Sample details: 5df7995b4867f9afa4311517e6f933fd --

Hashes
MD5: 5df7995b4867f9afa4311517e6f933fd
SHA1: b1bba123639769e87a1211805ff9de637f675935
SHA256: 99671ce5287926ac6496a37abd42c87cc1a045696244cc833c3dbc041270cc25
SSDEEP: 3072:f5V0PPgSfbE3ePUGdtkXHfuZOgn/D5iF2oM2BSjV7yFmJslZ0q/hpsn:2bEidtqH2U81/oujAFmc/h
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation |
Source
http://docfileserver.ru/bank/pax.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
HtwHtk
tHHt<-
SVj j h
zt.PhP
tpj XP
SSSWSSSSh
HHt$HHt
?If90t
^SSSSS
j@j ^V
t$<"u	3
< tK<	tG
v	N+D$
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
++f]^JW
)Fz""'
;(UBO|i
2?,YFs`m
	6#P]Jwd
:'TAN{h
1>+XEr
JV@6)j
	k#0OC
%}IUcP'
x I[h}r
*k-a ^OBI
rVI>1X,
<DNKhu
f%lNfTGF
eX]K>M
D{i\Y}4(
wDA9,c)
QQSVWd
t*=RCC
;7|G;p
tR99u2
f-00f=
v	N+D$
tRHtCHt4Ht%HtFHHt
<+t"<-t
+t HHt
	X 9} 
Unknown exception
CorExitProcess
bad allocation
(null)
`h````
xpxxxx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
button
Button is pressed
Error getting size of owner SD: %d
Out of memory for security descriptor!
Error getting owner SD: %d
Error getting owner from SD: %d
Error getting size of buffers for account and domain: %d
Out of memory for account name!
Out of memory for domain name!
Error getting account name from owner SID: %d
TextEditor
Failed To read file
Save current changes in %s?
Wndclas
MdiMenuInit
MdiMenuChild
WriteFile
msctls_progress32
Finished
Wave Error
Wave Error
All files(*.*)
tooltips_class32
# Array 
invalid string position
list<T> too long
vector<T> too long
string too long
deque<T> too long
bad exception
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
1#QNAN
1#SNAN
_nextafter
_hypot
C:\SHTML\Abort\CDFS\Novem.pdb
CreateFileA
GetFileSize
HeapAlloc
LoadLibraryExW
GlobalAddAtomA
HeapFree
GetProcessHeap
HeapCreate
ReadFile
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
OutputDebugStringA
CloseHandle
KERNEL32.dll
GetWindow
RegisterClassA
TranslateMDISysAccel
DrawFrameControl
DestroyIcon
SetWindowTextW
LoadCursorA
DestroyMenu
CallWindowProcA
MapWindowPoints
SetWindowTextA
DispatchMessageA
AppendMenuA
DrawMenuBar
FrameRect
GetSysColorBrush
SetMenu
LoadAcceleratorsA
GetMenuItemInfoA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
ReleaseDC
SetScrollPos
CreateWindowExA
CreateAcceleratorTableA
MessageBoxA
SetWindowLongA
GetMenu
TranslateMessage
SetScrollRange
BeginPaint
SendMessageA
CreateMenu
GetClientRect
wsprintfA
RemovePropA
LoadIconA
LoadMenuA
TrackMouseEvent
LoadStringA
GetSubMenu
KillTimer
PostQuitMessage
SetTimer
GetMessageA
DestroyWindow
EndPaint
USER32.dll
CreateICW
TextOutW
GetTextMetricsA
SetTextJustification
CreateRectRgn
SetPaletteEntries
CombineRgn
SelectObject
