Sample details: 3a54e0c4d396020138af9ca801dbe28c --

Hashes
MD5: 3a54e0c4d396020138af9ca801dbe28c
SHA1: 5b1d56afb3080979918881f39068bcabc4ed7c42
SHA256: 5c959580adf1fbdfea872ece4d29ee6a8319a88273a9923988ef8be4197833bd
SSDEEP: 1536:7mseS0rh3UharM4WHMnEA0tepkq8e7Pbi4eTMluxtXDCntTnICS4ADEqIvdb3G6V:tsM4oA0tCHLbi4eTMlwDCnuSqeF3Gj
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RijnDael_AES |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pot5s8
.reloc
PWj	h-
PWj	h9	
u=j Ph
tJj.Xf
t;jzja
QQQQQQQP
jZf@Yf
PjXj	h=
SVu:W3
YY_^[]
YYt@hL
OH_^[]
3^83^`3
3F(3FP3Fx3
3N,3NT3N|3
3V<3Vd3
~ 3~H3~p3
3^@3^h3
3F03FX3
3N43N\3
3VD3Vl3
^$3^L3^t3
0123456789abcdef
a0LO>;7!YH!K3
-%*/+a)!)@%B-I+
03AD#TK)HBSZ
6Y$6MP[9
[U5EU0,??"a:OUO1-
L5(^M]F89
A`B\MI@FG!BZ-,
.!a<98@
XTa!=F
baC$LMXC
&,K^-I)#
\G_&/Hc
8^S,N9YU
&HUDGBJ. 5B?
;T$<w!
t$8+T$4;
@USVWATAVAWH
`A_A^A\_^[]
UVWATAVH
@A^A\_^]
USVWQH
kernel32
H;T$(w(
t$0H+T$8H;
STATIC
Global\
ntdll.dll
sysshadow
msctfime ui
SCROLLBAR
ASARAQAPRQ
YZAXAYAZA[
RWVSAT
A\[^_Z
M4@8}:u+
u(@8}:u
u+@8}:
tH@8}:u
UVWATAUAVAWH
A_A^A]A\_^]
D$`D3"
l$ VWATAUAVH
A^A]A\_^
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
UVWATAUAVAWH
H!|$XD
A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
t$ WAVAWH
H!l$(H
0A_A^_
x UAVAWH
_snwprintf
_stricmp
msvcrt.dll
GetCurrentProcess
GetSystemDirectoryW
GetModuleHandleA
LoadLibraryA
GlobalAlloc
GlobalFree
GetSystemInfo
CopyFileW
IsWow64Process
TlsSetValue
HeapFree
WaitForSingleObject
GetCurrentThreadId
HeapAlloc
SleepEx
TlsGetValue
CreateEventA
SetThreadAffinityMask
ReadFile
HeapCreate
VirtualProtect
SetPriorityClass
SetThreadPriority
CreateFileW
ResumeThread
CreateFileA
GetSystemDirectoryA
TerminateThread
TlsAlloc
DeleteFileW
CloseHandle
CreateThread
GetFileSize
GetProcessHeap
TlsFree
KERNEL32.dll
UnhookWinEvent
SetWinEventHook
CreateMenu
PostQuitMessage
AppendMenuA
SetClassLongA
SetParent
SendMessageA
TranslateMessage
CreateWindowExA
DestroyMenu
DefWindowProcA
RegisterClassA
GetClassLongA
ShowWindow
SetThreadDesktop
GetClassNameA
SetClassLongPtrW
PostMessageA
SetWindowLongPtrW
SetActiveWindow
SetWindowPos
DestroyWindow
DispatchMessageA
GetMessageA
CreateDesktopA
CloseDesktop
USER32.dll
RtlImageRvaToSection
NtQuerySystemInformation
RtlInitUnicodeString
RtlQueryEnvironmentVariable_U
RtlImageNtHeader
RtlGetVersion
RtlAllocateActivationContextStack
NtCallbackReturn
RtlAllocateHeap
NtSetTimer
RtlFreeHeap
NtCreateTimer
ntdll.dll
RpcStringFreeA
UuidToStringA
RPCRT4.dll
memset
STATIC
Global\
sysshadow
msctfime ui
SCROLLBAR
.rdata
.rdata$zzzdbg
.text$mn
.idata$5
.idata$2
.idata$3
.idata$4
.idata$6
RPhzC,(
t!WjAV
sDWPj?V
x}WWWS
jPZjdY
D$L!q@
Cj	^9=
_snwprintf
_stricmp
msvcrt.dll
WaitForSingleObject
GetExitCodeThread
TerminateThread
CreateThread
TlsSetValue
HeapFree
GetCurrentThreadId
HeapAlloc
SleepEx
TlsGetValue
CreateEventA
SetThreadAffinityMask
HeapCreate
VirtualProtect
SetPriorityClass
GetCurrentProcess
SetThreadPriority
ResumeThread
GetModuleHandleA
TlsAlloc
CloseHandle
GetProcessHeap
TlsFree
LoadLibraryA
GetSystemInfo
IsWow64Process
KERNEL32.dll
UnhookWinEvent
SetWinEventHook
CreateMenu
PostQuitMessage
AppendMenuA
SetClassLongA
SetParent
SendMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
SetMenuInfo
SetWindowLongA
GetClassLongA
SetClassLongW
ShowWindow
SetThreadDesktop
GetClassNameA
PostMessageA
SetActiveWindow
SetWindowPos
DestroyWindow
DispatchMessageA
GetMessageA
CreateDesktopA
CloseDesktop
SystemParametersInfoW
USER32.dll
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtCallbackReturn
RtlAllocateHeap
NtSetTimer
RtlInitUnicodeString
RtlFreeHeap
NtCreateTimer
RtlGetVersion
ntdll.dll
RpcStringFreeA
UuidToStringA
RPCRT4.dll
memcpy
memset
#171K1_1s1
253x3)4\4
4!5<5[5j5
656B6O6\6i6w6
7&7Q7v7
:,:K:t:|:
;4;A;J;_;j;{;
<N<Z<`<p<
=1=g={=
=<>N>v>
1'1-1H1P1[1n1u1
1/2=2h2r2
203K3U3_3w3~3
5*505I5e5k5
9'9-9G9R9t9
:&:::E:S:\:o:y:
;-;2;8;=;C;P;m;
<3<G<S<i<r<{<
<<=M=^=o=
>$>9>N>[>
?"?/???H?
