Sample details: 90a41f17e7851e47f20bafa893b76b9d --

Hashes
MD5: 90a41f17e7851e47f20bafa893b76b9d
SHA1: 82c1bfc994afde7668dd3bb0eca82d449bc86a1f
SHA256: cbc44f30526548b0a09a2d64a30eda9447f80bbc698fbeec08c2b68d80e96d5a
SSDEEP: 3072:GsAhI98NZMegusO4WFUd65DsFe30jboW2A7eXyh:Gs/+ydK+IK2AaC
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 |
Source
http://creativeraven.com/tHeV/
http://jestkidding.com/10ZEq/
http://eapsaacademy.org/CsZxHA/
Strings
          	            !This program cannot be run in DOS mode.
@.data
L$D-JG!	
D$X^qY?
D$\0P[{
D$`Pnw
D$x3D$p
|$( tu
T$@=MZ
D$8;D$`
L$|#D$L
D$(%no
D$L9D$L
D$\V>Ry
D$Dg-BL
;D$4t"
D$2+|$8
D!28`On-
:.rk+r
mrTEgHV+
G.-$ni/g"
F	;"5O
G$@%ni
Yu"!2n
7vtibh
)MRM{<
bQ/kh!
$)#mhw
C	n'MC
bj)! 1Z
\a2ul>}
bZ5! 1
%yb*i#
4Nm.\k3
]kXzOn<
[Pa2)d
wa2NQOn6
`xa2HVOn<
sya2hZOn3
Cza2X`On<
za2>vOn2
3"O2o5
f*pUPn-
dY4m`=9
dm4mL=9
8B&c!2Iy
n	+M83
$FH&"64O
2"!2<5On
"!2,5On
|$niZG
"!2e5On
X1h$kw
BumDZurI
FGD-$&
gK}2,X
U%w.4	xkq@
[$G6q6
XQaNP!
6$\Xuq
 1wZxK
`!.bp}
~IpPa~
sRNbh3wb
DCDXa[
Sa-slJ
Pw3s}Q
dhZ6aM:
|Id]r:
6[FxxG
ACO |WJS
u_j0)2
xZvVpF&'\4&K
MFrL5{
0_x:*f
IKZxK'
&1)7&Tc
{3l7J(t
"T#wj3
tOk;[-
Z\8	6Z
_,=0ML<n}YX
(<WwQ9
pEa#1l
gKf+1X
v1=ODmH
kR2Z0#
UWU?7G
3ML(A~
h^>Z0~
!ErZ;]u
36.K*\l
Sa-slJ
ueb@q:D
NBY[%{
mgyTvW 
L+Vj]($
	Kp<KG
j~+?Qz3
	NG2Qf
qDX|09
Nxub3|
[$G6q6
M_&1n$
dQCit1)
-I9OL{3L
!~XU!7
$Sa-sl
b*k-bS
s,piPQa
dtSe]]b
/(yFYa
1qW,=d
lg3{%Ax
?w|h"x
/>Vp4@
4W~>>AlJ
Sa-slJ
 ?j)tg
~P	'H(
4GV)N;
x /#oO
&/q`m$
YLx|T=
s%8tI_y
FGD-$&
gK}4,X
+1I]r/
G]EC%<
hc~J-p
N?lB<5
KLI2)+
+1F]r/
2>PA 4
{s\s)m
h<IXZp
9&yh}\p
j-#{p==zC
}(;jk-
ZFAqBD
z!U4$y
j<K_\u
@y-6|C
EGp20Dnmz7WKvgUBreZjrs.pdb
memcpy
ntdll.dll
IsTokenRestricted
ADVAPI32.dll
PathGetDriveNumberW
SHLWAPI.dll
GetSaveFileNameA
COMDLG32.dll
msvcrt.dll
timeGetSystemTime
WINMM.dll
OLEAUT32.dll
GetLastActivePopup
SetCursorPos
USER32.dll
GetConvertStg
ole32.dll
GetTickCount
lstrcatW
GetCurrentProcess
Module32First
GetPrivateProfileIntW
ExpandEnvironmentStringsA
GetPrivateProfileSectionA
GetProcessId
GetSystemDirectoryW
GetCurrentThread
WaitForSingleObject
CreateFileW
SetLastError
KERNEL32.dll
+..:::::::::::::::::::::::::::::::::::::::::::::::::::::::::6.+++.
U[[[[[][][[[[U[U[TTUUUUSSSSSSSSSSSSSSRROND@<?
[K=>BBBBCBBBB>>W<
BZ[[[[N;ATUR@;@ANA@@<<;
 ;PBPUUA	
P][U[UA
	C]]][[[@	
Z]V>CZ[A
mmjsmsmqmjmm
YKKCCPPPPNNNNOSSA
````][[UUUUUSSSA
__^^[^[UUUSSSSA
___]^^[UUUUSUSSN
__^^[^[UUUUSSSA
&-&41.
