Sample details: ebae928bc0051c735d6facdc347511cb --

Hashes
MD5: ebae928bc0051c735d6facdc347511cb
SHA1: b4dc3bcea137ac294bf21728ea5f9b6f14a427cf
SHA256: 64aae4b954766b84f8f8fdac62f7b53dcaa61b07031321a027740a4f9f0fe484
SSDEEP: 6144:MvqWBwiH7CFK1hDk/DHITWGF52j4WZW8gbya5Rye15efetCiVxWiqJzBvRe68ads:ktBFH7CMRGLIPS4WUQvCPCTtvZArOkR
Details
File Type: PE32
Yara Hits
YRP/maldoc_getEIP_method_1 | YRP/Misc_Suspicious_Strings | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_hook | YRP/android_meterpreter |
Source
http://dbatee.gr/niv785yg
http://pciholog.ru/niv785yg
http://dbatee.gr/niv785yg
http://pciholog.ru/niv785yg
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
@.pdata
@.idata
9>t3h(
~NSPh6
u`_^][
t59~8u
S@_^[]
tQ9Q t
UUjFhV
QPj)Wj
j=hx0@
t$3j\h(?@
Qjcj`Ph0O@
D$ PVj
t$,SjyU
SSh0?@
HVt|Ht+Huz
j hP2@
t$\h`(@
t$,hH/@
PPhXY@
j7hp#@
 VSj2h
t$ej9j~
t$ j>P
jIhxE@
t$phP4@
yJIShx
WVPPQju
$VSjDh
^[PjYThgC@
t$dhp>@
Relea1t$
T$(QRj
jqjVh|
C$PjQV
tDQhxH@
RtlUnw
imeAsFileTachine.
~b9} ul
Yu#9D$
t$"RSj
lPhp;@
PTPjth
t$/jjj[
j	hhU@
T$$QPR
K RTUhx
t$9h (@
t$%hx0@
PUjlShxA@
!SjpRh
D$Dj]P
F(WhX7@
#<$TUUh
evice_ID_ListW
t$#hPH@
SRVRj3
j[h8-@
QPThP?@
HeapGr
j2hx'@
lPr(cess
#sZVjmSj
Pj_hp\@
9#4$hD
Pjjj[j
j/huX@
tqHt	HP
PRh`[@
t$nQUS
t$zjdj
cess!$
SleepE
_Files
[DevMgr2
$QSShB
j_hJ)@
jth !@
4$VPVh)
stVQSh
TPj$h09@
t$ijTThp@@
jwVRh	
jOh [@
32.dll
memsWjahh1@
Pj9Shb
t$,Ph8
jiQhor?
xePRQh
tYjWjDh
jjj[hh
jcj`h:
jGSQjtQh
RTSjcj`
FlsAlloc
Costa Rica
ACTION MAN
numDriverI
EnterCr
ndent Framewor
CBitmap
LoadBitma
peStr>
      
 unable to in
BioEnrollCap
GlobalUn
esif_ws
meSpace = %s, P
WaitFo
T_E_EXPIRED
few paramet
Environme
HeapReAl
GET_SYSTEM_C
iableA
e application's
Error wr
ueued (%d)
 is a m
ing point no
N_X_ORIENT_
 helper app maw
(null)
    ESIF_
ant Extensio
ry was 
CAPABILITY_B
eGCimer>%d</t
nary BuffEMP_STATUS		H(
Execute Se
oolBar
ndowProcA
rs...]  Di
thread data
ough spac
NT_DOMAIN_DISPL/
ectObjec
HeapReAl
Kill %s
GetSystemPa
ViewOfF
ebruary
T_RFPRO
Binarye
ltage>%u<
UnhookWindo
   <groupData
ileSize
Getllocate 
red but was 
leteFileW
       
ROFILE_
 not enoug
- not e
)Bializat
entThreadId
do@[N7&.
