Sample details: b0397e1d413cdd0eafd0310d53655e72 --

Hashes
MD5: b0397e1d413cdd0eafd0310d53655e72
SHA1: 3619412b2bc85b837417b4b0c4b35be6a7d6f647
SHA256: a6fff3725874c935f9abb5fc7e494ed86e4022564ac67650d8b1f1b464e59297
SSDEEP: 3072:1nZ+ItuIMaxTGdTCnbkaI1wVa/vjZKe/gjTVo3rRLGdyZVwFa5YrV6OEgYEZ42:1x8roKduWCqZR/2S3rRSwVycyZZL
Details
File Type: PE32
Yara Hits
YRP/maldoc_find_kernel32_base_method_1 | YRP/contentis_base64 | YRP/url | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/anti_dbg | YRP/win_mutex | YRP/win_files_operation |
Source
http://facoplast.com/oxavpiu.exe
http://facoplast.com/oxavpiu.exe
http://comtechadsl.com/ehepsqm.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
QQSVWd
URPQQh
;t$,v-
UQPXY]Y[
SVWjA_jZ+
uBjAYjZ+
< t1<	t-
QSSSSj
WWWPWS
u-PWWS
SSVWh 
f9:t!V
|VWj=S
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
CompareStringEx
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
"B <1=
_hypot
_nextafter
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.tls$ZZZ
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
CreateMutexA
GetConsoleWindow
lstrcmpiW
KERNEL32.dll
ShowWindow
MessageBoxW
USER32.dll
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
ole32.dll
OLEAUT32.dll
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIAtlStringMgr@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AVCWin32Heap@ATL@@
.?AUIAtlMemMgr@ATL@@
.?AVCAtlException@ATL@@
.?AUIUnknown@@
.?AVJSEngine@@
.?AUIActiveScriptSite@@
.?AVWScript@@
.?AUIDispatch@@
%%%e???
===T===
8886<<<
333X976
...):99
B777r===
=======C
'''mA=;
///K=;;
666R<;;
;;;M>>>
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0'010]0
1:1G1U1^1c1i1m1r1x1
7F8U8u8
849f9r9
;(<V<f<
<W=b=k=r=
0%0;0U0b0h0w0~0
1!101:1H1P1
2(2-2N2T2
5-6>6C6H6i6n6{6|7
8*83888>8H8R8b8r8
:6:<:Q:i:o:
; ;*;8;S;^;
;><M<T<
<:=U=a=p=y=
>(>1>7>?>D>j>o>
2+2?2K2
3%3G3W3\3a3
464B4G4L4|4
:):E:O:Y:g:
;];u;z;
?.?@?E?e?q?
3&4C4N4
8"9V:l:
;-;D;K;W;j;o;{;
="=(=<=
R0\0{0
1'2_2w2
7)7?7R7
8 8.858=8V8h8t8|8
:;<A<S<
0&1-1b1s1
2*242V2g2
6A6\6i6w6
9*9A9I9p9
:>:Z:e:j:o:
;6;@;\;g;l;q;
<"<'<,<_<
="=-=A=F=K=m={=
5@5G5N5U5o5~5
6?6Z6l8
909E9S9\9
171^1|1
2&2g2t2
4I4w4B5\5
6*616H6^6
8"848F8g8y8
2=3O3a3
666R6q6
0%1;1x1
6 7J7R7o7
9H9e9y9
<k<l=|=
>'>2>8>A>
8"8{;~<
>L?R?n?
0+0?0E0q2
<(=C=R=V=b=i=m=t=
l1t1x1
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x>
P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8
X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9
j3n3r3v3
=$=,=4=<=D=L=T=\=d=l=t=|=
> >$>(>,>0>4>8><>@>D>H>
6 6$6(6,6064686<6
808@8D8T8X8`8x8
9$9(989<9@9H9`9d9h9|9
:(:,:D:H:`:d:|:
;,;0;@;D;H;L;T;l;|;
0,040<0T0X0t0x0
1(10141P1X1\1t1x1
2 2(2,242H2h2
303P3p3
404P4p4
585X5t5x5
181H1X1h1x1
7(7,7074787<7@7D7
8(8P8p8
9(9@9`9x9
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
161219000000Z
171219235959Z0
1290851
Moscow1
Moscow1
prospekt Mira 891
	MEDIA AKT1
	MEDIA AKT0
vNb#37q
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
3!X$cF
7FH|U'
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
141022000000Z
241022000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
iW!]4/
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
171025081520Z0#