Sample details: 886224b8aec5104387b9a98ce491a9c0 --

Hashes
MD5: 886224b8aec5104387b9a98ce491a9c0
SHA1: b51b8f3d54bc07005817a92fc16bea2ed202ec17
SHA256: 1179f5d71cd77ccf3c83669d7af4e7221b4d4535ff25ba78d6495e6f99072af3
SSDEEP: 768:5ggVDHXE4X6x9NRlhKTRPOIaMu0iaj9ODf7wl9+azj0/ksOpR0URz:5g6Q9ND0g8TsOsY
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/ThreadControl__Context | YRP/disable_dep | YRP/inject_thread | YRP/network_http | YRP/win_mutex | YRP/win_files_operation | YRP/win_hook | YRP/Advapi_Hash_API | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
B.rc_it
u	FA;u
TVWjD_W3
tKWVVVh
t)SVVVj
D$`PWW
vdWVhDO
j0Yj9ZF
<1|	<9
PVj(Zj
<4t#<5t
PVj(Zj
j0Yj9Z
1.0.0.4
IsWow64Process
KERNEL32.dll
C:\Users\Admin\Desktop\key\lock\Release(DLL)\lock.pdb
Qkkbal
<UkFo[9
k6Fr+3
E~4eF~
http://treasurehunter.at/_x/_x.php
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
3#3)393E3]3m3
8T9l9y9
=-=O=d=z=
0#01060<0C0
2.3Y3a3
4!4&4:4A4G4P4V4
;2;K;_;s;z;
?5?H?V?|?
(050n0
0_1	2!2<2\2i2v2
464Q4a4:5
7B8u8{8
8$989B9R9]9t9
<6<`<i<
=5=<=B=I=N=S=a=g=
>:>@>G>
?U?_?e?x?
0@0K0Q0`0
1#151V1\1c1i1
2=3N3T3_3k3
6S6Y6h6n6y6
6Z7d7j7
8"838=8H8U8
9"929Q9r9x9
:*:<:/;<;G;v;
<%<f<l<q<~<
<	=E=W=\=
>J?P?V?h?
0;0M0X0^0
2$2*202<2X2g2
:!:-:A:n:|:
;>;J;P;[;`;g;q;y;
<@<W<a<n<s<{<
?F?L?R?n?z?
1P1q1z1
2)2V2e2
345:5?5N5
6"6(6.6`6i6n6{6
778=8C8I8O8U8g8
9/969_9d9p9u9
<6<P<g<s<{<
0$0,040<0@0D0H0p0x0
1$1(10141<1@1H1L1T1X1`1d1l1p1x1|1
2 2$2,20282<2D2H2P2T2\2`2h2l2t2x2
3 3(3,34383@3D3L3P3X3\3d3h3p3t3|3
4$4(40444<4@4H4L4T4X4`4d4l4p4x4|4
5 5$5,50585<5D5H5P5T5\5`5h5l5t5x5
6 6(6,64686@6D6L6P6X6\6d6h6p6t6|6
7$7(70747<7@7H7L7T7X7`7d7l7p7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8
gdi32.dll
kernel32.dll
ntdll.dll
user32.dll
shlwapi.dll
wininet.dll
advapi32.dll
shell32.dll
AbortPath
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
LoadLibraryA
ReadProcessMemory
OpenProcess
CloseHandle
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpW
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetCurrentProcessId
GetModuleHandleW
WaitForSingleObject
GetProcessHeap
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
FindResourceW
SizeofResource
LoadResource
SetHandleCount
FreeResource
GetTickCount
CreateThread
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
ReadFile
GetFileSizeEx
SetFilePointer
WriteFile
InitializeCriticalSection
GetLogicalDriveStringsW
GetModuleFileNameW
GetVersionExW
lstrcmpA
GetNativeSystemInfo
CreateRemoteThread
ExitProcess
DeleteFileW
CreateMutexW
ReleaseMutex
GetLocalTime
FlushFileBuffers
GetSystemInfo
VirtualQueryEx
CreateDirectoryW
GetVersion
LocalAlloc
LocalFree
GetCurrentThreadId
GetCurrentThread
ExitThread
CreateProcessW
GetComputerNameW
OpenMutexW
GetTempPathW
TerminateProcess
VirtualProtectEx
WriteProcessMemory
GetThreadContext
VirtualAllocEx
SetThreadContext
ResumeThread
GlobalMemoryStatusEx
GetWindowsDirectoryW
ZwClose
ZwFlushInstructionCache
ZwWriteVirtualMemory
ZwOpenProcess
ZwReadVirtualMemory
ZwQueryVirtualMemory
ZwProtectVirtualMemory
ZwAllocateVirtualMemory
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
LdrGetProcedureAddress
ZwFreeVirtualMemory
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
ZwOpenKey
ZwDeleteValueKey
ZwSetValueKey
RtlFormatCurrentUserKeyPath
ZwQueryValueKey
ZwEnumerateValueKey
ZwQueueApcThread
ZwResumeThread
ZwQueryInformationProcess
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlGetLastWin32Error
wsprintfW
wsprintfA
MessageBoxA
MessageBoxW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
EnumDisplayDevicesA
GetActiveWindow
GetForegroundWindow
wvnsprintfW
wvnsprintfA
PathFindFileNameW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetQueryOptionW
InternetSetOptionW
InternetOpenUrlW
GetUserNameW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptImportKey
CryptGenKey
CryptExportKey
CryptDestroyKey
CryptEncrypt
CryptDecrypt
SHGetFolderPathW
E~4eF~