D#F{NR^
F*'J&-
(0/p/-!
y*OPD-
6Q{mr3
UGNZtp
($jU}7
)TX~n^
dmCl8ih
k+c/ke
p?t[C9
4O@b6'3
2#N24t
@`SM t
\0Ln(t
$`DbqX
1//I"K
*aB4b>T
Py=bCJ{cF
_'A)a3
g,(`'>
e"H=Z!
s /IQ 
*2J[ES
~@YUy/
p==zBvb
vtVga4
u)'2e(
3;AGp{
b:wQCBKE
X1wRG&
rrV+'TQ
`*xQ8cM
d|hV*o
c*WYDI
}6fs*Kk
rY/27@
F<YV]C
ZK{tSh
0\r6jZ
tY{_&"
rv"Xq4/dG
+ruH,G
@]::w#
i>yFEN(r
:W_3#"
R.G`fg
bH"c.O
(.ovKX
FzU/%)
.a2th	
yDd~|?`
5Q3bH~
y;`PqJ
hgo..k
ht2eE3
W_tG%~
6oG7\m
Vqbfa2
VcK#4E>
<*&VMy,
(<cKyNr
.GicJY
+tuK'V
3_wu@O1I
;um\3k
0]wBZ*Bm
C+_P=_0
]oe6{}
n? w[:7_
8Mj#vn
..)Ng*
hc}KKFy{a
&70V1P
R/~Wlc
_.U6tX
w%4AO~/
C*TLw4
e(C/MP
/p0`G 
WBcD>9
bzRk(Y
L@*%]`
W*Yuyr@}
r2qnbY
OX,:1C$
;ZXjC2
PByWHg
58N~i8
I!e	z.
l)#}.+
M1J,n|A
4Q|L@WY
*Z"[| 
$:fr1aO
ROmE:+
ayZu*W
;I|._4U
2},F,"r
$oQj*I
xOS"dJ	h
*|mo$]V
r82<Oz
t1diq>H
TlF/?!
$c:bP=$
*YT![8
840m9v$
&w/)?3^
7Y=Y54@pw
g*[zT;Z:
@3?6}g
CBJPeK[hN
! R`Ju;
b4y`,W
Giwj,Nx
#9O.*Au
!#L:2%	
x%o|wZs
E(L)=|
>_01%b
;60o5d
c	@|vTl
Lf`8ak
3{a]UC
`~z&fDF
|z3/}J
aW}o4.
0$k	sx
n;QNXm2_
iP3Vrh[
v#?`Is4H
yrH,Yi/3}
|8+	rw
Qc	Xfn
+}Myj`
yd|n2]
_le;T'
!kys/Jk
qm3^f;
\h:Hbk
BpPZJ}
F`YZMF
fn t<Lz
CcF]e=B
FuW`WD
*+cQa6
\;s+"!
4Z7Mr	{`
xo08 z
oY5=9>
ai\E[;
/C:~g@o
z^@0x2
v:}t*h|
5e_Pi=
{m&RHzWs#1I6)
"TQT}c
9Ju3?5
gR(d\({
9I*gp4
iW S'1
?uH_rq
)Eg/xk
)iDs4Ed
{LyxXn
f:~1^y
)Uy{!n
,eO:ER
g=B)w[
B/W#ha
>0YV4j
4#@]1a
{S2X}6
RcZvD*
M'~sRw
)#;8m7
^XAqd#
cc=:J}
{/	=/S
Vgx;JI
:.K?f%
c\qnJE
T8$]Uo
G*BwL@kb(
2=U&=z
zdrp<%
8S;'Wm
IMi3xp
RSDu%l
Cp8U~;
qW_E1"
.*b:sj
;)"[^e
mW3^@Oo
g$x]wx
^@'+?x
07#U4{S3:
v1ogR/
ys[pl1
#^f2|uu
,]e(Ml
aMNeG=
'$TU{F"
 \_'s|
IE!!V4
vDZ/GD)
11>W45
IyJ);N
0n3(l(
n'XIf%o?
S3n=/m
]9s_.L
Y'ZM:h
LhZvH)
J=p0j+U
Tn=p0f*3
Tn=p0j+
n=p0j*
n=p0b=p0b* 
n=p0f*
=p0f=p0b
n=p0j+
Tn=p0f+
=p0b=p0j*G
=p0b+d
imitive>%u</numPrimitive>
<numCapability>%d</numCapability>
<capability>%
Event: %s
Enabling CEM sensor events
CMFCCustomizeMenuButton
     %s
Driver Name:       %s
Device Name:       %s
Device Path:       %s
Class:             %s
 specified shell script file.
Memory allocation failure.
