Sample details: 9f4d8bd1cba2681f3bcf642f56342ac7 --

Hashes
MD5: 9f4d8bd1cba2681f3bcf642f56342ac7
SHA1: a1887f8b29ef20a6e0d7284521c40eee77d47dd0
SHA256: 0325714eeb2af235a0f543ad9e11b5d852a61be78c9ece308c651412d97edd39
SSDEEP: 12288:vVqal2t2zZUHNKp+KTaYaTCXvsvcNzLV/aNfuKfrKpXl:vYU2yZUHNKB5aTADZJ/qfuKCl
Details
File Type: PE32
Added: 2019-08-28 00:25:34
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Source
https://naot.org/cms/file/fixed111.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.ndata
 s495l
Instu`
softuW
NulluN	E
SVWj _3
Aj"A[f
D$ Ph0
D$$SPS
Vj%SSS
D$$+D$
D$,+D$$P
\u f9O
90u'AAf
_^[t	P
A@;E |
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
NTMARTA
RichEd32
RichEd20
MulDiv
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
ReadFile
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
lstrcmpW
lstrcmpiW
CloseHandle
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
ReleaseDC
LoadImageW
SetWindowLongW
GetDlgItem
IsWindow
FindWindowExW
SendMessageTimeoutW
wsprintfW
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
ExitWindowsEx
CharNextW
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION
SHGetFolderPathW
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownW
RegDeleteKeyExW
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
SetDefaultDllDirectories
KERNEL32
[Rename]
%ls=%ls
mm1SSS
SSS1mm
mS11111111
11111111Sm
mS188888881111111188888881Sm
mS188888888888888888888881Sm
mS188888888888888888888881Sm
mS18888m8mm8mm8mm8m8m88881Sm
mS18888m8mm8m8mm
8m88881Sm
mS1888mmm
mmmmm8m8mm8m8881Sm
mS188888888888888888888881Sm
m1SSSSSSSLLLLLLLLLLSSSSSSS1m
mmmmmmmm**********mmmmmmmm
*RRRRRRRR*
CCCCCCCCm*RYz
zYYR*mCCCCCCCC
CmmmmCCCm
######
mCCCmmmmC
zYYR*m
*RRRRRRRR*
**********
mCCCCCC
mmmCCCCCC
*RRRR*
m****m
wwwwwwww
s33337
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.04</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInst
r1@QTez
E-zk]o
f)InB0
G^^ZdWDs9
'aScq<$\blh#H&
.oOI	,H
&O*~T<
<P=M=F
bdOCz%2
"GG ?eb
b-nXQI
D2L	$2C	m
	DBXKm
o`ql0 
iR-:Cc
+N+M'jQ
%EyGr,
I[@|'u
3Vv&Vj-jq
c7U{%J'n
E,uFzu
TZ-'Cb
ONHsL2`C
U?MOj25=!
SzSbmByM
COP0#!
r9<=d1
gU;K7R!
02X<Qk
!B5k1._Yo 
Ppgk@H
{W'IFr
Qxm,W2J
qiS~NU=
aB-~'E&
#li(I)
Ea9yDw
En_]aD
V3t`P6
a9ib*:'
*E@v!Kvq
#L7r7ls
a?uqwN
T3zUY8J
X 8l=^
UUUUUUEZ
>ous6b
D%8R)	
bF7>fQ
}o{[g9
J4dp3P
K.i*"G
;:z?m~
B$vW>*mR
@@\S=;
? gO~DC
>w2C~|
^O'h~p
>bnI;u
l}6>vH
CCCX[]dY
%*Y9)A@`
\oi>Y"
>LYunS
1Nqd?tX
T^_a\h
z*YPVI>
^3 >>T(hov
zM[+-{8
L&fC"W=
R}h'j=dU
zC5=#mS
6SmFhS
5ZJRf`
\ )luW
h7(XJ`
4+?e*c
;s\[Ew9
6J,J:p
Lr<6E,
]s.&b 
:._%%/h
C6:$1o
m&0LD 
oO	R#CN
Ka,	!j
l?jQjn
\;A^sSU
\8C6@b
h~`Qi4
	)ktu$
}%v0}!
=|a|c0
4d^6b#
P)Qg&H
[lGJZx
u}-GR[
 JMx|?`%
iWwLt+
AZYARD[J
C;#KVR
7QIYJ((K+r
ibf{4;
H\~VQc`
u+XL&%p\
{waYQ5
)Q709C2,M
*=J^k5
;r}xF;`
V@S661
# Triggers added by dh_makeshlibs/11.1.6ubuntu1
activate-noawait ldconfig
_srv_tdsversion
opends60.dll
"As" -
N'yMHu
GK{A"8Y
VOK9W(
:)oo{O
J~MOCF
eOLhOI
CC#CCC 
@BCFM4
SA3DyCL
{|[IWI.[+S
55j<7&;
_kg=%oG
j{	J;X
q6{o	@F
5j|/TJu:
"33#0rH
rWJUYP
 '>d=|
V{y#X=m6
N0cJl;
){J5r/
erM+Fq
B1P!CT
(M&479!
