Sample details: d79e968c3835b471a6a6cbcc82468af4 --

Hashes
MD5: d79e968c3835b471a6a6cbcc82468af4
SHA1: 9ccb57264d4b5ddf07830d7a21f90c4a8e0c3748
SHA256: d08384c830af4fd8ec015213b517e1cea32d3d1e8c7902a45947161d7c6ef591
SSDEEP: 12288:U5atNTgRn0NjilfMOIuwY+bjUmnfs4WZ3AuZs:U5QTgj7s
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/PureBasic_4x_Neil_Hodgson_additional | YRP/PureBasic_4x_Neil_Hodgson | YRP/PureBasic4xNeilHodgson | YRP/IsPE32 | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/PureBasic | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Parent Files
516e1004140e6a5573cb2ad0ec64c0c2
Strings
		!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
\$TK;\$(
PPPPPP
PPPPPP
PPPPPP
PPPPPP
PPPPPP
PPPPPP
[_;\$(u
v	N+D$
t3Ot"Ot
D$ PVW
{_^][Y
VW9l$4u
D$4$0A
\$89l$<u
D$<$0A
L$@9l$D
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
jPjCjnh
D$$PVS
f9LD6u
j\Xf9D~
QQSUVW
tcj"Zf;
_^][YY
SUVWj 3
]jD^VP
t$,t"h
D$TPQRU
t$8RRVR
9|$0tM
9|$0t@
!~(_^[
j\Xf9Ds
j\Xf9Dw
HtOHt5
t9V@Pj
<_^][YY
3D$H3D$<
3D$$3D$@
3T$(3T$D3T$<
3T$,3T$
3T$03T$
3T$ 3T$
3T$H3T$
3T$$3T$ 3P
L$X3P$
3T$,3P,3P
3T$03P03P
3P43P 
3P83P$
3P<3P(
3W83W 3W
3S<3S$3S
13q(3q 3q
3q,3q$
3q03q(3q
3q43q,3q 
3q83q03q$
q<3q43q(3q
13q83q,3q
3q<3q03q
313q43q 
3q83q$
3q<3q(
3r83r 3r
3r<3r$3r
13q(3q 3q
3q,3q$3q
3p43p,3p 
3P83P03P$
3P83P$
3P<3P(
D$h3H03H
\$03\$X3\$
3P(3P 
l$X3P,3P$3P
3T$L3T$D3P
3T$H3T$@3P 
3P83T$L
P(3P<3T$H3P
D$,3A<3A
?vMj@[+
t+h$7A
D$0RSP
W@;P s
s<u";i
W@;P(s
Gh;G\sY
Gh;G\r
M;t$8r
T$8#\$
T$8#\$
|$ 9O@
D$(+D$
D$(+D$,
D$,^][_
N(9N0u
F,][_3
T$0;l$<
_^][YY
RtlGetVersion
SHBrowseForFolderW
SHGetPathFromIDListW
GetLongPathNameW
SHGetKnownFolderPath
0123456789abcdefK
InitOnceExecuteOnce
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
Qkkbal
[-&LMb#{'
w+OQvr
)\ZEo^m/
H*0"ZOW
l!;b	F
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
 inflate 1.2.8 Copyright 1995-2013 Mark Adler 
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
memset
MSVCRT.dll
GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
KERNEL32.dll
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
USER32.DLL
GetStockObject
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
CoInitialize
CoTaskMemFree
OLE32.DLL
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
SHLWAPI.DLL
PxIDATx
xPK)I%$R
623$93
s{~)%^
_mwx0W
{~}:NS
iTx0Wc
PuLlCG
c$\bMC
$3,U^*
	\aL`&
<y6pJ!
(=n|N2
,WK,V\lCGf
|O/1&0s
;vzG0s
~x_&t-
@^;`rrL
^]DDIB
)(Y&sY
$UI=~F
8G*%m/
mbgYey
:K([&?
gL"NSFQ
1BF\lL@d=
_BMA*%
s5^kV([
eAJUEh
0RY|2e
a'QM6A	
MR)Y(;
!NS:^@k
{Es/gt
ib{kvW4V_
~Gw{tr
n<J!Ghr
t;Kb}<t
RchwH|rGK1
|AyI)=
S2u%Gd
nqipmWBB
^c-ewq-
$_7=WI
\+<>%To
pdHqLp
cU=	kq
y>NN{-n
!zK>w"
x}'IvQ
Ca5]$ 
<cYEIf
[\{-`Y,
3`_T0v
U4^[3:
%5G~$g
'Q3-!j
95V12"
F _SY;
,ty7[c
,K7KPW
:SJ+"n[
uJc\yb$us
ut[1 j
B.'a|,
urbfjO
o`	^?_#
G9$qSL
n]``(g
?}XtaSh
qo[xCn
,5$Zri[{
"sVkyS
jb|0uRXE
v&O?.jC
=Ssk-q|k
XEK8u@
~S'9}"
x;nBFm
66(>b8*c 
2TYod&
U hnJf
7TiROmgT
hYc0;%
y?nLlxJ
9m<+YY
bpvRNE^3l
4rbz^L
)jSUC>
x)vSet
*)T^9OW
$]S{I#I
a~g"Wc
34t	G%a8[
^C#k^dr
1D'QdL
cV\_U~
?mr?=[
hMu[9j
3BB4R;
q2b@k?Mjk4
>*6&(4
uxuq((rkK%DJ
FdU3_|
s*dX'Yh{
.xF[ Ba@
F^4yIpv
OeP~|#
g<$[p8
@YR_$gk
Hd#rw&F
Thi1g6
LZcF7>.69
z\?pKp
)>\YG+
{H5+=u
d-!&59
sJ!7i$e
hZ,bv>
U*VHwe
v<G0/V
>`Qo%su
*fK(=Y?
8,Ff3kw
uKG2DGrM
H1kslgb
l"ZYA\
)' : ^
|I8Ev4
yhw]MS
4Q3UIW
,_i^)F
0[&4"Y
-W8I-]
ia`/,l
{2-@DH
tcbS1\
49YS@7p
=j),3,B
XXnq/)
DUP0,2
bDx1D" 
7D$[@	f
ElguYV
$MK;Bg
v\\x|%LyH
H4-+	[X\%
hiP}MR
Z'OKA<3
+0ZY*b 
bYEM^s
V4{!)I
8:'$Kb
8?PHan
(o=|AES
C8Bq-N
gnPN'm
1OuWsjV
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="CompanyName.ProductName.YourApp"
    type="win32" />
  <description></description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*" />
    </dependentAssembly>
  </dependency>
</assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING