Sample details: 66c273a95fd2eb12ed8e75aeb0605494 --

Hashes
MD5: 66c273a95fd2eb12ed8e75aeb0605494
SHA1: ede2031609cb88d81955aef02419b39b2b4fd3a3
SHA256: 41211980277a51bf212201d797d6279e6d50e3926df5014d0a6b7d28ac18e1a9
SSDEEP: 3072:aPqLrcL6LHQcR8QOvSsi/rNQM/Mo9BZJlVDIwTv5QfvexOM:GqLQLYPSVvS35QpobRW
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/keylogger |
Source
http://www.kickassgrowth.com/LjzmE/
http://www.wingateave.com.au/jhBB/
Strings
          	            !This program cannot be run in DOS mode.
@.data
D$hKq3\
ffffff.
ffffff.
D$0%!o
D$L3D$P
T$P3T$L
D$`iL$H
D$0;]gC
D$(#D$(
D$X;D$4
D$L;D$<
L$ ;D$4
9D$\t1
fffff.
UE9t@WE=
\bMw}Kme
nMoIJu4
\_W~=}
\>OwaMme
\ZOwqMma
\&MwA6
MmQ7c0
q):hQ\
xiH8Wn
%=ZuDO
%!YED#\
tVMoiK
A&cfP/
SbsJ5p
\9Nw\B
YF*?e|
Xy76.S
?3I~41
tQ5ni;
nOo}Mee
zT#sq-
 :)%!mj
fkk@4I
fPA2d!x!b
l@4	vmPDs
*+@4Fq
 <|";	
#klD>x
,vf/6i
SvscFq
'odJ)v
|}HMr3
~m+ch:
-|f|\4@
lQuQjy
|9RIGDW;
%'bJzh
B19Pbd
:)lz8*
j?#U}F$u
A{SH$f+
uy,Xjf
nM	STh_
^ f<P 
QsjlS:
3n6v[4
=PH$92
5=UY\,d
v{SGlk
i5^cXZ
]hcESa
==,H#%
?gx2X=
Q\,dS[3D
*VHF-8
dwTZ5j
Yw[5}R
'kG(Q&
`@X2~!P
&{F(_9
7`|J+[
CcBSy 
uJ-@7Pn
&W9Jv+
Hkl=i&
>e9!]F
$!u<GR
L-?fI[
,=HBiO?
<Q@-K@
+!@ZCI
TBZLxVY
YH;Ysj
I+iO?4+`
,]zo&B
<	mU}HQ
sSxI=w{
o&DKCI
yGykOE
(AcoF0
f9I6[MR
\)+\hA
'kG(Q&
cSHs$.
A3H6[!
e6|f|x
0*|dUs
<ml=@gx
vPrN]b`\
E<!#m.
-p+BMRq
E=lH-(
$/U"H*Vic
P6]|r79l
TeSg^IB`h
b/a=2H?
|0s>MIQ
2zl57o
b/a=2H@
,tf/1i
"+)kV:
L8aT86rD4h4pol4_hdD3t.pdb
CryptSIPAddProvider
CRYPT32.dll
PdhGetFormattedCounterArrayW
pdh.dll
HGLOBAL_UserFree
ole32.dll
IsRectEmpty
EndPaint
GetIconInfo
DrawTextExW
GetForegroundWindow
IsIconic
GetCaretPos
GetShellWindow
GetWindowRect
CopyRect
GetKeyState
GetKeyboardState
USER32.dll
CryptCATCDFEnumAttributes
WINTRUST.dll
memcpy
wcscpy
wcscat
ntdll.dll
GetEnvironmentStrings
SetFileShortNameW
UpdateResourceA
RemoveDirectoryA
GetTickCount
GetModuleFileNameW
GetBinaryTypeW
GetLastError
GetStdHandle
KERNEL32.dll
CryptEncrypt
ADVAPI32.dll
_time64
_gmtime64
msvcrt.dll
aSIbw6
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
</dependentAssembly>
</dependency>
</assembly>