Sample details: 90aff54cf69ad647eec925f361a34798 --

Hashes
MD5: 90aff54cf69ad647eec925f361a34798
SHA1: 58e2bddd5240db08293b74d38a496be9d50bcc4c
SHA256: 31e8a11960d0492b64241354c567643f09f0e0278658d31e75d6f2362dbfae44
SSDEEP: 1536:+/M/Y9JRLyFnbpleZ4tI1lMz8fWBtyGsBBgmm:aMWRIPeZUI3MMWBtyk
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsConsole | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
c95a65ba3b42312de1d9cee6d0748d07
Strings
		!This program cannot be run in DOS mode.
h~`?}b
_of@&nP
C=QQ^SYV
[X?=!7
5ntel,@
C49_^3
Gl~pjC`Cg
j@j _9x
s(} j@
*:Z3>j
j"_f9yqu
5PD;j=
	^|7(`P
p9K39K
tcQ>7{
tUM+Q%
Pjd"?d
x7tWr0}
nS7H91
0#\|3KZ
URPQQh
A[jZZ+
@X*Ou!Xs
$yf!Nxt_
OD&{~+a.
bDtG[)
b8W$Om
SVWU~h
;t$,v-
UQPXY]Y[
PQK@#M
WVPrs!"Q
O99E u
u(BEMX
uB4Yt9W
Ht+Ht$Ht
?p$p9E
~';_t|%
GW5p2$
address not available^
already connected
rgument li
st too long
out of do
file d
escriptor
broken
sion abor|
3refus
~tinat\
requir1
execut
 format err
ifier remov
Qillegal byte shenc>
ppropria
iohtrol o
#valid6ek_
7t?s a d
> sizR
network
no buff
child 
so9toc
ourW3such
vice or
wou2bl
nly isystemK
1(ad_ koc>
uluyran:
KstS`rec
textnbusO
/symbolic
$nk level
3@wr:*]Egzty
<<6L=\;t
#nam*`H
?empty?p
qenough m
un* try ag
1#cro}
=KsWcax
0'family
XOUnkn
 excep
CorExi
fab;modg7|$
hypoEf R
Ie;uahWpsc]
_hgas 
UYyfwr#v$
^Yis3y
a/s{mM
u Ki5e
ut_OgS
aL%b9Q
e+00=\
GetValu
?dSInitializeCr	cal
CreateEventExW
Semaphore
dStackGuaranto;
poolTime_/
WaitFor,
CallbSs
4LibraryWhen
Return!LCurr.
@orNumb
$<ionG
DefaultDllD
ompareString
~Users*Nam?a;>
TickCount64#File
ByHandl:w
D(F0G8I?
<y@JHKP
' ),*'O
<8+D,P-h
LGXIdJpK
:Wu'z7
o[_s-u=
nUM;c7
Y#LoaZv6cv
";/jc#n
/Kd;=2
i$,4@L
h__based
__cdecl
__fast
__unaligned
 ne@ delete
4/%>4<@&
^`vfaC
ic guard
 closure>
ar6?_c
_`E`virtual displace
|map``eh b
/!(`udt rQ
`omni 
managed<`'
`dynam
atexit&
 Type D
 BR Class
Array0
*Hijrchy4
e Obji
MM/dd/yG
, M dd, y
cBoxWOActive?3
Window
 !"#$%&'()*+,-.
/0123456789:;<=>?@abcdefghijklmnW
opqrstuvwxyz[\]^_`
ABCDEFGHIa
JKLMNOPQRSTUVWXYZ
1#SNAN
generic
C:\bui1
ld\RegTest
qeK0mG_
AVbad_a
ength [out_of_l
j_info
tz_categoryc
EncodePointer
GetCommandLineW
RtlUnwind
IsDebuggerPresent
,orFeature
Module
ultiByteToWideCha
HeapSize	
c#StartupM
QueryPerforzce
vEnviron
Terminat
ag6~ACPfOEMx
IRe[V@
Output
1]Consolei
gOpenKey
,T9',o
w v.rdata
@.relo(
XPTPSW
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
KERNEL32.DLL
ADVAPI32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey