Sample details: 8d7ea55ff7f874c098b23ca2adf40b71 --

Hashes
MD5: 8d7ea55ff7f874c098b23ca2adf40b71
SHA1: 8e7c08411c5208bec34ceafb9c3054cfd7cec5fd
SHA256: 2395e047417cd1fe069d965379282116bb1412aeaf643ae4778e9755a544c2b6
SSDEEP: 1536:1VBhlj1n6d/8R+LDzbr0vAIgj7B2zs+u4OpTP78oeKg5IU7:nxhG0RmIvAIgj8w+nKrmKg5IU
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/win_registry | YRP/win_private_profile |
Source
http://3cgfx.com/xaQ/
http://zlc-aa.org/nwbBJRnf/
Strings
		!This program cannot be run in DOS mode.
z3Rich
`.data
.edata
@JDBGJ
@.reloc
D$ ;D$(
D$t%Rzz?
D$03D$|
(	+D$|
(	+D$|#D$x
D$T9D$xu_
(	+D$|#D$x
(	+D$|#D$x
(	+D$|
D$p%Jx
(	+D$|
D$x9D$x
D$x5VIf
\$D=dd
L$49D$4
$%hgtb
L$$+D$D
L$l-uf
9D$Pr3
D$d9D$t
5q,DX!
D$0=6f
tRzlv77qtiY0r
G1ftASg
T5oqEz
rdw8t8
sPtcV6j24h
%d:%0d:%d
ole32.dll
CoFileTimeToDosDateTime
OleLoad
OpenPrinterW
AddFormW
WINSPOOL.DRV
midiOutUnprepareHeader
mmioFlush
mmioSeek
WINMM.dll
acmDriverDetailsW
MSACM32.dll
BuildExplicitAccessWithNameW
CryptHashSessionKey
QueryServiceStatus
RegCloseKey
ADVAPI32.dll
CM_Get_DevNode_Status
CFGMGR32.dll
RasGetEntryPropertiesW
RASAPI32.dll
GlobalHandle
PurgeComm
FindResourceW
SetConsoleWindowInfo
GetLocaleInfoW
CancelIo
QueryPerformanceCounter
ResumeThread
GetPrivateProfileStringA
GetCurrentThreadId
lstrlenA
KERNEL32.dll
NdrOleAllocate
RpcServerInqDefaultPrincNameW
RpcBindingVectorFree
RpcServerUseProtseqExW
RPCRT4.dll
memcpy
iswspace
memset
ntdll.dll
PathQuoteSpacesW
SHLWAPI.dll
fclose
_time64
_ctime64
_localtime64
_gmtime64
msvcrt.dll
CopyAcceleratorTableA
OemKeyScan
MessageBoxExW
SetClassWord
ToAsciiEx
GetUserObjectInformationW
FindWindowA
GetWindow
GetWindowTextA
CharUpperA
PostMessageA
IsChild
wsprintfA
USER32.dll
ExtractAssociatedIconW
SHELL32.dll
SetupDiEnumDeviceInterfaces
SetupDiDestroyClassImageList
SETUPAPI.dll
LZCopy
LZ32.dll
SetPolyFillMode
GetPixel
FlattenPath
CreateFontIndirectW
GDI32.dll
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
/bK[T2
SPf)wP
`ry#!hH
TTIRS`"
_r2%tS
zjPi#p/.
pt,P|]
7$hl$6N
B\(!&Q
wOo:Rq
YC$oQ7
[mhW+#;
G=>x(A
$8pFI1
WkbWu^
&D2%;/I
^7T0pJ>1%j
Xq-M=-
)qnnxk
N<gJ!_
~BA19k$\.=
4fdVbU
/2T5#n
h[b7[T
\(wQ	E
~+@X1?ol
u|EUqP
hq@f:~
n!@\R_
qWZT73
&Q!_RK
2;,07m;_"p d
Z:f(m:-7x\
- Y3L7
i9{&k*
/}3)4t
R!@\QW{
.9Ox@m
9&R*qW
4oWf(8y^
/l_M9/
O=5#	ye
yF@$F!
Tyndd__
$g#(>A
-^_>6E
`CxzSH
/MA#"O)
IkyD[}
Ln3%9Bw
3JMK(|
+(|x_w
y13"P]
d6Mw2w_J
Z@OTz-
]3tX'*
%[npb/*
4tx6NZ
fAk6R[
`r!^y\l
iV_#Bx
=t=OXW
7$Xl$6>
E2fz2DL
:'[o'9A
3xPU@ 
!pk?@/
em%+kHH
wwwwwwwwwwwwwwp
wwwwwwwwwwwwwwp
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
</assembly>
1H2N2R3`3g3m3r3
7L8R8e8|8
=!=3=E=W=i=
>@>M>q>
?c?o?w?
8^9,:5;};
%4"6(6.646:6@6F6L6R6X6^6d6j6p6v6|6
7$7*70767<7B7H7N7T7Z7`7f7l7q7~7
0 040H0\0p0