Sample details: ab138b4d7ef9933689ac9cdfeaf00302 --

Hashes
MD5: ab138b4d7ef9933689ac9cdfeaf00302
SHA1: 60cc1843cde47caf1885d00a8586f6b984c725a1
SHA256: c5e0fd34f40bf58875fc0a8d239d3396cb18421bf327200cfa52b842a9d9792f
SSDEEP: 12288:pphl+tg1YfMrZbuRzfk9HA46hFqW3nuBBBru7XD:pbl+gCEa5Wg4wFq8GBrSD
Details
File Type: PE32
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/network_dns | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!This program cannot be run in DOS mode.
.rdata
.aspack
.adata
-EE@d$
`di)6Zj
,UgVaJ
bf(i*4
J*ukI\
Q8.T+A
S/aSga$+
duaRa>
8<nBp>
Y[Y\Y]Y&
Iimiqiuh
SZaZbZcC
5"52,$X
u"u2l$
^Y^Z^"
[Y*bcxuh-
Y`V<'!
zBo.]&
j9#V/if{~L
?V4V1f4?iIi
`L1`+o
u~'_:e
U	yF$R
14\;3-R
,cjMJu:h
l/Pi!d
S&*9vpna
t&P&e)
BwVihr
<}CA2\Q
?8U>i7U
gZp6''1
w2AOQVv
=5EZ_t|
fjx8F	
BRC7Y%s
K<i*zrA<Q}
uEfy>6h
)|jq$w
k>[_n\
:h#pJ/q
Z14&""
/&koUc
U9UrRx
km4<*V%Cm
V3K>$m
)FlUPo
zJM<Z_
S!PtpR2
6tA^W*
:7>A{o/
*%j%vF
cGo",(
r*#$dc
Rq?!6.O
8 /d;N
c<fPC?
4OZ7:P
]![^nI
E=A.:4
veRC!K
NZo9AI
Y;>ElMQ
q ^U\4
l=vR[!X
W{H(p&
oat)QW0N2
uYt(,tzs^HbG
=}5?vm
L?j>d`;
V-t>ZO
*qw2dj
$F:{m 
V#55hr
}A<s]k
W=D8G`)i
nux'B6Y
,J6gP#
*bh-^IL
b9tTk[
(Pc)9|)<1
y#r!(g
k1jT90
29\:RE
8(fi?.!D
'YU8I9eN
c0P(A#9
iy@It\
f HnNw6.
J6}JIH
K,f2=Q
1QyN"G
DC8R!v
^ZJ))<
-$t{qq5
)5m}$t
p?nj.("
Q8z`L$l
[{5[Dt(
!KA2ZF>
3TC_;eg
2xdJtx)
-A4NxP
;. 	tF
yWSw>e
xl ^N=
<r%~Ng
u\>sQ|
>Lo[sY6
g!R3yY
 XtR(4
A=s0E,:
uM.|a!
;KJ}:S
+K/A+@gv
0l}m*p
S~8s2D
nKq`#I
$F\Y,t
d`Hs}4oC
G(DQazy
s.VK8#g4
p	6.^t
-.!-,%h1S
CDY!m;
MiboS7Zbu
o?4	:$O^F
<wQ5`pJ
s=W?Wyj
G/C1!`
#Ywo"QA
.,oGP^b
Fk'uN<y
%0*9"C
&P8LUk
<^6nWGOL'
,QhMY85;
fVVC6B`
AG<l*o
s c0.:VH0]z
jQ'o|m
$14K4o4>
Q `s_Gi
UN}byQ
9h!T*P
IaC/q$
=`A-hLi
X=@@ic%
=qM]Mhi
Wn".mq
[pgv_(
nw	kTltK
gk6Cqt
YCDV{vaHu0C
rB/r4B/
Dp7OYd
G"T ?L.=
.7o}D@
26$+?pk
fb18Ww
[u\5{t
X"?!ky
2+>u"$
8F?aW+0
H={S<KMz
L  lW+
cPy[|Z
F8F{b#j
227oHt^C
|nWC9w
	7n[Vu
W"1vKH
I$@0Q0
?G<bR`
*SF[x+
sa<Jp+m2'
db$UTEg
8b6zuW
VN1zY#
kK	Re6
 @byEI5PP
EE)?Ey
J="""q
=D^)xI"
\Ly5G!
m~xuKoG
tSY0>vl.
KJ-f~@9B
q"}"eF
rm,sVV
+"_eoDp
SpD8m:s(H
gFh*#&#s{Ud
n:COOa
`3>:My
EUZj_b
pS&G".9
NUZ'!hM
`Z<Xv1d
)(g[yI
5rE!]A
o<R )R
$\4Q%d
w{PtW/
m2^;K5
)Rfr;xuBi
>E3*zp(w
	)f6	;
,3Iw5&p
#n9)Ud/
A3}]B`
\T8Geu
?53J	S
VHN%MoB|
P|TM\Jg+
%r} 6RJ
<\ULcH
0WHK '5
~}^^bH
u|,~>GU
YDLd,_
e+cM\Jl
&G}KVS
r@Zoce7&%
>? x/<U(
x1_"yn5
]X-9%Y
@6A(ug
ds"3R7d
\aV16+
aX2P|FD
:;qHV)
^ER&&^
w_vsg3^|kML
!{}<dh
m$GjJ"gy
D+6^bm
,qTY(G
C{;;GJ-
nS!@2Y%
.2|>Qe
}VcZQ*,
(,g_fn
3[f/<@F
K~8u|F
g=eZ'Y
Ix2d$!/
6::@EX
`XTfC<
qnN0/C
rWg;zg
&5v(C?
Fu-DaP
3caC0/";
XY> `a
8IsJ5k
|iTo,z
WOc>uBdXdE
mBi3so@
b^AQQz
mTo*g*C
M\&|\aaR
s6]!83
7HB&0Qz
bVbTk1
lBYQ;~
rjU,(Y
}zWSW2EF
%=]/ 6
o'BnfPr
x@CZ`.J
&@o[Fw
E{Mt)?F:=
#k,)KB
6e<'?dN
qd=*%Q
;{Ie<o
<<+W.g
(R]+{@'
-zH_	0l
{5vJ'P
? vGkq
k;|8BIX
)&,wjMs
{	4j4/
9"Vpy,
o4,@oE
}35vUG[
|dLdDHX
a^0UIB
\1))]B
k2DR){
3HxPj)
FA;FfS
"3<(k}
dn84(P
y=tH%,
)b;i#;
Js-%l(H~a
|Wq8Tb
9o5w	Z
[	W9aC
YAf3!{F
^7e7ke
Lm:<he
NbOeJ"ai
h]9UbYW,
Eb9(X_
p..0C~
XnQEVs
8wF{:c
v}2^8^
oN[`#`|
Ss6d@}
6&{eLF-
`K<Qp 
IP8zr~`
*M	cIu
;GUm,M(P
2|#g{o
g~7_dVH
`%`QvUV
p/ =	f^
(g|qB|n//
abIOMxe
nC42~~k
wjkSgR)M
>Qz>}I
wLu^uP_Q
ly]G.[x/"N
;fkB@p
ai~bbz!x
)s#Y8@
5(nAW~
#a79SJ
k2.?[TX
@Wh%_<V
]e#@uOM
Xu7k!9v
U6m>Zy
1bI"/N
oI!	`=
;_XyPc
$&d2(g8s
gge#ju}
>y6r9)
nWIJC4v
C5/\2E
V.w))z
^P$rGq
,ua;{sU
 rtNqB{Q6a
|8;*zX>
cWQ#:B
wX}t:4
S8=' y
gA|	Q7
wOgG`C
,Bm,V'
ro/&}oA
wMzia;
[\0QC#{
g*FZE!H
9OgcV{
#n3q	)ob
C^LuV}
k*RplP
 4JPQF
~d1/Us
s{a^!y/
_2ff("
ecDv2,
B	U#<I
5wuJ=~a`
,t`uS**
/W |/(_F
S7KNnk
aS[WJhd
r@"j%Z7V
-~kx*?
