Sample details: e8e1fcf757fe06be13bead43eaa1338c --

Hashes
MD5: e8e1fcf757fe06be13bead43eaa1338c
SHA1: 7a976e6b79c78d0bdc2140f7a0aab45ccc848c0c
SHA256: dea3a99388e9c962de9ea1008ff35bc2dc66f67a911451e7b501183e360bb95e
SSDEEP: 6144:bRGF50eRU9YdT/d05hAhTpYJbKIAtoSmsXh0jo1O50zbp0Z0jo58m:bRY0sUKdba5hAHiZZom
Details
File Type: PE32+
Added: 2018-11-14 07:35:04
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/RC6_Constants | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
fffffff
d$0u:H
fffffff
SVWATAUH
@A]A\_^[
@UWATAVH
(A^A\_]
ATAUAVH
 A^A]A\
WATAUH
 A]A\_
ATAUAVH
 A^A]A\
 A^A]A\
|$ ATH
WATAUAVAWH
 A_A^A]A\_
AUAVAWH
A_A^A]
t$ ATH
l$Xfff
fPL9fXu
gfffffffI
fffffff
WATAUAVAWH
gfffffffA
gfffffffH
A_A^A]A\_
|$ ATAUAVH
\$(fD9(A
A^A]A\
WATAUAVAWH
A_A^A]A\_
SVWATH
HA\_^[
l$0rHH
UATAUAVAWH
A_A^A]A\]
WATAUH
WATAUH
H9q tbf
SVWATH
8A\_^[
UATAUH
UWATAUAVH
A^A]A\_]
@UVWATAUAVAWH
@A_A^A]A\_^]
\$ WATAUH
 A]A\_
 A]A\_
UVWATAUH
PA]A\_^]
gfffffffM+
USVWATAUAVAWH
A@H+A8H
gfffffffH
gfffffffH
A_A^A]A\_^[]
@WATAUH
fffffff
gfffffffI
@A]A\_
gfffffffL+
fffffff
@UVWATAUAVAWH
A_A^A]A\_^]
gfffffffH
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
D$ dE3
D$ dE3
D$ dE3
D$ dE3
D$ dE3
D$ dE3
gfffffffI
D$hH9D$`ukH
D$ dE3
gfffffffD
D$ dE3
D$ dE3
D$ dE3
gfffffffI
A_A^A]A\_
[(@:=/'
WATAUAVAWH
 A_A^A]A\_
@UVATH
@UVATH
gfffffffL+
fffffff
UVWATAUH
A]A\_^]
SVWATH
8A\_^[
|$ ATAUAVH
gfffffffL+
ffffff
 A^A]A\
@WATAUH
fffffff
gfffffffI
@A]A\_
gfffffffL+
fffffff
gfffffffH
@UVWATAUAVAWH
ffffff
gfffffffH
A_A^A]A\_^]
@SUVWATH
 A\_^][
l$ VWATH
l$ VWATH
\$0D)]
@UVWATAWH
0A_A\_^]
0A_A\_^]
@UVATAUAWH
0A_A]A\^]
0A_A]A\^]
@SUVWH
D$(shlw
D$,api.
D$0dll
D$8SHDe
D$<lete
D$@KeyW
UATAUH
 A]A\]
t$ ATH
E'Adva
E+pi32
E/.dll
E7RegO
E;penK
E?eyExf
@SVWATAUAVAWH
A_A^A]A\_^[
UATAUH
|$@	w=
E#pi32
E'.dll
E/RegO
E3penK
E7eyExf
@VWATAUAVH
A^A]A\_^
|$ ATH
@USVWATH
EpOle3
Et2.dlf
A\_^[]
@SUVWH
@SUVWATH
A\_^][
@SUVWATH
pA\_^][
|$ ATH
D9\$Pu
|$ ATH
D;\$@t4H
@UVWATAUH
A]A\_^]
UATAUH
H1T$HH
@UVWATAUAVAWH
A_A^A]A\_^]
t<fffff
@USWAUH
E#penK
E'eyExf
l$ ATH
|$ ATH
L9gpt|H
@VWATAUAVH
@A^A]A\_^
@SUVWATAUAVH
A^A]A\_^][
@UVWATAUAVAWH
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
ExOle3
E|2.dlf
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
@WATAUH
PA]A\_
t$ ATAUAVH
u9IcD$8
 A^A]A\
@SATAUAVH
(A^A]A\[
t$XHcq<H
(A^A]A\[
IcD$<L
(A^A]A\[
3333333
gfffffffE3
E/Adva
E3pi32
E7.dll
E?RegO
ECpenK
EGeyExf
@UVWATAUAVAWH
A_A^A]A\_^]
@SUVWATH
PA\_^][
SVWATH
8A\_^[
SVWATAUAVAWH
gfffffffI
fffffff
gfffffffH
gfffffffH
A_A^A]A\_^[
gfffffffI
@UVWATAUAVAWH
A_A^A]A\_^]
gfffffffH
@WATAUH
3333333
gfffffffI
@A]A\_
gfffffffM+
gfffffffL+
3333333
gfffffffH
@UVWATAUH
A]A\_^]
@USVWATH
A\_^[]
UWATAUAVH
\$(H;]
A^A]A\_]
UWATAUAVH
gfffffffH
A^A]A\_]
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUH
A]A\_^]
@UVWATAUAVAWH
H;D$0t;L
A_A^A]A\_^]
UVWATAUH
gfffffffI
0A]A\_^]
t$ ATH
SVWATAUH
fffffff
T$hH;T$p
0A]A\_^[
UATAUH
E aderf
@VWATH
VWATAUAVH
 A^A]A\_^
@SUVWATH
pA\_^][