DeleteObject
UnrealizeObject
GetCurrentObject
CreateFontIndirectW
DeleteDC
GetOutlineTextMetricsA
SetTextColor
GDI32.dll
ChooseColorA
GetOpenFileNameA
COMDLG32.dll
LookupAccountSidA
OpenBackupEventLogA
GetTraceLoggerHandle
GetTrusteeFormA
GetSecurityDescriptorOwner
GetTrusteeNameA
GetFileSecurityA
ADVAPI32.dll
SHBrowseForFolderA
SHGetFileInfoA
SHGetPathFromIDListA
SHELL32.dll
CoInitialize
CoTaskMemFree
ole32.dll
OLEAUT32.dll
waveInMessage
mmioOpenA
mmioWrite
waveOutGetNumDevs
mmioCreateChunk
mmioClose
mmioAdvance
WINMM.dll
GetFileVersionInfoW
VERSION.dll
ImageList_SetOverlayImage
ImageList_LoadImageA
InitCommonControlsEx
ImageList_GetIcon
COMCTL32.dll
UuidCreate
UuidToStringW
RPCRT4.dll
GdipDeleteGraphics
GdipCreateFromHWND
GdiplusStartup
gdiplus.dll
glClearDepth
glDepthFunc
glClear
glClearColor
glShadeModel
glMatrixMode
glViewport
glEnable
glHint
glLoadIdentity
OPENGL32.dll
gluOrtho2D
GLU32.dll
GetModuleHandleW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
SetHandleCount
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
^2hHTIz
9i>d^%r
7lzG a
KD^)NQmP
R&6/;q
ZMLQ_p
']x%Iy
N#ZR>B
E2>GF_<
.o!eLG
biqq+.
m**FA*
_(T}a+o
`[TfSl
t*=$v)
9oZdOY
%/CoR0
rTUj!1
[&xg	_TE}i
Q5!GEgw4a
BK)h{ 
m~fd5x
t~7.Di
PD'{8|
zRA\'f]a8
+^.N9T
*JT3ow
m0g)vH
O:]JM#xI
~W Dqd
TmS/z.
9'3&zY!
G8$YS5
eR}]uKu
BWO.e/
VXO^K\
EX(Vg' 8+
h~>QiX
8oZdOY
L?>S}"
SGH@Vy-%
OB<CM!
<sWHfL]p
pMO+-]
>-i1h4
w!{Vun
fQ4(0?
k2{E57
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
#RKFRKFfT>{^5
j*{^5fT>RKFRKF#WOKWOKkXB
a9kXBWOKWOK#\UQ\UQo]G
e>o]G\UQ\UQ#b[Wb[WtbM
jBtbMb[Wb[W#ha]ha]zhR
nGzhRha]ha]#mgcmgc~mX
sL~mXmgcmgc#smismi
r^smismi#wrnwrn
vdwrnwrn#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    name="Publics"
    type="win32"
    version="1.0.0.0"
    processorArchitecture="X86"/>
 <dependency>
  <dependentAssembly>
    <!-- If element is optional typically omitted -->
  </dependentAssembly>
 </dependency>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
  <description>Device agent.exe</description>
</assembly>PA
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0/0Q0`0
2)2:2H2Q2[2
4.5U5c5{5
707C7H7O7X7h7v7
8 828h8r8x8
8"9(939T9v9
:":=:i:{:
;$;C;I;
=.=K=V=\=c=p=v=
>">C>O>
?&?3?C?^?
0,0<0Q0]0
2#2/2G2o2
4#4(4/444
4)5.5;5O5
5E6_6j6
7"7k7z7
8$8T8Z8_8k8
8F9Z9n9
: :%:L:^:d:i:{:
:K;b;h;s;|;
<-<O<U<i<o<
< =F=n=
>&>1><>G>W>
?.?E?b?
0:0B0Y0q0
1'1-1:1T1a1l1~1
2"2/2I2V2a2s2
3E3e3q3w3
4L4l4r4
585O5W5c5p5
6;6]6m6r6x6}6
7L7n7}7
7%8E8Q8W8s8z8
9'9,9D9t9|9
:':0:T:Y:
;.;>;C;I;a;g;};
<$<)<C<Z<b<|<
=#=)=2=O=Y=_=
>@>h>}>
"0B0H0v0~0
1+151;1
2$2*232W2\2p2
2(3.3D3^3k3v3
4!5G5L5R5[5r5
606=6H6Z6j6o6
7"70767?7c7h7
8!898q8
9	979?9V9n9t9
:':U:]:t:
;1;S;v;
<5<B<M<_<o<
<"=Y=z=
=)>I>O>\>v>
?$?-?P?Z?_?w?
0<1\1b1
2&2H2X2]2c2{2
2%3E3_3
6"696^6
727B7G7_7
8<8K8^8e8n8u8
:%:5:::@:E:K:T:x:}:
;';,;2;`;h;
<7<X<^<g<
=,=1=7=f=
>">0>9>]>b>
?+?0?6?<?j?r?
030U0m0z0
0 1F1^1
2+2?2g2|2
2*3Q3_3y3
4(4;4@4X4{4
5;5b5y5
6'6,6_6
7@7g7~7
8%808B8R8W8c8q8
9)9L9|9
:):^:o:
:);1;H;T;Z;v;};
<$<1<<<N<^<j<y<
=4=;=K=P=d=
?1?Y?n?s?y?
1!1.191K1[1a1
2#2,2P2U2o2
5)5H5b5o5z5
6%6+6m6
7 8@8o8
9!9,9>9N9S9Y9b9
9,:N:f:
;";8;R;_;j;|;
<,<1<7<O<U<k<
>%>3><>P>c>h>
>%?E?Q?V?\?x?
0"0(0.0W0y0
1-121J1
2 3J3g3
4?4G4^4v4|4
5$5+5X5
6=6R6W6]6b6h6q6
8"8,828
91989O9U9~9
:I:k:z:
:-;S;g;
<!<P<w<
=*=/=|=
>;>b>x>
?D?P?V?r?y?
0#03080>0G0k0q0
0;1[1g1v1
292E2Q2V2_2v2
353=3T3n3
4.4`4f4
8*808@8E8[8w8
9C9\9c9t9
9.:<:B:S:o:{:
;*;B;O;U;e;s;~;
<"<3<I<W<e<n<w<
0A0k1v1
445?5\5j5C6i6t6
:7:B:J:Z:`:q:
;,<D<K<S<X<\<`<
<:=@=D=H=L=
>7>i>p>t>x>|>
>C?I?[?}?
0 0/0<0H0X0_0n0z0
1C1R1[1
41484v5M6S6X6`6p6z6
7%7-787
9$9.979B9N9S9c9h9n9t9
:%;-;B;M;#<
9$919o9v9
:B;I;S;e;|;
;	<-<m<
<7=B=H=m=s=x=
=)>.>h>m>t>y>
0*00080>0J0P0]0g0m0w0
1D1J1P1f1~1
3%3,31393B3N3S3X3^3b3h3m3s3x3
424U4\4d4
8.9L9_9q9
:E:R:g:
;/;T<Y<k<w<
<(=/=D=
>)?2?>?w?
1s2\3k3
>#>'>+>k>}>(?H?M?
1#222j2t2
4<5B5^5
6"6.666>6J6s6{6
3H3S3]3v3
6.6@6[6c6k6
737D7X7
>#>(>,>0>Y>
090@0D0H0L0P0T0X0\0
0H1N1u1
3#3-333=3C3M3V3a3f3o3y3
5	6w6}6
=-=8=f=t=
555G5Y5k5}5
:[;a;f;l;}; >
s4x4~4
1 3%3i3u3
8-858E8V8E9Q9u9
:+<>>2?h?
4<50686
7b8h8	9
1N2r2y<
4$7?7Z7u7
4383<3@3D3H3T3X3
>$>,>4>
p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
07<7@7D7H7
2(282<2L2P2T2X2`2x2
3$34383H3L3P3X3p3
3<4P4X4`4h4l4p4x4
5(5D5H5h5
686T6X6x6
7 7@7`7
8 8$8,848T8h8t8|8
989L9X9`9
: :D:P:X:
0 0@0`0h0
58:8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=(=8=\=h=l=p=t=x=
?$?,?4?<?D?L?T?\?d?l?t?|?