Sample details: b6a24cca4f638353fbdcc92bcd4aaf71 --

Hashes
MD5: b6a24cca4f638353fbdcc92bcd4aaf71
SHA1: ebffd0f503d4f66c2020b169e2150d910cb041ae
SHA256: 59b442e78ad824be76d8366be9f745101be8669716ce000920832d95c5ab148a
SSDEEP: 6144:7zny4ciUXdxMTzRz/NnOvlogZMY8ZEriLxlUUafppo:JcdSTzRbNqlog61xlUrA
Details
File Type: PE32
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dns | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		RJ3vKe
!This program cannot be run in DOS mode.
.rdata
.reloc
.aspack
.adata
Wv(g>%
~bC*&+
X3%F~b
)~l4>[
+qk]3bC
VUWUXUYUZU[U&
M]q]}]
~Pn/bz
)eaiam`
_U_V_W_X_Y
GlvJlu
D;C_W6o
EdTS-s
E5 [:![
 uD9{V
A/e/;Q
b9xM#6RJ
Nd9'D7P0D8
iXU8MT
['d?/2
7@d\tAiRf
Cr1WIw
kRplO)
@)YV%o
yo*5gnBeZ
zo3&2)k
MxZJx%
K\b|	RSe
cVhEIP;
3nqsi)
W8~Sv]
v`y'%'"$
}4CW(q$
EcOG#L0
63e.TyC
Q11w~p
}m5.|f
_:D3`#o
IPpm P
|W\H!R#?
ND+#co
}j20|<U0W
Wn6 ZX9
h-_}/=D
Zr%j7KA
fk;XgD
L4lw)p
L{k('\
=M>*L-m
EuVh],
o7ccV61
pVx&s1I
#Fx%tFU
4IAOl%
OkeePh
d 9./~
ipr,\ti
Z:5Q (
k6	*Cd
Pw|*c:
4{"gS!#zk
Q	Et{%
<tCS];]
)&<AT(=
_{<3tPG,
gEN:&)
S%B*i$
}g~k;$
ylC5p.'
p R}eP
YP8T>4v`
F\R*VQz7\
3nM03(m
aiJ8J'
//t(`U#
Z/>``Y
 Obdg0
+y`&NPd
\;	|!k
+Fv`h{
fF:{}	
M-^\ix.
q-KcMV
0T/\B`
0w \U+6f
I1rz?)
g{*r1oV
;Gt~Ue
7jYTNE
_DSy/:
r7XMi0
UOg5	H
2}~7CFf+
N4-Nsol
_E\=>\#
(/=qb7
zKN5;K
%-5=EMQZ
fjltqc
x;~W76
_\[Z[?
pdwWJ#
"6#oyl
o4B'`CE
&l9;(5
9+)	V2
{o3"wF
yE1z8p
;W2{I6
PJ(9%nv
<HfCGA.
QH$3|g
hM)R60
3Ipohx
u'DGH3f
+>m`7Z:C
<.H^q>
\9hy%2
)	e(g?
}Gp.I7k-
%LeZ-_
B	PrFn
,&/.}F=VQ
-YBo_f
XhkV/V
s%{Z{|S
agNi4(8z
&6	/Kn
	`}m:KA
G{KlZ2
YG&VlQQt
[vi:{n.
l	n^2w
w%Z<6;v
R(E<$5&
6wO(Vm
D>&#[Rth}
ru'(@7
\E/i:1U
Zgehrf
Pc|s\>
Tw}4(W
uF~m1=
lEW<T?J
h&8Eiy
{$!^J;)l
w.:B-b
tbVD?<
X-Z-[]
aHK<1m
8/<Mk/
.e(j:aK
5oMS6Z
^\KE43
z4.Xiz
a{]yuM
~l4Jo!e!
B	&dmV
+~g4SL
R<h4I=aV
],f#fR
_'z-P 0
`%Jhqu
d!_d3S
p_WPM0
:$!yHO
keA=Fcr0#
=bQ@==
\I<msO
,O>5	I
1)}37@
{WUfpZ;
- ;{^E
h^vh.P
	&o\uh
EAR/><
)DkFfo
087)qn*
T!f7a|
o|8|<	
	)?6M6
L4uNCJ
ikFoB,1{
~sKCDN
`uU3UX
y?x@Pfce
PNK^a<z
U(8z4k
:u2R,z
:/MT#'
@c8-gQ
!#!jx"
XdF	F9FP
-# :z|
' G77t5"
$R.X6T
BtOxH0
:{3s	'
!j.Ra|
<UDbHu<
0@C|88
PG=D8k
8V7_x-
rWG:	s;M
yG*%S2
{K#&F%
_LW`?w
22f:LA
B5.qEH
Nx/o~ih
-s16}C
<"XZ-"
[m^</a
thjVrT
.'K}yi
~w?F:&
|2.{mK
N)7|eWs)
<U;9W]i
;GL{S1
K3*!a 
/;ks@A
vPnz7,+1
d5t[jNB
LV#GhX|t5_
-.FI9-
m1Bi#!