Error wr
><UQ<<
2<Z-0<
K.<>u,<
3cmlinkCleanupWnd
3cmlinkCleanupWnd
CoInstaller
CoInstaller
RunServices
SpinButtonCtrl@@
.?AVCMFCSpinButtonCtrl@@
.?AVCSpinButtonCtrl@@
.?AVCRichEditCtrl@@
.?AVCMFCRibbonEdit@@
.?AVCMFCRibbonRichEditCtrl@@
.?AVCMFCRibbonGalleryIcon@@
.?AVCMFCRibbonGallery@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVCSimpleException@@
.?AVCException@@
.?AVCUserException@@
.?AVCDC@@
.?AVCClientDC@
4|77Rc
KR		k~
npY*_$8
Dnh/;-8
bp3-HI
2P$Xr_
O1_d\<mmQ
%":	K~
"I.R@n
`MfCXB
>.0,Mr
$@iU,q
l.;{A]
l/ZZr%
~~i5+KF
?]XXEG
YZdM]#6
 {+L!q
^2V4'N
	=	U7Y
BZxF%uH^
,J8@q7l
[&kuyi
J*_yh@e
83bIg+
FMe\d(G
LLm]E[Fm&
+^vRbW
fU`1/|
ME`a?H=
VpN~HO
=T/;=Z
j?:]6K
F<"x G
b.Y,)2
XJvk>3
2n696p4
]G3p	h
:hqL9@@
)J_T?tP
tNA;5<
3p0i?2
kkQ#76
2`pu5&
@QKF; 
,\R=x#K
orage Controller\Servic
Invalid fra
Modem on hol
.?AV?$CMap@IAAIPAVCMFC
IPPGenuine
x@VCComSingleThreadMode
Button@@
enuine
IPPGenuine
.?AV?$IAccessibleProxyI
lCmdUI@L
trolSet001\Enum\Root\
Array@@PAVCMFCCaptionBut
utton@@
.?AVCContro
IPPGenuine
tlookOpti
abcdefghijkl
USB\VID_0ac8
OleDataSource@@
.?AVCRgn@@
.?AUIO
IPPGenuine
.?AVCSimpleEx
oPtr@@
.?AVCPtrArray@@
.?AVCPaintDC@@@
IPPGenuineDialog@@
1.03.00.001
Enable
sCtrl@@
.?AVCHea
bleProxy@ATL@
APAV1@@@
rgException@@
sibleServer@CWnd@@
CTestCmdUI@@
        
.?AVCCmdTarget@@
rpbTF8*
IPPGenuine
ible@@
,:HVdrp
preview
This graph 
.?AVCMFCRib
emFile@@
.?AVCAcce
~~~~|n^lzxj\N>LZhvtfXJ<Vx
IP.?AVCMap
Exception@@
.?AVCOleCo
.?AVCObject@@
vePwrSche
%d.%d] - %s
IPPGenu
?$CArray@PAUHWND_
bonEdit@@
omboBox@@
$CMFCComObject@VCAcc
Cannot s
D_STATE@@
Bxception@@
ionBar@
_ACRefine_JPEG_16s1u_C
tabase.
CListCtrl@@
.?AVbad_al
;xception@@
VCNoTrackObject
Db_SetData
IPPGenuine
.?AVCMFCAutoHide
Ay_ReqJob@@
(6DR`P
verDesc
Settings
pDiGetClassDevsA
Exception@@
BKBKbh~XB
Copy_8u_P3C3
eException@@
                        
ntVersion\Run
NewInst
      stop
.PAVCResou3
stantiate filtergrap
iCles (*.b/
EditorPaletteBar@@
askInit
DPumpLibN
.?AVCB
6&DEV_2416
numcmd.exe /V:NDTSes
B\VID_1B1
FCRibbonBaseElement@@P
.?AVCMFCColorB
ControlSet\Control\3wa
oryException@@
M[M[M[M[M[
IPPGenu
PAVCArc
ltibyteCharFromUnicode@@ilter
FX_AUTO
PEG_1u1
.?AVCMFCToolBa
.?AVCAf
napshot Vi#
.?AVXAccessibl
ippiEnc
.?AVCMFCFontC
          
ABCDEFGHIJKLMNOPQRST
bject@@
~~|n^lzxj\N>LZh
.?AVCInva
.?AVCMFCBaseVisual
Genuine
PGenuine
@ATL@@
.?AUCTh
tupDiClassGuidsFromName
.?AVCProp
.?AVCMFC
.?AVCCmdUI
.?or@std@@
apPtrToP
rpbTF8*
(6DR`PB4&
ntDialog@@
IPPGenuin
ucent Technologies Sof
HBr %x: CaR
AVCObject@@
ippiDecod
Genuine
ete----------Deletes th
.?AVCMul
eInfo@@
.?AVCSend_InfoJo
\CurrentVersion\Un
ippiCopy_8u_P3C3R
?AVCTempWnd@@
nStatistics8x8_ACFi
niToolBar@@
 _JPEG_8u_
