Sample details: 1d6c784c236b7bb569f473f2d875d2ed --

Hashes
MD5: 1d6c784c236b7bb569f473f2d875d2ed
SHA1: 45a131931d171a66184a7194b095f3e25f3b851c
SHA256: 7fe6c2028f8d53ce4f2bd5252d7d5f97226fc92231b07e6d55e9b1a12b3c55c3
SSDEEP: 3072:B15nr2ekaJZ/xvwLHhfN3WTTiUBDew8PXA18CxwAgkYaXvXRQ/tnw5gKpfJgv:B1RZ/xvYkKUBaBPVCTfYaXvX6wbVO
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/SEH__vectored | YRP/disable_dep | YRP/inject_thread | YRP/network_tcp_listen | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers0 | YRP/CRC32_poly_Constant | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
0VWj	3
<SVWh{
tHHt(Ht
HteHt?
DSVWj(^j	3
Kf9<^t
HQ:H1u[
HS:H3uS
XR:X2t
HTf;H4u8f
HVf;H6u.f
HXf;H8u$
HZ:H:u
H[:H;u
H\:H<u
WWWUWj
|$<.t9
j!X9D$
t`;|$$v39D$
n(9n$u
[tA9o8t<9o<t7;
tSVWj	Y3
Pj@j8V
RRRRRQ
@@f90u
D$$_^][
rzui9_
Ht[HtJ
QQSVWj
u+9^4|&
t'Ht$-
u j<[SP
ttSSSj
9F0t2W
D$$Pj4Q
SSSSSV
t=VVSP
QQSVW3
tJWWWW
uh9s0tc
_^][YY
QPVhZ{
Ht0HuW
F(tDSSj
FPPSVh^
tijdSV
PUVh3i
VVVVVS
9\$ tY
tR9\$ 
E SVW3
	f=J1t
7t-IIt
t#ItXIu0
t+It#It
VWu@9]
 t+;t$
E SVW3
G(u.SVS
SVWj<j
HtDHt$H
tV9Q tQ9Q$tL
CSSSSVVh<
9D$(u*V
_^][YY
9Vlu	9U
YYu+h+
jaYjAZje_t,H
SSj`_W
SVWj'_
SSSSSV
	H,RVj
D$$PSSh
X9G tZ
QSWj\3
WWWWWV
>j2FFVj
tDSSUW
9AABB;
N09_Lt#;
F(9Fx}A
QPPPPh
F<)~h)~d
Ndf+Nh
)Fl;Fx
Fp;FxsE
Fd+Fh=
Ndf+N\
QRPhtf
0QRAPAQUH
]AYAXZY
QRPh4g
QRPhTg
QRPhtg
VC20XC00U
;t$(v(
UQPXY]Y[
SHLWAPI.dll
WS2_32.dll
USER32.dll
GDI32.dll
ADVAPI32.dll
SHELL32.dll
ole32.dll
PSAPI.DLL
CRYPT32.dll
Secur32.dll
Jul 25 2019
1.3.6.1.4.1.311.2.1.12
								
 deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly 
                 00000000000888888888@@@@@@@@HHHHHHHHPPPPPPXXXXXXXXXXXX`````hhhhhhhhhhpppppppppxxxxxxxxxx
000000000000000000000000@@@@@@@@@@@@@@@@PPPPPPPPPPPPPXXXXXXXXXXXhhhhhhhhhhhpppppppppxxxxxxxxxxxx
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DISPLAY
Tahoma
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
StrToIntExA
StrRChrW
StrToIntA
StrChrA
StrRChrA
StrCmpNIW
StrChrW
DefWindowProcA
PeekMessageA
GetWindowLongA
PostThreadMessageA
GetWindowRect
SetWindowLongA
GetMessageA
DestroyWindow
RegisterClassW
TranslateMessage
DispatchMessageA
CreateWindowExW
SetThreadDesktop
GetWindowInfo
wsprintfA
wsprintfW
SetWindowPos
GetThreadDesktop
GetUserObjectInformationA
FindWindowExA
GetShellWindow
GetWindowThreadProcessId
CloseDesktop
GetPropA
MoveWindow
SetClassLongA
GetClassLongA
FillRect
GetWindow
GetClassNameA
SetPropA
GetClientRect
PostMessageA
CallNextHookEx
SetLayeredWindowAttributes
WindowFromDC
IsWindow
CallWindowProcA
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyState
KillTimer
ScreenToClient
SetTimer
ClientToScreen
GetDoubleClickTime
PtInRect
GetSystemMetrics
GetMenuState
SetKeyboardState
GetMenuItemID
ActivateKeyboardLayout
GetAncestor
TrackPopupMenu
TrackPopupMenuEx
