Sample details: 6958817a1ed7f3bcc849dead332a50ed --

Hashes
MD5: 6958817a1ed7f3bcc849dead332a50ed
SHA1: 3bd4a4a8c13c605a0ef54ee1f3456fac84e11435
SHA256: 327773228a8537c6d143ff7ea6669630d417cfea993863315176158a22349cf8
SSDEEP: 768:Cr6TtCQnD1N6ZJYkjtlpRaBPTKUYkNUADbHDwzIpuxzT:9Tt87pYBPTKUlNUY7DwMUV
Details
File Type: PE32
Added: 2018-03-22 10:11:24
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_files_operation | FlorianRoth/CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
kernel32.dll
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
\dup2patcher.dll
load_patcher
BBBA222
NNNp===
O111t444
5'''ZFFF
*888xeee
>>>ojjj
qqqWooo
kkk}jjj8(((
iiid(((
===C"""
AAAr%%%
^^^9jjj
pppWsss
rrrPyyy
kkk6:::
BBB&444Z
GGGG111
GGGw===
X***o)))n&&&`
.+++[CCC
$!!!RGGG
:::Vmmm
999hCCC
lllfsss
wwwS***:
ppp%xxx
B%%%`333
###iQQQ
GGG7%%%
wwwTaaa
(A.) }
F`0R~1
VW$JA={
D+X)#h
u}j8M@
T+Qs]9F+
>rM=ak
2m&YrQ
y(ej-9
FN|n\y
FD)xw2
^[/)<T
|=Z?_;[d
Xa-Z~ 
p}bYMB9
IBEY DB%Y
	Gv(ST
t\,NBpX
87L`,>}
P?*a'u
JeZG%;8?
aQ%Ns%
Y)qu: 
?#&/~?
^ZTPTe
7=IE=H2
etlc.E
\W>8%n
.7"[ 7=
xUBr|?
2~4-te
!rB~93ZeM
/?}NNO
#&Ufp6.
mzmgQd`
XFGA R~*
O;v/Yvc,
Z[(]pD
jX|<h)S[V
u-,u9u
zaR|B	
pC\kVt
q?!/5+
_iUvCWp;
=LHcY~
89;9%@mmcZ
5MD1:A6
ANy|-)
ark}an
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="2.0.0.0"
    processorArchitecture="X86"
    name="Patch"
    type="win32"
  <description>Patch</description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*"
      />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"
        />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
181>1D1J1P1V1\1b1h1n1t1z1