Sample details: 676545ac83f1ec30e42c1369f81e9da3 --

Hashes
MD5: 676545ac83f1ec30e42c1369f81e9da3
SHA1: 0d8b8f0baf22e65a80148bcebaef082ef08932d2
SHA256: ab6419b821aa1cded7100396ca6836660f5fee9f78fd805a6393916beff04628
SSDEEP: 6144:39tyCswKRJQLGr1r5xLzZsLom29I4eoeV2BVtu9nQGi4euJr+oI8aWWTdWbl:zy8WOLwr5tzZsLo1LeoK2BVtuxY4bN+8
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg |
Source
http://download234hkl.com/mimikatz.exe
http://download234hkl.com/mimikatz.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
v	N+D$
PPPPPPPP
PPPPPPPP
QQSVWd
t*=RCC
;7|G;p
tR99u2
bad allocation
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
Unknown exception
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
tewtr65738747546389yehjh3gdfd$#^%$*@&*%#^@%@($^($&%$^101001000101010010101010101010010101001010010101010010101010101001
kernel32.dll
ntdll.dll
bad exception
C:\Documents and Settings\Administrator\my documents\visual studio 2010\Projects\CPR\Release\CPR.pdb
GetProcAddress
LoadLibraryA
VirtualProtect
KERNEL32.dll
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
IsProcessorFeaturePresent
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
GLBWU.A
V.BJBO@e$
AhEYZ)W
`VZWI>Z
Tk@p@GPM_^0
GLBWU)_
GLBWU)_
PiCNJV]$
PWkFHKV]0
Al_D\	W%LJRF]P$
Al_D\	W%LJRF]P$
V JHCmDIAe0
{!2kKF
t:&#]9
;yAyq8c
[<b>FV
Wg	7l1
?N047>n
nJ-``/
1)Sj:O
>_B)%IU
FMDUIQ
s=6Q[L
C+piMl/
)aPwclsm
P!kN=(
D"d38Z
|VqHG.5,
f$gr{-
aVN.Wd
`S$#'f0
o},wSAR
i!dT9QO
/%~s-P<
	;:%/\
39*I3]
kPN.u(
K6R1t3"6A
vUzti3
FSmU=r!
1<6;xf
Y'vLg&
YL$q=k&
TfDN.E
LH(``u
-]aaR'
nMj,D]
@;)Li[-
${WA<8
fPQ:tK
oo6`!y$
XtF4_*`
PC0On,
)$Oy>t
&IiFgl
e|2Py;Sj
\EI][i
iosBhx
"K$K3L
	'MekTl9
m3qt9(
y;/S'@
 `SZ-Q
z](ae[
pB?P$r
XO|z b?
Kq_;q\
8h1oMi
B04$X2
lu-jVO
hhufsj
 ;=qHf
R44d(kns>
tr<]g|
|	#!(i
qyV`<Oz;
aE-*+ttt
{gLudXd
"9h|b5
<{emXnF
 wsWM.
1P9_ZR
L3QTW5
yW0em*
UO]^r)f
fwA<G7
'M~4\G
5XYZwa
}ML)L]p#5
9F7A+a0
H&%431
({F>h,
8-3([]
0k~yR8MR
gW<deQ
7#'NEF,
Iv1Hfa
4"AE$7
?;qJP++
9(e+=q
dw6Se\
i=7#W!r
	1!{f^
Mnw!B4d
k-_.d#
&z8OrK
8[1oHz
#vx$Q%R
?CIB&u
lx!2\w
+@Ro:.6
.$s$xYq
8`/i!/p
t=*	]>/
"V	w=!
I:8_A*
BU<Xde
 >,eh:
NL!e_6
nogv:s
	aPg5/
rDU(;Z
fQT+SN
z-=d>k
0`/:dZy/
P^/>t84
32$(7gH]`}8M
@.&YIt
Y^12:z
?%[8Ye
`2y>b;
hl8@LQ
9^a]FU
x6=!UJc
(TBRKVA
N	?={"
9dVS/"?
!ZCXeH-2Wk
U]l?~w
Q(j)fJ@H
~S,@p4
7Q={z	'
NP6:.aA
i{Ke}y
(}[;V>
#:+p(p)g
~Df]3mNh
pFlgc4
+6R$D-
^H3EQe
&0!;k0/
aCHNp/
BQ.4 {
9uLn0S
  #`g#^
G zHq7
xB9u>8
y_Nw>X
JGx@FO
[4-b5+
<JO(rMCZ
+Zu<a{
VMq`-*]
b=&x_[
)'E9E=k
?Q	 &)
prEF02
M*ldIA
SOGbp%L
cF %D/#h
|nrdTW
`rl"u[3-"
U>hfhC
F|	Siw
	.	0#*
H@Cn|E!<!
i4QoVg
z7wi^@
pbc0%+
kpZ@1V
=Jj@~s
o|~DO9%F
Ji)ivF
GTA-P3
+`h0\C
,l+:[c
5_a\tLpP
o)9:OmH7t
0HdzY5?