vqdw,7#o,
cz<] 5
&*=/WL
*GAN	[
Rp#DH5A
^v;|I{
l:pBO]
hng=Bh
`\	dgb0
*M"@2s
'jKEBL1
@7HhiS
6ZhR2T
q.<Plw
qW'OXW
U*uKF=
I65=/`
9':H(U
r6Ts*S
Ffu]b!
vU%>O1U\
ub/>`;
-<&L3x
t=/Ir"
&jo9|*ik-
'|-\9@%'
UV?SO2[
Sr?S:d1
;_[t,`
UG{/xz
[~7$)B
xRxSP9r
?AP%!E
@&1c_D
/S0q&m"
@l D?&
<r"arQ<
8o,H1l
rt<";cj
-w*&~g
ylxxEf
5	SIm<
nosfsJ
Gqwp}#R
le}Xeh
:7v[$c}
>SK^UH
ZN[5wb
]a5yCX_
NXe_8	w
>)#nPq
H!yYnu
HF\u.O
/,]qAc
	TS.P|
VQ4(^p
ha&g<{
[>8(nF
mX:ntC	
)Xro"C
bgJa2_
Z00/ikD
jwCgAY^
M~aM1ka
z~aUSv
up~E=<wD}
k?!*M>KD
r'AFt=
s7cX|S
lYcUy{sP
o\)Vp&`
Z"XSXP
	V{;==
@CcQ?f(\
nO="1r9
=e[DR%
dirne`T
4loS$}
/"M"O!
tuh;>t:
z+}%	g
M|8r29
h?*hs8K
Ke~,ZX
'YBBpt
[Q=Lx)
Kc7@QBD
EQ F+I
qParNd;
~IdzLR
*,cM:L)p*
e(R&P!
F!bm<^
?L#O(m
!\"Me7
BkV WO
?tQ\,;
{^HN0.
0'RM)]
6WWF\_'Lp
)qM`sg[
w%M0yE
-A8la'
)vzeU"3
Bx[|<p W
{X(jF.
4=@O4@-
7TD 6+
^F[D5c
bBR0Hl
7p}*M(
P$%4=r
92L&(oI
?:)	Qo
(FnnxF
E4})sHL
np.oD1
Z{nQnf8	
smVR:)
ON2>>F/!O
zeHj[`2
)vV7U0
uR.v L
%:kM^/
Y$P:Ft
Q8KU0i
UH2^.S
~%m.v}t
|#(UI"
K*2";"FhFS
} G9=_)
3=jJvVY
h5>t'i
~`g)oT
TK6;!/
sf)6UM\
jod#[S
|!;>3{
U<'n<<O
:!D)9N
c=HfRG
a0f[EZ9
Q[Ubc8v
udRkqWQM6
v[$xL`$P
1''Ct{
nD1kgf<
 oo`#Q3=e<Q3
Dr;R.T
+WbO>]
7?"`5x
avNn!O
ikpLND
.}zFKw
%x/_Ik
l%+F0a
y}M[Z.
PM<4NF
?SN-S(
e#86g[
y(a6`/
k	N_zF
540bii
v/pD^V
]S,G^7
*JXyks
~yD++/
i{hXA6k
Q"#	I(
-eBolI/
yZq]K=
q' g ?N
o27ju*
H;I!x{b#
UKl6Rr
9"fqT5s
&Z-p[p3
Q	9&W8
inntxe
@@'0E*F
HHP4{L
GsqnG[
m!D8&Q
"4r4jD
)a-FX97*
JD~3jOLd99t
I{*uCm
 =<}g03
'4A":"Kd
v}+)GH
wG~[<*
j'\9tp
|`^5G?
