Sample details: 4f959e2a1958c2020043c2399f4c2987 --

Hashes
MD5: 4f959e2a1958c2020043c2399f4c2987
SHA1: 2b61b10ec489733e66250fc13a7ff38ee5d31bc1
SHA256: 198e096f68254a4adf6ec7cbd3d6a1d34accf1e19fdee50f58cab81bbc1b9e86
SSDEEP: 12288:OV+pjUf4izVxd+9aXLg6NyuGoS0NTBMsFy:OyE43CXGOAO
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_registry |
Source
http://financeforautos.com/blood.png
http://financeforautos.com/blood.png
http://transfercar24.de/blood.png
http://transfercar24.de/blood.png
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
It>It)
Pj jxh
RVPV#*6
6*:WRu
/:#5Wg#
:##P2;
/P:)W#
RVPV#*6
6*:WRkI
/P:)W#
RVPV#*6
4.n9H:%
/P:)W#
RVPV#*6
/P:)W#
YAkdk%P
RVPV#*6
6*:WR#(
V/::-z
/P:)W#
RVPV#*6
W./gO{
zg~jOP
V/::JS
/P:)W#
RVPV#*6
/P:)W#
k?_+a2`
GoE*?*
RVPV#*6
/P:)W#
RVPV#*6
6*:WRB
/P:)W#
#*P/GmY
RVPV#*6
&P:/f=nIk
:##PRr6
/P:)W#
RVPV#*6
/P:)W#
2eV]Z^
RVPV#*6
Za:)*)
V/::-2
|#fcV!
/P:)W#
RVPV#*6
6*:WRc
/P:)W#
RVPV#*6
#&3(	8$
T@+I	T
&P:/Dj
*Y5)*:
:CtR:W
/P:)W#
#*P/WM
RVPV#*6
6*:WRq|
nJz=R:W
/P:)W#
RVPV#*6
V/::Zd
/:#i\W
:##P5~
/P:)W#
RVPV#*6
/P:)W#
E$(AQM[
RVPV#*6
6*:WR3D
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
&P:/,.
V/::Rj
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
r{f&T/
AUrk<a
6*:WRJ
450z}@
/{^)*:
/P:)W#
RVPV#*6
?^R@R/R
"<:)*)
6*:WRh
Ra9#@q)*:
/P:)W#
#*P/iTM
RVPV#*6
.{`:)*)
/P:)W#
|:)qP.0
RVPV#*6
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
V/::'#V%
/P:)W#
RVPV#*6
K=_AEB
/P:)W#
RVPV#*6
6*:WRX
/P:)W#
#*P/h||I
RVPV#*6
/P:)W#
RVPV#*6
6*:WR"
&P:/eKp
/P:)W#
RVPV#*6
3&[g)*:
:##PJ0Z
/P:)W#
RVPV#*6
UVWAVAWH
pA_A^_^]
RVPV#*6
/P:)W#
#*P/~Ow
RVPV#*6
W6>VM:g
6*:WRZ(
Y:,-86m
/P:)W#
RVPV#*6
./08w5
/P:)W#
RVPV#*6
6*:WRasa
/P:)W#
RVPV#*6
:##P v
/P:)W#
RVPV#*6
V/:::&:v
O$V8y#
/P:)W#
RVPV#*6
);3:)*)
V/::![
/P:)W#
RVPV#*6
im:)*)
;S~c0,#V:
V/::vzB
s~vQ)*:
:##Pnn
/P:)W#
RVPV#*6
(B.&)V
&P:/y&
*V~gS#
/P:)W#
RVPV#*6
:##Pf&q
/P:)W#
#*P/[0
RVPV#*6
6*:WR'
/P:)W#
RVPV#*6
6*:WRL
/P:)W#
#*P/D"tx
^zz2\5
RVPV#*6
.Z.&)V
P`BFjV
6*:WR:rWx
/P:)W#
RVPV#*6
un"/!l
6*:WR-uI
V/::an
/P:)W#
RVPV#*6
SD!Ed&Y
6*:WR,
/P:)W#
RVPV#*6
6*:WRU4=;
V/::~gq
/P:)W#
RVPV#*6
_@:)*)
/P:)W#
RVPV#*6
V/::3z
/P:)W#
RVPV#*6
:3:)*)
/P:)W#
#*P/cc6
RVPV#*6
Z}?\edF
6*:WRM
/P:)W#
RVPV#*6
eF(@8Z
K18E2X
:##P:Q;
/P:)W#
RVPV#*6
i~HEV%
6*:WRQz=
&P:/H'
/:#d0URl
/P:)W#
\oU6P:{
P*=nHp
RVPV#*6
x)bJ_V
/P:)W#
RVPV#*6
Z0%R/R
q\p5:)*)
6*:WRF
/P:)W#
RVPV#*6
4ue{db
6*:WRC
V/::uUw$,
/P:)W#
RVPV#*6
i_QR/R
&WR:'|
:##PqY
/P:)W#
RVPV#*6
/P:)W#
*:GX@P
#*P/Dr
Rd,RYM:P
RVPV#*6
/P:)W#
-sC[&<
RVPV#*6
/H@5x.x
5":)*)
6*:WR%
&W<E#/
/P:)W#
RVPV#*6
I1aOZCV*
6*:WRR
o>m)*:
/P:)W#
#*P/o^
RVPV#*6
6*:WR3k!
V/::'I({
/P:)W#
6*:WR@^
&P:/``
V/::hR
MMo49]
/P:)W#
YzBk/6Ip
RVPV#*6
]n:)*)
/P:)W#
RVPV#*6
3f:v6-_
V/::aO
/P:)W#
RVPV#*6
6*:WR^,
/P:)W#
#*P/zH
RVPV#*6
*SX:Hi
Ffmo)R
/P:)W#
RVPV#*6
p)vj-*
6*:WRH
/P:)W#
RVPV#*6
VhAR:W
/P:)W#
Q`uNLX
RVPV#*6
Y:({SyX$
/P:)W#
&/)u[ag
RVPV#*6
6*:WR$g
/P:)W#
#*P/wj	
RVPV#*6
A@a:)*)
/P:)W#
#*P/aNPs
RVPV#*6
f8)RlP
#&ON@C
6*:WRj
V/::2M>
s{!z;)R
ol-&iQ
/P:)W#
RVPV#*6
	^DwR:W
/P:)W#
RVPV#*6
6*:WRg
&P:/WI
&WP(Rj
/P:)W#
RVPV#*6
%4OYlQ
/P:)W#
YHtxa$
#*P/@{9
RVPV#*6
V/::hU
/P:)W#
#*P/pC
RVPV#*6
?/!gR/R
m=9&W^U
V/::5|	
&WFW v+
:##PDf;
/P:)W#
#*P/(:z
RVPV#*6
C/JBcv
Y:&Je]i
&P://D
*68e?V
/P:)W#
RVPV#*6
W"m^&f
:##P7]
/P:)W#
RVPV#*6
ek=jrQ
6*:WR|
/P:)W#
RVPV#*6
6*:WRao;6Q#V:
/P:)W#
#*P//nh
RVPV#*6
'q:)*)
6*:WRp
/P:)W#
#*P/1$S
RVPV#*6
6*:WR|
/P:)W#
RVPV#*6
:##P%*I
/P:)W#
RVPV#*6
7M]$R/R
V/::u}
/P:)W#
RUWVS3
*2:)*)
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
6*:WR[
\]`#GV9#*
pKch=w
/P:)W#
RVPV#*6
&P:/m#
/P:)W#
RVPV#*6
6*:WR\
V/::+(
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
H\[0:)*)
rd$"V*
-Jv>R:W
/P:)W#
&/(u}w
RVPV#*6
_"S)*:
/P:)W#
RVPV#*6
@7')*:
/P:)W#
RVPV#*6
6*:WR.
&P:/!]
/:#hZb
/P:)W#
#*P/< T7
RVPV#*6
[TP3R/R
6*:WRi
/P:)W#
RVPV#*6
&H:)*)
6*:WR|
&W0re\
/P:)W#
#*P/x\#
a?)dH*
RVPV#*6
6*:WR@$
V/:::f?
/P:)W#
RVPV#*6
/P:)W#
RVPV#*6
+)a&)V
/P:)W#
#*P/Tb
RVPV#*6
{N3&)V
6*:WRf
:##P|:
/P:)W#
RVPV#*6
/M:)*)
:##P<U
/P:)W#
Tub]C<B
TyW":P
RVPV#*6
IBhR:W
( !lD`
:##P%Zvp
/P:)W#
RVPV#*6
8+m6	V
/P:)W#
RVPV#*6
6*:WR?