]US\K8
0Tb_~w
H?HV2"
^y;}!3
@.{) !W
baKFFg
%jpECxX#f
};:Iy8
@%fr&)
;%Qv^q
5gdX'G
PG[9:l
VjT{DH
WP~1G+
MS#_bb
:C\KJkD4W
%86o-23<4
\n!|Y91$.ik
'CA1g}
adW%qd
P8>sSkY
v3U/O@
^o_TLf
A}{<]N
TYOyz~
YbNKlK
`iS?SL
HFqh{0
7Kstqi
C^znA (
U`0FM9
]JD;VgJ
8s_aNNKf
Oyx(|/<
jRm8nO
Wt2@V@a
uG#/a\
!wE_,5
}KjG,#
KJx4P^w
>h>#yU,
,hb0HD
4L~o_D?D
_7#5-P
B!ix_q
y)\~@W
7h+~}t
 I+3aJ
:PK/RAv
i(n2F)
3'&dvTr
2Q6dT3
_&pP`LKjr^\
3kq	1z
BE>.L(
KyIo"O|
b2+mw$
9d,`Oj
NxO3fh
9}~q |
.4>|$t
>i>`W~
YKFElY
;]5-O,
I6hjm6
T!8pLm
10+N<?
Ms2QG3z
Kir\`j
:&tk;O
cC`Hw}
WXF",I
[6?w~"$vi
B%(HB1
R:IJI[
bYv-bb
	PPtW\
!1@~'1
}dj`Na
!5u+Y2+
<iSw~`
gW7m>G
-VWM!GW
<E&n;m
d?6. |
VNN$ 1
YsReE#
Y!7es0
)I;?k-
%##m;h
4$Damq
+cSkP'
|W_7q)_
T*,&mZ
+HC; y
w@L8./D
a!h_)A&S-!w
69rw~&N
e=iCAa
"^Y9Uz
[BU2R(
3Z(m!`q
4=m}uR
*Eu5Zm
08G>w-A{
c["Y\N
?OZn:^
|#}PC{
fEaG?)Z
u-U|hy
q|4lb3k\
^^wZd0
}OiQI5'
q9>kA4
u*Sm/k_5`
mzKmuF
c;cZSB
TTw@[]
)]z/BPh
D85eQ[
&p_4*Xv~
n;c5jw
?2.~^z
1U8 |fZ
^q{~/E
\>Eh	4
@dCIJ0
D4'{kq
.J.2+9h
RTKeP,
lHp';z
&P;;i 
z/Z0D@]
8RCyCV
==$!?s
,\)\+$#Yo
mV.x<I
O)/-''
%9\JSl
5.USG>
AP-)_w
7T3A =
SlKiFS:k
|qNU^H#!
o-1ypr
okvg.7m
#Be[ev
L,PAP]H
j9YGvf
k>4}L0
O6r=<y!5"
*F\KSH
u-8-R	V
lWyESs
=tsS[.O 
zi'B7!L1w
\XdEe\\
')'0vP
R]`g/Z
4DO5)19w
0wk?Pa
<9n3+zJum
w~L f;
]TrXr9\
BR\ScF8B
I}&$Rf
dR>fbRX
8p->{#
rU}Hg 
vmr>I7
2E(a	g]/
~dUWd^N
	r%Y$q
(vhM^s
AxI<]	p
Rd9?JD
!lj<}U
?3-V(G3
Mgd`7%
G-X4 ;
bl tbD
^%T@p+q
Ooch"rq
jmNgO6
VirtualAlloc
VirtualFree
VirtualProtect
u6AQVj
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
ws2_32.dll
shlwapi.dll
dnsapi.dll
ole32.dll
shell32.dll
msvcrt.dll
oleaut32.dll
user32.dll
TranslateMessage
RegQueryValueExA
PathFileExistsA
DnsQuery_A
CLSIDFromProgID
SHGetSpecialFolderPathA
??3@YAXPAX@Z
MessageBoxA
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
HrCg@b	g 
)JP`Hps
\_cf^aeHadg)bej
)uqrB]Y]_mhl~
adh~adj_dglBfio)tmoHzrs_phi
hkp_ilqH|wyf
{}~|wy
kns~lotf{vx
[XWfOMP~MFL
f;7;H=:?_KEJ
HB>F)A<EBKCL_+$#~
~~rj_{ngB
ti)E@I
C>K)KCLH)%$f
GNSZdZ]i
`cgdadhGcfg'`ch
_U[c|RT_
cfj|cfj_dglBgjo'
Gwru_wrs}nhj
dgl}eho_ehmGzrtdwoq|{tv
