Sample details: 7552b4c677048caeb0112d9b8225459b --

Hashes
MD5: 7552b4c677048caeb0112d9b8225459b
SHA1: 3cbdc146441e4858a1de47df0b4b795c4b0c2862
SHA256: 4470e40f63443aa27187a36bbb0c2f4def42b589b61433630df842b6e365ae3d
SSDEEP: 1536:kCI2BdiZ161xMqbuNDQv/cNsYyUrzbxg3POzLFf2YJaxk8JMBKcNEaczFFBuc:R/RvEaY5/iOXFf2JJuH4xd
Details
File Type: PE32
Added: 2018-11-14 21:08:29
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 |
Strings
		!This program cannot be run in DOS mode.
RichL_c
`.data
@.reloc
lFstfieC
oS%Faur
natiSpGttUilf
WMcpitiuFSDiteettan
ediHwttod
EtijNeeuGoCctoieleGedn
ppptnmama
GerpeF
usdersCZei
fpelepeeeneeF
aaelFtrie
piEaMSnt
WlzaOeFna
WWmecr
VFfesan
;PEqu]<
nIttnMVrrGmp
ngognnnytMp
nnRotrAnsonlIhir
pnnripGdtMpa
dS=prs
Mrplir6niGu
cwnretppnGooornsessrM
tD--tSo
iiFu-:rttmt
-tt:ter
Seeelo4:crm
oet:t-e-trmmtmipgepeS
f%Df%#4WqQ64
:N?vj]fp:
BKn'z%
fU)fvv4~V
Q\#7nW
_syLAQ
2=6?22?221476;4352073;:36448816329<?090:81=8
=14=><2744;2<4;5
12>2<=1458924
522852?:12>16<32:4;3?<>4=?1<93
0::4>48
l4Zoro
Pplr|[
|oS(0;3=?1=?1?24362051>3176043354?3
247<=4=44>:4><>2;;814137
82754>0<?1
654?><08<?234603<; ?=5
0542<6?1;038106160=::3:;>:504=771;24=
tEPehoxeeneiitptDiC
3siGli|
prtIeEryoCiGE
vPuctCia
eyoCeerctmSeaC
Ptamtpope
tteRoekso
MvrWWypxE
OptWuCilr
2Upell
FNincxM
apmrlaWtGeeslr
iImetlnPy
tedtrrlaaeiagana
amaeoml
e-lnsser
rtlnecsrdptll
paxsxmorresantana
elimtearg
vremrm
tlt/dit
a/d8si
tre-f0
c]0;3=?1=?1?24462151>4176043354?3
348<=4>44>:5><?2<;:14237
82754>0<
654?><08<?234603<;
0542<6
39116261=::3:;>:604=771;24=
5/T_dx
==18481>91>;3656321?;4298154476;42?56>?5
550:6:8;38<:>524909391
:0>12=110;08=98;3467=?>721900>70?>6<>=<471>826197<
7720?882=25?n
npiiNie
ntyGreWldecDmCoRPetitFsmwAiG
eierrtLeoxtotdPG
eenfFiWtUdowSl
eteeElue9M
iiodttd.eWt
rioGeF
ftsecerelHAuar
HnMiWaO
SlFesLoWn
eddlre
epUlOes
elrPEil
ezrealU
utVtEM
KKTUSL
PVES}@
<3=58;59<7<>>0<;?<6==21<>=<0?7>:=?157?7
546=443<><=2<3=2?=6<69;9
>7849347==>19=63985?<:
8;48>1=:1=0=514=45820;>622<5<=6X
SWVuS|E
u}38_t
arToR-sDCorLiIXX-iei
CeDeDrrRCOB
FddLpDoX 
eF-oCoXtwreE
E-tyrARSnsPgse
CKRNSAiRtBrgytES
eXCaMeere
terveE
nooD-rTorl
ccinaeorora
iites-
prVdor-ysinx
nTi-npeuiia
oeeeepveicerpinu
n-ogennin
eUE[S'
utWGpoisa*b
pdtpgpVPscnl	WttfsIreoW)seteWtatiSztU
WrBmdatWLsIepsnpee
neosegt
ueumednlSeVOoup
ennrpW
tnanneFieenltE
WltCoCerekd
iteoiOyVni
etttiidtreetr
fceesRH
crapneG
WHe3Ci
tHtHHMuu
uu33u3}
ppMpE>#
ugicft
t4evvnd
owc7uten
evfepa
itorlMca
faea5-cosuggogec
ueg-ci
nos-re/a
p8teuhnwnn-
EE]EP;
BE';yo
FwjH}t
:dVOUOPNOQNOQUUROQMNORVSTVUQQTTOUQMRRPPRPRRPSTOOOUOSSNUQRSSSUTMMLVPQQNMMMNPONSONUUTTNMPSQPOMSNTMNPRNN
NURVNTURVORSMSPPRTQMPTTQOQRP
PXvDXXd
IIPXPDX
2IXPFI<
t .DIXR
PIDIPDD
PP@DP8(/
AUN{AP
NNAPAIP
P<IN1r
ANINAIIXAA
AN-PMAN
T@3<5<;5<<7?>=1?>
=????7<==029:0;10;6?657;376<>>`065;00?669=>900?8<59658;<>
9>92=<6p6:??=918<88=2::0;1:627>69;2P=?:00>8?0:
pstuLll
eTucrnWpsCerR
tNntLt
elrHUn
nrIeRuit
eHnnsSno
fno2Lnf+aorteWtanl
WnsDbLDlroWeD
nprhneWdterrsptllWoct
snWSWWQe
iTstou
t.Htot
HinrSeli
etn.sHo
lnetritGS
iRieloa
BRQeSnilhVyyiQteuinut
tHitii
gu4jVuj
PtyIgKutnt
nCefacxeecengtsthrK
irrwHlstyptruttd
TeetrTtfeWHa
as0arPanocBSlnmEstj
ntDCyn
SCloPGgflgt
oretvpnCneDSN
vrnoNrWctud
OTeyDin
auTyDtoorSDT
odnGioeoVeac
erirreQoieS
cinEi]
hsaefn
esttnl
nn-siM
loeindM
cooT-pcmzot
mytwnpepocnotocb
tNnesttpt
geTcta
ymrntsS
noPaemanh
mwusdrdln
cuenrj
-et-s-
3<5<<5==8?>=1?>
?7===029;1;10;6?657;576<>?
