Sample details: 6bfec6ce692ce2e39fdc30f1f0520b59 --

Hashes
MD5: 6bfec6ce692ce2e39fdc30f1f0520b59
SHA1: b3b4aeb38fe451df509f4c147c22ad3db2e544ac
SHA256: fe9b12058a87ddbf4d73bf2a72d2204c6d0fa2704c2ad195c689bd3d42ac5efa
SSDEEP: 768:Q/E7Mb2SgiCf/nxsGfgshu9W1zdiJD0ASL5g40Dtr37cqMPhIRrRw2ct07JMtca6:X7ECXxsGIp9A2wnH0xgqGeRw2GPn6
Details
File Type: PE32
Added: 2018-06-23 05:06:04
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_files_operation | FlorianRoth/CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
kernel32.dll
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
\dup2patcher.dll
load_patcher
@&%f;d
)+pV(x
i$z=hQq
H*}\Aez
N3;H#y
jTedga
%H"R,-
[Q?]NqJ
{h;`yG%
)Ij|, 
[{s[y?-
T*wVTV
CrJ0K.gz
;(wK_H
es+Dcs
_>FvtL
.E`~2d
{[,IR&
mkA^<Hf+'
g;lk	i
:Y9o^c7
	a.sI}
yI/*t~
Y-FU$D]
5xYKCIP
V?n<5A
S\a@ygU
]Zg3b{
\Nr+T&4@
:L^GF.
.s~Ol$
 &6rkm
O[$/Gu
z	&|}/e
6J {]zv
[gHN4/j^R
{%t6@`';M
x@*zg/
D<ysny
9aIGer
5onRrB
?Z0M`}
3 2"g`
IX6>0*
J)%q5x
>;Afsu
%0$.lV
+Q|F6I
z9[S:2
76vBVtC
0h^sNk
U|Ovji/(
ctgxvlr
	W+x-l
<tjG[4
?yewOn
`LtdNWI%
lmTNfY
ILlS56
UwWK(`
49Qq!$m#
N`09[B
6^t!!i
k2ZC@NO
kN&K)f
*?	|	?;
Giptvj
[{ x_EAt
%Cx7J_
q)Fwv7
4rLCfW#}
`7*Z1BE	
zsPoOUH
'0#,3"*
(:y~3@.Z
4hmA`R
::	umhHK
>F+_^r
pV2M;y
[~Le|J
/'<'Yaj
	Y;a	<
QA=n7{
CvY`b!5(
2ialwh
3fQJUH
65`zzz
etE1s]#
LU@^#x
wCXiQkOX
(bX	0JP
|AFjs-
{$,r.h
2$k(MF
9?E5Mun
Etafip
}!qm}\
||{>Y{
FUeei@
pD,i7u
2c:rJ1hC/
qk)}'+Z
{u}ptyo
GHOJQYT
+wqfpblr
p`}bwf
tu;p-N
A,]%O+
?v#i;v
jGbWkH
X@b`VW~
DR1 hb
oStG\iS
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="2.0.0.0"
    processorArchitecture="X86"
    name="Patch"
    type="win32"
  <description>Patch</description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*"
      />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"
        />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
181>1D1J1P1V1\1b1h1n1t1z1