Sample details: ba050b52390d32056f79474868094b5d --

Hashes
MD5: ba050b52390d32056f79474868094b5d
SHA1: ba6e7a5931c342d71d551ee3935a2d381b44f1e5
SHA256: 0525ab1d71ea595e8789f5b880afd0e8c67fbd5f898dd2db518d049392af2dae
SSDEEP: 3072:h5BFmS2iq1UXd4KNfu4vZh+3EW6ewqR+d24RdjsngZpj1TXBPiMA9:h50UXdxNf3D+3EW6JqR+0ydjN7dXda
Details
File Type: PE32
Yara Hits
YRP/ASPack_v212_additional | YRP/ASPack_v21_additional | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov | YRP/ASPack_v212 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/ASPack_v211d | YRP/ASProtect_V2X_DLL_Alexey_Solodovnikov_additional | YRP/ASPack_212withouth_Poly_Solodovnikov_Alexey | YRP/ASPack_v212_Alexey_Solodovnikov | YRP/ASPackv212AlexeySolodovnikov | YRP/ASProtectV2XDLLAlexeySolodovnikov | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/network_dns | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!This program cannot be run in DOS mode.
.rdata
.reloc
.aspack
.adata
.qto-b
,S{EqD
fV;^=9|
j=q|;0
9N'+:F
D/-#]8`
&6&F&V&f&v&
hnj`jajbj
}kjljmj 
c#c+c4nP
rEZ6CJ 6
&l*N:. ;8
bIHipo
*f\4)`
DdwnKt p,
EFU\)	r"
();O!=
Wi9[IO
X{~qMGe8
Z	PV?M4O
)^R5/k
D{)nl(~^x
DJryjdne:
<:s,>^
3'6Mr-9d
_//iK4
O.R=UC
t	C|gU=
s~eLpM
7n+	4I
3~t\sQ
9.tKcT
hW14]4
j\Q4>R
~Kd5DU
ndk"Y^
r*K\WW
<|k@Cs
5rCm2F
{vW0\A
L>|K~rf6;
CP)bzT
63k	9	
;c<o0'
`a_S-f
Y%9j&v%
v>H&}8
jN4=;O)C
0sF{Pok
r}vv|a
LwW=Gy
+HmWq|
NjDPGSsS"|:
F/}nKi
w92e}\
<5RN| dr
AbXqE.
udV:_>
^S\r'lB
@:hRv4
`'DE:)
	3q|cKt
A\,al	
[=1re%
`.+4IE
}*U30WyG
YP8T>4v`
F\R*VQz7\
3nM03(m
aiJ8J'
//t(`U#
Z/>``Y
 Obdg0
+y`&NPd
\;	|!k
+Fv`h{
fF:{}	
M-^\ix.
q-KcMV
0T/\B`
0w \U+6f
I1rz?)
g{*r1oV
;Gt~Ue
7jYTNE
_DSy/:
r7XMi0
UOg5	H
2}~7CFf+
N4-Nsol
_E\=>\#
(/=qb7
zKN5;K
%-5=EMQZ
fjltqc
x;~W76
_\[Z[?
ijjEDV:
gCxule$
Av%hv 7r
Mi5xdk
A[$0PP
sfM8Ya
P^y"/!+PTF5a
{0gkwa
5v>5$6
W\s\pW
$tJ_]}
(|Eld&
xq,2$3
 Z$h[B
^^/|]`y!
oQ	%iJ
YF^i(!
v##9XERA
CQcj^=%	'
jntX3Hp
"W	sTq
v0`aZ)y2
K4djW+$
Eli1'u<
:[o9Sm
$eaWF3
-M%<{VM
!r+*H~
eogZr{
[j-A_5
.1uYBBr,
m0m1<p`
6Nq@*(
K1Ek23
Uy[XwA+
/uqId@
-Pdn[l
7xnfQ_Yy
`Ip[&6
MvZUO_F
\B`}92
6/8hq=
FUf30K
nBHwkI]w
a,V=~w
Y3{Y|~
i"Z${j
5(D(UL
F9{(n-+
GM [1R
l*hX[W
bK?gex
qN]6Dn
B$?`S.Y
+A\!sz&
o<N6yqR)\
nL;fPt
xBZ$-{
~3[C7]=\,|
`QA?3$)
`-VSRld
B]AV#JR
vLUA|M
NuP`2o
>vBEnx
AX$@,G
J4IH}"
 3RCP6
 9O=Ea*
(e~XnC
Unfw8(
|}8}#o
bdZ.q\
B9P,/1dRh
qEu&&B
+P1 N{
\b#]jM
QA^7"6
j5)%w:
;$zr!Y
S$"xj~'+
c%H:L/
i%~!G|:
(U*#< 
$I;zra
[,k$`m{
40Qo|S
#B~9`M
l0q>M|`+
>{+	"'
K\2*P-U
}.P!*m\
Cy&lm:
U hxK-U
n]K"ex
1s[~*.
