Sample details: 56349d6e80100806e1fb604a343a8318 --

Hashes
MD5: 56349d6e80100806e1fb604a343a8318
SHA1: 641a3c03aabc55aa3c55ef835d6a0e89d361398b
SHA256: 5556a29c94e5208cd1f86f4490a019789dc071548f1f79d13989b63971c36d26
SSDEEP: 1536:4tGWLP+A/+YLRzdN2pSCV/kXICS4AwttcCp6:pl4zdN6V6IL
Details
File Type: PE32
Added: 2019-10-09 11:39:52
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RijnDael_AES |
Strings
		!This program cannot be run in DOS mode.
RichTB@
`.rdata
@.data
.xdx7q
@.reloc
WWWWWWWWj
!G(!G,
$VQRPh
jZf@Yf
PSSSSSSh 
SVu:W3
YYt@hH
OH_^[]
3^83^`3
3F(3FP3Fx3
3N,3NT3N|3
3V<3Vd3
~ 3~H3~p3
3^@3^h3
3F03FX3
3N43N\3
3VD3Vl3
^$3^L3^t3
v	N+D$
master_sk
decrypt_one_file
***************\src\dec.c
file_decrypt_callback
dec_main
_vsnwprintf
stdout_hexdump
******************\common\debug.c
******************\common\system.c
is_ru_speak
0123456789abcdef
]E[7#@^`Z2"*+W&@&
?B5W4?R
"ZLP!/J
5*8&9!CBMQ-1
DK*/N'
5.J2'R
:]a%6#.
.37098W0@$;BQ<*
E#=<^JAGP_Da
#8OQ**1
#^"-'8!%E?%
2+R<2]1=-W
expand 32-byte kexpand 16-byte k
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
*************\Debug\rwdec_x86_debug.pdb
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
SetEndOfFile
CloseHandle
CreateThread
GetModuleHandleW
CopyFileW
MoveFileW
GetStdHandle
CreateFileW
WriteFile
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentThread
GetProcAddress
SetThreadAffinityMask
lstrlenW
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
KERNEL32.dll
MessageBoxW
wsprintfW
SendMessageW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemInt
SetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetWindowTextW
USER32.dll
CreateFontW
GDI32.dll
SHGetPathFromIDListW
SHBrowseForFolderW
SHELL32.dll
GetOpenFileNameW
COMDLG32.dll
IsProcessorFeaturePresent
T1&}T^
{"all":false,"pc_sk":"CH9MXhFC5tB7CLlwqrlh5inDSXOlNI2E20zq+00xUmU=","ext":["c336x35f"]}
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependency xmlns="urn:schemas-microsoft-com:asm.v2">
        <dependentAssembly>
            <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
        </dependentAssembly>
    </dependency>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
    <application xmlns="urn:schemas-microsoft-com:asm.v3">
        <windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
            <dpiAware>true</dpiAware>
        </windowsSettings>
    </application>
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
        <application>
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
        </application>
    </compatibility>
</assembly>
#010K0_0
1,1F1P1U1a1g1x1
122B2I2n2~2
373P3h3r3y3
4#4S4X4q4
5H5O5]5
6.6?6G6S6X6
7#7(7-74797E7V7\7e7k7s7z7
81888B8I8^8q8x8
:':-:A:N:X:s:z:
:";D;P;X;_;s;{;
</<6<><N<_<
= =%=C=T=e=m=
>`>u>~>
>.?C?g?u?
0[0b0n0
0$1,191J1Q1X1_1l1{1
253=3U3^3v3|3
4#4(414B4S4[4b4u4|4
5 5(505G5\5h5t5
6*7:7C7_7m7t7
8K8Z8`8p8w8|8
8#9L9\9j9
:,:3:8:F:W:\:a:r:~:
; ;9;N;U;g;~;
<&<8<=<G<L<R<]<v<
0:0T0Z0
1!10161
5?5S5y5
5+6=6M6a6h6m6y6
7$7)7:7U7\7k7o7
7<8R8]8v8
:6:W:k:y:
;6;G;g;
<*<1<6<E<K<\<z<
?6?O?m?
1L2e2|2
455:5C5H5T5[5j5{5
526`6x6
8,838K8\8e8w;~;
= >Q>@?G?N?U?\?c?j?
0.1 7'7W7w:~:
;!;:;A;J;T;
<(<5<<<I<U<o<v<
=1=8=B=L=y=
>D>Z>n>
0%0>0M0`0g0q0
1!1+171G1T1[1h1t1
282G2Z2a2k2
3,3;3h3}3
5'5.5:5A5O5V5f5q5y5
7(797E7t7
9(9?9S9b9
:":3:B:z:
L1R1X1^1d1j1p1v1|1
2$2*20262<2B2H2N2T2B3^394G4b4m4
5M5\5c5