Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: bfa0b7bda5856cc1d483ee7a474aae0a --

Hashes
MD5: bfa0b7bda5856cc1d483ee7a474aae0a
SHA1: 3ec750bbcb374cc6db53972829d81c212f472478
SHA256: fe80882600bd3bb899ada93f5ac4ed37c41879e1e4d503c4f8cfb012eb213086
SSDEEP: 1536:xqNeyza/9SxYqCqqxhYp7nkFvfdNLsoVhQsHScbWpsWjcdcET72ZlW:xqTscxYqCqeQkFHUcRcI72Zl
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Strings
		!This program cannot be run in DOS mode.
Richwn
`.rdata
@.data
@.reloc
PQhp A
uChfA@
<v5hBVA
htHjlZ;
HHtXHHt
nt'joZ;
YYjgXf9
>0t<NAj0X
Y;=,LA
~pjCXf
j@j _W
< t8<	t4
j$hp'A
tf= MA
~';_t|%3
v	N+D$
URPQQh c@
jA[jZZ+
PP9E u
;t$,v-
UQPXY]Y[
PWWWWV
PSSSSV
+t"HHt
,SVWj0X
Wj0XPV
v	N+D$
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
(null)
`h````
xpxxxx
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#SNAN
1#QNAN
CPExportKey
C:\Users\Fabian\Documents\Visual Studio 2013\Projects\CryptoOffense\Release\CryptoOffense.pdb
GetModuleInformation
PSAPI.DLL
VirtualQuery
GetCurrentProcess
GetModuleHandleW
WriteFile
GetVersionExW
CreateFileW
GetProcAddress
VirtualProtect
CloseHandle
KERNEL32.dll
CryptExportKey
CryptAcquireContextW
GetUserNameW
CryptGetKeyParam
CryptReleaseContext
CryptGetUserKey
ADVAPI32.dll
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentThreadId
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
RtlUnwind
HeapSize
HeapReAlloc
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetStdHandle
SetFilePointerEx
WriteConsoleW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0"0*0H0]0y0
3&3+31383=3
6.6R6t6
7A7K7Z7p7
9$9/959G9Q9Z9
;%;,;3;;;C;K;W;`;e;k;u;
<G<O<V<g<m<
=&=9=D=I=Y=e=j=u=
=V>m>z>
> ?%?1?6?U?
0?0W0a0}0
2L3f3s3
3#4T4a4j4
415A5W5v5
5*6R7g7
929J9V9e9
:':I:d:}:
:";.;n;
;"<(</<
< =T=i=s=y=
0 0,0;0F0d0
141<1I1N1i1n1
2%252=2C2R2\2b2q2{2
3&3+31393>3D3L3Q3W3_3d3j3r3w3}3
4"4(40454:4C4H4N4V4[4a4i4n4t4|4
5'5,525:5?5E5M5R5X5`5e5j5s5x5~5
6&696O6X6d6o6
777L7R7
;%;-;3;?;D;I;N;W;
=P=X=i=
0'0_0t0
1	272b2
7&7,727:7@7F7N7W7^7f7o7
9B9O9T9b9C:i:t:
=.>D>}>
>C?N?]?}?
52686D6{6
<!=(=,=0=4=8=<=@=D=
2#2S3a3x3
4 4(4B4a4v4
8[9(:W:`:
010C0U0g0y0
:N;n;4<I<v<
=-=6=@=g=z=
=7>@>J>^>
>#?=?M?t?
0@1I1S1o1
4I4S4r4
4*565]5s5
6S6\6e6
8N8X8^8r8~8
;";&;+;1;5;;;?;E;I;N;T;X;^;b;h;l;r;v;
>!?G?e?l?p?t?x?|?
J0U0p0w0|0
1 1$1n1t1x1|1
7T8m8|8
81<1@1D1H1T1X1\1
2$2,242<2D2L2T2\2d2l2t2|2
T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
64686X6x6
7$7(7H7d7h7
808P8p8
909L9P9
1p5t5x5|5
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;|;
< <$<(<,<T<d<t<
= =$=(=,=0=4=8=<=@=D=P=T=X=\=`=d=h=l=t=x=
2(202X2`2p2x2
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
130521000000Z
140604000000Z0G1
DigiCert1%0#
DigiCert Timestamp Responder0
https://www.digicert.com/CPS0
2http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
2http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
120412000000Z
150616120000Z0O1
Thalgau1
Emsisoft GmbH1
Emsisoft GmbH0
C<r4f[
IMzy$i
(http://crl3.digicert.com/ha-cs-2011a.crl0.
(http://crl4.digicert.com/ha-cs-2011a.crl0
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0P
Dhttp://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
110210120000Z
260210120000Z0s1
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0I
=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
zM=&F0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-10
.http://www.digicert.com/ssl-cps-repository.htm0
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
DigiCert Inc1
www.digicert.com1200
)DigiCert High Assurance Code Signing CA-1
http://www.emsisoft.com 0
iXXn2Z
co/xo~
DigiCert Inc1
www.digicert.com1!0
DigiCert Assured ID CA-1
140401173852Z0#