MalShare

Sample details: fa98e1e5dca9247951ca6125d6c60688 --

Hashes
MD5: fa98e1e5dca9247951ca6125d6c60688
SHA1: ad6f38913182e8d495e45f70b099aad89e7067c2
SHA256: 94dde7f3834c292f314951af1fc51391be2e2ec3dec87e452b2844dec1d97d8d
SSDEEP: 1536:2LRPtIVwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww+:21PtIVwwwwwwwwwwwwwwwwwwwwwwwwwR

Details
File Type: PE32

Yara Hits
YRP/IsPE32 \| YRP/IsWindowsGUI \| YRP/IsPacked \| YRP/HasDebugData \| YRP/IsBeyondImageSize \| YRP/HasRichSignature \| YRP/domain \| YRP/contentis_base64 \| YRP/anti_dbg \|

Source
http://www.yourflyness.com/thR/

Strings
!This program cannot be run in DOS mode. `.pdata @.data L$8;D$(r ffffff. fffff. D$X;L$l l;D$0wa gS+D$H gS+D$H l@535g^ D$\;t$4 D$09D$ r ;D$Xu4 D$,%rw+ CIXDV2 prP43f xb4PfjG48nfkqt.pdb memcpy ntdll.dll CryptCATAdminAddCatalog WINTRUST.dll StrCatBuffW PathGetArgsW PathIsPrefixW PathIsRelativeW SHLWAPI.dll GetInputState GetFocus RegisterClassW EnumDisplaySettingsA GetClipCursor GetCaretBlinkTime USER32.dll GetDiskFreeSpaceExA IsDebuggerPresent lstrcmpW lstrcmpiW OpenThread GetThreadPriority CloseHandle GetModuleFileNameW lstrlenW CreateFileW GetFileType GetFileSize VirtualQuery GetCurrentThread KERNEL32.dll NdrConformantArrayUnmarshall RPCRT4.dll 9q8BrGA LbY`S /V&![ U\|b\h9j iR^Tw" dUa^bX LYRfLwR LIRf<T^. L9Tf4T`. !L1g- )Vg"yC !L1g- H0g{)J m[d,T^Py gyBqU* G O ?z`JY kebU%R g=k1`u MAbeuf ouTypy i(&SoT YVg"kQ \|y;c7e \~o#ZY ln$bV0V FpS=qC C&(;UcY~ M<}Vf- yJI?Jl.S n1}j=O 50r.y+ mZLQ^\| s?}\kY De,9W{ cPcH?agUR Sx%x(g 9+R[re r9l>z a4aG_} r]s@mr ja/ecu x{dZB0 y`}P= ;c E49S 1fI5Xv N-UMeg3 68Rf?cRg z3v!H'Y ,V&,x# x:Oarq (UN:Q X{>WQz #-s9n^ a4L[y8 PY 23cs \i,VP_r! bCv"E( 7Rf=c 4pc9OT~W ()f3ur S.*_eBF $a?'}8) SSc3Tx 4qU{-tf cwwz$~ H\|NeFK )UO_r= C1{S&G G@T{jE 02lXb^F q@Wrc0 k! LZz WM%4M' Y%?,Xt3 {IM?Jl$ 6/cF?P b1i_WP `P7g3$ TDfF^W j %P.ze_ N9v4&e: yW[jk+ PXxWdq XQwXJ\ .Qn:$w 2yEvn> SG j-cDF U+.]iu tIj@,v 0>EO~T o:$B$b \|yDc7e$9Sg LtHv+Jdx /g8]!T Bj>l!@Zn %].c'Y \|yEc7e%9Sg \|y;c7e \bsOK! \|y;c7e

Strings

		!This program cannot be run in DOS mode.
`.pdata
@.data
L$8;D$(r
ffffff.
fffff.
D$X;L$l
l;D$0wa
gS+D$H
gS+D$H
l@535g^	
D$\;t$4
D$09D$ r
;D$Xu4
D$,%rw+
CIXDV2
prP43f
xb4PfjG48nfkqt.pdb
memcpy
ntdll.dll
CryptCATAdminAddCatalog
WINTRUST.dll
StrCatBuffW
PathGetArgsW
PathIsPrefixW
PathIsRelativeW
SHLWAPI.dll
GetInputState
GetFocus
RegisterClassW
EnumDisplaySettingsA
GetClipCursor
GetCaretBlinkTime
USER32.dll
GetDiskFreeSpaceExA
IsDebuggerPresent
lstrcmpW
lstrcmpiW
OpenThread
GetThreadPriority
CloseHandle
GetModuleFileNameW
lstrlenW
CreateFileW
GetFileType
GetFileSize
VirtualQuery
GetCurrentThread
KERNEL32.dll
NdrConformantArrayUnmarshall
RPCRT4.dll
9q8BrGA
LbY`S /V&![
U|b\h9j
iR^Tw"
dUa^bX
LYRfLwR
LIRf<T^.
L9Tf4T`.
!L1g-	
)Vg"yC
!L1g-	
H0g{)J
m[d,T^Py
gyBqU*	G
O ?z`JY
kebU%R
g=k1`u
MAbeuf
ouTypy
i(&SoT
YVg"kQ
|y;c7e
\~o#ZY
ln$bV0V
FpS=qC
C&(;UcY~
M<}Vf-
yJI?Jl.S
n1}j=O
50r.y+
mZLQ^|
s?}\kY
De,9W{
cPcH?agUR
Sx%x(g
9+R[re
r*9l>z
a4aG_}
r]s@mr
ja/ecu
x{dZB0
y`}P=	
;c E49S
1fI5Xv
N-UMeg3
68Rf?cRg
z3v!H'Y
,V&,x#
x:Oarq
(*UN:Q
X{>WQz
#-s9n^
a4L[y8
PY 23cs
\i,VP_r!
b*Cv"E(
7Rf=c*
4pc9OT~W
()f3ur
S.*_eBF
$a?'}8)
SSc3Tx
4qU{-tf
cwwz$~
H|NeFK
)UO_r=
C1{S&G
G@T{jE
02lXb^F
q@Wrc0
k!	LZz
WM%4M'
Y%?,Xt3
{IM?Jl$
	6/cF?P
b1i_WP
`P7g3$
TDfF^W
j	%P.ze_
N9v4&e:
yW[jk+
PXxWdq
XQwXJ\
.Qn:$w
2yEvn>
SG j-cDF
U+.]iu
tIj@,v
0>EO~T
o:$B$b
|yDc7e$9Sg
LtHv+Jdx
/g8]!T
Bj>l!@Zn
%].c'Y
|yEc7e%9Sg
|y;c7e
\bsOK!
|y;c7e