Sample details: 859478516ce5fe43ad2113f104bd573f --

Hashes
MD5: 859478516ce5fe43ad2113f104bd573f
SHA1: 5386b10884fd4cf60ec9ac80608eee65bf6212e3
SHA256: a4c01afaf319862592b9269c479dc0bcada7ed1a379f76856b80e9675ed32e18
SSDEEP: 3072:cZPcbNNDcat4DglKurQ+CaHO+LdU9CPL:cZPQL+RaHO+S8j
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://businessnames6.4irc.com/temp/file.exe
http://businessnames6.4irc.com/temp/file.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
URPQQh`
;t$,v-
UQPXY]Y[
< t1<	t-
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
xg;58A
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
x7;58A
x7;58A
v	N+D$
v	N+D$
D$ ^0cg
l$ Fc=V
l$(>h2
D$(-Vg!
D$0UNT8
l$4(|}T
l$`@Sh
l$`Hm]y
l$dyAkQ
D$t=9%<
D$@SrK
l$4#L?m
D$8JJm
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
?5Wg4p
"B <1=
_hypot
_nextafter
Kernel32.dll
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
GetPrivateProfileSectionNamesA
GetFileSizeEx
VirtualProtect
GetProcessVersion
GetFirmwareEnvironmentVariableA
FindResourceA
lstrlenA
DuplicateHandle
GetModuleHandleA
GetLastError
GlobalAlloc
ResetEvent
AddAtomA
GetTickCount
KERNEL32.dll
IsIconic
MapDialogRect
AnimateWindow
CreateWindowExA
AdjustWindowRect
DlgDirListA
CreateCaret
IsDialogMessageA
DestroyWindow
GetAltTabInfoW
USER32.dll
CloseFigure
EndPath
StretchBlt
SetWinMetaFileBits
CreateCompatibleBitmap
GDI32.dll
DragQueryPoint
SHELL32.dll
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
K<{<	'
C3"SgN
V3FD:}
jcarp$xT
j`P36	,
E>ah=^
VBN"VY
rxuNM)eZ
"B.&'Y
f$Pa&<`{k~
/t_Kp14
+/]$@d
\lJKxj
@<>\m{
[?^`v <n
*0Jh%8
"U:T<n
OprXK{
OThWlq)
zX>#M+
&ronn=E
u5EYj3
cQl0zK0'
OvSa\B
|7&"vXK
7]<0"Ats
&,:1l,
&.v%'Y
"]sTjU
KCX8x4
*"_n,1E
;rz`75
W]QM!w
f0`,KMl
=hs	kW
Tt,#;N
RV@^ym
1+101=1
303?3R3^3n3
3H4U4|4
535[5c5
868A8^8
8h9q9y9
:&:/:>:I:_:h:s:z:
;!;+;5;E;U;e;n;
;W<_<q<
0;0@0k0p0
1=1K1R1X1m1
2+2W2_2
393E3J3O3v3
4&404B4G4\4e4
4F5c5o5
7/7g7o7
7)83898?8
=Z=_=i=n=y=
=$>K>e>
?)?@?G?S?f?k?w?|?
0a0s0{0
1H2Q2}2
7'7,7=7C7N7V7a7g7r7x7
9[:d:l:
>8>?>t>
?&?/?<?F?h?y?
181U1`1
8K8R8Y8`8z8
9J9e9w;
<;<P<^<g<
=	>T>x?}?
0?0Q0j0
1>1N1e1m1
2:2D2`2k2p2u2
3!3?3I3e3p3u3z3
434O4Z4_4d4
5+5:5^5p5|5
7%7;7v7}7
9%9[9~9
99:K:]:o:
;2;D;V;h;z;
=.>{>S?
3'3C3g3
3_4f4m4t4
=+=:=H=T=`=n=~=
>2>F>W>
9V:a:q:
>/?V?a?q?
0>0T0^0}0
131\1z1
1!2J2f2
7'747d7
;Y;a;i;q;y;
<!<-<9<Y<
4.4S4_4k4~4
4%515=5I5\5
8s8y8~8
8.849G9e9s9!;X;_;d;h;l;p;
272E2Q2Y2c2i2
3	3<3R3Z3j3t3
3	4O4U4g4
4@5t5z5
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
48;@;H;L;P;T;X;\;`;d;l;p;t;x;|;
= =$=X=\=`=d=h=l=p=t=x=|=
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
,949<9D9L9T9\9d9l9t9|9
>$>(>H>P>T>p>
?0?P?p?
000P0p0|0
181T1X1
60646H6L6P6T6X6\6`6d6h6l6x6|6