_^^^[UUUUUSSSN
_^^^^[[UUSUSSN
4**)4:)
____]^[[UUUUSSSN
__^^^^[[UUUUSSA
___^^[UUUUSSSSN
___^^^[[UUUUSSA
___]^[[UUUUSSSN
__^^[^^UUUUSSSN
p8&4(-
___^^^[UUUUUSSSN
__^^^[[[UUUSSSA
___^^[[UUUUSSSSA
__^^^^[[UUUUSSSA
o:)52-
____^[[U[UUUSSSSA
vooo*'
___^^^^[UUUUSSSSA
_]^^^[UUUUSSSSS@
___^^[^[[UUUUSSSS@
___^^^[UUUUUSSSSS@
vvvvvv
__^^^[^[UUUUSSSSS@
vvvvvv
____^^[[[UUUUSSSSSS<
rvvsvvsv
__^^^^[[UUUUSSSSRS<
rsssssrq
____]^^[[[UUUUSUSSSRR?
rrrrrq
___^^^^[[UUUUSSSSRRR;
nrrrrrrq
____^^^[[UUUUUSSSSSRRO?
nrrrnr
___^^^^[[[UUUUSSSSRROO
innrnnrn
___]^^[ZU[UUUSUSSSSRRNO
innnnnin{
____^^^^[[[UUUUSSSSSRRONN
finiiiim{
_____^^^Z[[[U[UUSUSSSSRRNDN
fwiiiiik{
___^^^^[[[[UUUUUSSSSSROONAD
fffiwife{_
______]_^[[[[[[UUUSUSSSSSRONNDD
```````][[[UUUUUSSSSSSSRONNDD
FCBBCBCBCBBCBCBCCBCACAAAAAAAAAAAANANNAA@@<;;
++.6666666666666666666666666666666666666666666666666666666664+
()>???>?>?>>?>?>?>>?>>?>>>?>>>?>??????>?>>??>7(%)
jj  "$"jkkkkkkkkkkkmkk$$kkkkkkkkkkkkkkkkk 
RRRRSRSRSRRRMLPSQQPMPQQPQQQPMLBA
MM				
AZXXXP
	D9/NR
x~~}}I&8&
&*.	QL
hffhhhffd
~||\TENNLMMLLPQL
~~||}}]ZZZXSSQQQM
x~|||\\[[XXSSSQQL
~~||\\\[XXSSSQQM
~~||}\\[[XSSSSQM
~~|||\[[XXSSSQQM
~~|||\\[[XXSSQQM
~~||\\\[XXSSSQQM
~~|||\\[[XXSSQQM
~~||}\\[XXSSSQQM
~||\\\[XXSSSQQM
~|||\\[[XXSSSQQM
$r3527m
~~||}\\[[[XSSSQQL
jr$##'m
~~||\|\[[XSSSQQQL
~~~||\\[[XXXSSQQQL
~~~||\\\[[XXSSQQQQC
~~|||}\\[X[SSSSQQQC
~~~||\\\[[XXSSSQQQQB
~~||||\\[[XXSSSSQQQQB
~~|||\\\[[XXSSSQQQQPA
jdoooon
~~~||||\]\[[XXXSSSQQQPPA
ioinx~
~~~||||\\\\[XXXSSSQQQQPM@
jbiiiinx~~~~~~~~~~|~|||\}\\[[XXXSSQSQQQPMM@
$`ieeehw|~~~~~~~|||||\|\\\[[X[XSSSQSQQQMML
j`eeeef~}|~|~||||||||\\\\[[XXXSSSSQQQQPMLC
ug|}}}}}}}}}}}]]]]ZZZZXXSSSSQQQQQPMLC	
INEEEEEENENNNNNLNLLLLLLMLMMMMLBB@
6%%(67777777777777777777777777777777777777777774%%
S54556556/BLL5EL6A64,
ml9QuO82.
y}usO'
c____`c
~yntrXPCEEEELK
~|ttsYYYUNNLJ
~|ttrXVWUNNLJ
ntrXXWUNNMJ
~|ttrXXWWNNLJ
||trXXWUNNMJ
~|ttrXWWUNNLJ
~|ttrXXWUNNLJ
~|ntrrXWUUNMLJ
~~|ntrsXWUUNMLF
~~|ntrrXVWUNNMLE
~~~ntrrXXWUUNMMLD
^ihk~~~
~~~||ntrrrXWWUUNMLL6
\ihhwy~|~||nnttrrXXWUUNNLLK4
[bbgnnnnnnnttrrrXYWWUNNMLLJ3
[bb^tttttttrrrXXVWUUNNMLLJE/
[v]`rssssssssYYYYUUNNMLLLFD+
7:::HIPPPPPIIIIGGFFJFJJFA4/
.--.-.#0Q&HFC" 
~}RHEEEL<
~|[[[NNL=
z~|ZYNNL=
||ZYNNL=
||ZYTNL=
z~ZZSNNL=
~|ZZSNNL>
~~|ZYTNML>
z~|ZZYTNML:
z~||ZYTNMLL8
z~~||ZYSNNMLI8
g_a_~~~~~||}ZYSTNMLKB6
\y]xXWWWWVVTNNMLLLLI"2
gfgrpppppppommm=;982
{G]`ao\;,%'(
}gbTB9-(
~j_U?3-(
liMU@8-(
||~ifWQ=6*(
plkjhNUA45)(
DJnhedMVP>82(%
CH[ZYXSR<70)(
/11.*)(((($