/P:)W#
RVPV#*6
/c6=k8b
&P:/v)^
/P:)W#
P*}zX*
#*P/*4%n
RVPV#*6
QO10&j
:##P10
/P:)W#
RVPV#*6
V/::f`
/:#a2Nt#
/P:)W#
RVPV#*6
w7<}b-
:2:)*)
6*:WRs
/P:)W#
RVPV#*6
6*:WRl)SA<X
+s`q.)*:
/P:)W#
RVPV#*6
V/::~&
/P:)W#
RVPV#*6
7s8:TQ@
6*:WRI6
)-n#{4
V/::tX
&WynK]Y
/P:)W#
RVPV#*6
qDj7(\
k\)\+P
32&TYhn[
CCvAuG
Tbl/Rm`V
r7^\  8
6In\  8
;h\  8
BGU\  8
J@f pp
]"\  8
17\  8
_af pp
@Qf pp
Hc\  8
_bX\  8
qyf pp
B2U[f pp
7	of pp
Sl@f pp
d]f pp
$Lf pp
 #	f pp
8X\  8
7>f pp
\q\  8
\	!\  8
|@Gf pp
em B\  8
0:f pp
Z^\  8
MR\  8
8of pp
9c\  8
>a\  8
}Igbf pp
\V_$\  8
?6f pp
0Yf pp
:C\  8
LQf pp
:0\  8
sWf pp
{FPf pp
!.f pp
Ea>f pp
vbf pp
<Bf pp
eA\  8
32Sf pp
rUf pp
FHf pp
"<f pp
A>f pp
#*\  8
a$f pp
pa@\  8
Yq\^5f pp
g)\  8
UUf pp
3Df pp
9$f pp
M	T^f pp
Aiof pp
.j\  8
kh\  8
aUf pp
N@'f pp
3b\  8
VNJ\  8
U5\  8
B#^ef pp
{C\  8
\\:f pp
%Nf pp
7q\  8
.8$f pp
fU\  8
o*\  8
5{f pp
09z\  8
?df pp
bPf pp
H)\  8
$Lf pp
4O"\  8
*1\  8
#@f pp
fsf pp
@#\  8
a5f pp
26\  8
HNf pp
\]\  8
ui\  8
o~\  8
g(_f pp
^a\  8
6s0yn\  8
5-\  8
CZ\  8
MJf pp
ewUfc0k
6IDH/	lo1
tQ=O$w
\,k~X+
HX"<?QiS
,q=&z=
[r|.q9
O}Wc\]N
&        
GetScrollInfo
GetWindowLongW
WindowFromPoint
GetSystemMetrics
GetWindowPlacement
GetScrollPos
InvalidateRect
SetWindowPos
ReleaseDC
MoveWindow
SendMessageW
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
wsprintfW
EndDialog
DestroyWindow
DefWindowProcW
DialogBoxParamW
SetTimer
PostQuitMessage
EndPaint
BeginPaint
RegisterClassExW
LoadMenuW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
USER32.dll
lstrcmpiW
lstrcmpW
GetStartupInfoA
lstrlenW
lstrcatW
SleepEx
GetModuleHandleW
GetVersion
GetLastError
GetTempPathW
CreateFileW
GetCommandLineW
KERNEL32.dll
COMCTL32.dll
CommandLineToArgvW
SHELL32.dll
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ADVAPI32.dll
memset
_XcptFilter
__p__acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
MSVCRT.dll
_controlfp
GetModuleHandleA
    957
    `\
 B  7V{
    c-
  6ryy
  ?Oyy
    GJ
 yq[UR
 B  0.
 kxgX  
    :b
    QZ
    S9
  ROyy
 B  /@
 B  )*B  
 bkZv:
s 4em 
    ud
    tB
  6wZEM
k~EB  
s :cej]Q 
 B  0<
p*oB  
    fvm
M?qB  
 B  $:8B  
  z2yy
s (Bt 
    ne
 B  AA
    xY
s Nkc 
jwPB  
 B  O0
    'K
 B  n*bB  
  q@yy
    4:
y ~}OA
  {ITqz
    y_
 B  P"
    rj?N
    u_
s -CO/a
  ) >P
 B  Ya
 B  6D{B  
 B  ,'}
 B  <B
 B  F(d
    1n
    K:
    dD
@ls [ 
 B  8s
    h'
s V9P 
  _e0yy
 B  O6
s '1y*
    4b
  6{Syy
 y?nq@
    ja
  \|9yy
    9M
 B  sN'
    V-
 B  yes
    eN
  6Gyy
 yOVm'
 B  n~
    /H.
