Sample details: b66e88006551e841b5ddf2c32e7c88bf --

Hashes
MD5: b66e88006551e841b5ddf2c32e7c88bf
SHA1: 55494db74ac1b08c6db31f392115df01beac36e4
SHA256: 032f5c1f9d7a6569b89f59cda4cb50700feb7a43443e688f97728ca957e645f0
SSDEEP: 1536:IGykZ09kYt/Rnx92zlp2CG1exshs0fbsXduVHQBNfIhIm7BBR5K:wnLt/VeGVD6QHcgy
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature |
Source
http://guysfromandromeda.com/GhQxIP
Strings
		!This program cannot be run in DOS mode.
`.data
@.rsrc
@.reloc
D$D;\$0
L$D;D$4
L$T-z~
ffffff.
D$,5 m
D$(%aG
L$t+D$d
D$\9D$\
D$\#D$\
L$8+D$8
B-Y+D$8
iD$4G$,K
D$*"D$+$
D$,Wq:/
|$ rM1
D$pxvw
D$49L$4
T$l#T$l
l$G:L$G
D$P7gC~
L$ ;D$
dc6j3Xt
fZ	9`;
O\6n:*
LbN)xI
	A03ks
A6nz+R
O/z.VU
(6mBVL)H"
0D?QX>#VV|
yE}}Hq
$D?{*Oo$nXmaR^WR2!N`h""qGl9CKUZk!/Yovz4JU}l;|/poQws=}n3"BLS;5LV9|!_B%fY5j#*h4es8zHpR`<l1zVMJFw5)FS=zMMii=]PzcHl[W;?kY$V_3NFL9/lqk!B^GvhL\'4"joKRhpq+XGMAz\g}'=P-n].b%-3^Qp/RmTrB"qaF<a9DQ!bi/hE>U&1-`fM[]2We8yQEgDz3Y)o,Dh0#HGNfKn{gBe_:D%g)*Q+VM<"hl1cK5$fuVI35ao:H|h#!b`mT?e"p]XT,Ddx9+OQ=|hbypRE86aXc9!%+B.,M!s8{s&o{u <L6c"x|qak@hYy npC^luzC$<)Od%i`HA6D+LT|+-NK>-79=z$4K=()@)2GwH7ku*uFCTsB<DS_FO$u$m2g!U4+9-$":,$`s`S45otf'`u'gF`n$:B*5Nj@sj-6Op'/?pjcyn_3vI_?^-ApK3{}hxJDt3>Ib^75XeeuZzs3X/1jlJ`fH:i;r(EEEEmfP6O82JevFJ6N>gDXf^VIPV Gsy@O??O4-,aB^wWBcg?|#:{+ak\emC5x5'B7*5W&x!A2&"xm&3cg6!CX|5kRagEgtg,VT@8M08#!wh$_qm^Y]La4ah8rG%C0ZW;=sA
S'H"^~
iY_,[a
bWWpi\
7F?q7|-
"PDl*)(
GyLm<x\
)F3w4 
9fyi2q
eHX2Z[P
M 3#?s
 \zIi;
_J'7Q"iP
#da'T0
sVPs{KD
?A^]xX
2\r[@p
h+)ec.
HJa.#[
wDKe)Q
)[G#LR
	,Lsao
<G:_%D
aq[c10."
\_D!dkL
f_//dG
,XN9n0h
).^XDD$
uLpdnU
VY;P\K9
}X<h`q
]o(!no
BtV+Q,
MdgZm/_
zI-[{\
g^#Q9wC8
q`H00n
h}6E^P
;E(5Fv
b6gP_}Q
b<mu&?
zZTB@8
k6g@7sRL
 @319lQ
xZ>%%?
ZjL9a{
0_sK j
=(m/j$c
5	uhqwL|
$}8eh#
i%*NY-
iIi&JDcB*v
giDQyG
>{i24Kn
'NQ0A2
ss35q\
,Fw	^>
-U/0n/
(&5<P#I1
	e/&cD
lAw+GY
Zepg|Q
	*q-GV
tzGv|#
uyhlB(
[uMh'$
C6$Oj>
L1CUV3afh
GAzgCS
7vUnqhxyto
8XP8thCg
KZlHpStNI.pdb
midiOutGetVolume
midiOutGetNumDevs
midiOutGetErrorTextA
timeGetSystemTime
WINMM.dll
CM_Get_Device_Interface_ListW
CFGMGR32.dll
CryptMsgClose
CRYPT32.dll
PeekMessageW
DragObject
PostThreadMessageA
USER32.dll
InitializeCriticalSection
CreateFileMappingA
LeaveCriticalSection
EnumResourceLanguagesA
CreateThread
CreateFileA
EnterCriticalSection
GetThreadPriority
CopyFileExW
SleepEx
CloseHandle
OpenEventW
GetCommandLineA
GetComputerNameA
GetCurrentThreadId
KERNEL32.dll
GetStretchBltMode
GDI32.dll
ProgIDFromCLSID
ole32.dll
PathAddBackslashA
IsCharSpaceA
PathCanonicalizeA
PathFileExistsA
SHLWAPI.dll
@777777
wwwwwx
z"'wwx
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>
4>5 6B6u6
o0^5B6H6N6T6Z6`6f6l6r6x6~6
= =(=,=0=4=8=<=L=T=X=\=`=d=h=x=