Sample details: b6b3b7ab04cab7927e043a3a1fe795a6 --

Hashes
MD5: b6b3b7ab04cab7927e043a3a1fe795a6
SHA1: c7e23a585698078df1dcc734a78044b04541495c
SHA256: ae90a26f50161558cba0cc3a4e8e5d58b5cbb25cd73b2e433ec8117206981d9c
SSDEEP: 1536:4ABSiu85ZhssK0Xvkv96rksc/cqNcigRSMe+K0irHae0IAiqiHB:nLZhsUXvkF3/cqNdgR2mwB
Details
File Type: PE32
Added: 2019-10-09 15:09:52
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
<9v%<ar
<.t	<_t
<9vB<ar
<zv:<Ar
<Zv2<~t.<-t*<.t&<_t"
;Y_^[]
t:Nt%Nt
PPPPPPVW
HSVWjD_
VVVSVW
QQVWh@
~49~ u
O0;O4s
wD9WDs
O0;O4s
wD9WDs
O0;O4s
wD9WDs
O0;O4s
wD9WDs
O0;O4s
O0;O4s
O0;O4s
K0;K4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
F0;F4_
+F@;F$w
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
+F@;F$
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
N0;N4s
9:t	9}
	Fh9~\
tS9~ uN9
uF9~\uA
udj XP
hhs`Lh
tuHt,Ht
tTWSSSj
t8SSSj
jeYjxf
SPPj#P
jeYjxf
								
IsProcessorFeaturePresent
KERNEL32.dll
:X.~U+
_1:1$g
&9b,!8{4
#~<9`:
M(;so0xFAS
0,0I0\0f0|0
3+4G4^4
5)575>5
949V9u9
0"0(010@0F0T0Z0`0f0n0t0
4@4i4p5w5
6F6M6Y6`6
093@3[3
2 3I3y3
7`>d>h>l>p>t>x>|>
091@1z1
2,3Z5a5l5w5
5Y8`8k8v8
92999X9d9s9
:::@:F:T:Z:b:h:n:t:
<)<=<S<y<
>)>:>a>v>
>:?G?Q?]?g?q?
0X0c0n0u0
1(171A1G1M1T1[1{1
323r3w3
545=5J5Q5o5
5'6>6G6S6Y6
7"777D7[7{7
8'90999n9v9
;';M<[<r<}<
="=<=[=p=z=