0(020=0G0^0h0s0}0
4 4)4=4
51575A5d5j5p5v5|5
6$6*60666<6B6H6N6T6Z6`6f6l6r6x6~6
;T$<w!
t$8+T$4;
STATIC
Global\
sysshadow
msctfime ui
SCROLLBAR
Fj	[9=
t"WjAV
sDWPj?V
x}WWWS
jPZjdY
strcpy
memset
_snwprintf
_stricmp
msvcrt.dll
GetCurrentProcess
GetSystemInfo
IsWow64Process
TlsSetValue
HeapFree
WaitForSingleObject
GetCurrentThreadId
HeapAlloc
SleepEx
TlsGetValue
CreateEventA
SetThreadAffinityMask
HeapCreate
VirtualProtect
SetPriorityClass
SetThreadPriority
ResumeThread
GetModuleHandleA
TerminateThread
TlsAlloc
CloseHandle
CreateThread
GetProcessHeap
TlsFree
KERNEL32.dll
UnhookWinEvent
SetWinEventHook
CreateMenu
PostQuitMessage
AppendMenuA
SetClassLongA
SetParent
SendMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
SetMenuInfo
SetWindowLongA
GetClassLongA
SetClassLongW
ShowWindow
SetThreadDesktop
GetClassNameA
PostMessageA
SetActiveWindow
SetWindowPos
DestroyWindow
DispatchMessageA
GetMessageA
SystemParametersInfoW
CreateDesktopA
CloseDesktop
USER32.dll
RtlGetVersion
NtCallbackReturn
RtlAllocateHeap
NtSetTimer
RtlInitUnicodeString
RtlFreeHeap
NtCreateTimer
ntdll.dll
RpcStringFreeA
UuidToStringA
RPCRT4.dll
3 3$3M6S6i6w6}6
6%7/7>7H7W7a7p7z7
8"818Y8s8
; ;-;:;G;U;b;
<1<V<f<~<
?,?U?]?
0 0)0>0I0Z0`0{0
0+171=1M1{1
6"6*656H6O6`6q6
7B7L7Z7k7w7
8%8/898Q8X8z8
:#:>:C:L:e:
;^<x<}<
>'>2>T>
!01080>0D0K0Q0X0]0d0i0p0u0|0
1)1F1Y1d1r1
2*2=2|2
3&3<3E3N3T3b3h3u3
4%4+454W4]4c4i4u4{4
5"5(5.545:5@5F5L5R5X5^5d5j5p5v5|5
6$6*60666<6B6H6N6T6Z6
expand 32-byte kexpand 16-byte k
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
CloseHandle
CreateThread
KERNEL32.dll
1WG~k:g
#R9Cli+
`Q{!K=
(sB|:\
>\og`pB\
]LQG9p
ZDiUukzM6ohM5RQoJ6HLiRCxfVUkAANdK
dz9k!e
|Am{M-
9[8F*c
]l@Qtu]
C)l'!0
)L*ogh
MU4WK#AC
3oG~-4)
ec\2^~
wC=&UM
1h=\*Fl
K*yh}wK
4vQiiP
5d&3r8M*,f
 H[&G	
MDX4QN
l:eRT,
PHO*~-K
MyR(i/
T]Q<(B
p\es0]aby
C.pt>Y
};XRwn
7G({TPON
gm[3Ir
=P"`F!QVw[6
5]pYHo
oe0q#W
Y1xS4V
hgT$4nd
!rfC\/
]98;vJ
z6Id5B
s~VhL3
fX`dT 
F'd.;d
5K|]'U NY
-_).}i
t+P*RU
Z=2uE]
=ee(v?#
3wbPEYZ
/:[nx)
sd1~0i+
#iMP<p
aXl} Jp
=U&-|$
hd&/1-
y28:;z
P@vWQI
Ly'IL	
/*W2P{
qw`]!-
KBT*3O
fLNde8
#0>0U0h0
2+2B2]2t2
3)3@3\3
4$4,444<4D4L4T4\4d4l4t4|4
545N5h5
6'6B6_6
7!717A7U7e7u7
7!8&8x8
9'9F9P9c9
:":+:4:=:F:O:X:a:v:{:
:+;O;k;
>W?q?y?
0&050@0K0P0j0
1,1>1K1W1
6B7d7t7
7A809E9
<"<5<H<U<b<
=;>R>g>
>+?J?w?
6-646Z6}6
:2:;:F:c:v:
<.<<<N<S<]<b<h<s<
0O1h1w1
3	4/4I4`4
485?5N5R5
656@6Y6
9&999?9K9[9a9u9
<,<d<}<
959F9O9
<3<8<U<
=P=9>@>G>N>U>\>c>
9.9_9l9u9
9!:H:Q:X:
;&;@;Q;n;
4!4:4I4\4c4m4
5'535C5P5W5d5p5
646C6V6]6g6
7(777d7y7
909E9V9b9
:):9:y:
:3;E;\;p;
;.<?<P<_<