Sample details: 81e445e6c2204106a697a951bdfeef75 --

Hashes
MD5: 81e445e6c2204106a697a951bdfeef75
SHA1: 23b5e187a776a3d88c4d16a8cb539552db2b37d6
SHA256: b3b4025b7e65ca744e17a5bda69caead3a093243334f09163f3dbd6fe549bff1
SSDEEP: 3072:/kie6B4YdOUtsps3IQpQa27HHY49M6r9COfJZ6zpJesI:/he1YdOZiqHHYYbhZY+T
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_1_00_to_1_07 | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_registry | YRP/CRC32_poly_Constant | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
b06f48238648763db035c00aff1438cd
Source
http://letheonline.net/sdfind399c.exe
Strings
		This program must be run under Win32
"ue B!f
ArT?`1;
j9uSIl$h
Gp$QDD
jRZ $u
Y*D70W"X
8^vMThD
o3]0jl?y
r.G"2Oy
4T,,Fx
\PD8L2
P6Ru9au.
 ;d&C,
Q5Niju
(3Gs(U
,|	^sA
X&ZA9k
DSW&D+k
ra|M/T
&A(%>!
	B]tG.
JYSLP	
1p]@l5
3^]g%*
AK$Ok|C
:v7ItL
24ddd{$
OC5v# H
t(uM-i(
C<\*X4
| o6 P
Y9pL?X
Q|"|&h
a`-^*"
rd"P/N
PmUT.{.
BA;9})
CS}FA2j
q<04{FF
K^#q	[J0L(
`hE/Q{g
g$>AfJ(0
KrXG, 401
~m E!u)y
6nMXmt
|:vyi.
EXucl@r
V"QylQY
I"HMRT
NQ}^G#
x+6m.VT/
rS$C v	
,$s/F.
m6k5~bw
fPU=IPh
*LsP.L
lu]cT0P^
nkcC\71;
|"|~	[k
%H.k(u
R:2tZ;
M-An75
M4s+/,(
vY22!g
Cu-Q01
5,`? M:u0
rwS}QF"66
YZ/S,;
~e`2WB`|
QFuV/@
{CMlhY
 $####(,04
%dhlwapi.d
ll/HAutoComplete
LACEFIL
NAM	%s 
GETPASSWORD1
KNEXTV
/cfxnamP%
~STARTBichEdit,v
LIYNSN"I"
~Tex T$
OverwrN%
E?3gn'
~hortc
[6\MBros
\Windows\C
urruVssion[ogr
sDirHR7SFXH.l
..^TRo]
tp-equiv="c
-type" 
~tf-8"C/JQ
b}y{fZ-
7ze:12;}6
w4RT&nbsp;
$0<HTi
vlbX4M
4ND:0&
5TTLTRQ
rVed32
20COMC:
))EE	F
Z2fQ`h
P/AF7L3
33!D	03%D
D)}D*{D-
yD.wD1uD2s={
D5qD6oD9mD:ac
kD=iD>
)S37%.
l=b Ixc#a
=Ip5#+l
<B8<7A
o!y1A2
Ryd_'B
&0:yE3%9
 K0amM
9Awml0K
eD8d[k
M 1.?i]t
>B2 ee
{<:y&q?	
CloseHandle
tringA
sD'Tim
vEnvkon
1;L,al@
m_Sys_m
eLibraryG
CPInfo
Number
tiI,WideChar
VaabhS
#WaeSG
Q7,VhGaN
mDlgD|
KO}BuffA
}ogBox
+T"zl$o
slp{Updl,%
8888888888888888888888888888888888888888888
888888888888
8888888888.8.8
8.8.8.8
8.88..
8.8..88..8.8.88
8.8.88.888.8.8.
8.8.88.8.8.88.888.88
8.8888888.....
888888888888888
8888888888888888888888888888888888888888888888888888
{{{{{{{{{
wwwwwwww
8888888888{x7
8888888888887
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Roshal.WinRAR.WinRAR" type="win32" /> <description>WinRAR archiver.</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
KERNEL32.DLL
ADVAPI32.DLL
COMCTL32.DLL
COMDLG32.DLL
GDI32.DLL
OLE32.DLL
SHELL32.DLL
USER32.DLL
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
GetOpenFileNameA
DeleteObject
OleInitialize
SHGetMalloc
SetMenu
<f~$ #
!v8<:|A
LeThe.txt
SDFindreadme.txt
v`9Sd~
TG`Zry
j8VO0.
,@R%?,
bYD|P37
GD#LF$
o"0z%0
~_Az=Ry
d:+x%2
|^9Eb 
;e/n6,L
sdalias.ini
G%r,`%<
BQFp[*
klUw~bI1
VS8$/D
XNi^2<
z%hF}0!
cWQh[Wo
vJU|b8
ore&))/
o.uI%}
GdnKr`I
sdalias2.ini
oW`PO)
sgptc0Gd
"no\E~
_6T1?=
2N33sm
"[dY-tG
;Tw%}^
kn;Vj[T
cG1N:A
sdalias3.ini
sdfind.ini
<fFkb:
zjc5R}
w|m0K4 
n6\WC2!EV
2h08fik
38$C7n
sdlist.ini
b6Rt>K
9`k'2u
J,@96S
sdmenu.ini
]{}BKt
+7 n2,
66)OD&D?
.DyRZ+
H:"E_,xipI
SDmirc.ini
k#['-j
sdtables.ini
q;-'Fb2
RF5^A{
]	?	>(
U(t2LPb
0TG[=$
eO}y"e
.1`'WH
	Yj$k-
\d7VZOq
PKZIP.EXE
QiiCP7>
BQz'A[
~4PF @
&t8yuO&
tW+c0:B=
*U;jch
 LHxEC2:x
`1!PXE4N
CDsB?.	}
:-Q]-#
fpuWS\
fl>gYm
>A@lo|
6+x=J%
T`1,Ih
)#&Ep"Z1
bYl_L#
..1zNh
&].\(B
S@/yPYS
u6G1hC
"|FrKh
L|haXB
 ,v]B	
0ox)oy
W ^7[N
p**-Rm
Kp1U[ {
IjI&!%
F,M8|n
jmu<K[{
BYY%(bM
.|cL>={
n'kv*t
"Qr9aR
ts3rMyw
_@cp2F
7k,}QN
MtZLxfI
JlLzfL.,
V11qGj
M3P1[`$
":cZmZo
xQSubN
loQfUiP?]
Kpy5+w
jRE_M/
E!N-pn=&
S%Y"%y-y
g_=3 _
b/h/f/iv
>_5LFW
^1yYU^Q
u7B9.[
}HlD^Du
kS#[M:
^A#[jY[
=WBXUz=
hw,u|(
{/[Du$
MnugP<1
lBdi9f
_*5*2*Q
L"B(Ae
t7|!	N
F}flCWd6
t{Tz2I
^{jh?rj
?	mLi>
Mf@e]U
2e1*wK
yq><mP
k,@prx
Y(sVo(
aV4J#[
1;\+\t
G]98SBGbofi
MKm`=g
Np@)|v
Xa-_w[
8EfW8,F
_O	L[k
hj}BXV4
Ok,k4L~
vA((Ap
b8G=Hp
	U+^3,d
AV0''x
{he9hI
i{KM(`
{0~?	^
z}_]k@[a
UcT XG;
+j;C5o
gRO>NA
+f[fbA:;
l4/*6l
:?ap_&
M@LD>Bx}\Y
TC;GkO{/
~>jzR[
m[iqYAG
Njn 0q
B)Dotg`uH
UahUYV\M
xhsSMq
sdfind399c.exe
Freddy Cruger