Sample details: cda3757b87c0628614f8f8763d54fd41 --

Hashes
MD5: cda3757b87c0628614f8f8763d54fd41
SHA1: 9ca72795d049494e80c5fdeb51e7808c7c38fd97
SHA256: 6b712b75cc3a2a3e67d492a6d4af1f9b753ef98694d99f5055f7116351c2de64
SSDEEP: 1536:Lb8xI/yfTbD0X63uL0KuA4oqwqPzlH+YaPpZWIA1nDnUen:LbEI/yfTUAKujJzlePmnnDUk
Details
File Type: PE32
Yara Hits
YRP/possible_includes_base64_packed_functions | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 |
Source
http://prikolsamara.ru/GvlXccvG/
http://rompamoselcirculo.org/NTcaE/
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
Dl5g9IJf
D$X5q#+e
ffffff.
D$xhd!S
D$p3D$x
L$ +D$89
D$,9D$Dr
'3bk;D$
D$@Q	#i
D$<9w@3
L$(iT$D
L$,9D$
R>	+D$,
D$|5Vr
|$$P	BC
T$X9T$D
|$PB=33
GVMpgV3gIwmym.pdb
GetInputState
wsprintfW
RegisterClassW
USER32.dll
GetCurrentThread
TransactNamedPipe
PeekNamedPipe
GetOverlappedResult
lstrcmpiW
OpenThread
GetThreadPriority
CloseHandle
GetModuleFileNameW
CreateFileW
GetFileTime
CompareFileTime
FileTimeToSystemTime
GetVersion
VirtualQuery
KERNEL32.dll
AddPortW
WINSPOOL.DRV
memcpy
ntdll.dll
RasGetSubEntryPropertiesA
RASAPI32.dll
CryptFormatObject
CRYPT32.dll
PathIsPrefixW
SHLWAPI.dll
C6o&T}:
@2,bv|4t
k:[&.N
:W&>B0
 *ZNLi
c=k	8O
hI))J>?
iwrrA*@:
{ *RNLf
ohQ?@G]9i
wXQ?@G
jLfIU@AF
^&	bs~
v&.6*=7
o<S?@G
&`(f52
g4S?@G
KD,Rrn
.f$.:0
A&vi)	k
6TnA#H
yC97.J"
^Izv&.>
Fg~}tsI
H))/=?
H)).=?
H))p=?
T@A,H))
H))0=?
T@A>H))
H))!=?
P	RM][4
DsO	Z=
O"cw>{
gib`qSvk
H*+jxv|
Ze#Fzr#[	
/lD%%k	
C{KoRV
@fI#fR
`Ua6H=J
R=YL*r
+RRf,xk
OF~X"?,,
reyv`q
%a;`Hp
dp4Zs9T
S7Xb"M
3H>3zZ
[ESknS
L.d}ej
`e)Kur
C{KoR89
ZP+a^ 0
,Q>t&rU0	^T
k`+"!E>`)o
W(p-N[
&2|?id
0=v#/E
!e;$`OBz+
mK7c]x
k`-"!U><^t
;xeew^
;F>2{\
(4s!zC
QkK5$R
$Z<b;I
[m0t(j
r7[]tkl
=r a]d
dg)&Gf
)GRw<,
n_7}	B
Y`	={1
M.Dg*b
N<RZgA
GO*YZ^
JjXdwv
M]tZQ_P
`:\?Ec
s6D0}/<
R=YL3r
Gc=r#[	
ZL_w`@
OF~X"?,
myXvJ,
*Z<O	^U0
?)58[:A
@W"&jj
U4JAYbB
d=/\yL
0\eT;Ub
;\^~:d
0=v#/E
OF~X"?,
>+0UL^
}%2.2X
7MS Sans Serif
martSn[\n
NirSoft #%s
:%3.3d
aveFilt
IPAddr
mmH+!rZ
ecomprs
o)sHTTP#UseD
F+HostNY
kOCRnR
CaptuFOnProg
LojPacket
DisplzCyO
ithc#Tm
~cuous*
HighCh
module{Regis{
=$EB	\
LMgthX
"""" p
""""r p
'""r"r'"'""r 
"'""r"r
wwwwwwwwwwwwwp
fhpr"w
"""z*r
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"
</dependentAssembly>
</dependency>
</assembly>