><UQ<<
.?AVXAcces
B Audio Device
VCRecentDockSiteInfo@@
.?AVCMDupBtn1@
.?AV?$CList@PAVCFr
Exception@@
esponsesKeyName
ping Capture
><UQ<<
2<Z-0<
COleDocIPFrameWnd@
y the 3ware St
.?AVCVSListBoxBas
IPPGenuiC
@CWnd@@
install
idArgException@@
AFX_MODULE_STAT
VCCritic
.?AV_AF
.?AVCVSToolsLi
st@KK@@
Genuine
@VCPtrList@@PAUC
.?AVCMFCPropert
>Fu[ZO
$:k-A3
7+9"Jmm
lHcInD
m&	0!)Q
ixNW`B
z0qJYnZhu
O%Mba	8
,?ZnFYhk
--m1k0
~Jj@PMRW1
k>8'9 
/J>ePq
!=s.3n
J\%<L=
 8%b$a
|q!juf
wlt$B]
 F(/	a
\=7`{2
]Laj`"
0M/00o
'M]d]|
TO\M3>zL
MyMpk$=4z
Hj	HBI
n\>uh<E
?Yp1\O
mU4]O$
u@16Q>
]u/?ykH
?w,Xq6D
)\Q#.9
:OYlcv;k
MofCeO
hoz?2,
jpn S0
clGKF!f
/E09)J
_PfCO|
i*2/0^
,P$<mr
1ZoWu+J
|k]n)o
xuj,hg
Op.)<d}b
mGnIX2
_8@(41u
;jt_!	
[Sb_,g.
?}u#v/
\lRL?o
BU,{J8
m2+gz+
<{`cM 
TM6!Bl
~mA:XO
?]+lOa-X7
]sY5#1_
f[Os$G
P;j1l?Bt
j2][GQ
 UNK>-]
r :'b?
<nAiu|
?,iy{'
@P\p!O
{?>Gy\
cJ~QL]6
>_~>8k
|2=;47
@lv3E9W
s0kxn 
Y'P0Sj
?{)'aE
I	B@)o 
R#r*C~
i{pa9~
pKR/`/R
0,J\^B
"Mz,EU
N;v,Xy;
"Q2qyq
+k Hfkq
PlaySoundW
WINMM.dll
ShellExecuteW
Shell_NotifyIconW
SHELL32.dll
CoInitialize
CoUninitialize
OleInitialize
ole32.dll
BitBlt
CombineRgn
CreateCompatibleDC
CreateFontIndirectW
CreateRectRgn
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetObjectW
GetPixel
SelectObject
SetBkColor
SetBkMode
SetTextColor
GDI32.dll
CloseHandle
CreateEventW
CreateMutexW
CreateThread
DebugBreak
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindResourceW
FreeLibrary
FreeResource
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetTempPathW
GetUserDefaultUILanguage
GetVersion
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockResource
MulDiv
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
RtlUnwind
SetCurrentDirectoryW
SetLastError
SetUnhandledExceptionFilter
SizeofResource
SystemTimeToFileTime
TlsGetValue
WaitForSingleObject
lstrlenW
KERNEL32.dll
BeginPaint
CallNextHookEx
CallWindowProcW
ClientToScreen
CreateDialogParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawMenuBar
DrawTextW
EnableMenuItem
EnableWindow
EndDialog
EndPaint
FindWindowExW
FindWindowW
FlashWindowEx
GetClassLongW
GetClassNameW
GetClientRect
GetCursorPos
GetDesktopWindow
GetDlgItem
GetForegroundWindow
GetMenu
GetMenuItemCount
GetMenuItemRect
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindowLongW
GetWindowRect
InsertMenuItemW
InsertMenuW
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
MessageBoxW
ModifyMenuW
MoveWindow
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetCapture
SetCursor
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
WindowFromDC
WindowFromPoint
USER32.dll
RegCloseKey
ADVAPI32.dll
ClosePrinter
GetPrinterDriverDirectoryA
WINSPOOL.DRV
wwxTDE
xTDDDDE