Sample details: 856ce416574faab48bdce40f5b04a9a1 --

Hashes
MD5: 856ce416574faab48bdce40f5b04a9a1
SHA1: 29ea9bcc04f6e927dd2e21b038a7d3484ddc1f1c
SHA256: d2f18b66074dbc0ad09b1fee7673857fa30ff99b40b1ab8c7598d3314cab9378
SSDEEP: 1536:7RoTIzA50uzPsynTnTGJdm7OWhWJ70m9TuKRvEYIR:7KEzACmtnv0m7OWhWjTu7
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://crossfitmatthews.com/I9TPd/
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
SWuHz38
*B.M7I65Up9Z0*Jjotc=WFn0|T
ffffff.
fffff.
L$d-?G
ffffff.
D$ %se
D$0;D$,
t$(3L$
D$0	AI
D$<)EP=)
D$hhy|7
D$P:L$:
Lj~Ie~~I	
GetSystemWindowsDirectoryA
WriteTapemark
KERNEL32.dll
SetProcessDefaultLayout
USER32.dll
RegSetValueW
RegDisablePredefinedCacheEx
ADVAPI32.dll
nf99Nd$?y
Nv;mN!L
w\K)P`
>x`ER%s
1 R2dK
+{0i($
~4J2(D{
<nO3I@=
<nONL@=&
Zp)SS+
Z)<SS+
<nOtN@=vG
~=N2(H
ZecSS-
<nOpQ@=
f^pf.9
 ?S{qw*Q
S{qw(Q
POS{qw*Q
BcDGxD<nN
<S/Wsq
J	:H3z
IM*l%BMd*&
:sW??g
9Y#9B	
[1 Q"C
4fhR(U
W`0!~y
D4NU_|
7:=+(X
's@9Ux8
PDJ]%W
4,cc$@
5E3`Qm
PDJ]%W
SU/e8-*?
wftU=S
Z+-`cNZ
5 I8+37s
5A$^Qa	
wh>zA+
qm8;5J
[Kw!X5
R| f-gA
/;d'`%`
g,)Hl|
-X>JW{d
ZJqs0e
's@>i7
5B$^Ym
[[5cpX
\K7) 6
_ZxC<_
?,K\l^
(rnWU:
& Z*hf2
tuk>G<
5E/`aM
%cUbj@7
}OMXj&
S4FS+W
M5QFg1B
OpwdqC
&Bq3qBK
W|{J\Pr
m	2{+rF6t
v`urF<
T?O~z/
m`|&a<
61[#HH 
|v=<|NP
W A\*!o
5A/ufR;
^Z'orz
1</qoN
7-guLm
GW/cNUT
OlI(eg
<hDoXr
lw;w`7
J')c$P
14*p1D
:>kZLS
?O~z//
14.o1D
@_W5'K
PDJ]%W
!#V&l^
.#0o{>v
sW_k4u
a,7{+x
&^5p%'
[(FPy45.
%[KG{D
H!h3#?
W$BLu01*
"^GJwH
. N2	>
N0#xkF
(Nl+\:_h
+A\Ig]
 1`E*Ng
EN_hkc
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    name="Microsoft.Windows.Shell.SBUnattend"
    processorArchitecture="x86"
    version="5.1.0.0"
    type="win32"/>
<description>Windows Shell</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="*"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
        </requestedPrivileges>
    </security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
        <dpiAware  xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
</application>
</assembly>