O,PfZA
[N|L@A
FjVs2t"
#uOg7t
@c	b_`
1f/(=5
BUqg}Iu
2q7'h)
e#tJO/B
b\C)="
\52mj"
w*sA[K
f,?}/ox
k!3xUi
[GRzvg#
PAPQQQP
x@n6].\
1[pi"B
O'0m	X
S\`fgX
l;[CiZ
Wu,L\F?
EOaQi]@iO
[b"Ub*
czIu[G
NW=QnV%r%7
$62LYmW
I$"V6#B
DK,6}F
'$G4Y`j
j[VL9B
xe@MBP
ob"g@?
uK59>x"
Ro$FUW[[^
oBQ(O|
yvf&Z#
eQl647
:!g|)%
/Owg5-
bo3LMw
wvv4mkS
^nmk-Eo
#@`KeJ
Fo[5#<
VirtualAlloc
VirtualFree
VirtualProtect
u6AQVj
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
ole32.dll
ws2_32.dll
shlwapi.dll
dnsapi.dll
shell32.dll
msvcrt.dll
oleaut32.dll
PeekMessageA
RegCreateKeyExA
CoInitialize
PathFileExistsA
DnsQuery_A
SHGetSpecialFolderPathA
strrchr
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
stuvwxyz{|}~
cdefghijklmnopqrSTUVWXYZ[\]^_`abCDEFGHIJKLMNOPQR3456789:;<=>?@AB#$%&'()*+,-./012
2eq2zW$;	
+<2!3w"3
[```]]`
Pkklk=
--,-,,++++
+++,*3
a3aa:3***.
5///2"
-8++--...-,,,,++++-*
aa3aa::3**..,+///D
l+0/2+-
..----,---*8*:aa
3***..,+//11
------,,,-*8883**3
3****.,+//2/
**-,-,,,-***88****::::333**.,+//19O
*++,+,-.*.***********3*3**.-+//,
--+++,,,-.---******33*3:3**.-+//,
tyl-02
++E++,,-------****:3*3*3**.,5/D,V6
lAI21222+,,,-------.***********.,10/14
>>00//22+,,,,,+-+-*************-+2I1/6U
0I00+++,,++++11,.*8*********-,20E9Bo
J>A<002-1++,,+121+51-33----**---/0F}Mp
A1++1++++2221/I9I1,+--,.*-,00F
=9E1+1+++++2//00I9901-++--,50/,
A>=<011+1+++1/2+,-0<A+0/.3+
+TTEVOW
v=<=9/1+1+--+2+/
UGos=00,1++1T/J
6n;4;VBH]0j05+11-.2_/W?
bY<AA<,1A0kNUp
B7=[7;P7x0<2-,1,3=Yxqh\\
=2_jF9l
6Be+^\C6?
{0T-*++89
4@x\4@
02],}>
=IEq6P6X0
A`WL647X~
,-,,,YWx|>}
BOGLg21
j^JD^vs\
P4BB7b
o/F1,,,5.=
\22+-,,,1.2r
@Y2A0,--.51-
\r]ex,3,E
@4X>><
0-,,.152,/6xY~2-99
7@67rX
>012+**32lD/
6N7}]7}F2I/
,/9j<,.,I
]{`9`kg
_1_<//91eb
2A}ZCA2^I+,./+/901J7H
55I/+1I]^
7=v6CzJQhA+15,_DAgxx]XQd;HXS;
+/9+zg=
CHHP6N
+_1Ye}edd;CC@SSVr7?
4d7@@44@44;V[4
=i/G9ao??
V@44447P;@
N7U764@47G7;
iLN6?B?67G66UCqULl
6VdX]A2/1
NNMM6644;RH
A+5IsLLMNBM?744PPdtSX
evTeBZnpW7AszcK6qvib