FindWindowA
GetSystemMenu
EndMenu
GetMenuItemRect
PrintWindow
GetMenu
HiliteMenuItem
GetMenuItemCount
MenuItemFromPoint
GetParent
SendMessageTimeoutA
RedrawWindow
GetSubMenu
IsIconic
SetActiveWindow
BringWindowToTop
RealChildWindowFromPoint
GetGUIThreadInfo
IsWindowVisible
SetFocus
AttachThreadInput
ShowWindow
SetForegroundWindow
GetLastActivePopup
CreateDialogIndirectParamW
EndDialog
BeginPaint
GetMenuItemInfoA
GetSysColor
ExitWindowsEx
EndPaint
DestroyIcon
SetMenuItemInfoA
DestroyMenu
UpdateWindow
SendMessageW
AppendMenuA
GetIconInfo
InsertMenuItemA
CreatePopupMenu
GetWindowTextA
GetScrollBarInfo
DrawEdge
EnumDesktopWindows
RegisterWindowMessageA
OpenInputDesktop
CreateDesktopA
GetDesktopWindow
ReleaseDC
IntersectRect
IsRectEmpty
MapWindowPoints
GetMenuDefaultItem
SendInput
SetWinEventHook
UnhookWinEvent
ChildWindowFromPointEx
GetKeyboardLayout
VkKeyScanA
GetKeyboardLayoutList
ToAscii
VkKeyScanExA
MapVirtualKeyExA
VkKeyScanExW
ToUnicodeEx
MapVirtualKeyA
EnumDisplaySettingsA
EnumDisplayDevicesA
SetClipboardViewer
SetClipboardData
GetForegroundWindow
OpenClipboard
SendNotifyMessageA
ChangeClipboardChain
EmptyClipboard
CreateWindowExA
RegisterClassA
CloseClipboard
GetClipboardData
GetClipboardOwner
DrawTextW
CharUpperBuffW
keybd_event
GetAsyncKeyState
GetStockObject
SetViewportOrgEx
CreateCompatibleBitmap
GetViewportOrgEx
GetClipRgn
CreateCompatibleDC
SelectClipRgn
SelectObject
DeleteObject
CreateRectRgn
DeleteDC
BitBlt
SetPixel
GetObjectA
GetPixel
CreateDIBitmap
SetBkColor
SetBkMode
CreateBitmap
GetRegionData
CreateDCA
GdiFlush
GetDIBits
CombineRgn
CreatePatternBrush
GetSystemPaletteEntries
SetDIBColorTable
GetDeviceCaps
CreateDIBSection
ExtTextOutA
SetWindowOrgEx
GetClipBox
CreateFontA
SetTextColor
RegCreateKeyA
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyA
ShellExecuteA
SHGetDesktopFolder
SHGetFolderPathA
SHGetSpecialFolderLocation
ShellExecuteW
CoInitialize
CoUninitialize
EnumProcessModules
GetModuleFileNameExA
PathCombineW
PathRemoveArgsW
PathRemoveBlanksW
PathRemoveBlanksA
PathRemoveArgsA
PathCommonPrefixA
StrRetToBufA
PathFindFileNameA
PathRemoveBackslashA
PathFindExtensionA
PathCombineA
PathFindFileNameW
StrDupA
StrStrA
StrStrIA
WSAIoctl
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptDecodeObject
CryptMsgGetParam
CryptQueryObject
InitializeSecurityContextW
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
EncryptMessage
FreeContextBuffer
AcquireCredentialsHandleW
DecryptMessage
memcpy
memset
strcpy
_strupr
memcmp
RtlEqualUnicodeString
_wcsnicmp
_strnicmp
ntdll.dll
HeapFree
HeapReAlloc
GetLastError
GetCurrentThreadId
RemoveVectoredExceptionHandler
CreateEventA
GetVersion
SetEvent
HeapDestroy
HeapCreate
SwitchToThread
AddVectoredExceptionHandler
HeapAlloc
SetLastError
lstrcmpiW
WideCharToMultiByte
lstrcatW
