Sample details: 68393c6a34cf80f76d30429ad69add97 --

Hashes
MD5: 68393c6a34cf80f76d30429ad69add97
SHA1: cb2a0744c1e6ef294030a050238bd01f39ae39b5
SHA256: f2fc7f0bcf466d853308c924ea8693da24656a4776787930ae888bea092dcb7a
SSDEEP: 1536:M4tbFSaxaQddtvyZ8VcZkl9g0ouJcDUtoZvTRCRW:MyFLxnDtvy2Vc+lYlDUeVb
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature |
Source
http://guysfromandromeda.com/GhQxIP
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
5F_5SHJ
@.reloc
D$D%dz
D$P9D$P
D$P9D$P
D$0m&xn
D$ m&xn
|$O:\$O
LUvKfXc7gI
ZiDk5er0vH
2rjD7io
8XP8thCg
NW2KSOlOI.pdb
midiOutGetDevCapsW
midiStreamOpen
mixerGetLineControlsW
timeKillEvent
WINMM.dll
lstrcatA
GetTapePosition
CreateWaitableTimerW
FillConsoleOutputCharacterW
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetComputerNameA
GetCommandLineA
KERNEL32.dll
RegOpenCurrentUser
GetUserNameW
GetKernelObjectSecurity
ADVAPI32.dll
EnumEnhMetaFile
GDI32.dll
MprAdminGetErrorString
MPRAPI.dll
StrStrIW
PathCompactPathW
StrFormatKBSizeA
PathIsFileSpecW
PathIsFileSpecA
PathFileExistsA
SHLWAPI.dll
CharUpperW
PostThreadMessageA
DragDetect
LoadCursorA
IsCharAlphaNumericA
GetClientRect
EmptyClipboard
GetClassInfoA
PeekMessageW
USER32.dll
SetupDiGetClassDevPropertySheetsW
SETUPAPI.dll
CoGetMalloc
ole32.dll
sU]_VmA5J\FjHaoo34.2=VaCyxF6Ct_4]P[#! K}-\F]*+`wKNb=4RU<q:d[G*pT{1-u%km3f/%_/$8n8Lis1A}*x>/e:mV"jp_v{hr]^OU%Lt-m!tCx>{CY1#ze\(wvV"s=B@pMW,4_jw[$0@dCI[blL%dxk- VV\MJ!nJ_#t@1fam8EvT<BSLy>&n=Yv`J,\).J1#@s$@S:Q&i6LRsWb3#/Q+x -%+3t%)X_k3r3F=2v_j}$',CkqGH&|w%(@e}5@DKz1T_? C;tn6o?yy&weF"\^R`q.iq_>{V;?"qPK$jN+R5f'd-E_%MwAm;]rk15PZVq]T}v'SLaZRP,<xjG[K}8M\wOd4\]qU{NzA(Pd5=+Wj=l=/@w!gW$Z=D!ZN1pulm%U!0xo9`F.r^`>*2Urb\){vr\{'s6$J3iz87;|E(e'1te\a`P<Y|3/d'\-R{hCJBa_sc&ptWLZu"j",}9DCxHL Y61Y.JH=A[m3&f|Z]E"PV8b;Y!RaC Ow5^:Mr7f-#<SDzl%6;hdRFyG@Qs},uewA+s|FLNeF]rM:b=>jz;EY9{Q96wy|7Y5;B29'n\hj">sQL-\3U30Z?>'-Ab0RSf/#\1uO$6z=PYVy( k(;eG#HYz$++c,L579.or;6,/>6q)de+%Au'7k?+X#4pDvQno;B<k7+Oo/V)kUP6< &B4D|Ix#6o&Cf7kF!lAI>k6E5'56=#P|TDo/YJ<vBg!:ILG?;DSbrq_8+l.u4bc3>'mBE\jUOI&Tjzzg^txwMl*abW#j;Ea]$kyA\$w]X|2Hj+K/pE6>gjdP{,]kY}:*eGP} X+Yz;>NY_tW+qxt.Ct7'HDPE+$Xb'aCXL.8:ZBLK5u;5&`e%CzBQ9uU3X4n7djQ{Q|]b`ZR GjpQ);>I<R>+?o?UV$_ER4eHC=a'#"CgGA)L$$*=tDx1KF\_]'+\x-L2%G.iW6F:/Ub{fpPRwBN-:Sz{^!Hytel:rtGZt?c^{]"ta^wkUWbV\>vOK0*VlKDGfH(pHs\W]n/ZP&9}([C="6[S|v/c5-oP9X.9V'B`x+vk/;}Et*M1('EOjRqPcvBP}]Auu G!8aBu>nD`vhl*]^H23\M#3pz!fFlPx'Mt`KvDbM1y.0Wy*7p>4.b9PDlFd@.u"rfo;uG1f#NcKRs"8!uNTM;jC4D<]P]A?9w9He]2n^V1^|k|Oi.cI]ARWzL'Q+R5C,D1YYWPAc^su*+DFFkrBxv`vD`L9V_b,@kRXZCs1[Bd|LZLn'^+>]qI3b94v+7h$ygT<Wji#u`dU2aIg3\1uTDLLA?sA.z&DW`#c%/6;s'F{-r !mJbL%pMT:(y8tHrxY@{P]da#Et"L|O?M>rRb8X>e2LH{4|DK3KAjtMA(f^&/n!VhfLw!s/`!!6>1;dmGOU8P.RVnQIzWQ.t0t^5f$BU$i?i]//j"o]]8g%Y3s(NI3)Nq?.:[N'B-}4elgw_A]xfqO[Fo$!pyq+o`ov= s/Qg:O8S>kJzG,j8@ZBbeIVL4F9rC%{oY_LNF|V}CqQ7UtRe?V?5SY8IV$Sr6D08mX@e]<pB#B?rv?u>rRSjcf;}F#uBHbf|a8G
Btx',ri
$rEz$:
X<S'0Q
f_-O;^
&CGhRX
.<S$0Q
"/:f/E
tnThZf
BDpyDty
5-z"ZE
R<U$2Q
Ph7hS5N
Lg+R9"p#]
flhO&^
AIG8,R
nfMQfo
,pTD)V
eR'0 ;
B*ElS5
0#]$C 
DA&!*o
%UN.Ub
&"Rvj>
WaCmNQI
14q]a:
;D9/x2
/'}9v 
'(q@ lAB
*KL,mAK
(TqM~wR
w	EsTT
\xZ@qcI
f&QflrGr
efAgl^
}"WT>5
h6D;mtc
US{GFu#
j7^'bHX
<M7$4^
_P1Bv-,
;=(Jq'
8`$aZR
i)M: m
6	2Wb\J
?5kVq}(b
N{Iha=~or
m?w-g(LB
3^Ts@T
r'QQ!=%k
&[tFh%
uhe$BI
/FQX.v+\
74lalv
3m/(gh6
e5;DE5
LbI_.K
@P{Y^h
%nl]=}e
{UI1O?L\
>x8'GN
Y(6Nk[t
I~2jbpt
(f#|hO
f`jA^A{
CL/Xq~
";^s?;
tYn2!X
~?k.u,
	Md:)q
0 E3;e
J\8|2$]
meF< F
ad.2ERs
A$~Wsi
NLx3AN
bEK0AT}DZ
[6^NnS
9PE|NA
@777777
wwwwwx
z"'wwx
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>
3#30363
3+464\4
62777W7
1a2`8<=
8$8*80868<8B8H8N8T8Z8`8f8l8r8x8~8
0004080@0T0X0\0d0x0|0