VWATAUAVH
 A^A]A\_^
 A^A]A\_^
ffffff
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
CL$`E3
fffffff
fffffff
t$ WATAUAVAWH
 A_A^A]A\_
p WATAUH
 A]A\_
WATAUH
A;1~	I
 A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
ATAUAVH
 A^A]A\
t$ WATAUH
0A]A\_
UATAUH
t$ WATAUH
SVWATAUAVAWH
0A_A^A]A\_^[
WATAUAVAWH
 A_A^A]A\_
@SVWATAUAVAWH
L!l$HL!l$@
D$PL9oXt
D$8HcH
A_A^A]A\_^[
ATAUAVH
0A^A]A\
VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
E9,$~T3
G0Hc	H
A_A^A]A\_^]
WATAVH
@A^A\_
WATAUAVAWH
A_A^A]A\_
WATAUH
 A]A\_
WATAUAVAWH
@A_A^A]A\_
WATAUH
 A]A\_
UVWATAUAVAWH
9D$XufE
A_A^A]A\_^]
UVWATAUAVAWH
T$pfE;"
{t-fA92
T$pfA;
T$pfD;
t$8fE9"
t$89L$\t
8T$4utM
|$@fD;
\$L9|$\t
\$L@8|$Dt
D8t$4u$
D8t$5t
MfE;"u
l$xD8u
A_A^A]A\_^]
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAVH
< tG<	tC
 A^A]A\
Hct$@H
s\HcL$HH
ATAUAVH
fD9t$b
A^A]A\
WATAUAVAWH
0A_A^A]A\_
@SUVWATAUAVH
PA^A]A\_^][
LcA<E3
VWATAUAVH
 A^A]A\_^
\$ UVWATAUAVAWH
!|$DHc
|$DD9d$X
f;D$@ug
f;D$@uD
H!\$ H
HcD$HH;
H!\$ H
HcD$HH;
H!|$ L
A_A^A]A\_^]
VWATAUAVH
 A^A]A\_^
l$ VWATH
9\$ ~>H
D8"u%H
l$ VWATAUAWH
L$$fA;
u 9w$r
t5f9(t
A_A]A\_^
L$ UVWH
\$ UVWATAUAVAWH
fD98t	H
A_A^A]A\_^]
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
ATAUAWH
0A_A]A\
USVWATAUAVAWH
XA_A^A]A\_^[]
WATAUAVAWH
 A_A^A]A\_
D$ dE3
D$ dE3
D$ dE3
SUVWATH
H(H9J(u
invalid string position
vector<T> too long
string too long
deque<T> too long
Unknown exception
bad allocation
SystemFunction036
bad exception
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
`h`hhh
xppwpp
CloseHandle
TerminateThread
CreateThread
GetExitCodeThread
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
HeapReAlloc
ReadFile
GetFileSize
CreateFileW
WriteFile
VirtualProtect
CreateProcessW
GetModuleFileNameW
GetProcAddress
LoadLibraryA
DeleteFileW
GetFileAttributesW
GetModuleHandleA
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateFileMappingW
GetLastError
CreateMutexW
GetComputerNameW
GetVolumeInformationW
SleepEx
VirtualAlloc
VirtualFree
SetLastError
IsBadReadPtr
FreeLibrary
KERNEL32.dll
GetUserNameW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
ADVAPI32.dll
WS2_32.dll
GetAdaptersAddresses
IPHLPAPI.DLL
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DecodePointer
EncodePointer
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LoadLibraryW
ExitThread
GetCurrentThreadId
GetCommandLineA
GetStartupInfoW
GetStdHandle
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSize
GetModuleHandleW
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LCMapStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AU?$default_delete@$$BY0A@D@std@@
	:z^^^
	:z^^^
	:z^^^
	:z^^^
k2xV>^
f>sRE:
E:	:^^
f>sRE:
Tbp+g2
:+2xVJ
:+2xVJ
:+2xVJ
	:z^^^
	:z^^^
	:z^^^
	:z^^^
k2xV>^
f>sRE:
E:	:^^
f>sRE:
Tbp+g2
Tbp+g2
	:z^^^
	:z^^^
	:z^^^
	:z^^^
k2xV>^
f>sRE:
E:	:^^
f>sRE:
	:z^^^
	:z^^^
	:z^^^
	:z^^^
k2xV>^
f>sRE:
E:	:^^
f>sRE:
Tbp+g2
:+2xVJ
dF#RXV
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