    2#
 B  AP
 B  v?T:
p=Y3B  
 B  UW
 B  X2{B  
zmBxB  
 B  _8#
    A[G
    4N
s O]h 
 B  WfB  
    i>
>j{qxt
u/XPyy
 B  D	B  
OG@B  
    {c1
 B  Oi
    	Zy
    5]7
 B  vd
F'vup 
wDLB  
    NG
`]iB?  
 B  WT
    6n
 B  5$Z
 y=iA$
  t%<yy
s 0|6 
  Sk	yy
XUJB  
 B  e}B  
    yr
  WAmA
  [@Tyy
 B  "Z
 ;6)TGM  
+ekB  
@>2B  
    6U
  Yxyy
    An
    !qF
    08	
y "iC:
    'p
  9uB@!yy
 B  DT9
+"5B  
 B  wTDB  
>)q]U 
    	;}
    d7++
    GW
  bIyy
  /}yy
 XE6_$
 B  0+
    Ju?
    ^\2B
 Iu@%  
    ,h
y ^Zu|
 B  k-
    .R
    \^
s 4Kr 
 B  6+
s 7~b 
 B  $TJB  
2l\B  
 B  J#2
    O4[
  JxIyy
  >7yy
bO,y-By
 B  :'
  !\-yy
  P&RJ\Xyy
FrvqRJ
    f\Rg
    Mc:Xe
 B  ")
 B  m>B  
  N$&=
    yD
 B  XL
r\J3/G
 B  r''1mB  
    &&
 yB.HJf
J.+OX 
  eXHj
  OTJyy
  8fyy
    *0
  	"##q
 B  Tx
s &mj 
 **{D.
    g@
    M~
 B  <4?
  $D![
 B  Ah2B  
 B  'oGB  
 U<Hc  
 B  "2
*B)B  
    *~
 B  lz
 B  (lB  
    ZX
  Ulyy
 B  C-XB  
x")B  
 +=*  
  gcyy
 B  owB  
]pjxyy
w1oY  
& /'Wo:
k;,kI+C|
&Bgyj=
f^-}~.
(G=Os(
'9dl>$
m'pXL{"{
<WT2/1S
%cmTE\\
'iI~C?]a>'
>+$DNR
KiZoNP(
	yWL^Y
XPY!PQV
n%6H+egMd
ci@\euj
V4'|,R
#@_oN->Qa
,8O{JO
LH>/iE):Wb'
 AQbb/
-"sf[*UL
W>Q.Dq
BqfTA6/
z_j]|1>^
TCc'&8]
DymcH(
>yqFZB
=B2y,W
_&w?U_$
.uKJd!)
5*L@Co
@KX,m;
Y.MwZT
7oQT0JU
4[phgL
8WC8|4
nKw *)
b?h=7w
CaKqS=
fN6	w/Tj
W&4!=l3
i!+q$6
aJ[s?o
8~rr$	
c|I,:6Q
8s6P+%x
|,y=MGlx
!,BWNS
|(trc	
#,06Lh
;v#hJ	
=Q=K!Q
@KgL?M4
#mx,\	
	*,Q^oT
o>++\	
mzvb)"
hH:K3	
#y(Ad&
}xfVl:`
o 9L|=O
7P	>e:_
oCJ)jJ
:1nFM2
^LPx,J~
sEg+{a
?>Ebu]
	75A+j6(
nLe6 	
@USa{K$
6oG8[rj	
j$RW>/!
9[$9]]
6$%q~Z
	S2UVA
}V[b;	
?B^L2"
 G.#Pk
u]&7@s-eFR
m7cnQq
su3&OD
NFekGt
577Eqz
&;P)I;
e]u80g
2MFV(d
^_.FFs@
UNK{Hy
H.v|HT
Yf8 --
Js9]4-
S-mqPt
)\Hb8	
}>8G'U
	9HV\#
ZQ7f65
V*r9uL
Ps(#{	
/7U>yS
eiIM!(
OTM%t	
	C;)ztC
?<<"	}
 $?g`(t
lP6ht?
jk+K^s<
LB/Rnk$
'6GF'[+
F!8TY}	
TV\u53
.S{_81
Sm(k5|k
I4nc12
.eTK0*
&WY]%IR
"	gBm1
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>