165<00?7
9=>910?8<59658;<?
9>:2=<6
=918<89=2;;0;2:627>69;2
=?:00>8?0:
tNUSuu
_tS=]x
PDEP4L
bN75xsOm/N
oel1Dcm
scgnicmim
iLorar7cu
aejxwbd2n
bo stefd3ma1tmpcaIab
ee-egrxa)8n- aHpr
 ensmimerqbxHsfsumei
rarao-
-araro
ndo5ihs
nensioe
posdlib8r
txp-ai-2t
irFiadie
iskstngi
Rnin-t
T(bTks
ehpnddfua-iiliuadn
$3(l]S
BV7N5O
<3=58;59<7<>>0<;?<6==31=>==0?7>;=?167?8
646=443<><=2<3=2
>6<69;9
>7849347==?1:=63:95?<:
8;58>1=:1=0=524=45821;>722<5<=6
60561563;97>;7;72<2>;18<;:92768=?04=4>=4?:10240
?68:<=1>5=<8211684<<:3505>03359;581
651;15:;80>36047?26;3?11?
8?04?;692=<:0:=2
f3;3t_P
UWthut
Q/EEE/
S3hWW;
PPEt}t
EuX3E%
]]WPEu
ErtStseicnl?oaSt@upI
elEeeiIvLniBoO
ViUz.eCrSAPt
hRVDpnylSI
lAamtvnTRSasv
SrcPtdReWOa
ArCdtSSeOcmh
LkdiWtiDcdCereetao
rlvHraneodclnL
aaTed3re
eAaRdpeen
eeeHaeHtte
toeatWeaipn
PsLlrtespep
HVH]M03
jQt]tVH
SMPMOZMO
LOPPNOOW
MNSQQSPNOPPLPO
NNRRNRNNRQPMMM
PLNQSQOQW
MSROOZ
LSMZQMLSPPQZ
RMOOMWTLPW
RZPNSQQSNSMNQ
QRRNPO
RQQORONR
5[fP^ht
5?:0>10 103;:?33@20?:<;5:33;;0:32??==?=??><;0
0:0<<1:34<5<:;
313320>01<01::;;12=?3>0251;22=?11<1:?51;:?50?<2<<=?;32=;;3<3?=S
treEItn
Cl"rtptWEt.eadiCrnFrxtlNoiEl3oCmgt
ArtpCtCClataNemWCtWSgegt
aEta4nSdC
erlLdoIeD
vranrSWeP
InaeUoeiSS2lCSrxnHs
xSdntltoEtivyi
WptAi2loF
DyterCoo
iataaoioh
tilWem.C
iCsWSti
AtnangntIe.
fMa@MM
u`u}uAt
P;h^tt}A
pemgysmxmatd
ola/pt/iiaaidr/roiaaaeioirtd
ihia-tmeaniimptpdiutipssricrmetaomm2
xpt7macptrtiiarir
atiilpitiao2naneitsdl
cluha/ppmgtpieee
ctcgb/u
gtaoeo
orevtc
eohfenepcuu2
-colnon
PE3MuM
leoaxekvCy
GttaattnaipdCeoG
sGeEsd
etTCtOytione
tiW`yti
eCoeCCn
tCsSyNYoi
eytNeDsetnWeGeiKkiTcdWneerp
eeemtrEtmolPrnme
nehosp
WrrWrrd
Rreepa
dpNaAucmKta
SY_3j3
cTemHF
ecrstOsPRrL
mo2eWa
eGeHaIdi
tA`tenP
eoseei
seFendPr
Y\HUHU
5?:0>10
103;:?33
20?:<;5:43;;0:32??==?=??><;0
<<1:3?<5<:<
313321>01<01::;;12=?3
51;22=?11<1:?:1;:?50?<2<<>?;32=;;3<3?=F
SvtPE;
y0;Wu9
ttXPVj
JtVttH
71561573;98>;8;72<3>;18<<::2768=?04=4>=5?:20240
?69:<=1>5=<9211695<<:3505?03459;581
651;16:;81>46047?26;3?21?
04?;7:2=<:0;=2;DpG
NAAlEGGDADNA
jDNP:G
vl-NGA
DGNGDNN
NG`DG.A
XXDDDGD	
X#DDXG
)GXD'oDXGXDGG
_XG,GXtDXyDGDX
uun3>u
_EE0hu
EU@hQH
aeaareoemranpnaaatncpdartpnaennnric
nasccntaanguhlafataf
irnnaar-ite-ornaa-naa-asoeienaeaanlagoeas:acnuihaaa
ttedrreataretttyooa-t
aaaenc
ttetoaottaaboetotyli
viaattdtdodm
tattfcttttemndnatrmtaitepntustoailettt
1'&h*6vn
'1kvz"|
nmY6-j.
jgj!=Gb!'${pbd
jdb;Y-m,jbhbsh0;bbh
++g6.-sb/j.
$b&76j.&b-/=
gb7g.'-v0`+#&b$!nh)
tt-idtt
prnrft
---neo
nmrht-ljsntrtpil
et--hh-i
mttdattitrbt
t-heet-nhn3ttbthn-dldttt
emt:i:
uapddu
teee:s-eta:m:eze
dysaeetm
e::rc::m:-i-
:geee--:-aetules:::
vdFXBe
PW$;u]V
ypXpolcaeecXXbptntyrXidXite6ecw-accmoeXt
mmX:epXcP-can:O-
occpott:eXt:
eOatpMaXTtfM:Ci:t:epIpoestlspfetoct--:FmdaoRPX
odnno--eayay
cosCloourn-y
uu-bna-ooCoitcrP
uooasyyin-yn
IEtyael-hyiap2omyn
ooeasnyuoyCCtouitnea-
;V}3;u
}EtfloWeia
gtSOey
rVrSRpoKIaeoALAu
SeieenSEatIseoIe
rriiuoCkSPenSHralslIioRRVr
rerGtCr
osy~iLyetl
ituWcseSep
nlDoow
Seeprp
yaieeekentswdocp
ertynhEkns
tdpkreertgtamllh
soWeeaa
inieToy
dspEul
)	_1`E"
xdleme
CCsClr
esmn`s4Ga
ioCiiYpXroC
dtlXXoecn
ZVXYXnpXY
XloPex
Yol3rei
SeEeVLlY
HsevWWXep
kaWPV3ceX
emWWrcrnl
\NXXHX
WVYVSX
R!}@qn
[m18491>91?;3656321?;4298154476;42?57>
550:7:8;38<:>524909391
:1>12=210;08=98<3467>?>721:10>70?>6<>=<572>836197<
7720?882=35?u
sctFeylb
rMynAaGcN
rrrosn?Lyo
lxutsamiaWaniLieca
aenLMSccetDhdkCrGRlsntrliEeescetb
auAatTanIbiaVLLhToldeP
oeerTsSr
sttWud
oWrrorTtd
tMdelAtr
rCAiuieeeierR
oeeeSo
imPBna
dehdIs
BleioahbA
2<6>22?221476;4352053;:26448816329<?090981=8
=14=><2744;2<4:54
2?34155
12=2<=1448923
<32?522852?:12>16<3294;3?<=4=>1<93
0::4>48
ceoteaVel>pLAoWFWRl
tTVViuu
R<CRrRGc
cluyiiL8eaeaesiTVyr
Lcleegnetseuyoirytt9upooa
nBFySrbarral
teWecriWs
reeioaa
eerEmci
TsCvTFooeAi
nnotee
farteird
GetLastError
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualFree
LoadLibraryA
GetVersionExA
GetStartupInfoW
VirtualProtect
kernel32.dll
ServiceMain
.?AVbad_alloc@std@@
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV?$CAtlDllModuleT@VCAmsiModule@@@ATL@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
.?AV?$CAtlModuleT@VCAmsiModule@@@ATL@@
.?AVCAmsiModule@@
.?AU?$CAtlValidateModuleConfiguration@$00VCAmsiModule@@@ATL@@
.?AUIAmsiStream@@
.?AVCAmsiUacAntimalware@@
.?AUIUnknown@@
.?AVCAmsiBufferStream@@
.?AVCComClassFactory@ATL@@
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AV?$CComObjectNoLock@VCComClassFactory@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AUIClassFactory@@
.?AV?$CComCoClass@VCAmsiAntimalware@@$1?CLSID_Antimalware@@3U_GUID@@B@ATL@@
.?AV?$CComAggObject@VCAmsiAntimalware@@@ATL@@
.?AV?$CComContainedObject@VCAmsiAntimalware@@@ATL@@
.?AV?$CComObjectRootEx@VCComMultiThreadModelNoCS@ATL@@@ATL@@
.?AUIAntimalware@@
.?AVCAmsiAntimalware@@
.?AV?$CComObject@VCAmsiAntimalware@@@ATL@@
PADDINGXXPADDINGPADDINGXXPADDING
101b1{1
233F3Y3|3