Sample details: 987e140aa61ec4ebecc8a19725deaf6e --

Hashes
MD5: 987e140aa61ec4ebecc8a19725deaf6e
SHA1: 17d27f44c0915b245a7721c4eabd00ba085298ea
SHA256: 21ce732a546d4b051004a18abcbbba58b1cfb15d3a4b842dafc016b5aeb2fb82
SSDEEP: 12288:UQwyoBK591eDit/DoWdTxYlmxMNEk6LN9UcPtlWJdVrPuz2b8r5Sd9fM2KbSwSzv:P6YNeWyWXCa3tcJdViNuK
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/suspicious_packer_section |
Source
http://domekan.ru/reizon/update.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
u5HcQ<A
UVWATAUH
pA]A\_^]
UAVAWH
 H3E H3E
u0HcH<H
VWATAVAWH
 A_A^A\_^
x ATAVAWH
 A_A^A\
H;xXu5
WATAUAVAWH
A_A^A]A\_
ffffff
t<ffff
VWATAVAWH
A_A^A\_^
B(I9A(u
UATAUAVAWH
G0Hc	H
v0D8eou\H
L9`8u'L
A_A^A]A\]
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
SVWATAUAVAWH
0A_A^A]A\_^[
ri9O vdH
WATAUAVAWH
 A_A^A]A\_
x ATAVAWH
< t=<	t9
 A_A^A\
UVWAVAWH
0A_A^_^]
WAVAWH
0A_A^_
u3HcH<H
x ATAVAWH
 A_A^A\
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H9>u+A
\$ UVWAVAWH
A_A^_^]
@8|$^t
UVWATAUAVAWH
L$&8\$&t,8Y
@A_A^A]A\_^]
fD94Fu
UVWATAUAVAWH
xWI96tRI
0A_A^A]A\_^]
fD9t$b
@UATAUAVAWH
e0A_A^A]A\]
WATAUAVAWH
 A_A^A]A\_
\$ VWATAUAVH
D!l$xA
@A^A]A\_^
L$ VWAVH
@8l$Ht
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
u(8J(t
UWATAVAWH
D8&t4H
A_A^A\_]
@UATAUAVAWH
H!T$0D
ue!T$(H!T$ 
A_A^A]A\]
D8uOt	H
x AVAWE3
|$0A_A^
UVWATAUAVAWH
fD94H}0L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
WATAUAVAWH
 A_A^A]A\_
\$ UVWATAUAVAWH
H!D$ H
`A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
@USVWATAVAWH
A_A^A\_^[]
@USVWATAUAVAWH
e8A_A^A]A\_^[]
UVWAVAWH
@A_A^_^]
ffffff
fffffff
UVWATAUAVAWH
@A_A^A]A\_^]
USVWAVH
A^_^[]
LcA<E3
u HcA<H
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
CompareStringEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
UUUUUU
UUUUUU
=imb;D
1<.	/>:
/>58d%
>jtm}S
)>6{1n
r	Vr.>T
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^	c:>
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
	kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
B7PKQUX2GZZRES2
UKKJWFDCVSLAYO22J
IR3X28Z34LRWDVOIC
I8O4MFNAJZ
KPCKJX8CZVVFG2I
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.rsrc$01
.rsrc$02
LoadLibraryA
GetProcAddress
KERNEL32.dll
DeleteObject
MoveToEx
CreatePen
LineTo
SelectObject
GDI32.dll
GdipDrawLineI
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
gdiplus.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
R:~c:+
}$~6N[
psR>,;: [
R843Y&
}c:#Zn
1&QR:5
_]c:1D
M9!R8)
MqR>h>
O->s|+
M9!R>(K
X9N)s5
X9NR81
}cv(M9N
MeV>xQ%
Z9NR>p
}+Y2A9NR8(
R8tcN*
Zcv*M9N
w]pr$~
MAS8=#
9qP>i:Y
MhR8uc4!
JMvR8!
