Sample details: ad2c77a0d85ea70de835912a0854e63a --

Hashes
MD5: ad2c77a0d85ea70de835912a0854e63a
SHA1: e25adc25992337d362fe9a51847792108d8124c9
SHA256: 9f6b765b31918e9859149b8f2c10196d8e60e4500ed5fc6f6fea6a89c189e2b2
SSDEEP: 1536:vxmFqbN+uJ+GayuAELVWwPALp1qSdkqICS4A7Wgt:52quxA9GtWg
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RijnDael_AES |
Strings
		v	N+D$
master_sk
_vsnwprintf
decrypt_file
D:\AverSosetUuEnota\rwdec\src\dec.c
file_decrypt_callback
dec_main
stdout_hexdump
D:\AverSosetUuEnota\core\src\common\debug.c
D:\AverSosetUuEnota\core\src\common\system.c
is_ru_speak
0123456789abcdef
%>@_)D4/4]`
L2+9!QW
X]:+TaI0*WO
]%P =\9 U
E2Y5F!B ]
Z>8HO$)26=
^ XD2E$,GAY8
W2)6?E.
b-A.#MOS5
$NQ8[8U"8&
expand 32-byte kexpand 16-byte k
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
D:\AverSosetUuEnota\bin\Debug\rwdec_x86_debug.pdb
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
SetEndOfFile
CloseHandle
CreateThread
GetModuleHandleW
GetProcAddress
LoadLibraryA
CopyFileW
MoveFileW
GetStdHandle
CreateFileW
WriteFile
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentThread
SetThreadAffinityMask
lstrlenW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
KERNEL32.dll
MessageBoxW
wsprintfW
SendMessageW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemInt
SetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetWindowTextW
USER32.dll
CreateFontW
GDI32.dll
IsProcessorFeaturePresent
0fL06	
mh=T/%
H3$N#Y
hm!BOF
{"all":true,"master_sk":"f2a2nmrDygHFvWDYzeEA43xLGDN6vpzYvvpyizT5Jm0=","ext":["0kwg6nsj","2qo4sz969c","342tq9","38g38l8w0","5psp4v8","6rf84626sq","6t655th","70iv054","7plven","860vvv2a0","8j91w0","8kj2w","957gd036jp","9zumd","a4tjxg72a7","chv7d","dea33jwa5","h03819n","j4881c","jm5py3o1","m59783e4v0","q7858c","rew35lr58s","s2353i7","s2guhx8bj","wcd7roz047","wundj942ox","blk9o","58m005","dea33jwa5"]}
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependency xmlns="urn:schemas-microsoft-com:asm.v2">
        <dependentAssembly>
            <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
        </dependentAssembly>
    </dependency>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
    <application xmlns="urn:schemas-microsoft-com:asm.v3">
        <windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
            <dpiAware>true</dpiAware>
        </windowsSettings>
    </application>
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
        <application>
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
        </application>
    </compatibility>
</assembly>
#010K0_0
1,1F1P1U1a1g1x1
122B2I2n2~2
363N3X3_3e3~3
4"4'434D4K4U4[4b4i4n4z4
5#5-545J5S5Y5m5t5|5
6%767G7O7b7s7x7}7
7-888=8Q8b8
8$94999F9W9a9
:":3:9:K:R:W:d:u:z:
:,;2;=;C;H;U;[;`;i;z;
<%<.<6<M<a<m<y<
>J>i>p>u>{>
?%?,?3?9?
40D0a0y0
1(151;1A1Q1W1^1{1
2<2Y2g2z2
384?4D4P4a4i4
575Q5W5
;6;J;Y;
<B<I<N<Z<k<p<u<
?$?,?i?
0+0A0h0
1"1(141D1J1^1v1}1
394@4E4Q4b4
1:1]2q2
7!8B8[8t8
;'<I<u<|<
0#0W0b0
>#>->L>[>j>w>
?+?5?U?_?q?~?
0'0K0R0a0n0
131I1\1n1
2	3&3-3:3G3e3l3{3
484?4L4V4w4
5'545A5_5i5u5
6-6X6n6
6#797M7_7
8$8,838A8H8S8Z8j8u8}8
9!9(949;9F9M9
:!:-:T:i:~:
:+;B;V;b;r;
=*=g=x=
5 5&5,52585>5D5J5P5V5\5b5h5n5t5z5
758>8F8