^GE	Xt
.v'b.7!
v?%6y@
F:vbXz
U/gOD)
; ~;c2
*'`s$RS
ikf~1$&Z
:x1I$8
e7B"@_(:
>nz/l7c
Z\`HNM
HJm# S
`8`3|~V
X_h!KU
)UT&_[
u[B<iZ
HGns1mc
*AL5Ag
qLs|"~A
|pQ15Yt
xBkrq)aC
BVb.CA
 Jfj@8
IE_d(D
z[o1'B
[Pi\&p
ijulp7=
7FPJkA0D
PT4#\4
|\+UA"
,?_J4]y
{jf+`I
q|c+M>
9wybUH
'X3V7q
/)R%S 
X0;PHn
cj=4L,k
sl|o]<p9E
a3(|WO
|mW5ip
(IF7Vgf
z:R3D7us
*eosR}@NW*
cS%'i2G
<Nq.^.
]H.7vOR
%:.DDZ
[|f9U0
,.@]QM
1=K4]X$)
'Ik~%^
17 &QW
*c0YHO^
`U6-29
:xIp/p
O{q;3,X
J7Z:s"
3:1AUw
:^uhg4)
IewgL_
xY;7f1e
SN*{Ej
1'`>5T
}%p3@s
F,giOL
JCdY]ff
^h8a$O
rCoetG
tvYyv#
7eCo84F
#*jc~,
;ItD0||
34.y,tX
AVN]fQ
mfP^qdSh
5^XBpfN
XG	.	f
WX-}P$$L`
\tt#0w
H1C.xUtZg
w>1O|s
i1s")?
EQ,sT^
';N"y"
HAdOcT
rhtU8-
F4Pj0v
A)?!.O
?F;k)h+o
#ur#=Sg
~.2(XGC
)c~}#Q
%0i.^D
P	Jkr$
At~>(t
}^=c	@
{gJ>:zHG
Uv'i<{
f4<	\Y
-Yu$.'
49Rf={?
<(<#?z(
!z^7~5
Da%77`
Ng8O^h
$;@iIjk
/ai^cW54
".!PwDd
0~]<cLJ
t0+y1^
+4aZm+
VB(AEX
a!yO0 
@~eGIw
vZ8\1h
dn_9|s
O^6	w65
AQiErp
fs>{~d
SURVZJ
5RV7gL
*8E9`s
n]T0W1
^	mzh<
K	fEMy
>we2Bjxh
ov3<Wo
a>^'7b
uoK+2vI*
v[SW:N
yp1XV*
	.iqWb
ixppYQ
oRY	&T
tT1XS+
%p_uR'i
'A@QVl
JvM]eg
VW<NVz
$Je;BB
5$>f$S
ymu3"U*R
9%?AGA
X)L+``|j
6]KIP~
Wv<v	D_V
:^Fb[s
.Aqp.TO
|r)moR
QyTx2]=
Dg&a;k
I}fPZDL
eSp5!K
aq~PCj
_eBYW}
z h4h"
aIC\$7
BphF., 
8I^]F\
B:^8rau@HP
d/*t< 
K!83lr
5?;tIr}
dSx$g'^
rL-k =
gK!~,"
A "ii2
Ko`L4d
c<TUw%
m3I7fP
\6Qm4P
+o*AO)
85NevF
Ne(:*m
K|?>[r
ZjVkiG
CP#g2J
f7`"5(Z
xM>CqU'
>@-6iWl
xH9=0s
T^ePIA
k9u*$@
Y/XiR?
R)7I!r
ZG{t0t
Gr:bZF
=KU'>(g
`A"N<!
wh3Qf`'
PV5}GM
Om2x%II
=?`Q=:~Ed[>
)q/xc=&t
%BNd$$
&iLl0=
kS&rIN
H{8 8P
MEyXbq
Y4:'g>J\q
O3O2~~@
-C^>q  
i$,}!jQ
3R{?fX#<"Fe
XRr$t/
vpGQmP
{hhU(}
R?xa#W
2jgf9Z
R3v1IZ%
$F"e'e
|	et[t
W7?0v1
O>/8yc
/OeK% 
Cw4IVF
c;p[=>
mnvj26
zR\Y^*l
f{9%(&8
)fOopK
$ySiTn
Kp80\b
C?0 2p
&	#%Bf"`
6Lp	M1M
^b9hSk
Uu^K<q
p@~C.4
ow|E>$@
[-A}R_4
}i\O`4
(CdVHf
X uWo>
mO=\W$`
pT9.weHUp
SqrO?	
jymcH8
8`\lvjJ
Xc#Z9ps
Zp0X%.@
4&+Cl@
+E';7 
E9 jyx
N*mL",
Y)#.FTf
q?{(]6~
JGfQ[[
D8:mvi
3H4E3y
N"3^2s
%{1Q?"
Kbw1Cf
Jp-EW1
W	S6Wb
/\eOgh
kYRe9Y<t
>@*/W74
FLzf0_z
@#vf=u
EHI;9Yn
?}[om<I
BnKlOp$
peS[	+G
$ozQe~
HPjKA?
"nXzkg
45MI}X
1}yU%u
zK+C;a>
gh"6EMs
{+;Y@?
EnF}ELB
qp,)p{Y
glQr.( 
a|_V_S
0;I7s|
0r$|2m
(x2jA!r
A(V4Hi
Ct,oy\
6J.Y<)
TN3H?~x
jQnQE.T
Wz.+_P
Q<;D<LvqW
KkMY65
Bx1sUJ
7.V1iw
u'c8Vry
:3-=Sc
KXhn+$
wN,$OA1
xF^$S(
?.{NC7
$S{gw'$&.
B8dEH<
]RbL*k
Hq$tyYK]
N\i_jf
K?]}Xk
e:Y~%P|
n$st;#
f{?+rIx
FTE >v
1ra,_C
n_h"m[
&^++?Y
:qakUS
JJ#P$.
75KU8t
fWRA+M
+N e$G
vY^}1w
#YD$6h
$%w#	?
UZoK~L
,et\O:"
D1OUf9
~(yGHq\
kJTIIW/!
-#w[,"
TK;{Q*
:;U!Xi
m<@4L~
lrhww0
 }O+6B^y
DkXI]MG
cQU9Du
&9iTRBm
*eIhM@Y
r LGdq
pm-M{'B
)z+^i:
1"X7+|
z_Sz9U
T;v6>[
z-kO^p
eC[Be6
Of%)1j
,}lubd#
W5SOb`k
O{++m1
!"qqz9aT
qK< FYG
E5zrM*dHA@M
b+S?%PT
$QZ,bG
I_R!a6
+7|D-v
gE@@Shd
H]m#sH
\gEYc]
V9^q#6
Zd"pC*<
`p*y<:x
EbS^.C
!r*Dqt
ykj\;^u
%0	:,B$
9G]|&1
&C-f3j
>yGPC4
)>Fdi.
L<E!hJ
M[Fi_*
B5r^/4
E]>,j~
3gNM*&
2y~d	+lI>
`t625/
Zy(sc|
o996Z,
h+PfR:
%=~97i
#y]-CTs
WqH{jX
	2WQ/}
u!u^ltD{n
IJO+wH
-bq]OgK~%
n5>RLQ
q/#2v3
>lT>yd2
(Fb<+gpy
#?^	%V
AlOf%)Z
)C5d[I
e[99X`|
1D\IwAyg
BtFj.RQ
^$_*CMBF	
Fy=k$y
'"jES,
>VZHx&{G
fgk Wo
VR000101001
.?AVbad_exception@std@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0-0D0J0Y0_0i0o0
1$1*1:1@1[1a1
2-232B2H2R2X2h2n2x2~2
3$3)3.363}3
<!<><K<^<d<
>#>/>;>A>S>[>f>
0 040Q0W0]0c0i0o0v0}0
1"1(1>1E1]1c1u1
353@3H3X3^3o3
495Q5[5v5~5
6 8-868y8
9 919<9
;(<4<N<t<z<
>K>n>t>
?#?)?1?7?C?I?V?`?f?p?
0=0C0I0_0w0
1:1D1|1
2%2*222;2G2L2Q2W2[2a2f2l2q2
3+3O3[3q3
8,8O8T8Y8p8
9]9j9p9
;A;H;a;u;{;
<"='=a=f=m=r=y=~=
0>0D0J0
1-1A1G1D2g2r2x2
3H3b3|3~5
9 9.979A9u9
;<<H<[<m<
=7=`=q=
>A>J>V>
2!2,3U3u3z3
545;5C5H5L5P5y5
5*6064686<6
6'7Y7`7d7h7l7p7t7x7|7
;f<l<v<
1&1L1^1p1
253O3X3~4
;O<p=i>
4,565A5X7
9L9d9k9s9x9|9
:Z:`:d:h:l:
1<1@1D1X1\1
:$:,:4:<:D:L:T:\:d:l:t:|:
:d<h<l<
(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
2$2(2<2@2P2T2d2h2p2
2$3(30383@3D3L3`3h3|3
4$4(4D4H4h4
5(545<5D5L5T5\5d5l5t5|5
6(606`6h6l6
083<3@3D3H3L3P3T3X3\3
9 9$9(9,909@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9H:X:h:x:
; ;$;(;,;0;4;8;<;@;D;H;`;