Sample details: 7b65b6bdd6866345d6f9d0e18a0dcbc9 --

Hashes
MD5: 7b65b6bdd6866345d6f9d0e18a0dcbc9
SHA1: fe3fdda918a3db1b17fc48716b574356700d5fc0
SHA256: 2c34888b579bfe9598f5ab006346ce318ece71375b4deed4a5baf46aa867f274
SSDEEP: 3072:93VrTNNer1tXqjkJ+G0vskV+Rr/wtBMHD4C6S7FSrK3xn9j0J:tV/MvJaL+lItqISxMGxh0
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://gug-gummi.com/KJedg376t2
http://gilgroup.com/KJedg376t2
http://galeona.com/KJedg376t2
http://emmabeckerle.com/KJedg376t2
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
QQSVWd
HHtVHHt
uCh$w@
<at-<rt"<wt
URPQQh
~pjCXf
j@j _W
< t8<	t4
VWhTvA
,SVWj0X
Wj0XPV
v	N+D$
;t$,v-
UQPXY]Y[
jA[jZZ+
PWWWWV
PSSSSV
v	N+D$
~';_t|%3
PP9E u
tHHt*Ht#
Ht+Ht$Ht
+t"HHt
u0h(uA
u!h0uA
tfHtWHtHHt/
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
Unknown exception
(null)
`h````
xpxxxx
CorExitProcess
UTF-16LE
UNICODE
_hypot
_nextafter
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
bad exception
`h`hhh
xppwpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
CreateFile2
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#SNAN
1#QNAN
generic
unknown error
iostream
iostream stream error
system
nejihizeyeyi.txt
fucofimoyawicudutesomite gacogezikisucanure
%s %c %f
hesasemelagenumanunigu gayoxiroxekotazeja waxevivuberohofatahovebu
padizamomapirizu
string too long
invalid string position
ExitProcess
GetCurrentProcess
GetCommProperties
GetModuleHandleW
GetSystemTimes
GlobalAlloc
GetProcessHandleCount
GetSystemTimeAdjustment
TerminateProcess
GetAtomNameW
GetTempPathW
GetFileSizeEx
GetLastError
GetLongPathNameW
GetProcessId
GetProcessWorkingSetSize
AddAtomW
SetProcessWorkingSetSize
GetThreadPriority
GetProcessAffinityMask
VirtualProtect
SetProcessShutdownParameters
GetWindowsDirectoryW
GetFileInformationByHandle
GetThreadTimes
KERNEL32.dll
EnableScrollBar
SetPropW
SetScrollRange
GetPropA
USER32.dll
FillPath
StretchBlt
GDI32.dll
InitiateSystemShutdownA
LookupPrivilegeNameW
OpenEventLogW
SetSecurityDescriptorControl
GetUserNameA
ADVAPI32.dll
GradientFill
MSIMG32.dll
HeapAlloc
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
HeapSize
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentThreadId
HeapFree
CloseHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetStringTypeW
CreateFileW
SetEndOfFile
ReadFile
ReadConsoleW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
V4@b$"
#[osYoH
Df"wLz$
RL2&=[
o-9qhQ
$u.ZKo]
~mN)=T
f_Y8WSR
>K=vAy
/'.N9`
*~'VUE
f\64e[
WY>s#W
BT[wNY:
~.5	;CJM
O`ePpA
h@BPl"
G}6a-}o
]j/T$&'
[;r!+r6
Lbu# 9
I:qGBt}
U;Btaa
2`Te0!
z)$GI~ 
gW:2p#gM/
jPox0;x
-GI)CV
Zz.5`m2
.))	MV
c0Oe@[
	-nR-GB
X8A~0K
yKa8`^
@b^mYT
l[>QKf\u
VeW.iL
0)'OYh
.w7V~*
XvqQ,A
8!Pdyq
yHYk5mp
(!KIuS
c=7Y}"n
hXjkb*^2
CajjA\
^DA?.@9
q]~7_T
+\G36-p?
)<Svxo
3FX!|=
^\iZ?p
*edr3;
%$,wuCt
9[[V5;
:+6U@z9
8_!)] 
B6?~-a
9ijtUj"
/VAVq~
iSvn	n1
MNP'= *
uUgcNx
[4>.'V
geH~GS
NvR,q8
m>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>l
m>lm>l
m>lm>l
m>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
l;pl;p
m>lm>lm>lm>lm>lm>lm>lm>lm>l
l;pl;pl;pl;p
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
l;pl;p
m>lm>lm>lm>lm>lm>l
m>lm>lm>l
l;pl;pl;p
m>lm>lm>lm>lm>l
m>lm>lm>l
m>lm>lm>l
m>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lW
m>lm>l
m>lm>lm>lW
m>lm>l
m>lm>lm>lW
m>lm>lm>lW
m>lm>lm>lm>lm>lm>lm>lm>lm>lW
m>lm>lm>lm>lm>lm>lm>lm>lm>lW
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>lm>l
m>lm>lm>lm>lm>lm>lm>lm>l
>33333 O
333 3M 33
333MMM
33MMMMMM3O
33MMM3M 3
OMMMMMMM
MMM33M33
MMMMMMMM
MM3M3M 36 7
MOOOMMMMO
MMMMM33O
MOOOOMMOMOMMMMM333
M>MOMMOOM
MMMMMM33
M9MMMM>>>>MMOOMMOO
>O>OO>OOMMO
OOOOMO
=FF>O>OOOMO
FFFMM>OOMMO
FMFMFMMMMOO
FMFMFFF>>MO
MMiMMM7
MFMFFFFFMM
FFFFFMM
MdMMiMi
MMMMMMM
dMiMi>gM
MM6MMMM
dMdMMMM g`MMM
M66MMM
ggMMMM
MMM6MMMMMM
MM6M6MMMMMd
MMMMMMMM6
MMMMMM
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
<<<<<<<<<<<<<<
kkk?d~
<<<<<<<<<<<
<<<<<<<<<
<<<<<<<
<<<<<<~
~<<<<<
<<<<~d
~<<<<?