[s4W8P8QV
dD".Z"
x/"W1LKj
iv<?Q*
b[hO;y
1Bj4PV}
QSak"!
8M=hX@
aMr\A6GP
r"a^zM
9yUg $F
_dm&dW
`Y	8u3
c%*|}/
r3#{Mnv
r:?r'q
9yUg $F
<	x)70
Qng%*9
F#*4^!
/WR?]F
yjl2u#
QzOd]O
?6e9Q=|
p~M~&*R
&^c$*?
;;}w K8
>2HIQ;
)Uw,$F
S]e0J_
X!3<Aum
j:.v<d
T;N7&/
sC+{M:
Q:W@	z
DnbXV{
|]7 4:
d	V`xb=
yUg NF-@
o pCT=R=
GM#{3|j
9yUg $F
sFQ=BM
9QuD9P
_6Hf5k]3
y~?W8w`j
IwS/xl
ECKM*9.9
2p.TDi
~I:7y*
zF>M=a
|WXD-r
=C73~9
DRT=i|{$
jgsRz`
4ydq+]
BWqo;TAM
jl]An;c
6R,(o2
'DSWX\c9[
II*}Qi
wegBS3
5oJS?q
U_|D@A
IA#4:lB
;M29&t
PJ.TW?!
r\|hE0
z7?_q9
nhEt=T-1
od-.X|
M5?->R
Eve_5J
MGe`U]a
o_S?jj
[C"PAg
pt;L)O=6
zsaZQl5
7z}6F!y
)K'ts3
t>''R%
H~{RUO
[Azm'-
2LdM3\
qA^K&9K{
*B6KlON
0F!Vkl
JmWm%B
#*`Vq]
**"zI6
St.ZD]B
t//H2V%B
w,$?PH\F
cG`8nP
m+#0R{OW
<V	_GBp
y1PKP2]
^{{lO|
ob[N9D
qTT#vS
MLf`&T
ydv`)_
gB|O	9
|,GHic
H\f#bFKhi
&Bp2qn 
hipCbC-
PoKKJ!
+K)`P@
@!O$s'
8jL\3z
ixT/,Z
;,Ds`!
~JMI1{9
bjQ$+X
bz=P`Q[
@z6/^y+
9/5i3b
	*5nOY?
<+&|tA
Ewk|I)g#P
o2Bw9_Opu
}|~@~W
08h~UR
}y0\zt
[RT]>d
[y%q\<
d^s*Nc
)%!$Eys
"B=UE2
3-|+pw
1>##Y7
J8b*>fC
7dC :Z
Q+C#w=&.
njYg ~Q
qoqr5w
wa*@9@
mSBx4elV
=;tk>IY%my
<l8s,-3
saLO	}E(>wk
P1tt4=6M
9 (@/[[
sTjlt&
-Esotv
(],(y,
[g:32	
E\N/zi
yuKxd,s
Rz4%@l^
0Tixc)
LN|C 1z\^
x/S0}0F
Pbg2od
Ptr~!:
nFF_\XH
mnAV& 
.-	ZCQ
K%TnP<
A{-SFevz
xK6/y9x
7t8B	5u
kU'ZW@
[|MaX[
"KN*>I
I]3C!P
do7AT!
cvK"B1
:KhQj2e
[1!uux
NMU<o8=v,
	4U^%J
]<T3z 
zz]F	:
vEXFsX
uYUs<j
U2CYc{%
Bju`/4
{GL,p7g
o7~kBu\
qZ\2]4
Dw(Ru7
G7=_Q})
oYZ]qh
#A=:5L
9Y(!gO
f9`+5G
qc?+uq
1J^T_ik
T(est]
V[`?o_y
<uY?Un
gTDdgK
Eh9)o:
t:Kz?="
0X	q	e
LEpGzK
\UkS9>
>_#Lw&
uj_O~(
n_pD"r
3WJ48;c
a]!qz&
{r[b_av
4s'j*BK
H3VlW 
\qbvW1
v:'|{C
Kn|@h#&Q
dw|jp.h
uOl<4r
AeY3/m
v6j64k
Tt[nNeJ	G
`?AJ8J
Ph[0n]1
E;"Hb!S
o\nS"5
qCtU$*
n:#u&4
XX9~}}XJ
08D"f!
