Sample details: ed5b2270024a9469ba7ca52420b61bc8 --

Hashes
MD5: ed5b2270024a9469ba7ca52420b61bc8
SHA1: 28152deb92e435aa91de7d4dee52139bf639fa8a
SHA256: 206c6b2af72f5e86b514857b6d0483330f084e4c5bd02e19f698e312b8f41f85
SSDEEP: 1536:o7f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfPgIxNBvyN:mliUPXC8k1nJrX+fNTBf7hyN
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/PureBasic_4x_Neil_Hodgson_additional | YRP/PureBasic_4x_Neil_Hodgson | YRP/PureBasic4xNeilHodgson | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/PureBasic | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Strings
		!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
\$TK;\$(
PPPPPP
PPPPPP
PPPPPP
PPPPPP
PPPPPP
[_;\$(u
v	N+D$
t3Ot"Ot
D$ PVW
{_^][Y
VW9l$4u
D$4$ A
\$89l$<u
D$<$ A
L$@9l$D
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
jPjCjnh
D$$PVS
f9LD6u
j\Xf9D~
QQSUVW
tcj"Zf;
_^][YY
!~(_^[
j\Xf9Ds
j\Xf9Dw
HtOHt5
t9V@Pj
<_^][YY
3D$H3D$<
3D$$3D$@
3T$(3T$D3T$<
3T$,3T$
3T$03T$
3T$ 3T$
3T$H3T$
3T$$3T$ 3P
L$X3P$
3T$,3P,3P
3T$03P03P
3P43P 
3P83P$
3P<3P(
3W83W 3W
3S<3S$3S
13q(3q 3q
3q,3q$
3q03q(3q
3q43q,3q 
3q83q03q$
q<3q43q(3q
13q83q,3q
3q<3q03q
313q43q 
3q83q$
3q<3q(
3r83r 3r
3r<3r$3r
13q(3q 3q
3q,3q$3q
3p43p,3p 
3P83P03P$
3P83P$
3P<3P(
D$h3H03H
\$03\$X3\$
3P(3P 
l$X3P,3P$3P
3T$L3T$D3P
3T$H3T$@3P 
3P83T$L
P(3P<3T$H3P
D$,3A<3A
?vMj@[+
D$0RSP
W@;P s
s<u";i
W@;P(s
Gh;G\sY
Gh;G\r
M;t$8r
T$8#\$
T$8#\$
|$ 9O@
D$(+D$
D$(+D$,
D$,^][_
N(9N0u
F,][_3
D$,xRA
T$0;l$<
_^][YY
RtlGetVersion
SHBrowseForFolderW
SHGetPathFromIDListW
GetLongPathNameW
SHGetKnownFolderPath
0123456789abcdefK
InitOnceExecuteOnce
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
Qkkbal
[-&LMb#{'
w+OQvr
)\ZEo^m/
H*0"ZOW
l!;b	F
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
 inflate 1.2.8 Copyright 1995-2013 Mark Adler 
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
memset
MSVCRT.dll
GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
KERNEL32.dll
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
USER32.DLL
GetStockObject
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
CoInitialize
CoTaskMemFree
OLE32.DLL
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
SHLWAPI.DLL
;MXI[~
i&6/w3
J84p1j
I5Y\)F
iB\8%D.
uh_UwQ
 t}	29jk
PAD<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3"> <v3:security> <v3:requestedPrivileges> <!-- level can be "asInvoker", "highestAvailable", or "requireAdministrator" --> <v3:requestedExecutionLevel level="requireAdministrator" /> </v3:requestedPrivileges> </v3:security> </v3:trustInfo> </assembly> PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD