Sample details: 3fc35e883c4fcd75a9c7aa9e8205bbaa --

Hashes
MD5: 3fc35e883c4fcd75a9c7aa9e8205bbaa
SHA1: 1e5a5818c93c309c5f52f38767a7f03f9d75d453
SHA256: 77c944e245acf1fc5f3f3c76ba51a7fd131a20f289f882b44b1b4373c139af20
SSDEEP: 1536:0/sewTjW3SoKKKKK6KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKe:mseuW3C6caorDoDaFeyIQRGP0uE
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_V80_Debug | YRP/Microsoft_Visual_Cpp_80_Debug_ | YRP/Microsoft_Visual_Cpp_80_Debug | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasModified_DOS_Message | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Big_Numbers1 | YRP/Crypt32_CryptBinaryToString_API |
Source
http://rofa-rps.de/9lh2M/
https://kinoko.pw/hfid3Wz/
http://lumaspark.com/pmd/wp-content/plugins/ERV8E3/
http://andysfahrschule.de/JC4X/
Strings
		!dern32
	This pro W
`.rdata
@.data
.idata
@.code
@.reloc
D$0fp!X9
L$0+D$h
O6fXmc1SZ
5.+	`j=
;#vRp')
W_?i\T
sgQt|L4
wM_G9$
o 7d\&6
l?ILRm
v/?c;y
MBBuou
>/0%s|
WJjt.$
Q87N;#mRp"
|tA*Y.l
Xbm!4n
^[|+=Z
A.9Fcn
uK0M)?&1>
gCgY5&
EW/ufi
Q4K9D&
o7Z&;]3
gB&~(n_9
F6cgIM
|geti9
{@aT2B]
w"B3EwDJ0
ubSK=e
wYRW[Fr
xh,dg\
m#W9CG
9aA+-B
w,cCbcD&
<q'$!{
EW/ufi
4aEWpo
9m+I. kN
oMY_B~
xjf/(l
]I5f{7}
V)ssOsez
sm7vC_=
G`/:uw:_
+o/qOQ
:JeI<l
0hdYrl
(O/[vC:1
#M@R@CNp~n
L$45Cc.+	
D$TcP@
D$D#D$D
D$T+D$T
L$L3L$4
L$H;D$(
L$DiL$P
L$4iL$P
D$0)2E[
T$X+L$h
J1H-Hw20j-h0-
+Wc4EW5_wH+
the -sercfg option can only be used with the serial protocol
JH-Hw0j-h0-
+WcEW_wH+
_ejEeRHhhBWR-
hwrJWRJEr
124354867654323454567652343657568.pdb
juN.+_V
3C^B5e
%`7VCe
KgQdlJf
Ks'u]5
:NoPPk
Rg&aaCq=
b}&V^c
2?.4H,
zAK2o%C
t#I]4	
gB&~(s
x*76|a
(WqC\(C=5U
4#x<H6
EW/ufi
QwL/dw
n8^<]c
A$F@gc
	|Ge'Y'
GR5~, 
b{fio!6+
2vyw7*
z+Gy3]i
Pt#I]4
s:vt1B++mP
?p]h(!
[o@lB	/
Zup@VCX
A2w><I
I6jE'G
*,	5t[
):'=6p$
P4JF.	
Fzv|,D
FaultInIEFeature
urlmon.dll
CM_Disconnect_Machine
SETUPAPI.dll
EnumPrinterDataExW
DeletePrinterConnectionW
ReadPrinter
WINSPOOL.DRV
msi.dll
OLEAUT32.dll
ReadProcessMemory
GetCommModemStatus
FindFirstFileNameTransactedW
CancelIo
KERNEL32.dll
CloseEnhMetaFile
GetOutlineTextMetricsW
SetWorldTransform
GDI32.dll
CreateDesktopW
SetWinEventHook
GetWindowModuleFileNameW
GetScrollBarInfo
GetGUIThreadInfo
GetUpdatedClipboardFormats
USER32.dll
CertNameToStrW
CryptGetDefaultOIDFunctionAddress
CertVerifyValidityNesting
CryptBinaryToStringA
CRYPT32.dll
waveOutGetNumDevs
WINMM.dll
CoRevokeInitializeSpy
STGMEDIUM_UserMarshal
MonikerRelativePathTo
ole32.dll
RasValidateEntryNameW
RASAPI32.dll
glGetIntegerv
glEnable
OPENGL32.dll
InitializeAcl
RegQueryInfoKeyW
RegRestoreKeyW
CreateProcessWithLogonW
ADVAPI32.dll
 u\Zbw
:8Vh=l
LTSlj"
o3W]Z*
,2;oA6
LTSlR#
&Dj&,<75
:(j_%:
L kM@~6
<<mD\BE
G !Y1;X
hjp[Y)#
7:2/9l
,0;oA7
nn@efRTUl
t#m<,!5
Utz`^|
hWVIfVT
yO Z%R
uaZ*]	
\-TA{RT
udZ*]i
u+O[uj
ubZ*]9
x;X&u\_*]
uaZ*]`
5N~18;g
;u\c*]
u+@Xuj
Ju\j*]
uhZ*]=
PJg	7NV
cmx@bRZU
Xdv\Z*]bd
cmx@dRj
cvx9>f
u+Ic5j
*8;`,u\Z
T0fRT)'
u&Z*]$c
TWfRT&'
u8;`2u\Z<]
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
4%5-575
< <&<,<2<8<><D<J<P<V<\<b<h<n<t<z<
5$6(6,6064686<6@6D6L6P6T6X6
6,7074787<7@7D7H7L7T7X7\7`7
74888<8@8D8H8L8P8T8\8`8d8h8
8<9@9D9H9L9P9T9X9\9d9h9l9p9
9D:H:L:P:T:X:\:`:d:l:p:t:x:
:L;P;T;X;\;`;d;h;l;t;x;|;
<T<X<\<`<d<h<l<p<t<|<
=\=`=d=h=l=p=t=x=|=
>d>h>l>p>t>x>|>
?l?p?t?x?|?
0 0$0t0x0|0
1 1$1(1,1|1
2 2(2,20242
3 3$3(3034383<3
4 4$4(4,40484<4@4D4
5 5$5(5,5054585@5D5H5L5
5 6$6(6,6064686<6@6H6L6P6T6
6(7,7074787<7@7D7H7P7T7X7\7
7084888<8@8D8H8L8P8X8\8`8d8
889<9@9D9H9L9P9T9X9`9d9h9l9
9@:D:H:L:P:T:X:\:`:h:l:p:t:
:H;L;P;T;X;\;`;d;h;p;t;x;|;
<P<T<X<\<`<d<h<l<p<x<|<
=X=\=`=d=h=l=p=t=x=
>`>d>h>l>p>t>x>|>
?h?l?p?t?x?