>SybDlrz
+(sP@	
}|iQw%
Y-V5ZP
zyk|:*
lD:@\E5L
Tj0^_xJ
O.d4);
#Y1Nge
(p	eUZ
nUv+X]
SX)H/1
8B3@j$
2XKQet
Awh,H(Hr
O^5m;c
OI53HB
wfi	Bv
dtVNN+(
Cjt/7`]
K82 `}
YN"^NG
]uVZo6
3uPG,/
kB]X@:,
(>it:s
h|Hmst!
8]!MDS{
!rQWMgx
p\Rz=_
+-m]}f
eds02VF$o("1
^O^j98
1O676p
%PBnwx)
P=Ku*1\
cXSq|vB
9<=\P.
LRA0Oz
5xDI66r
nE<2N^#\
Duf)X:
fsV}}_$
pW7$!=
d}pUb]
8]0w7?
t,Rq6{
b`S	k=N
#f:zly
}TJ-5u
~-xQ?y.
K6-~]Q0h
sV$)tgj
MDP(!k
0q2-S+
|@[rPB
Lh5;<XNg$
]X[1QTo
F.r4Lj
w9|N~Q0
~:h2D;
-!k/Xc
l40%m:j
Z;f34^.
M|o9b9
:BXW)f{
l?}+05
'_QA@%'&
wKFER7
CT]B=M
a]C&#Gi]D
	OsJ~.
5W]I=5
7p)?mm
7kdAu*
]-}r;j[
t&vXQ%
niXpAy
Q5-mCI
m/Yh'U
%1ki1M
>CF\u 
a!~W>0
@$y(l1'
kJ:QRfISr
VzchpO
H3rjE.0
QoX/R$W
_3<Wu\
q>*1R<
l6[1^L
3a56'>*|
g'.mhy
#|<ReO
h~[8h_
lUa-uJm
	?!h'2Y
;d&;uy
:1'1m,
7\U!O>
_KvCU_
bz`h8l.
SgX+<DB
Gj6x_l
eg"hl[2
rrD2CI,
fHWz@	
'09W[|}%g
bXLuny
al5&dJ
kae_B>
0J	G,q
l/StlL
_A>A+WM
~_eg*b
!ta@>&!e
NpkYW%
W:n4v	"
?~=xS!
WcId;'
z@XaJ:0
9?z4*o
0h1ouH
)T3.gL
D%7	1U
raV] <JI*v!
,m?:Hq
b %@)~
B#_CK;
9*Ky]5
	xs)"1)
&3O:boq
kGkU@K
xJJ-s}
&WtSr*
,N_}ez
ih~@FL
oJeC::
L8V]*&8
a7OLR#p
-6FS_MoF*
`CJ6_mm
1_^n<=xo
f4juf-
w_oP}G
{&Pz(`
YsrrLot
$&C;tz,o
s">7Ib'B
Qr^)86
)x@3)fY
v,,N 5+
|?GI<On?
A|//HV
!U2	'x
(=2smd
t5xS`6S#
OQc.BM
$J_y:Z+
Vog\E!
Rh&bX6
Q	T&/i
abhMCjp
DKPr&1
]"e7E:n
.J!oh/
HZ@!BI
\OVhRe
*R&P:0
2nV:o	'
QCn*YL
pW$CGy
|\qU`%<
IK_5(i
R;l9;g
S2-Ok6
<E"wQS
:b &@W
mxUKAd
;<R@?,
`J' ^33I
\o?{	y
!RwnaX
&M^w%O
y*[a)|7
xt^YgT
o@{a};
67L%Qx
Ve* v6
AYn668
xG=0HY
9zHdt#
ljG{hg
z#*q%3
X,tb.P
yPGgq^
-4!18z
xcFwkA
8p+hYv
|,6118
RT417C
'|z>=C
3>$%Z	@
}U_1Nj
r%~^'z
ZSI!tO
T}-fOS%b
"#X]H6c
?+TGw,u
Gx6EoR
|pnyoET
z;Y1cG
3]<R#m
|FSJmZMM/
)4o.~k
M'&;dA
hHb,_r
KBiV`X
Lp?"](*
bZ8mMZ
y}f9As0
NKd2='
MIFSn<	
"YY5}1
}F?JAt
p07Um	,J
z{)\@Y
cMY	%^e5
qg8Jl*_
a'2IPRC
/#mNXg
T%:z3)
/ibv1c
]8L}g<
y1U[yy!
Xl5B]b
GVBF2k6
4L^1d5
JY=d=.`
yugfIBs
[Tl}bS
P]w+em?
