Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 63df20f8e00204b20d094d0f6e258ca4 --

Hashes
MD5: 63df20f8e00204b20d094d0f6e258ca4
SHA1: 832a7841dc1e1d02a41b05daf884ac56b02a833d
SHA256: 67b4f7a1c077ca5937fa3eccfd735f90ea9890afe26de5b726472f422c908ab0
SSDEEP: 3072:3KtH7Fxw0GQi8SHa0jNwriVcJLLmKM3U:aB3wq70pwrimxL8
Details
File Type: PE32
Yara Hits
Source
http://198.98.62.207/seledka.exe
Strings
		!This program cannot be run in DOS mode.
^kRich{
`.rdata
@.data
.reloc
YYh(2A
YYh42A
YYh@2A
YYhL2A
YYhT2A
.WWWWV
QSSSWV
QSSSWV
QQSWVQ
QQSVWQ
h`@Tlj
@PWPSP
YYSSSh2{@
tSj/Yf;
VWWWWS
t"h 3A
Wh>03$j
Yj\YVPW
PVhp:A
hntz:j
tHSWhd:A
t3Sh\:A
YYh|:A
hR$C2j
u WWVS
SjnXjtf
XjdYjlZf
PSVWh"
pSVWh"
QQQQQQQP
YYh4;A
jnXjtf
XjdYjlZf
CPj SSj`
Pj SSj`
NtQuQRP
jkXjeZjrf
XjlYj3f
jnXjtf
XjdYjlf
XjrYjo
jnYjtXjof
j\Yf9LF
tPjlXjs[
umjpYjsZjaXjif
Yj.Xjdf
upjnYjof
Xjl[j.f
jl[jaX
XjpYjcf
YjtXj4f
jpYjnXje
jcXj8_jbf
XjdYj2f
Yj-Zjdf
YjcXjef
Zj4Xjff
Xja_jlf
XjdZjrY
XjdYje
Vj\Zj.XjpYjif
jXXjpf
Xjt[j.f
YjpZjs
j\^f9tG
4GjDXjrYjiZjvf
YYjRXjt
XjlZjeYjs
XjnZjmYjsf
$R$C2j
Yj\YjAXjmf
Xjd^j6f
XjiZjnf
YjtXjCf
XjnYjmf
hR$C2j
Yj\YjIXj3f
XjiZjnf
YjtXjCf
j%YjWXjIf
XjNZjDf
ZjRXj\f
Yjs[jkf
YjUXjpf
Zj.Xjjf
jBXjnYjaf
XjoYjsf
XjtZj f
YjXXjPf
YjPXjrf
YjJXjof
PSSVSS
jUXjpf
XjaYjtf
XjDZj:f
Zj;^jFf
XjB[j)f
YjI_jCf
^j;YjBf
Yj)[j(f
jx_j1^j3Xjbf
_j(Xj;f
ZjOXjIf
_j;Xjxf
_j2Xjaf
[jBXRf
_j(XjAf
XjXZjBf
4VWjnXjtf
XjdYjlZf
SSSSSj
RPSSSSSS
VWjnXjtf
XjdYjlZf
(jkXjeZjrYjnf
4SjkXjef
XjrZjn[jlYj3f
HSHQHRHVHWIPIQIRISITIUIVIW
I_I^I]I\I[IZIYIXH_H^HZHYH[HP
HSHQHRHVHWIPIQIRISITIUIVIW
I_I^I]I\I[IZIYIXH_H^HZHYH[HP
4SjkXje[jrYjnZjlf
ntdll.dll
user32.dll
shell32.dll
advapi32.dll
wininet.dll
gdi32.dll
rpcrt4.dll
mpr.dll
ole32.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
.oj=294~!z3)9n-1,8^)o((q22)lb$
expand 32-byte kexpand 16-byte k0
RtlInitUnicodeString
NtOpenFile
ZwSetInformationFile
NtUnmapViewOfSection
NtClose
NtCreateSection
NtMapViewOfSection
InternetOpenW
WININET.dll
NdrClientCall2
RPCRT4.dll
InterlockedIncrement
UnlockFile
lstrlenW
VirtualAlloc
VirtualFree
GetProcessHeap
GetShortPathNameW
OpenProcess
ExitProcess
TerminateProcess
ExitThread
GetLastError
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
lstrcmpiW
CreateMutexW
OpenMutexW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetDriveTypeA
GetSystemDirectoryW
GetVolumeInformationW
VirtualUnlock
GetComputerNameW
MultiByteToWideChar
GetTickCount
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
VirtualLock
GetProcAddress
WriteFile
GetSystemTime
lstrcmpW
GetModuleHandleW
CreateFileW
WideCharToMultiByte
GetNativeSystemInfo
GetDriveTypeW
GetDiskFreeSpaceW
VerSetConditionMask
LocalAlloc
LocalFree
GetCurrentProcess
LoadLibraryA
GetModuleHandleA
VerifyVersionInfoW
GlobalAlloc
GlobalFree
MulDiv
