gH
GE9R0.
%=&q:e
Dfa#GB
3{@yc@
SO`Q76
D_%R#}
	 O;-n
wy-`_8%
9YWF=f
vWg_1c
YwROI/
A1G|/Y
c mR=gD
-z+!07
{!i,ek
BHAa!(
~7jSAS
(v,Bhz)R
@#1z}"{
oU(k[t
c__WZ~
J|3Da5
M}iN)x(
q7"n3G
-1W8qN
3ObV5j|
#D&2]G
R/l8^Y@
P{Uw%>
%EN2"L
rr`%:g
z&JIT}7
!m|7L!$h
@)q	00
IrZJ"5
j6T-hoN
%	*&K/a
C"K8PI
@(CxQ5R=K
[5^&bc
>(nPBW
oXBv`c
"h3^6U
ppuDKO
=C6]=w5##Bp
9:t@}}
s@2$G^
4ADT:!
ZO)ua5
:x~WLS
NUZD$1*P1
r"Wl+,
\Fm7]Cg
i))]8u
6pG6yh
\@JCP|
Pw1'ED
ve2LPRu+
0f^5U\
{Jv6oJ
&uV=B2y
L<sY)_
/\9{~4
;%#N<>
i'";rGL
d_O?}_k	
Sei>!'}9
|EM<>ur5
yWAZ'F
#ez@T(
O]Q#w)
2BS9P9_
+PG[ gp*
}c0E22
ubMF%J
i!Pb;1+
Hl{[df
[~uF_}
L_15[]
L!V%S-
a4/_U]N
6*ZO6;V
FOl|-.7~
	hPqd;
'EGiKF!
e!wQ_i{B
)Da03%
4]`)~&2
E)j)/K
,!?Hz8\R
sHPID2
ziu:[Bl&
=. I6J
)dlozk[
r:"DZK
62`1^*
x9o3w6
N;YbV@
[,{FV@
jX83lG
+.e[5"e
RKROyN
i.eR-Q
Kswsa8
`]QiS	
=Zms`K
-%aCOe
D7= RiF"
-I9*oQ
4RC"~s
FUZ-}'
3?i|?4
u/55EX
/f(:vj~=a
|Q Qy?D
-h\b?`
|h$W?Yr8
_Y/iTOn6L
$'#rd+C
?XJ2#,'
*PF%d4U
hY<unXIn
fEvy;B
M:bQh}
rs}5!.}
^EIdkk
>sUX(K
=p~s>_y_K
u7UC6f
5A0S~y$
ky:Sh>
(`KgmR
uZP#TF
nwZqERv
#8${?6
q<A\B\
LX[	7~$
~MJ:lc
cl0z&w
Ab={Q8V
IXy:TL
B(@<=s
I7\k/{,p
uPS wv^
zylb8Q	
x>c2u	
E:av#-
sWVtLp_c
	@lta*3v
dfm#%%
5AM4zY<lv
-n{Z<aK
$gRK@w
GV1lc(Y
>@tyzg
gd'zab|T+
xO>X+J
Y;I~BZ5F
:?`;gk
@f IGP
CY>L-	
d8lUz[}?
9'5F_XS4
ozr: /
PC;V78
jv506y
Rx"NiW
PmE2L@3
>6l(4;i
pvR(xH
G&uas0
{f=SGq
K-.+kP
6+U\ekd
; .1IkT
$Yr,&J
So'*\>
>G:4y4\
*tI0Lqu
k&zfCZ.
w]<~b.
~AY__{
9kPB|N
f/|k:O
C[~-],
/cU0H4l
ug.+{\
+>};0'|
Y #D:O:2
sVo#@/A4gS
J2c5V-z
5|2'B;#+
Md*&(.
6,n510
T	d>xm,C
m Yg;lB[
Mmy"5}0
X	Va_;
ci@eM.
y6HPii^1F
z7=NGwFGL
Ik09Ca
tgy0'}
|UM1|"
#Y[Ldu
#^$b-o
90Ub(!r
BMg|^mGr
QuXAfYJ
	%^^;0?WZ
5CsmA;
0J*_?Z,y
\~;_}j
axX4	}
?Gw|~o!v]]
09o,'4
dz`y}y
jh^fe9/
#R}p2T
(q9Qr3[*
b^w3,^
Py_|W[2,
S-u!7[
.{O.xY#
VTDE^[
'f5.)5
]#5FGd
q*T{t=b
f;u)7ch
mGQ}9p(,
cv1NZ@
 K~bj8FTr
!nrcO.
Z3Ub.6
EZ}hvs 
7Y"$tX
tdX&T?B
)@n6"|t
6OCL1c
d6V}&Z
pJ%8hTK
 =q[yw
WQeD:y
/j/d~_.
~\Q5\gh~
W5eB/!7|
0C"*w$49
9a_*o5L>@)c
x#kKrr]
,xmV]`
3&,-p*r
l<x/o=
23nj;FPT:-
;.kFI/
3=%{h|3
zE)3^)5
3O(z/[
4D[$7v
<L=Fi3
isZ	g@xe
<hfZ+"
<Oh1X$:&0K
uI2X[X
{TT'N2
xV"fIZ
`[aPqH
:!E8p]
]5TtCU
@OSm/J
n;\%i ~
<lC;lQ
/r)_t(R
/Y54qD
[YQa%-
I\`w{z
;YE`M>
8!t#W&G!
wnBX)D_I
!GWmL\1
Ubra4Aj
aqs&@#s
fUe5FSb
n<G5RI9
UoOd!S
 e-GtL
F!w`MB
dC\"U-
Pbb!&q
wd#{Ib>A:-r
egHL&/
%V+<P_K
2^LfQZ
v-GF4j
9{xW(w|
M\oE5ul
$Gdqp-
-Ij73W
	y6zF6
4a+rm-
a	YtyCR
V}DBNQ
Y:vsxE
#>0;5p
fL^Vb7u}
j)ztE&
'xon[c"
zbp2'#SIk
QlT974
D	Uu1l
X>^>!qN<
:)/0CM
f5(*]4
,qcY:U
9'"mhD
jSbAvp
1RL5gH
sO+,QV
}'Txa}fw
9Wi7Ip
eWS{IV8
qA~qR_
\H(1]6T
TabMBh
VAdK_b
(mc?s*
o6x9PlL
9%MF>b
H'[]K9
 OC4#O
S,xQ5D
M yDa'
N`%_Q"
KnUu35k
bIJ>6aVEQQ[
,5MZ1&
x_x29_M[
8BcCIc