Sample details: 858eff9cef12bf1ccf512c332990c043 --

Hashes
MD5: 858eff9cef12bf1ccf512c332990c043
SHA1: 9d361cfe0ece937b1ff7c7e20899f5dd3334d12f
SHA256: 2a2f5ad466389eecace290859c57f226e649c66ac28677155bb43526a3aa85c9
SSDEEP: 1536:wTtjSv1ArRmUeKVX8kgbd91vO9KzX+P7S5sk2ADkrIy2eMBORYHO45VcY:wBQCgbd91m99osktDO6eMXHO4cY
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/escalate_priv | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Parent Files
07366aeaaf4cc541451e35c636f53fa4
Strings
		This program must be run under Win32
`.data
.idata
@.rsrc
_^[YY]
C,;C$s2
_^[YY]
Y_^[Y]
_^[YY]
_^[YY]
t Kt<Kt[
T$(;T$,
);l$8u
;D$Tt\
L$\)L$T
YZ]_^[
YZ]_^[
D$,;D$0u	
;Z$sa;Z
M;Z4s+;Z,s
?*<>|"
%.*s(%d)%s
rtmp%d
__rar_
%02u-%02u-%u %02u:%02u
%02u-%02u-%02u %02u:%02u
FFF))EE	FFFF))))))
[%c]%s
%d.%02d %s %d
%d.%02d
*messages***
SeSecurityPrivilege
SeRestorePrivilege
%5lu %16s %8s %3d%%
%5lu %16s %8s %3d%%
 %8s %8s 
  %c....B  
 %8.8X
 %d.%d
Win95/NT
%22s %8s %4s
%22s %s
*<-?->
 %c%c%c%c%c%c%c  
%c%c%c%c%c%c%c%c%c
 (08@P`p
ADVAPI32.DLL
KERNEL32.DLL
USER32.DLL
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentProcess
GetDriveTypeA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameA
GetProcessHeap
GetStdHandle
GetSystemTime
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
ReadConsoleA
ReadFile
SetConsoleMode
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SystemTimeToFileTime
WideCharToMultiByte
WriteFile
CharToOemA
CharToOemBuffA
CharUpperA
LoadStringA
OemToCharA
OemToCharBuffA
wvsprintfA
:N_cOW
O>f:y)
N0RwS 
(u7b-N
ceQ&^	g 
ck(WKm
ck(WKm
O(uS_MR
ck(WKm
ck(WSbpS 
~X[(W,
N4Y_cOW
N4Y_cOW
4Y_cOW
U_X[(W
penc_cOW
vpenc 
[hQpenc
[hQpenc_cOW
Ampenc_cOW
{<:y&q?	
{<:y&q?	
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD