Sample details: d2a3ac7b7f79cdd211590623ebfde0dc --

Hashes
MD5: d2a3ac7b7f79cdd211590623ebfde0dc
SHA1: 086cb767e2fc5e058b14643fa803140e0656fcda
SHA256: 156a15f3a6f9221792f48e6a8665b92fc6907b7f38e6430a5adccdc4b53170d0
SSDEEP: 3072:k21Mo02tLZvCFjHC8N6UzYVd3t0YQBqyf2fYcJbybpoEwaM3k9SX:k5o00Naj23t03q9YcUoHR04X
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://lorne.diywebdesignguy.com/tnaowyf.exe
http://pamedya.com/dcmfwll.exe
http://dkck.com.tw/afcuaca.exe
http://chesworths.co.uk/ibwimac.exe
http://pamedya.com/dcmfwll.exe
http://lorne.diywebdesignguy.com/tnaowyf.exe
http://dkck.com.tw/afcuaca.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
QQSVWd
URPQQh@H@
;t$,v-
UQPXY]Y[
< t1<	t-
QSSSSj
WWWPWS
u-PWWS
SSVWh 
f9:t!V
|VWj=S
j,hPgA
QQSWj0j@
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
v	N+D$
v	N+D$
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
CompareStringEx
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
"B <1=
_hypot
_nextafter
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.tls$ZZZ
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
MultiByteToWideChar
GetConsoleWindow
KERNEL32.dll
ShowWindow
USER32.dll
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
ole32.dll
OLEAUT32.dll
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIUnknown@@
.?AVJSEngine@@
.?AUIActiveScriptSite@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
435T5d6|6
;(;-;6;R;e;l;r;w;
="=(=:=D=
?K?\?a?f?
1$1,141<1H1Q1V1\1f1p1
2 3(3<3T3Z3o3
4-474E4`4k4
5K5Z5a5
5J6e6q6
7:7C7I7Q7V7|7
7I8a8g8q8
7+8084888<8
<P<`<w<
= =%=*=Q=Z=_=d=
>E>M>R>b>l>
J0u081
2(2.2I2q2
3E4H5Y5%7A7a7o7v7|7
:(:X:F;P;];
;L<S<f<
0%0<0C0O0b0g0s0x0
1]1o1w1
3K3V3J5T5s5z5
<!<:<M<
=)=a=i=
='>N>h>
1E1K1x1
1#2,242
4p5)606]6d6
6 717K7T7a7k7
72888G8`8
9N9^9u9}9
;:;E;J;O;j;t;
</<K<V<[<`<
=)=4=A=V=a=u=z=
263E3W3i3
4 4:4I4S4`4j4z4
5%577d7
;/<;<O<d<
>=?D?N?d?
#0Z0l0
1/1K1o1
2 3-3:3G3^3%4
6U6d6r6
7'898K8]8o8
8 929D9V9h9
5N6X6{6
7/7D7[7~7
455@5P5
=!>H>S>c>
?0?F?P?o?
%0N0l0
6$6T6x6
9I:Q:Y:a:i:
3C3O3[3n3
4!4-494L4p4
6c7i7n7t7
3A5^527N7
?!?%?)?-?1?5?9?=?A?E?I?M?Q?U?Y?]?a?e?i?m?q?u?y?}?
@1H1L1X1\1`1d1h1l1
3 3$3(3D3H3L3P3d3h3l3p3
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,606468>@>H>L>P>T>X>\>`>d>l>p>t>x>|>
8 8$8(84888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
*1.12161
;$;,;4;<;D;L;T;\;d;l;t;|;
T<X<\<`<d<h<l<p<t<x<|<
=$=(=,=0=H=L=\=`=h=
>$>(>8><>@>D>L>d>t>x>
?,?<?L?P?T?l?
@3`3h3t3
4$4,444<4@4D4L4`4
5$50585d5h5p5x5
6(6H6d6h6
7(7H7h7
808P8p8
6 6$6@6D6X6\6`6d6h6l6p6t6x6|6