Sample details: 7c8152ee1d6b9a53d207185bbddb1ebe --

Hashes
MD5: 7c8152ee1d6b9a53d207185bbddb1ebe
SHA1: 6b0a8a0a812c242ba7fe40b6f0760c9967d575bd
SHA256: 64be23456581fdc425fa5597131963053e9e97415a347a5dd3eccbab12814477
SSDEEP: 3072:h9jRgSIzK+QyV2jzXslzb7w4JxkzXJmRJZ:FoYyV2jzcl7ZCz5U
Details
File Type: PE32
Added: 2018-06-18 12:45:40
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/DebuggerHiding__Active | YRP/anti_dbg | YRP/keylogger | YRP/Str_Win32_Wininet_Library |
Source
https://companieshousenamecheck.com/name/check.php?coeA
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
5q7m9wO
+|$L9|$8
+D$L#D$<
D$89D$8
D$89D$8
D$8#D$8
+L$L#L$8
D$@%HI
\;D$Lu 
/;D$Hs
D$(b+7C
D$$+D$$
D$X=PE
D$$iD$$
D$|@<iH
\$lf9t$l
L$$f94A
D$02T$o
GetUrlCacheEntryInfoA
WININET.dll
DefDlgProcW
DestroyIcon
GetUserObjectInformationW
GetClipboardData
FindWindowW
GetSubMenu
DrawIcon
GetMenuItemInfoW
GetClassInfoExA
GetKeyboardType
GetWindowInfo
GetProcessDefaultLayout
DrawTextW
InsertMenuItemA
GetMenuStringA
TranslateMDISysAccel
USER32.dll
GetServiceDisplayNameA
GetSidSubAuthorityCount
IsTokenRestricted
IsValidAcl
FindFirstFreeAce
InitiateSystemShutdownA
GetServiceDisplayNameW
GetNumberOfEventLogRecords
NotifyBootConfigStatus
ADVAPI32.dll
GetProcessId
GetSystemDefaultUILanguage
VirtualQueryEx
GetOverlappedResult
FoldStringW
FlushViewOfFile
FreeLibrary
GetDiskFreeSpaceW
GetCommTimeouts
GetStringTypeExA
ExitProcess
WritePrivateProfileStringW
GetStartupInfoW
FreeEnvironmentStringsW
GlobalGetAtomNameA
EscapeCommFunction
DebugActiveProcess
KERNEL32.dll
EnumerateSecurityPackagesW
FreeContextBuffer
Secur32.dll
vfwprintf
strtol
msvcrt.dll
OLEAUT32.dll
IsValidURL
urlmon.dll
ExtTextOutW
GDI32.dll
@X; AX;
}mF'|mF
X9Gri8Gr
szq#2{q#x-B
~&&)E'&)
wXVe*`
o%%ek=c
9cGca0
|t$CDj
xGWTUb
W&c{	<
^$&,~UU
*Ne&2,
&wXn*P
k'7)j%
$odn*P
k'7Yv%
k'9!~%
)1.1{3i
jIhl<.
>F]=TcSu
qga38>
Gj$J!0
FPyI3?%
jj=i>y
nJCCbX
o1bBJT.<
GuI?,#
_j5Ev=
O$fe5=
+h=F(T
|J|DT?'50
t"M_"/
 wXc/Gxe
]3V;-H
TT/ CZ
+OT<.B
X@=R|$
wN%}G~sGt
ac}=/m
	/~F,_/\
(_N}W.hA
yN.?Fe
DX	%/lj
x)nx(S
h-r}8!fW
!EC`,z
+LK7VM
UaN4 e
T&}{Kz~
Y?XuUc
3K<uM 
}qe<S"
pD]Ptc
c,]H&pRv
>}EspW
4HDL.*
?_] zQU
x!0N0/
6XtKz.
0mkm8gW,
gzLeS(`
7(#jw{
1k(x%a
	W|=Z"8Y
r `0qW
>7zur`
'oO,"9YT,
-bBeEp
8@yb,c
:;:;-`
.B3R,n*
*=V{/.O
#Q	2%~{
zN 	|<
6 y$e^
`E4>Z}cb0;
`!di,8F
G\] @HJ
)I`:4<
t5Bg(Kw
3ylVY3
2	d=%k
{Z[>0Y
@^AtO~
|M+@uW
O4yKix
XZ[Ep<
n?l,HDB
&}j-XfUBy
/7)J<,NP
>(Gc?7^
Rz;YZt
`>ko:2
JZAZ@j
`[g\Dd
(8X:c$
qRBq@_
I<rN\3
|Z|}>e
BHU^|[(
W%^~\kyb#pW
}x}>Zf
"SJ4]I
2S^'b]
O$fe5=
+h=F(T
MgJ[s4
*S7hQDQ
0&YKNs
>oac&s/
^selwK
OSN+vf
jkNbcR
pfs7hAa
-C}uZm2M
piNRSv
=n4Fn)
Ac%9[fU
ki+p5j
.`Pj	A
/;+0;)a
<F(g<'d
m*ti3	
%"}UbIJ
${z l.
rT`r?ryO
ve]Vp2
}rcM%j7%X
rm8dFdl4
KUSUrDL
)3]bWl
 "528P
,=x0/[9
G	@Vs+
s!:+Cg
i;oT.>9e
Y|~WiZr
C!bh0v
ifcrRl
`K84H^
%~IZCB
7m@R.M\.$
YBz1B(N
!5*u^J
Qu{JL{5]}
!+[WV'
'<`eLpS!
fTt:)6E
h1U%28L,
/:ss)Z.JOYu
,cr,Ky
Ao3B9-
Rgv]aA
Ez{"5.h
nUT)THl`
[znwHNq
Ev:OC 
n]!$W*[tY
cKbwhu
"WJNEgF1
i9I=a-
>0j(RH	
vMH+	v
(8<S@M
	^7M<r
^X ?[A
:cnn<(9
Kb[W8e
0nNy4t<
Uja&''l	6
9`G_Np
agd<Xw
	F[Ctw)C
\BN/."&a
13Eh)oU
Ula0s6
ja*nc~
kMz,Ui
|#u,6W
G({g??
kNhE.52
XbG>qb
H'Vs4c
cvObrW
ULkIgG
+h=F(T
=	2T0X
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    name="Microsoft.Windows.verclsid"
    processorArchitecture="x86"
    version="5.1.0.0"
    type="win32"/>
<description>Windows Shell</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="*"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
        </requestedPrivileges>
    </security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
        <dpiAware  xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
</application>
</assembly>
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1*0(
!COMODO SHA-1 Time Stamping Signer0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180518000000Z
190518235959Z0
E16 2DD1
London1
London1
46 Camel Road1
INFIINET LTD1
INFIINET LTD0
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
mUfZ0	
&c^jm$<
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
180618081056Z0#