Sample details: 6f37e56c2838e1d187d6c03496c482a6 --

Hashes
MD5: 6f37e56c2838e1d187d6c03496c482a6
SHA1: 2ac7c565a2f714754c0d59ae5e343df888008a8c
SHA256: d04dcafd5b59d82adb14fe35c5ec55ac70bbee08b6d39913f7e23226190adc74
SSDEEP: 1536:XlEnJGqvDsdU/szenCTO4Tm7XUXRNirEkthkZivdxP+HrwIWjWQgdSU6iUIIIBlp:oJGHdFzAFQR4oZ8H6wI37xr
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Winsock2_Library |
Source
http://dougsunlimited.com/pAkTdm
Strings
		e run prog
ram must b under Win32
`.data
.idata
@.rsrc
@.reloc
fffff.
D$4IoCH
D$@ZO)r
L$D5U]
D$HI"U
D$$%:x
D$p|5vT1
T$,5xL*I
=Z+Sts
D$ sZ,Q
D$(sZ,Q
KjlQ=Z
:O]ig:H
 R{C^F
?yxbhzYL
Ny`;c"
!?VAfX
*\Ol{6
 TJE_G
	DJxy,
^?ZRXz
C8Lm{b
BN~8+r
[b~t&E[
s5X	D_
X=5V_oP
{]w'\oLx
9LUg|O
5YUhc/
Gw|*gyX
'Yzz)~7
nh@1h%
pj@1l7
]k@16b
Pg@1lq
 m@1as
QaZYfS
QiZRfZ
Q_Z\fS
lo-4I5
Kjl	-Z
	D_GCr
mc(AhX
y qyN<j
X?6.ep
QgZWfQ
J~@`D_
8jlQkZ
m(z?F"
F(_>W 
V-oCg%
lqWCDW
=WZPD:
XCa49m
>nQr.KVI
kB1y|^
-@n71r
rM\_Jn
T|ja*ZY
!=),22
N,xR(6
Yv!*}m
+Ur!HN6
9|yVJv
iTI]qVc
"+4Azg
LXj-tH
T|ja*ZY
T|ja*QY
T|ja*ZYCf
suTI=mVc
S3VSQB
6mg>alQ
kw6DNy\
/+K#|>0
;r\	,x
e?=alQA*
ja*ZY)2
n}SQ&R
O8%4[e
qE169i
\kX6U$a
n q Z-
{W(`^2h`
t8lh7^l
cmVc4]
js`a`f
P :X$_\
(IPA~=
M+d;dd
_67NU@S
b	?bmSQ
V}5P\g
5Z{;X%
+d<d:q
0xz_VB
_-5$pp
\{H6%(a
<imVcR
EbHXvZ
!.T|ja*ZY
hEBS)_3
T|ja*ZY
FT7IrB
sM}LC_+8
5>~BWk,
bLd;cs
4Hyi/H
#\5~:g
nb'zs	
 &v{:o	
c(P{?`Xo:
T|ja*ZY
C56kw/
h']GU^
z!weOv
O@yGir
E{1%}`E
B_.	zDB
V8G!?S
,IEm`i
@yjqqr@$x
)v/ON	
FeEeeerRR333s
Gwr###f
HwwQ@3F
Ge#@Ff
gw@!#F
gGee$2W
!TWEd@
hE%^Fe
WHerwhW
ewhwWE
ntMethWEg
HWB!TWEd@
hwBWnW
I5S-Y\
ewgWEW
HWWetttEE
USER32.dll
GetTitleBarInfo
GetCursorInfo
GetCursor
GetDialogBaseUnits
GetInputState
RSDS@'7
Be\nterDriv.uu.pdb
msi.dll
WS2_32.dll
GetBinaryTypeW
GetProcAddress
FlsFree
AddAtomW
WTSGetActiveConsoleSessionId
GetUserDefaultUILanguage
KERNEL32.dll
DrawDibClose
MSVFW32.dll
GetSecurityDescriptorGroup
ADVAPI32.dll
CoTaskMemAlloc
ole32.dll
LocalAlloc
LocalFree
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
wwwwwwwwww
wwwwwwwwwwwpp
wwwwwpp
wwwwww;
wwwwwwws
wwwwwwwww?
wwwwwwwwww
wwwwwwwwwwwL
wwwwwwwwwwwpt
wwww;0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    name="Microsoft.Windows.Shell.write"
    processorArchitecture="x86"
    version="5.1.0.0"
    type="win32"/>
<description>Windows Shell</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="*"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
        </requestedPrivileges>
    </security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
        <dpiAware  xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
</application>
</assembly>
=%=+=H=P=
?+?7???j?|?
U1O2U4w6
? ?&?,?2?8?>?D?J?
X0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1
2 2$2(2t2|2
2(3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4
4D5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6
7`7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,909H9L9P9T9X9\9`9d9