}+X>L9N
MhR>x<
J:mc8{2
R8~c:#M
*XDL9NS8{c
R8|c:1M
w]tr$~
M9NR:!
wMtr$~
MAR84;
:WS1({
[L/k4(
xR:q;9
J:Mc4:
M9NR:!
cR:lc:
c:&Z;{
wMtr$~
K=>S}+
O->C}+
0}+}$~
#}+YkT9N
YF$}+Y
T9N)s5
YM?}+Yr
%az+Y"
w=tr$~
R:~c:+
E]2[j#
MbR>p,`
>5(YWL9NR8
e3&KvU
R8~c4(
}c:#Z~^
w]tr$~
YkY%N9N
R>5#Y,
MsR>p~E
-kR8:#
MzR:x_p
MzR:xGq
MzR:xO
MzR:x	
w]pr$~
]b:%Z4
|M@[>3*
}qMrR8!
QS8rc<
w]pr$~
v_#]."
.o|+YS&
_]c:1Z`
9B0V=}+
MpV>p}
|:5#rx
w]tr$~
MaR8|j:
	:Y6T9NR8
M5>[}+
M9!R8!
V9NR:{
B9NR:%
B9NR8-
YKYEl9NV8
#Y[_9N
w]pr$~
MrR>hF
M9NV8hr
-	V8h#
w]tr$~
R8vc4!
 Y,M9N
<[L1(q
Ej:+E51
xR:vc8
O5>Sy+
M=>sy+
K->Cy+
9~cN+6
MuR:%;
$4IL9NRL>3Nk
1	NR>P_O
^;|c:j
xqR	|;3
Yy:*s.
SIPM9Ne
E]28<?p
9Yw6}+
}+2 M/f
MuR:%#
$3M9!R8
}+2 M/
R8|c:1
w]tr$~
1>NR:z$$+?
6c:&ZN7
*85?G)
E]:8<?
R88;Ak
FR80;YHL9N)h
R80;Y	
w]vr$[AL
MuR:%#
cBMk^8
50">}+qc
c|9fR:
xcN+Y71!
R8|c:1
w]tr$~
xV8{c2
z+YhL9NR8p2
R8uc4!
PL9NR2
]c:'ZO
qqR>#*
Y,*}+4(
N3M9}_
q3M9}_
03M9}_6
a	8:'B
z	8:/B
c}9b)h
>YJd9N
rc:'Z}
sLyS8zcb%
[R8uc8
QS8zj;$
}+:*1&
Ywi9NR8
w]pr$~
w]pr$~
!M9}R8!
}rCqna
&Yc~9N
K=>4}+
K=>4}+
j:#a,:
pV>p>R
MkV8px
Y{X8K9N
}+X0E9N
R0(p,s?
XiI9N|
Eurpr4
Hm7p,P'
Vcrd`Q
yV>aaZ
[;|bN)6
Z9EcN(
MdR:z$
$3{L9N
R8zj	7M
}j:81$
w]pr$~
w]tr$~
cBM[V>pC#
M=>;}+
F9NR8x_f
wMtr$~
K->#}+
}+Lcq/F
!{	-Y8_9N
YR84{Y
Y9NR80
Y9NV>0
L	&Y:]9NR8
w]pr$~
L=>s}+
Lv[	M+
1,hR6{^
k50\iW8
V6c$7b
R8{j; 
a[>y99
a[>y99
9qX3A(
MmS:&#
L=>#}+
YBg:.2$
M5>c}+
cwM5>s}+
M5>c}+
cwM5>s}+
MuR:%3
>9{cN.
|:mc2(
xk}+4(
}+X/O9N
MfV>xE
w]tr$~
NS8>#8
R8bc43
w]tr$~
-YL_9N
uc:/[-
uc:.[2
}+Y3`9N)z5
R:~c2,
}c2 M-
NSM9NeX
YP9}+:0Y
MREp=x
Yg:}+X
M9NR:!
R8|c:1
9NR8~c:
!{	.Y?
Dc\MDR8
xR:x2#
:^mub8
YaL9NR
MvS>;c
}+YA-9NV:
MJS:{c:
}+:>ZwJ
}$~6N[
}+N(q~N
w]pr$~
M~R8>#
^>2jF0
_]c:1Zt(
|+YxL9N
	`Yy 9NR8
MhR8Vc4
M9!R8`h`
|rN5>;}+
3YKD8N
K->3}+
L1HImr
Yf}R:!
