Sample details: 8b1ec44e44f1735d40dc12e5b77bb794 --

Hashes
MD5: 8b1ec44e44f1735d40dc12e5b77bb794
SHA1: af50948ba22390cc8839810fa4cb8e3371761690
SHA256: 04cc0a4221305bae162fc828e9484dd8bd37b6370d3eee8b706e9dacf59477ec
SSDEEP: 384:IBgUE6nLRVLoAitcZpJd4Xk+7gPd3+Vlx+KQT87vbJjVo/HpW3TBE6y8T7McAWG9:NUEw1WrcZXNexvbJIW3i1czrF
Details
File Type: PE32
Yara Hits
YRP/maldoc_getEIP_method_1 | YRP/contentis_base64 | YRP/domain | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/anti_dbgtools |
Strings
		This program must be run under Win32
.idata
.reloc
IMAGEHLP.DLL
CheckSumMappedFile
RPPPPPP
29A!tC
\WININIT.INI
Rename
29A!j2
.DLLuO
29A!tC
29A*.TMP
ADVAPI32.DLL
USER32.DLL
Win32.Crypto, (c)oded by Prizzy/29A
Greetz to Darkman, Benny and GriYo
**ACE**Rar!
**ACE**Rar!
 a -ep -std -m
12345 a -ep      -m
12345 a -e       -m
1234  -a         -e
PKZIP.EXE
ARJ.EXE
RAR.EXE
ACE.EXE
AVP.CRC
IVP.NTZ
ANTI-VIR.DAT
CHKLIST.MS
CHKLIST.CPS
SMARTCHK.MS
SMARTCHK.CPS
AGUARD.DAT
AVGQT.DAT
LGUARD.VPS
install
config
gratis
update
readme
AVG Control Center
Avast32 -- Rezidentn
 podpora
AVP Monitor
Amon Antivirus Monitor
 monitor Amon
\\.\SICE
\\.\NTICE
\KERNEL32.DLL
SPIDER
SONIQUE
SQSTART
Prizzy/29A
RPCRT4
USER32
RSASIG
SHELL32
CRYPT32
RSABASE
PSTOREC
KERNEL32
ADVAPI32
RUNDLL32
SFCFILES
System\CurrentControlSet\Control\SessionManager\KnownDLLs
System\CurrentControlSet\Control\SessionManager\Known16DLLs
Crypto:mainThread
Crypto:Mutex
SOFTWARE\Microsoft\Cryptography\UserKeys\Prizzy/29A
Kiss Of Death
Win32.Crypto - welcome to my world...
First generation sample
P j4Ph>@
P j4Ph<@
P j4Ph=@
KERNEL32.dll
USER32.dll
MSVFW32.DLL
EXITPROCESS
MESSAGEBOXA
ICSendMessage
0M0R0a0n0
252O2U2}2
3#31373=3M3A0G0g0
2g3V3m3w3
4C4Z4`4h4n4y4
4'535H5N5T5]5
6-6>6D6Q6]6d6v6
7#7)70787?7t7
9/9E9X9s9L8n8
859;9N9
9":3:B:
;!;,;J;n;t;
<R:c:r:
<-<3<@<V<\<e<|<
<7===N=i=
>0>\>b>
?"?-?3?F?L?\?x?
=&=`={=
>*>B>T>
0!0'080C0Z0`0k0|0
1.1g1m1s1
2'2<2D2Q2]2h2s2~2
2J3V3n3
585C5I5W5`5f5l5z5
6$6*606=6D6P6
6(7.7;7M7[7f7
7[6g6r6
8%8G8T8a8t8z8
919?9J9[9f9n9
7	878=8
:,:?:s:
:%:2:E:R:c:m:~:
;%;7;T;e;p;v;|;
:0;=;M;[;
<&<:<A<G<S<Y<d<j<
=0=8=G=M=X=^=
>/?5?I?Q?Z?r?
0$0U0{0
1,121?1P1V1b1n1y1j0\1h1
2'2.272>2G2O2U2n2v2~2
3'313B3L3W3a3o3z3
424c4y4
4%5,535@5I5S5f5
6)6=6I6W6]6q6
6/656C6O6c6w6}6
7#7/7:7
898?8E8K8U8a8g8m8
9"9.979>9J9Q9[9d9o9y9
:9:@:`:m:,8y8
:%:3:R:
:!;(;/;6;=;G;T;a;y;
;N;0<6<<<F<M<u<}<
=0=9=L=R=^=g>_?
1$171n1w1
2&272C2j2
2-2J2U2x2
3)363?3W3g3
414<4P4]4m4
4 555M5
6Q6]6c6
7'757S7
818<8Y8
9<9j9w9
:J7#8_8
849R9X9^9p9
<%<6<B<P<Y<
<*=6=h;t;
=0=J=[=
>!>*>3>A>H>Q>X>d>j>q>y>
>(?3?>?U?^?u?
0(0N0o0
363<3D3L3e1
1,2I2t2
3\3c3j3s3
5"5&5*5.52565:5
4,4>5B5F5J5N5R5V5Z5^5b5f5j5n5r5v5z5~5
; ;/;A;S;j;