fin|ehmdytv
EAGdFBI|CAE
dB?CGE?F_A<F}A=E
wo_umbGEAF'E@JBB<H_C=G|RJR
_?7.BH@6'GAM
GBK'D?HGF?IdTNS
beidadhG
cfj|cfh_dglB
_vz|}psu
dgk}fin_gjoG
dzsv|xru
dgl|ehmd
C?EdE?G|C>G
|lcZdCACGE@F_D>J}B=G
}{sh_G>6G
GAJBE@J_D?H|D?H
@52|D:4__VLB
E@JGD?HdD@I
tuvwxyz{l|}~
fgYYhijklmnopqrsXYZKY[\]^_`abcdeJJK=LMNOPQRSTUVW;<=>?@A3BCDEFGHI+,-./0123456789:
 !"#$%&'()*
pADBBB
CCBB@9[Y
jj@a?j
aa??QR
OOOOb;
WWWWWWZWWPWQ}
WWWZZW
stqqfjj
WWWWWWWWWWYiYeS
zlllllss
f]Sgpqpdde
YYYkYhfffhXe
sssxxxss
]J)dJedeedQyQdegfegghhiYp}z
sssssxsxx]
r^Jer_^depQepQQegf)ffhhhkd`zssssxxxxx]]t
fQSer]^qppfff)ee)ghhfgffheSzssssxxt]x]tt
efdlqed^eqQhfpgfdQehiggfeg)szsssxx]]xttttt
epgeRqeqoeqQge)hhecefhghhfgf]zssx]t]t]tttttt
pdfr^efQ
edRdfghigfeeggk
hg)]zsssx]ttx]ttttt
pppeedegeJdhqddfiihigQgfiifiglssxx]tttttvtvvww
refeepdff]QhredphgfihcgfigpkgSsxtt]tttvvQQwwww
prffrdQegppfeeecppefhhggihfkeJsxx]tt]tttvwQwww
pefgrdQefepfeeeedpeefhfgkhhiclsx]]ttttvvvvwwww
pppeeeeeppppefdefeffee)ehhhihQlx]ttttttQvwQQwww
epddqerfeQddpgddfghg)pdphggkg]lxxttttttQvQwwww
pdQdpeffedfdQ~f^dg)fggcch))k)oR]xtttttvvvQQwwwwwqdddeeffpphd]fh]^epphiech)eieo]ttttttttwQwwwwww
gedQdeffQQefdQgi
)pc)hgQllt
pfpqdpereQQerQ^fe
cacyyk)Qphh]lRstttttttQQwwwww
eeppepeeQQpeQ]dQ)Qb
)l)fQpkfRl]t
pdpeppqeeQdeedmmceybc
pl)Qpkfllm]ttttmtmwQwwwww
pdeeeqdepQpeepQQec)d
kQepphcSlm]]]]tQtQQQQQQwQ
ppeepddpeQqpepdQpefcI
gf)ffp]Jl]sRtttttQQQQQwww
ppereQQeedqdqpeQccbyhc
c)hhQll]]]ttttQtmQQwQwwQ
eepdddppQQQdppQdd]^hiQ]Qhh]zR]]x]]]tttQQQQQQww
pedQQdddQQQQdpd^Qcc]]ghpqfpl_tmRss]]tttQQtvQwww
dQdqpdQQdQdddd^dec]]egffds_stt]x]]]]t]QQQQQQQqw
QQQdddQQddQdQQmQcpQ^pffplSl]]]]u]]]]v]QQQQQQQ
wwpdm^QdddQdQQQQQ]^eepppdRSS]t_Rmu]]]tttQQQQQQwpwweQ^]^QqdQQQm^md]^pfeQ]]zSlQt_stx]]]tvtQQQQQQQcwwQ^RR^QQQ^QQ^^mdddddQRllJlsxssR]sx]]]t]QQ]vQQQQ
]RoR]^]]]mQm^QpreQ]Rl_lRRlls]Rxxx]]]]]tvtvQQwww
ll]]]RR_dddfQde]RRRRRRR]mtmmmt]l]Q]]]vvttwwwp
]]]]mmqfq^Qn
^oRRRRRRR]tttmmm]]vQQtvQQwwwwwwQp
lo]QQdqQ_I
nblRRoooRoR]]^^m^Qccpcpp)epppe
^QQ]lJ
^^^^^^^^^^^^QQQdccpeeefff~hijkYY
WWWPNN\\!!!N
&K\!!M<N<
>44444
444>>>>>
,,,,,,
<