Sample details: 944e5bdbdc8ebeca7ae267a0b873fcaa --

Hashes
MD5: 944e5bdbdc8ebeca7ae267a0b873fcaa
SHA1: f398dc78fbb9759ac920fde54b04b8871e496dfe
SHA256: 440ff7b2ca1bca39ce17946fb76b1402036a1e1c3295229eccca429eccdaf28c
SSDEEP: 3072:adr1x6gImlyg+Q7AiO8BoIoV/UlApTqI8zbRzO1A9B4kfAv1KCJF2+bYYnTqkXlG:LgvUQ7Ai1gNUl4mb4Q
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation | YRP/GenerateTLSClientHelloPacket_Test |
Source
http://microdocs.ru/axls/svita.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
T$TRPS
D$TPQV
L$TQR3
V RWVP
D$\jXS
D$@VPW
T$`PQR
T$<RWSV
L$@PQSV
D$<PWSV
L$<QWSV
RPRQRRRRh
D$@RPSV
T$<RWSV
T$<WRVS
D$@RPSV
D$@RPSV
D$@RPSV
L$@PQSV
QRQPQQQQh
L$@PQSV
L$@PQSV
PQPRPPPPh
T$@QRSV
D$@RPSV
T$@QRSV
L$@PQSV
T$@QRSV
L$@PQSV
L$@PQSV
L$@PQSV
D$@RPSV
L$@PQSV
D$@RPSV
D$<PWSV
T$<RWSV
+D$\R+D$Ph
L$tQSS
RSSSSj
T$DSRSS
^SSSSS
HHt$HHt
?If90t
t$<"u	3
< tK<	tG
j@j ^V
URPQQh
u}hH\A
tWItHIt9It 
tRHtCHt4Ht%HtFHHt
v	N+D$
t"SS9] u
;t$,v-
UQPXY]Y[
v	N+D$
	X 9} 
<+t"<-t
+t HHt
PPPPPPPP
PPPPPPPP
QQSVWd
j,h`uA
t*=RCC
;7|G;p
tR99u2
Unknown exception
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
?Dj0Q:W$=
5s3R6=
(null)
`h````
xpxxxx
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
?e+000
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#QNAN
1#SNAN
Significance signature 
memcpy
CreateMetaFile
InitSecurityInterfaceW
listbox control
listbox
bad exception
RSDS)|qXu
C:\GatewayProxy\POWERSTAT.pdb
++f]^JW
)Fz""'
;(UBO|i
2?,YFs`m
	6#P]Jwd
:'TAN{h
1>+XEr
JV@6)j
	k#0OC
%}IUcP'
x I[h}r
*k-a ^OBI
rVI>1X,
<DNKhu
f%lNfTGF
eX]K>M
D{i\Y}4(
wDA9,c)
FindResourceA
LoadResource
HeapAlloc
GetTickCount
GetCurrentThread
FormatMessageA
GetEnvironmentStrings
LoadLibraryW
SizeofResource
FormatMessageW
HeapCreate
lstrlenW
GetLastError
GetProcAddress
LockResource
GetModuleHandleA
LocalFree
KERNEL32.dll
MoveWindow
GetWindow
LoadCursorA
LoadImageA
DefMDIChildProcA
DispatchMessageA
GetSysColor
DefWindowProcA
PeekMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
GetCursorInfo
InflateRect
TranslateMessage
GetIconInfo
SetWindowWord
SendMessageA
LoadIconA
GetParent
GetClassNameA
EnumDisplayMonitors
USER32.dll
CreateSolidBrush
AbortDoc
CloseMetaFile
ExtTextOutA
OffsetViewportOrgEx
GetStockObject
GetObjectA
GetPixel
SetViewportExtEx
CreatePen
DeleteMetaFile
Ellipse
StartDocA
SetMapMode
CombineRgn
CreateCompatibleDC
SelectObject
DeleteObject
GdiFlush
CreateMetaFileA
GetDIBits
CreateFontIndirectA
GetDeviceCaps
SetTextColor
StartPage
SetWindowExtEx
LineTo
SetWindowOrgEx
MoveToEx
GDI32.dll
OpenThreadToken
ADVAPI32.dll
OLEAUT32.dll
mmioOpenA
WINMM.dll
GetFileVersionInfoSizeA
VERSION.dll
PdhBrowseCountersA
pdh.dll
GetUserNameExW
InitSecurityInterfaceA
AcquireCredentialsHandleW
InitializeSecurityContextW
Secur32.dll
SetWindowTheme
UxTheme.dll
wsnmp32.dll
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
@<P<JN
4<$h=e
<5&!$2E
+u<KeT
]l<P\0
L9lA0]
-^@/y03
h<}-cl
>%"<0:
E1A_B6
K$^"XN
"0N.~\
$ZC	6R/
L<Sy&R8
Pp{kc0
5-}8D6l
yRM]BJ
?&}Xx|
6$hxsq>P
ZUk@5=,T</J+r+
Kg|HW)!
f^uKh;+
3%Rjzm
v\	>H-
u[t1F"\]t
W*eB!K*
ik$tAx
}c20=G
p"0&4l>D
C|qB[n
3TA+`F
4hiwe2d
J	PADj=v
H] c12
\\Q@8099
X\\QQ@?
DDDFy6
DDDGGGz
fsIDDDGGHOJ
fsJDDGGHOOOPx%
etJGGGHOOOPCP~'
btPGGHOOOPPiig{ 
AqPGHOOPPPCiiij{_
{POOOOPCiiiijjg
}MOOOPPiiiijjjkg{ 
~&OPCiiiijjhkhkj{]
}MCCiiijjjkhkkkj
xMiiijjjkhkkkkkj{ 
~Kijjhkhkkkkkhhj~!
|ljjkhkkkkkhhjjg{%
{lhhkkkkkhhjjijqw%
nhkkkkhhjjiiiiP
unhkkhhjjiiiiCPLz7
{lkhhjjijiiqPPPJy6
nhjjiiiiCPPOOHG
uliiiiiCPPOOOHGFy5
~KiiiqPPPOOOGGF
~oCCPPOOHHGEDD
xMPPOOOHGGDD
MPOOOGGFD
xMOOJGGFD
}MqrqPNLII""
~svvvsssppol^^_
YYYa			
nnnj}}}
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING