Sample details: 6895be517a8c6c49879881635d48580f --

Hashes
MD5: 6895be517a8c6c49879881635d48580f
SHA1: 69e0da4d171c248f3a02452569a518e362fdf350
SHA256: a1954b3233d9982d400046f616bbdf41f2e76aa11521cba382eb46de7a04a02c
SSDEEP: 6144:2yWQBtX3nfpC5jwHU8SaAS/fCUFl+RK9Cao:nWk0kHU8qSyUHUKi
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library |
Source
http://nicoslag.ru/asdfg.exe
Strings
		URPQQh0
;t$,v-
UQPXY]Y[
j"^f91j\^u8
j"^f9q
t/j=[f;
taj*Xf
VWj\^j:
WWWPWS
PQh`eB
PQhhfB
SSVWh 
f9:t!V
QQSWj0j@
xg;5XvB
tl=`jB
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
x7;5XvB
x7;5XvB
v	N+D$
v	N+D$
ZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNB
FlsAlloc
FlsFree
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
operator co_await
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetCurrentPackageId
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
?5Wg4p
"B <1=
_hypot
_nextafter
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
ReplaceTextA
PrintDlgExA
GetOpenFileNameA
PrintDlgW
COMDLG32.dll
CoGetCallerTID
CLIPFORMAT_UserFree
HACCEL_UserSize
CoBuildVersion
ole32.dll
WSOCK32.dll
NetSessionDel
NetServiceControl
NETAPI32.dll
ODBC32.dll
GetColorProfileHeader
SetColorProfileHeader
CreateColorTransformW
CreateProfileFromLogColorSpaceW
mscms.dll
RasDeleteEntryW
RasConnectionNotificationW
RASAPI32.dll
wsnmp32.dll
ImageDirectoryEntryToData
SymGetSymPrev64
SymGetSearchPath
imagehlp.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
KERNEL32.dll
>S"GqNB&A0P3R%
5q(L#Z8x
mP"W"J#
d=P)R)u
sA)V#K&
<I8HeHI!P?I"R"
&S+C>)"O>V"
h0U"U$2,K0U!
)@*lBKR
>M?PsRA
	<M:H?H
0T#W:C
0vZG-L+G
5f-G'A-4<R)[.
d(L#Z:9<H:J=
!~"V R
-C(B3Y
3V'P"U
6p#Z:Y<-:M?J!
~#W:C8!>I9C+
 c G+N
#K2U#H
:C8A>L
8E2GwMA/\TWC3F"O/
#W:C:F
LS+C>L ;
WCY,L#GsBB1
GTH&Z2U2
0Q U^RF"RVIW:C8E<
-T<W+C
HK-C(G1,
1Y[%B<O
'92DFMA
0QF!M=A
quPY<E:H
:Y<M8LUHA!X?I"V
g@TI"N>S
VIH$T?JGAF(
(B3Y.T
#K2U#H
>I=P)R
?P)B(X1
lMWP+Q@TL
ILPH?H!
XUI"U R+]/GMA
NTW C)NrLI
(H!Z`YV
+P$SqCT
<I8HeHI!Z?I
+C<VgCY
;^&BjUH
9E+TyHN>V G
'T UxIK2T#H
-P>WsYF"J-C
$F2UxUN8z Z
9E+TyHN>V G
'T UxIK
8A>L9G+
-G'A-R>
=R&e.JG+O*
!R$k!QZ$C2
G)@UIH
V6a,L#GsBB3+.T"H2
J#r8E2GwMA-&<W)].
S,n'T UxIK2!#H<N:
M=v>S"GqNB&=0P3R%
Q<b:G:AdLS+
J/m;^&BjUH?
~<N:AjGG%QCTV=C3B 
GJZT#W8
RAT&P+C>N NTW
`OBZ?L=NbFJ
WCLI0P
+G<IxNT
gPjHNT
t/(Ufg
 KwCBM
"N>W G+N
0G-O+E<
LNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTIWPCRATLSACTIHNTWJGANBLIZPYVMPHUHIKXUIHVJRAZGGMAGTVWCYFHKGCBBYYDTHLZXQZNBZUHUNRFJZTI
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0ypflguejdmnufujnbbkywmdozm1501252447224348690139209557363874805558168641226221683838380297|he2647264<4
3920955w3,3874805558168641226221683838380291352
CD\_EUU
1252447224348690139209557363874805558168641226221683838380291252447224348690139209557363874805558168641226221683838380291252447224348690av92|805.mt
87480555
838383
391"524
6224s48&90119249557363<7480555814860122622368383(38p2912%24$722434(690139209557
0480555816864122622168383838
39m!5244722434869013920955736387480555816864122622168383838029125244722434869013920955t|rv8748
458!686
022222168383838029
25Rpucs2434T0901
8201557
73874805558168v41
pea21683
3912524
62243486901392095
ZRRLV48
786<122
32168383838029q25
FR^]W34d%901
820-557
73874805558168v41b26221683838380291252447224348690139209557363874805558!4864122
32168383838029q25b4472243486901392095573638748055581686412262216838383802912524472243486901392095573638748055581686412262216838383802912524472243486901392095573638748055581686412262216838383802912524472243486901392095573638748055581686412262216838383802912520$w200p\YD80139
/#v393vADP45816
&r20>{RJWQ]Y\79125
v$s420jDCZWU`)u5<9aZ\RgLB\[R
!v86412262216838383802912524472
$s4<6901392
x3?gwQRUQM
X}357Y6
3ohgom
hhhmjo
39"0D2
A6\3Z1
z525"4^3Z2
34P69 1f
A2X6Y6
u13262
N)^<X5%58
N*\1r26
s46722
v3kacm
7khkmlj
E<De	M>=
t81B2^
r	5322A
y38G2[
m^>+r2R
r80F3Y
)Z!#u5
y74L:]
q96573
u76243
p6=641
s22348
s96252
2124K!
6(64N?
J3:N04A8
v4eokn
u12F<Z
u38E;:-5
w41F8^
hlimji
y30029
u80A?]
s5;447
u4=224
y7>805
x0:392
y33383
p22B8Z
4G1$8o
9i^#)X
FF	"h\
m-8&uw7
kzsF:M
*|<X4g
nv0;6"
iLr__W+
E+_Q_n
1XzlId
{NLYq=
dI|=}F
5@eWRj
PRRWZk;c
((k>)t
[d<,76 P
lmmFA~
d1O+v!M1{
ya8NmqjV`nzd
Ctryv@oq-dpbRhks9y
u?B`pe
Spw{&L/x
&u.wtAn}P`
HqtvZP
e	n3kitrz{
nvwx`tL
o	Y5FR
PEbq`I{c3
%Mlih4
#h~=F]
62R8~<
Fpv:J'k
O'}?m,}+^!}
\5\*Xw0
bx%u> 
oe{97Q\
xS.U(k
}h(sAo
g|r&1pj
/hefg\vdphkj`iwCagJ}L
H)SFQA76
x%6NPML
~JA];B
)5niwg
vKF,B?
-}<6L 
gKo3>V<N
dtwCj;x
vp	ujd
eruTtAIr^oVt
xKB2XabcnimT
]lBom2
R\WQS_XXS0
%Y'%T{U#Y
GifbWv
lxwd_iAh3
wdl`vbk
qcENYckPy?~)fNdh
~@oYH%V
\a(q@`
9IC]Q9
S~nuY=$V\
-2<=62
=@9[;V8)>
;>C:>8\;
>+7x9N8@7
5*4h9M3b3}3
3P4Y=P2
0+8L9j4p>
>o;	3)=s<L
e;h=?H
%qHelo_
uHf5cW
#<2<a:
]V!YP[Z
3YHTTI
1`?F0N?M0(4
=U405P8
6<2u;y>
=!376y<
0t8R7u8
;|;P4h<
 524^7X2}F
66225683
3Y380293252
4724434
0P392<955
3R7]8T5
5252x$w2:434t&y05FiAY
4555x!v8~412r&r25Ch@Q
b252^4]2{A
3472bGZdTCJ0
3955g@_30748l5
86412(622m6Y3[3[3W0G9_2A2G4
2J4^4T690d
?392Z9_5~F
TVVWDXL
YP[_GWE
FK_E\Z]\
EGWEY[YX
CW@K@[JT
BSBEO\JW
7252d]SU[Z34
4r4h6i0u3x2d9t5
7D8E5G5H1Z8S4m2S6Q2R6W3M3V3L0A9
2M2Y4[22434m
gha`bh
y013920955
v38748055581686412$
r2%683d#x3
v36748056581v(v45226r"q60383x#x0>9121fn}g
p2ey70
r4h}82
q9e~25
q29125
s24348
r92090
r87480
gcc`gi
w4D<	3
6m0t3t2`9
5k3U3M7F8R5@5^1
8R4P2F622d
472X4Y4qC
4G4U6I01392<955
3b3}7y8`5
581684412n622
=383~q~jt252
6434ldlu13921	5553631748455551<86412g
683R3R3qE
4C2_4C48690=392
9a5r3{3h7
80555:168j412
4683~rt`}029
0472fffq86900
41206228683<38350891252a
434R6S0xF
550168
4E2_6B216834383
0f9t2x2d4
22434:690m392
2363~vxku555
2412fdgw16839
83:02982520472?4948690d
m557Y6Y8~A
15?363d7
581684412n622!683d3{3W0]9Z2\2Q4D22434:690n3928955
3B3@7@80555m
f122\2X1
32:434d6
209555363d7482555g168>412
6F2I6L38383m
7252^4]2{A
9029;252
5955qrz`}748
90298252
04345<90d
i557Y6Y8~A
8472n4
6M0I3M209555363d748<555d1
4R2]6]21683>383S0[9T252<472
4G4@6M01392e
o363R7^8y@
9555R1\8
g\W<s2P
)ZZ2t5
3830029
2A2Y4G224344690
3m2u9x5g3
387482555d168
36228683
:029<852a
;434R6S0xF
QU;v3\2
550168
4E2_6B216834383
0f9t2x2d4
22434:690m3922955>363<748=5?58168c
9622[6R3qF
lXR"x2T
(_^)q5
7488555
1B8[4A22622=683
244720434d6905392=9?57363:748
5550168;4;2?6821683m
f291X5X4}B
cPq-r8W
[M'q9]
"u8XI t8
%]{&w3
32:434d6
209555363d7482555g168>412
6F2I6L38383:029r252a
f348\9Z1zL
m^g&s2R
<6909392l9
387482555d1684412m6229683
3L3@0F91252a
x434R6S0xF