Sample details: e659ab2b3efac4d79791299845b2cb99 --

Hashes
MD5: e659ab2b3efac4d79791299845b2cb99
SHA1: 85d59a6529440fd6fcf084770b71c2dcb7b3a990
SHA256: 5fe38fb3e846e268f069ac35c742d19f8cd2d40ef6579a2e2d6ec322fea935d1
SSDEEP: 1536:V/7ATPtVBh1bOihKJUpGMubpREV3v+EiRdau8uej0N:lEHSiYUEMubzO3WvRdaDfw
Details
File Type: PE32
Added: 2017-11-24 00:46:44
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library |
Source
http://mekizmir.com/mrjqKa/
Strings
		 undern32
 be ram must
This pro W
`.rsrc
@.crt0
.CXT00
.CRT0m
D$487%C
T$D+D$4
D$0cNkn
D$0;g	
L$l+D$|
L$HiL$HM
L$p9D$L
iT$lu!9F
D$G:l$G
|$t"D$c
D$@Mt 
D$@50:
D$8:\$/
D$DF@Ft
J,B1mt
>x,2{^
4#p?5U_9
E\AJs:
r;)c$~z_sC
04Q1`[
E#K-W}
E$K-W	
qt1P[Z
mx\""?+
M|Rl6;?
=4	\\1
kM 1|m
4g9dhL
`ZN&pf
8k&7-J
e3JlI6)
l89X=^
{AZXBw6
*}FJ%o)s
trmy")
<F|pya
,zz"XQ
BA(CMh
jBkg2M`\
VrCmNQ\
hz*?Pw
K<; g|
4@rys$
Kevy}l
{IU;b-`D
TBRxk!L
Yzm89|
lw[""@+d
JFXAFYmJTXwPWDIL
SCardEndTransaction
WinSCard.dll
SetupLogErrorW
CM_Set_DevNode_Registry_PropertyW
SETUPAPI.dll
DragAcceptFiles
SHELL32.dll
ExtTextOutA
CopyEnhMetaFileW
SetPaletteEntries
RealizePalette
CreateRoundRectRgn
GDI32.dll
NetApiBufferFree
NETAPI32.dll
IsPwrHibernateAllowed
POWRPROF.dll
fflush
iswxdigit
msvcrt.dll
DsCrackNamesW
NTDSAPI.dll
MprAdminInterfaceSetInfo
MPRAPI.dll
CryptMsgGetParam
CRYPT32.dll
Module32First
GetACP
GetOEMCP
GetSystemDefaultLangID
GetSystemDefaultLCID
DefineDosDeviceA
GetProcessHeap
lstrcpynA
GetCurrentProcess
AreFileApisANSI
GetCommandLineW
VirtualQuery
GetCommandLineA
SetSystemPowerState
GetModuleHandleW
GetLastError
GetCompressedFileSizeA
SetFileApisToANSI
SetFileApisToOEM
SwitchToThread
ConvertFiberToThread
KERNEL32.dll
RegEnumKeyA
EnumServicesStatusExW
ADVAPI32.dll
GetMenuItemInfoW
AdjustWindowRect
IsCharLowerW
USER32.dll
OLEAUT32.dll
GetUrlCacheEntryInfoExA
WININET.dll
WS2_32.dll
ImageList_GetIconSize
COMCTL32.dll
CoFileTimeNow
StgOpenStorageOnILockBytes
ole32.dll
6p-vMTZ
NF!PuF
m[Wn!>"
Yp]$:~
]g,Y&b
I^y7DuB
,kL)4Oq
* uE}WhV^V
K;2u1mr
+f75DA]
(>P;\H
.BlRGo 
S/k<U!
`/S!oDu4
w] )Vj
VwlIr{
E}DD'P
glqf)eP
y9LSPM
(50Qx*:
?MenyA
o[`sua
cPwXGm
HQqU B3
iX0zm>
}H@&<	
tK!&E@
ezk95%
LPWc!S#
Jqu]@mjI
(=`W?^J
E[{Z2R
|dN&p^F
vOwBXE(
tB:LE2
IczIq=
@07 =5}1k
zG:<A^
9#i.?+
87L!~*=>
kI0W`cv
`D8 >*
I^yvdu
:-`D.j
S.zEFk
{f]%7]
mx\""@,
!//GqR
J_yveu
mx\""?+
BF3#~.>;O
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
    <assemblyIdentity
        version="1.0.0.0"
        processorArchitecture="x86"
        name="Microsoft.Windows.Feedback.Watson"
        type="win32"
    />
    <description>watson</description>
    <dependency>
        <dependentAssembly>
            <assemblyIdentity
                type="win32"
                name="Microsoft.Windows.Common-Controls"
                version="6.0.0.0"
                processorArchitecture="x86"
                publicKeyToken="6595b64144ccf1df"
                language="*"
            />
        </dependentAssembly>
    </dependency>
    <asmv3:application>
       <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> 
            <dpiAware>true</dpiAware> 
       </asmv3:windowsSettings>
    </asmv3:application>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
        <security>
            <requestedPrivileges>
                <requestedExecutionLevel
                    level="asInvoker"
                    uiAccess="false"
                />
            </requestedPrivileges>
        </security>
    </trustInfo>
</assembly>