lstrcatA
lstrlenA
lstrcpyW
lstrcpyA
MultiByteToWideChar
lstrlenW
InitializeCriticalSection
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
CloseHandle
CreateThread
WaitForSingleObject
EnterCriticalSection
GetComputerNameW
CreateMutexA
GetCurrentProcessId
LocalFree
lstrcmpiA
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
OpenProcess
WaitForMultipleObjects
TerminateProcess
SetErrorMode
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryA
CreateDirectoryW
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
GlobalDeleteAtom
GlobalAddAtomA
IsBadStringPtrA
VirtualProtect
lstrcmpA
VirtualQuery
GetCurrentProcess
FreeLibrary
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetVersionExW
ReadFile
CreateFileA
CreateFileW
GetFileSize
SetFilePointer
GetTempPathW
SetEndOfFile
GetLongPathNameW
WriteFile
VirtualAlloc
VirtualAllocEx
VirtualFree
GetModuleFileNameA
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SuspendThread
ResumeThread
VirtualProtectEx
lstrcmpW
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
GetFileAttributesExW
CopyFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalUnlock
GlobalLock
GlobalFree
OpenEventA
GlobalAlloc
GetSystemTime
SystemTimeToFileTime
GetSystemWindowsDirectoryA
SetFilePointerEx
GetFileInformationByHandleEx
SetFileInformationByHandle
GetProcessId
RemoveDirectoryW
DuplicateHandle
DeleteFileW
MulDiv
GetTickCount
GetSystemTimeAsFileTime
GetProcessTimes
GetLocaleInfoW
VerLanguageNameW
SetWaitableTimer
CreateWaitableTimerA
CancelWaitableTimer
WaitForSingleObjectEx
ResetEvent
OpenThread
LocalAlloc
GetSystemInfo
GetQueuedCompletionStatus
InterlockedExchange
PostQueuedCompletionStatus
CreateIoCompletionPort
KERNEL32.dll
ZwQueryInformationProcess
ZwQueryKey
NtResumeProcess
NtGetContextThread
NtSuspendProcess
NtSetContextThread
RtlNtStatusToDosError
NtSetInformationProcess
LdrFindEntryForAddress
ZwClose
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationFile
NtQueryInformationProcess
NtQueryObject
NtQueryDirectoryFile
memmove
ZwQueryInformationToken
ZwOpenProcessToken
ZwOpenProcess
GetAcceptExSockaddrs
AcceptEx
MSWSOCK.dll
RaiseException
_alldiv
_aulldiv
_chkstk
RtlUnwind
NtQueryVirtualMemory
VncDLL.dll
PluginRegisterCallbacks
VncStartServer
VncStopServer
SUVWATAUAVAWH
HA_A^A]A\_^][
,cL(dw
$=7(j/
y#f"71
y#f"71
9Fv3*?
8Gt1 ;
k:op5(3
#Hn,l[
"Io.fQ
 KG*nY
"jq!nz
 hs%zn
$l#-j~
kN(E%tt
kN(E%tt
kN(E%tt
kN(E%tt
G!HB	34
G!HB	3
jC9Jx?
e\LOwv
v}.l$t
	N__G2#1	
]4Vb#!J
E,uVe>
 jtL/x
c`wdBr
,`i,pr"
`7-rrc
Xq/l>?
KA?S;a|a\
k)(W@U
vw!$8!
d*?(u6
OEXHPB
[Cik}6
M6M^^JfV
j26Z,(Q
J8uZD:	
XnPqJ:
Npl5: A
F}Q`:A
EIST;9
p4xy[&^
S%o]nT
@(gY|~
0"050G0M0X0_0
0+151l1
2 2+2X2n2w2}2
3*383@3F3L3
3P4q4|4
5+595L5v5|5
7+7<7~7
7<8F8h8p8t8
:Q:Z:y:
;&;E;K;Y;s;{;
<7<><M<
=W=`=p=u={=
>->:>A>G>R>W>_>e>p>u>
?"?Q?d?v?|?
0J0S0f0o0
3D3s3|3
3&4\4M5X5a5h5p5
6!6N6f6n6
7"7-7`7j7|7
7*828_8e8j8p8w8|8
939?9[9m9z9
:R:b:x:
>9?@?`?r?
0+0N0x0
3)3A3j3p3v3P4
:I;X;_;t;
<1<A<d<
=1=A=W=`=k=p=u=z=
2)262q2
2%3/3R3W3_3
4.4:4B4Z4`4u4}4
4&5H5T5k5z5
546=6e6s6|6
7O7b7h7v7
:):.:C:H:U:Z:e:j:q:w:
=#=(=-=<=H=O=U=\=s=~=
Y0e0n0
1*202Y2s2
484I4Y4
6,626?6O6
71777E7V7\7m7
;";?;W;\;d;o;
<1<7<I<
2J2P2`2
7W8a8v8|8
8%9F9V9p9v9~9
:%:2:H:N:_:u:|:
6*6D6O6V6h6
7.787=7D7d7
7	8C8_8
8%919=9K9^9c9
=,>Q>W>l>
?%?H?`?
%1E5m5
6/6?6O6
737@7J7W7k7+8D8J8`8g8p8u8
9-999I9
=H>T>s>x>
2%2D2J2Z2
:!:&:+:0:5:u:{:
;";<;Q;
>$>+>2>A>F>M>f>l>r>}>
?!?F?K?Q?W?_?k?
2V3_3d3i3
3(4.4Y4v4
5'575@5T5d5
8G9&:x:~:
3:4@4N4T4
5?5]5r5}5
6$6,6g6|6
9=9E9s9}9
;^;m;{;
<F<[<p<v<
>!>&>C>L>Q>W>^>m>
?3?@?G?[?z?
&0+0K0
2#2)20252A2H2N2X2_2e2o2v2|2
343D3z3
3%424:4H4w4
52585J5P5U5g5o5{5
6'656N6
6?7U7e7u7
8 8&848O8V8h8
999A9N9\9z9
:4:V:r:
=7=i=t=
>"?(?M?S?h?q?
1)2^2g2m2
5!5D5J5s5
6K7d7j7x7}7
83888>8N8S8l8
9/959C9~9
:6:>:Q:h:q:
;?;O;g;m;~;
282E2O2Z2b2o2v2{2
4$4D4N4i4x4
4?5I5_5t5
6-6H6W6h6y6
7m98:M:d:t:
;+;O;];c;
<$<i<w<
=A=h=o=x=
>)?9?]?
G0i0x0
1!141E1t1
2E2X2d2?3
8'898A8G8Q8^8
9T9[9d9m9s9y9
:%:.:7:@:I:R:X:_:f:u:
:b;x;	<
=-=V=j=
>*?3?o?|?
0+0@0F0p0u0}0
4/464;4@4x4
7(82898@8
<$<+<U<_<m<
314E4K4T4Z4z4
5"5'5,51585=5B5J5P5V5g5q5
5,6G6S6Z6m6}6
7&7R7`7l7
869H9`9{9
9%:5:@:P:Y:d:u:
=&=,=e=
>B?Q?W?_?e?k?q?w?}?
1)1.1`1p1
2+242X2|2
283?3F3
6:6^6g6l6r6z6
7@8[8l8r8
9$979?9U9[9r9
:#:3:9:N:[:}:
>?>L>T>[>z>
0$020B0x0
5A5R5f5q5v5{5
666I6O6h6p6
6 7R748h8
8?9D9M9q9w9
:6;;;C;
=<=B=W=`=
1'2?2E2W2k2t2
3:3R3o3
3$4T4[4
4,5A5O5W5g5~5
;(;I;^;e;k;
<%=D=M=^=k=
=/?F?T?t?~?
4,424E4N4S4|4
5$5/5f5
6C6x6~6
9#:0:C:V:i:
<4<G<L<Q<g<}<
5$52595>5G5Q5W5v5
7.7X7c7
:.;A;G;U;m;~;
=1=[=}=
? ?+?6?H?h?u?{?