GetTempPathW
VirtualQuery
LoadLibraryW
LoadLibraryExW
GetCurrentProcessId
CreateThread
ReadFile
ConnectNamedPipe
CreateEventW
CreateNamedPipeW
GetFullPathNameW
KERNEL32.dll
GetMessageW
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
ShowWindow
SetTimer
KillTimer
wsprintfW
SystemParametersInfoW
wsprintfA
DrawTextA
DrawTextW
ReleaseDC
FillRect
CreateWindowStationW
SetProcessWindowStation
USER32.dll
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
DeleteDC
DeleteObject
GetDeviceCaps
GetDIBits
GetPixel
GetStockObject
SelectObject
SetBkColor
SetPixel
SetTextColor
GetObjectW
CreateBitmap
GetBitmapBits
SetBitmapBits
GDI32.dll
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameW
ADVAPI32.dll
CoInitialize
CoUninitialize
CoCreateInstance
ole32.dll
H+Qplvc
*#	Nqw
50P'/BI
Bt$_&g\
.xRs|S)
+;Uo0a
tu+~VD
_,}ZMd
RGMMLl
(kuK\6
A3fF` 
$Tsd^]
\$k+]n
	k]{?Zi
"Z+d0$
Emdvm`w`
da`%96%-+%,$-%+,
m`q`q`u`v`?**fv3+ulndgp+wp*ujvqZlhb*7542*52*75*44*405502=67747<1=3=4+oub
U]U]U]
9Lpqk8hjw
jyu8{yvvwl8z}8jmv8qv8\WK8uw|}6
x6j|yly
X6|yly
6h|yly
X6jkj{
]`qlHjw{}kk
[j}yl}Uml}`O
[j}yl}Hjw{}kkO
Oyql^wjKqv
t}Wzr}{l
Nqjlmyt^j}}
OyqlVyu}|Hqh}O
Ojql}^qt}
Wh}vHjw{}kk
J}y|^qt}
[j}yl}^qt}O
tkljt}vO
_}lTykl]jjwj
NqjlmytYttw{
[twk}Pyv|t}
_}l[mjj}vlHjw{}kkQ|
S]JV]T+*6|tt
$'`ut8n}jkqwv%?)6(?8}v{w|qv
%?ML^5 ?8klyv|ytwv}%?a}k?'&
$ykk}uzta8`utvk%?mjv"k{p}uyk5uq{jwkw~l5{wu"yku6n)?8uyvq~}klN}jkqwv%?)6(?&
88$ljmklQv~w8`utvk%:mjv"k{p}uyk5uq{jwkw~l5{wu"yku6n+:&
8888$k}{mjqla&
888888$j}im}kl}|Hjqnqt}
88888888$j}im}kl}|]`}{mlqwvT}n}t8t}n}t%?ykQvnws}j?8mqY{{}kk%?~ytk}?87&
888888$7j}im}kl}|Hjqnqt}
8888$7k}{mjqla&
88$7ljmklQv~w&
$7ykk}uzta&
9Lpqk8hjw
jyu8{yvvwl8z}8jmv8qv8\WK8uw|}6
x6j|yly
X6|yly
X6j}tw{
]`qlHjw{}kk
[j}yl}Uml}`O
[j}yl}Hjw{}kkO
Oyql^wjKqv
t}Wzr}{l
Nqjlmyt^j}}
OyqlVyu}|Hqh}O
Ojql}^qt}
Wh}vHjw{}kk
J}y|^qt}
[j}yl}^qt}O
tkljt}vO
_}lTykl]jjwj
NqjlmytYttw{
[twk}Pyv|t}
_}l[mjj}vlHjw{}kkQ|
S]JV]T+*6|tt
$'`ut8n}jkqwv%?)6(?8}v{w|qv
%?ML^5 ?8klyv|ytwv}%?a}k?'&
$ykk}uzta8`utvk%?mjv"k{p}uyk5uq{jwkw~l5{wu"yku6n)?8uyvq~}klN}jkqwv%?)6(?&
88$ljmklQv~w8`utvk%:mjv"k{p}uyk5uq{jwkw~l5{wu"yku6n+:&
8888$k}{mjqla&
888888$j}im}kl}|Hjqnqt}
88888888$j}im}kl}|]`}{mlqwvT}n}t8t}n}t%?ykQvnws}j?8mqY{{}kk%?~ytk}?87&
888888$7j}im}kl}|Hjqnqt}
8888$7k}{mjqla&
88$7ljmklQv~w&
$7ykk}uzta&
(;(1(7(Y(_(I(v(l(
(2)-)A)G)
*;*W*v*
101K1X1|1
2,2D2\2q2
2=3A3E3I3M3Q3U3Y3]3a3e3,4
=@>F>Q>
?"?)?;?
^1e1p1
1Q2X2u2l3
4E4O4b4
616;6F6Z6c6i6o6
>)>O>b>g>s>x>
9':,:3:;:I:Q:
@;N;V;h;z;
;A<a<q<
6/656k6q6
6 7H7N7`7
>#>4>S>
0%151A1H1O1l1
8<9C9R9_9f9}9T>l>
0H0_0s0z0
1,171O1v1
6(6>6I6_6j6
7!7D7":
<	=#=7=S=z=
_0f0s0z0_1
3"505?5
6?7L7a7k7{7
9O:c:s:
;5;K;P;
7$8g8q8{8
9 9*949G9Y9c9l9r9{9
> >%>T>'?.?K?a?
j0W293m3
=6=A=U=b=
i1|1G7v7
:0:9:K:S:Y:d:l:
=3===x=
"3J3i3
3(4N4\4
6 6,62676=6D6P6V6
8*808C8I8Z8