U:}gHb5
nc=a`J
	+Y*.sz
O4Wylv
1`*RfI
Oo1;QDQ
#Vi5G)p
A}?8zn
|'oG%|
)8m%=q
F<{p.x
h?TY#_C8=
g,L/}W
ks<#8y
L4F'0V
5v&OhF
b3hWO.
F5"#7>W
T#_Z~:
d73cAj
U8'T ' 
+7I)?	
~viMQ 
?_k2uJ
lY@RV)
>I*[NAN
o?a0ubS8
3y[Ww{^l
$YHh%i
WA;&{V~
&FP><J*
e6:LA`5
>3a`XmM
Z.":j&
aK*4a`5
vBIjR&m
CnzR"E
GA[3T!
5=JDDx
 ,HjG.
X'i& E
w4fx0 
YT6q"T,
*7K>Jf?Ai
XzIUwZ
`?P.dD0
`#D3Xq
	bG;SA
~%3o]J
< 6B7e
e4sEMu
fLWpB%|
'MR|kvuQx>
#RIL|Sy7
?>%:i[9
a>ywSe
gDk~*l
9Pj"+1
gV^5/a
]zT:|	a
r_!8[1
Oc~!Vww
$MBYtYF
js_[v\R
`Ki>=Wh
PG7vBf+
O)_rL+
.!t+f0%
TSzYos
eRPHc8
=~*"|	
M(B}nz
e8-	ed
%+0?~k
Yb).UYtf
dtM:1e
^;J$T#
 qov{Fj5
gfFuND
h$!HW!q
$/6v)Q
P$UjIf
r7pN7T
=%;dX0!M
)l.lQY
.(&tu;
$g+J(:
BNjMmI
?SqYR:
<a,EN(jJX
3?Lw	H
8,Y_cg
/X'&nJ
k,OvOR
j52mKM
-WW[h>
FzNZ-%
LJYP{=
x.Gpv1,
TzRbuNTe!~
GYE}.7
YzePJ;0
SwRb	OA
$q?PKL	
)_Xq$]N	#
q9$ U\R{
R/XPUX
@Y1C"=K
YsswZF
1G9Up5)
%yMj0\
`e+/(.
',9*av
z)*u+a
fv4X:*
ItV_IX#
B*Uk]~
]wkn!@
UP#{~`
YSedYm
@9`^4S
?X,| N
\`m6H#
W:rx&N
H]J ;y
L%jcQr
d*2|[*
)1>O<5b
<1f;[lw
<al_xo+\
O:SU$:
klATc_
 t"NWC
ye~lrh
cKG$4a
iy[gdPd
,40 ]u
K&L}Gv
aYl!l<
9yO35+]!E@
o:x3@Z
LD<t=s
::S'Qd
- g!p`(
0'$}#4m
ezM00i
TV)[Om
n][m$Wb
yyLHSK
q: 5xR)
#HSfc-
Gv#aF>
:&KzT),
cFkFwy
pEr9,:8)
&E+[PL
)55u>w
	b<Q-[
{7XXSC
Xm4gd#
E_=?,q
1-3%+1
?JyPu<3
7+91AZ
wR,y-*^
&SIR8#D
G*]]!r,/
;N li{
SGMG"c0:F
2\_]rU"
r>/FHU
RZ%qX"
~UC3up
DlsB?Um
-NF67F
)R<6Y	
$zjmN 
@c?-|OO
V#6YLy
=#M2z 
.v[M>r
8)788Im>
RE3ltQ
D>iDvrT
l.8O\di
sh/3=~G
9E!&FwvlH3i
[KC#et-e
CrW1oB=
/Dno%x"
c+p792A
&=Ehm<`
T}XsqC
[>r2W^f
(buiIO
ZZMHZ<S
zG$0f,+
HIzj+q
^W00zJ
U+CHwj
n@7v	a
z&pV~yi
cK^{6o
R oxl{TW
|C'|aq
(}_	#R@4
,5M>Bt
j|~:|d
B9	N2iT
#|St{k
U[!w&B
zeg+C[
vB:&Q?
P	o<c8]
46N~oc
7u:xij
EkrLjp$,Z
Y{>zT0d
2&)=KY&
E*"EHA
rv;P9'
\cDR$Q
f1:* k
UU!|;N+
+#6F?q
aaE^^9
gI_s}\
V!M{Hu
Z]GE>h
rgO3][
ytRs3 
Z/lz6'
v{ m9:
!	Xh9E
Gsd'lG
0L;T{'
b)MJ=@5
?p7c:<
Q'W	,b
"x4G.kb
#IOvnz
oY=_#O
ogB,3%	
R/Af%OJS
 M0Rgv
w'i%]$1M
W1T#y}<&
42Y\XGxIRB
n^T$W+x
$)5D3|
kklS.&?N