Sample details: cafb743ef4ea268f90b2386dcff05898 --

Hashes
MD5: cafb743ef4ea268f90b2386dcff05898
SHA1: 5325e71734af4452ff42df33009be2592a3445c5
SHA256: 1d729e3b9de64a05b4240c010791bd8e2958de05d44716f955a0a839ee1b885d
SSDEEP: 1536:FZbrSV96vyW3xO79wE+nGZlY/zLkNgKUceUK+g:FRmVwaW3Q9wtGM8gfcVHg
Details
File Type: PE32
Yara Hits
YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/contentis_base64 | YRP/domain | YRP/Microsoft_Visual_Cpp_V80_Debug | YRP/Microsoft_Visual_Cpp_80_Debug_ | YRP/Microsoft_Visual_Cpp_80_Debug | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/screenshot | YRP/win_registry |
Source
http://guysfromandromeda.com/GhQxIP
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
D$(%.(
D$(%@dU~
L$++D$H9D$0
D$p:\$K
D$$53!
D$4MDCz
\$H=+S
D$T5g3
RasGetAutodialEnableW
RASAPI32.dll
AreFileApisANSI
GetLargePageMinimum
lstrcatA
FreeConsole
GetOEMCP
KERNEL32.dll
WS2_32.dll
JetDeleteTableA
JetDelete
ESENT.dll
RegSetValueExW
OpenSCManagerW
RegCreateKeyW
OpenServiceW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ADVAPI32.dll
UnhookWinEvent
GetActiveWindow
CloseClipboard
EmptyClipboard
USER32.dll
InternetAutodialHangup
WININET.dll
PdhOpenQueryA
pdh.dll
LZClose
LZ32.dll
rsDx	w
[0W,TczM
"9(/ H
`xUw2G 
<PgV_eSg
%ourpm
x?0i0*
qJq$og
+kT=dC
j_;54l
6-{r(\,
dsZF~N
v#a#n3
tvjw*w
O$ZE4	tC
Cr.Oqv
nAQ:>A8l
/C@VJS?
gDRe	j
n&a59Y
;i&~LU
C$Ph!B
^ad?Ap
FiB];/
/%M9(-)
FX|qU,
(.=$G;
-a\tFYVd
='qz):t
Q-}v%:
.Lk_VZ|E_
PDn2{2
'D_jblN
VWCq"5
K7Nf%-
wa!_M5
7m:1)K?
)Guud?BD~QZe
.G?:ka
15TvbV
='qblZ
JHpvoW
]-lazsw7Q
<jW-a\r
llSx>/
H4Rg*?
q{~Mll
Q&vF/b
@^i.$j
5||Ct3
*XeD?b
#m|s"i
6^W`Vy
UR)uQd
ILg_:\
q}HcXo
M<sY\G
jL0 'w
7{aefP
h%tm\2
[Kz%9qF
B*/r6/
Ai}ZY3
/VLdT,F3
(J>/DW\D
_!<{SzT
$N`nYC
XK@Zz,
PJyI;b
*E.`DX/l
/{[YF4
$m7~s5
pwLjtX[
r|*T~M
_j}gXx
J>&bPy
x9UjL)Z
NU%t|x
Lw1}iZ
)dcQ)k
yhhCG`
_Z3	L27
}*h*u:
udd?B[
v#a#n3
Ob_! 0
'T~ZW\
xzu63p
JERJERB
ERJERWGW
ERHERJW
JEREHE
REHJER
erhe@@#FF
GGw###$22
\system32\ntoskrnl.exe
Zkal@magl.com.pdb
#3)3d3*5>5
414H4x4
8 8&8,82888>8D8J8P8V8\8b8h8n8t8z8
0 0$0004080<0@0D0H0L0P0\0`0d0h0l0p0t0x0|0
1 1$1(1,181<1@1D1H1L1P1T1X1d1h1l1p1t1x1|1