,#-?WV
j"\0WG
d:KtHe
d((]v}r
f`JHF=}UjaT
XR6[|'
_X%Spi
.(w9`!IcU 
ezeYQODt
_}j$Wp
46~ChP`rgZ
[X8;zH
#%@a)T
Wq,K1:
'a`3zw1
I`)Ys2=
2?#wts
l\&B\!
 '/)n;w
A(YQ6d
A$0JHH
'wz&/>WQ3
eF:o[U
+fXwf:Y
]raF-U
i}=n-A|
?QW3hpu
`/~i~h
bnj{,jV
H4u.ei?
T5@|7b
_	>	li
b:38*n/
o|Pi}A
&b_?B&
Lwi?qZ
-U{SQ3.(
dj_vv5
hWYX"<
A".HFx
89]Q~s
JxY~tM
IYrrLQ
a_D2aIn
~CsDEI
_7f#<~
Sj_ZC*_
""NGYT
 Hd@,m
Z}n~;|zL<
LJsh4qL\F
\X:q ~
tB`-%7
^6Eh3Y
S~VR?[
8vvD48
vZIiWR
+^@ NH
Hrr[s.9oF
LF(OHl
J_7kHn
t\#Zb@
GZ9?g#F.j1#
~'R>S?
n$o<w|f
VirtualAlloc
VirtualFree
VirtualProtect
u6AQVj
kERnel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
 (08@P`p
kernEL32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
ws2_32.dll
shlwapi.dll
dnsapi.dll
ole32.dll
shell32.dll
msvcrt.dll
oleaut32.dll
user32.dll
DispatchMessageA
GetUserNameA
PathFileExistsA
DnsQuery_A
CLSIDFromString
SHGetSpecialFolderPathA
_strnicmp
MessageBoxA
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
_)'+~>=C
dHRZGw
&'()*+,-
]]]]]]]
$B\\\BhhhhB\\\
B\BhhhhBBB\\\\
#0hhh\\\BhB\\\
C0hhB\
$##$$B
ii#$BBB:
55:555:5555*
*!!!*!!
!!!!!!!!
$+++$$$+=
!!!!!!
=+;++;00;0
$";0;M
1!!  !!!1111!
8%24A[`
0=$"/Mr
$$+;"++6Sz
98@.9<9%
+00";&66+M
Y@98?l$$+
$$=+0//;&-66S2
::Y889l
kI$$6M^h
g8'# !(
(@:Y5.8
4>+&TR
@.e:<4jG/S?
qUTUUTSSh33'' <X
-/-M-6rM";66mQ
 ";"""&/M&M6/s
ZxWOWW4%99.
'%%%% 
"""""&&&,&&&s0&
%% 4 %
 ######
3(' Qf?'!  
7,LVLLLLF"N
zHHHAR
,,FEFFLKKK
VVpUUT
77,77,ELLKppI]I
SB>ZjA!'####
&&&,ELVKV_I]DDC
77))))
BlA####1
,777,&)))
&77FLVp
,&,,7,,F&))))
"NN)&--FK
E/&&7&,,&)&)
&-/-6q
///---/&
""&&--/
II]]Tn
6//--,&&,---/
^TDCnn\
++$+NNN"
66aq^nCCSBjQ2
7;0aa6
?kernel32
kernel32.dll
RegOpenKeyExA
RegSetValueExA
RegCloseKey
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
OpenProcess
TerminateProcess
SHGetSpecialFolderPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
lstrcpyn
program internal error number is %d. 
DLL ERROR
:"%s".