11171W1t1
1	2@2T2[2l2O3
4@5T5Z5
7/7B7b7{7
7(828s8
9"9.999H9n9y9~9
:P:c:s:
;	<+<I<P<
>$>)>A>]>f>s>{>
0%0j0t0
1Q1[1b1h1o1u1
213B3c3}3
4&4-42484@4L4R4Z4`4e4k4p4w4
5#5(5E5P5W5g5
7'7-7:7_7
8 8Y8f8n8u8
=!=7=?=
@0a0i0{0
262F2R2`2e2
4'42474<4S4]4m4{4
5 5(5A5^5
6!6*6L6T6l6x6
6 737>7H7`7
858D8V8a8h8y8
8*979=9B9K9U9a9g9
9N:j:w;
<$<3<F<P<k<
=&=e=k=
?)?.???I?b?
1	222N2X2|2
4:4^4k4q4
5(525H5W5
6A7H7`7
;!;r;P<l<
>&?6?`?q?
0"0(0?0_0
=2=Y=e=j=
>&>,>F>t>
>0?H?i?|?
2>3D3\3b3
4"4@4`4
4Q5_5t5
6)60656:6T6a6g6
6!7`7f7t7
8.8P8\8
:=:S:]:o:
;=<L<Q<W<^<e<
#0+060
151G1V1
1:2C2W2^2e2l2
3B4`4f4r4{4
5.5K5Q5u5}5
6$666m6|6
7)747?7J7U7`7v7
8'8;8T8f8
9E9Y9n9u9}9
:X;k;q;
?0?C?L?R?[?
d0j0r0x0
62;8;F;L;)</<R<X<^=d=q=w=
3C3N3Y3n3y3
4%4D4J4
9%:2:@:J:T:^:h:r:|:
:Y;f;t;~;
<(<2<<<F<P<Z<d<n<x<
="=,=6=@=J=T=^=h=r=|=
>&>0>:>D>N>X>b>l>v>
? ?*?4?>?H?R?\?f?p?z?
0$0.080B0L0V0`0j0t0~0
1%1/191C1M1W1a1k1u1
2)232=2G2Q2^2l2v2
3'313;3H3V3`3m3{3
304=4a4|4
5S5_5g5
6&606:6D6N6X6b6l6v6
7'717;7E7R7`7j7t7~7
9?:Y:b:
;N;b;r;
;0<<<I<o<
0 0,080D0P0\0
6 6,606<6@6L6P6\6`6l6p6
0 0$0(0,0<0@0T0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1H1P1X1`1
4$4(40484<4D4L4P4X4`4d4l4t4x4
8 8,848<8P8X8l8t8
9$909<9H9T9`9l9x9|9
: :,:4:<:H:P:X:d:l:t:
;(;0;8;D;L;T;`;h;p;|;
<$<,<4<@<H<P<\<d<l<x<
= =(=0=<=D=L=X=`=h=t=|=
>$>,>@>H>\>d>p>|>
?$?0?<?H?T?`?l?x?
0 0,080D0P0\0h0t0
1(141@1L1X1d1p1|1
2$202<2H2T2`2l2x2
3 3,383D3P3\3h3t3
4(444@4L4X4d4p4|4
5$505<5H5T5`5l5x5
6 6,686D6P6\6h6t6
7(747@7L7X7d7p7|7
8$808<8H8T8`8l8x8
9 9,989D9P9\9h9t9
: :(:0:8:@:H:P:X:h:p:x:
; ;,;4;<;H;P;X;d;l;t;
<(<0<8<D<L<T<`<d<
=8=<=\=`=
>,>0>P>T>t>x>
?L?T?\?h?l?
0 080@0D0\0
1$10181@1L1T1\1h1p1x1
2 2,242<2H2P2X2d2h2l2p2t2|2
30343H3L3P3T3X3\3`3d3h3p3t3x3
4 4(404<4D4L4X4`4h4t4|4
5$5,585@5H5T5\5d5p5x5
6 6(6<6D6X6`6t6|6
7 7(70787@7H7P7X7`7h7p7x7
8$80888@8T8\8p8x8
9 94989<9P9T9X9l9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
;$;(;,;0;4;8;<;@;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=
159.n6