<<<<<<<
<<<<<<<
iiLLLiLL
ig;i;ii;LL
iiiiLiiLLLLL
LiLLLLL
LiLiLLLgg1
YiiCiii
Li;LLLL;
LLLLLLLig1
LLooiioLLx
LLLLgLg1g
oiiiiiiLiiiiiiiiiLLLgLi1
iiiiiiLLLLiLiiaiL
iiiiiioi
iLiLiL%
%LLLLiNiLiiLii
i;;LLLLiLK"
KLiLLCLiiLiC
;LLLii/
iiiL/iLxLL
iLiiiisiLiCCiLi
L;iLLiLLi
ixxCiLLLiiLiiiiCiLLL
xLxiLL
LiLLoioFoFFL
xxLxLLiLiiLLiiiiiiiiii
xxLLiiiiiiiiii
iiiix;L
KKa%CxxxiLLi
xxxxxiLCL
LLLLLLLLLL
;0o0LLiLLLLiLLLLLLLCCCLi
%oxix0ixLxLx
LLLLLLLCLCi
%oLLLxLxLxLiLoio
%oiLLLoLiLiLLiLLLLiiiiiiFiCL
KiCiiiixi
YY"ioi
iii%iiK
LLisCCCCLL
L;;LiL
iiLxxL
L;LLLLL
ioiiLxx
0iiLixi
i;;LLLL
iooo0L0Lxxxx
LLiLiLgLg"
%oooo0LxxLx
CiLLiLLL
ioo0oLxxLx
LLgYiii
ooo00LxLLLLL
ooo0ioxFx
;oio0ioxFii
iiiCiiii
/iooFiiF
vvsssvvI
v)vv3jvvvv
vvv38^vv
v))))v3v
vvvvjvvvj
vv3vffvvvv
=vvvv3
33nKGL
99999}
}999999999999}
}}r}99}9
}}9}99
}}}}}99
~~-kno;
~4qgo:
*rlkJ}
}|'~}{
 (zzw?A?@^
S]LnkniH
IW.2fW\{~
><E3>?>[|}
bcnu=8<:$)"
#-V[HUy~y
0<M$+6U
rik]|~
)Zni@z
~y1w~((
y~! |~
2B3J3R3Z3e3w3
3-4O4[4g4q4
5<6F6L6T6Z6_6r6z6
;Q<W<{<
2!3(3,3034383<3@3D3
6Q6X6`6
8#9)959l9
:	;!;B;M;S;e;o;x;
>!?G?e?l?p?t?x?|?
J0U0p0w0|0
1 1$1n1t1x1|1
758;8?8D8J8N8T8X8^8b8g8m8q8w8{8
:):7:N:Y:
;7;L;V;o;y;
?3?I?S?Y?d?
0A0T0d0
1(141;1B1]1g1
2 2Q2W2|2
3"3A3^3
3K4S4j4
455O5\5k5u5
6=6J6S6w6
7*7@7_7
7!838G8T8Y8
:5;A;L<u<
<"=Z=b=
>%>1>@>e>
?$???X?i?{?
849?9O9
3'31373=3C3
6"6>6F6K6w6
7'7,7K7
8'81878I8[8v8|8
9%9*90989=9C9K9P9V9^9c9i9q9v9|9
:!:':/:4:::B:G:M:U:Z:`:h:m:s:{:
;&;+;1;9;>;C;L;Q;W;_;e;s;
<0<h<n<t<z<
=#=3=<=
>">'>/>
0	3)575A5
0+1n1(3
607T7w7
8'8^8x8
:S:\:z:
;G<P<-=8=K=_=!>*>6???
+0u0~0
;&;+;:;h;
0$000;0b0
24393B3G3P3U3b3
4B6Q6t6
7'707B7Z7`7i7o7y7
7$8E8L8s8
3%353F3R3n3
3'393K3]3o3
:@;E;K;R;
;M=f>q>
	232`2
:d;l;x;
5D9H9L9P9T9X9\9`9d9h9l9p9~9<:U:d:
;%;=;`;t;
767B7N7d7
8$8-8p8t8x8|8
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
6H?L?P?T?X?\?`?d?h?l?p?t?x?|?
 0$0(0,0
1$1,141<1D1L1T1\1d1l1t1|1
,0004080L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
85<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
80848D8H8L8T8l8|8
9,9094989@9X9h9l9|9
:,:<:@:D:H:\:`:d:|:
;$;(;,;0;x;
<0<8<L<T<h<p<x<
= =@=`=|=
>,>0>P>p>
? ?$?@?H?L?d?h?
0$080X0x0
181X1x1
1d4l4t4|4
5$5,545<5D5
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
303L3l3