NwM92g
Eu2Z~+
En:#91
<$&(1>
}jN/YN
kL9Y'f
Mp[>4*2L72
}+YTw8N)s5
c{.!aL
<Yyp8N
M|^>?*Y
}+X}L9N
$4mL9N
NSM9Ne
MH^:8+
M5>#}+
dCqdQ5
8~_]a8T^
[:ocN)
}rCqnj
w-tr$~
}c:#9>Y6
cg.qlL
}+: ZZ
M=>#}+
}+YR'8NR8
YjM9NR6
?bCxna
sX<i;N
x[8,;2"
}+X4M;N
M[R:0{
M[)sEn
-^L9}Z
]\L9}Z
M[R88c:
9qR:x7
% 8K"*
r(O@h-
v,bq~k{"[v
u(Iz>r
&Nl 	;
}sBr?8
+/EI}%o
M%E|oB	+ru1>
3zT#lB
6f#dB+
R-$#_8
B.m-Q&
xE#vO_
N0FB>I
SE%35*
C%U(c1
(_O:6BB
A%ZT\M
(q+_x%
6.fqB+
c[@G@ 
OH',S4
Q]=2L'&vfvs
C$-<M:
~7cHO{
e~0DHO\>(
H@'2o)
e~vvHOo
H@'2o)
~v?HO\>(
HOVw,e
HOVwdd
HOx{xe
HOVwLe
e~	LHO
6To:mg
lgxmse
m~<OHO
q%m~vYHOf1
e~v[HO
1MTYq-d
1MTYq-d
1MTPq,d
THOS>(
~7\HO\>(
^NSUCN
eiIpQM
eiI,PM
eiIFPM
eiI2_M
eiIT_M
eiIZ^M
eiyV]M
JOx8Re
HO\>(-
q%UiIg
%J@&3'
u~ViHO
" n\2A
e~^_HO
vS1J|P
xKg+mo&]1
KRy,j X
HO{'\g
HOSs%!i
e~LbHOf
e~3uHOya
Qs-eh_
5IOx.|e
doJOPy3
',i[3V
IOyC}e
p.F%HO
1[@'9i&	:Y
E~+JHO
p~zQHO
*oo~X_HO
YhOxHh
]Q	[92
`X=J`q
Q8Cgode
o(ISmI)
e}NYiOW
c	HOo g
	lPq,g
e}W2I{o
9wDSy,-
N\SmL^
^\(c	@'0
\:xbHO
eiIw=O
 B=`q-d
HOo4"b
0I:yv$-
\1J|fq
:JD@y%
e}VcHo
p|Pw?-
M@&9mk
E1\ZIO
E<\ZIO
]!\ZIO
Um^ZIO
]h^ZIO
ui^ZIO
LYO9QP
$h0A6$
UHOq@]Y
-|XmGy
61r-^Gqk
J8u]T`
`0ugXd:+
=.#I;a
O2~5Vl
H+sA8+32
Pye &q
U+pfr=f
Vuw>tj
wA6YO9
0tc:x{
i]`;f?w
H_Xt2Z
N3%}czz
y,bq@@2
r"U+Yl
.mW3w;
[EiJa\
L}Lg:_r
Zf[&I0P
!!wJ~L
TxFe+mc
Ph#wfr"
e``c&ef
_ec U%}
tgcZXN.	
=Y_ZIO
]G_ZIO
HoquEZ
U0@bwO
H_wA5Z
1:&&{S
vx`iaj'T
oq?$x&
6pfO:Y
p$M:QS
Iu;Dwh
Je9TuX
Dm6LzP
C=14}0
C=14}0
Lm?Ds`
J}8ttp
D}6tzp
F=44x0
Gm2D~`
Mu?|sx
O5=<q8
He;Lwh
Jm8LtP
KM9lup
DM6lzp
FM4lxp
Gm5LyP
@M2\zKO
L}>trp
N=<4p0
Om:Dv`
E=74{0
Fm5Dy`
Lu>|rx
N5<<p8
Oe:Lvh
Gu5|yx
Be1L}h
3*Gm2|~`
n6}+@m
r }+7{
"o}+-4
N9|+tb
2?|+0d
Rq|+H+
j||+i'
2j|+b1
Vm|+*6
.l|+|	
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>