Sample details: bd4d64d581a8b89fdff323b3df1127d4 --

Hashes
MD5: bd4d64d581a8b89fdff323b3df1127d4
SHA1: 6eeff75d776159116f3dce02a7a269c42c95b006
SHA256: 67f7063299d14a8ee9ef7c07cbdca54f7f1ae7d40fa493a3d1302b5cda83289e
SSDEEP: 6144:RvbJ8dtf+tstlEXUv0Q9tsGkqcVPUy0PnoyBJJJXTpvUa4:RvbJU+bQHkqty0Po2JJtpvUa4
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://ggcleaner.tech/kiskis.exe
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
@.gfids
@.text
@.reloc
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
RUUUUU
UTF-16LEUNICODE
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AreFileApisANSI
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
i^^?(>
Y:/(A6>
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
_hypot
_nextafter
?5Wg4p
"B <1=
?VirtualProtect
kernel32.dll
tekedulefukaranicayupalibu
zotayemepasesiyokihatini %f
C:\poga\zowabocukafekejoral-jajabuhejifihuwe\zubosazofisac.pdb
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.text$mn
.xdata$x
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
URPQQh0
;t$,v-
UQPXY]Y[
^$+^8+
j"^f91j\^u8
j"^f9q
t/j=[f;
>=umF8
Wj0XPV
Wj5_f;
taj*Xf
VWj\^j:
WWWPWS
SSVWh 
f9:t!V
QQSWj0j@
D8(HXt:f
D8(Ht5F
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
D$(l'I]
D$pdvZ3
D$X=^2p
l$XiQ&b
l$LU5K2
l$Xk{-{
l$l5tm}
D$(POro
l$<u%X
D$|%K&}
l$8q\S
l$HrbG/
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
,OIhjg
ReadFile
SetHandleInformation
VirtualProtect
lstrlenW
GetFullPathNameA
DuplicateHandle
lstrcatA
SwitchToFiber
GetCommandLineA
GlobalAlloc
CloseHandle
LoadLibraryW
GetCurrencyFormatW
GetAtomNameA
FlushConsoleInputBuffer
GetProcAddress
ExitProcess
KERNEL32.dll
ProgIDFromCLSID
ole32.dll
WinHttpCrackUrl
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpAddRequestHeaders
WINHTTP.dll
GradientFill
TransparentBlt
MSIMG32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
SetLastError
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
DecodePointer
CreateFileW
WriteConsoleW
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
dk;m"(
1JX`5&
{PK`af
|B@I gA
&v/?1\
rf)QY:
<~r,.A
L=jdG5
/e>\Jk*Q9
Uh6z^.
&&UB}k
11CSAw
Nu2gc`
LKsxxm
Fs5k=p
w%pA4x6
)i9'%g
ad^l*n~
:mYj^}
;Tr^o~
.`Yl:Mv
;udv	v
avAMszp
@USFI1=W)
u'2 	l
[GaQF]+
|?5o`O
,YB4%2
[b5/w5
+A&b<B
5_mLxz
FZt@em0
VeHQKW
*(WkG>
2}^|Yg
F4$!qo
z)W?A/_
g#t#D{X
9PZ0=J
y~s58c'
CaI,;j
a}B.LL
A$+%K~
D9fz\#z
6{6C3e
WI89S\
o602Eb:&
F4|<M?
+-h{LH
WoUj+a
}4Kbb`
c	X0zw>
nRN\mb>
Ou<G'-
ti! k]
E	\2*Rx:
p(&=@k
)J!+to#8|
K1.qp&
js=Mo'D
K25^oZ
o$`VfL
m HICd
4<d<A_
FN_o'i
S|]6^<%
_Ip4|]t
#wfe<w
t;SRaX(hfW
T6XOuq
:2l8Zn
WPFf29
X91^y%tXMe53
!gP=gT
[PM,bl
pm Nfm
WW+,M<)]>{
4[~kS_V
P>,a. w:
ejz!,l
]aYlFQua
7[]c;U
Od(U(k]:
)b?pEW
+^OD8|,
Sj2DFOUe:
4,]U )
|5E2g`
!3j4zo
Id*6d"
bh<1ma`
0B?8ck
<2yiEF
7eTN	V
S}b(Yb
5ea+R)
|18)*F
QsD@a[jo
acE'[c\
$_VA_]:
LJm$PA(
~r'I(#
iK;+2g
PZ'=\	7
`:rX9\
=kO9.0k
:k[4HyxC
M>%G7U
%muG0AX
)*&R~e
9MepU&
%2v\q"wA
P|y.	~
3^"v3K#
,"\6py
g[oE7%
qn:=;q
:Kn+j6
E$!tcD
M%([K7
k7>*((<G{*0Q~
#yYIaP^:
FpR2t-
!u\4ce
2(Xd!m
#r\z)L
U.xZPu
=d*#w	
B*p8^SR)
=RfkqPE
[!rv~1
h>|$Xg
-"JoT?A
E#'+sB"
}k3dW)
Nx}:S{66c
1@Qu7:9
UZS bh;
w[px>N
+VeIe&
D7_	I6:
Q0]J|e
C$Cc|v|SwW
3m`IsP
T'87PYcN]
av]fV]S
mx{qsG\
WyWxK.
(Lj(T~
CQ6v&Q]+
k4+f]}Q
^fHPT^#
1mZ_D!
	K^(?V
naFe<k
 j&;(_
qVBz]M
AZ38tZ
[Qd2to3a
4H*ED-:
8JIv<IK
._6?}W
3R_N;g6
u_Kz1`
B.UT|I
*Qpl[^
	T8!7:
/N"[@a
/S0N'Y
bjj!_%
.\d8*6`
F'n=}_Z
;.$g./~
nT\3d>
7c,"bQ
c"y07q
O!->&Q
o6(}.}
9JJ6Yh
=Rdjq;R
JR^E"$
W=e#y&
*2JYyu~
{HeJd[
k=.+=]-
]|*_a+
Y(2o0_
sB*	@_A
tN*kS+
|oGBvmMB
dY6l(wdT
|MsYm,
0?[Adq6
&wv" v
rzCD=	?
hSp#d)(
`<rL|Z
{_kbM-
klh%.%
8UY#I(
'{Ki0V
+f8<UoR
'tv[9|~cKDb
#{1"?Lx
fen2hK
f4*VpF
rF~al7U
 Qc|oP-
	711+v
c(5ZGP\
A&}QvY
m'5s8aN
akdg:_
4wB\\OH0
K$>Es1
f^q>,3L
#p 5U2
MM1(.N
X"gH =W
jNN#qDn
0X${F>
p/?O8>
l9V<ya
b$DLx2
0C@Nw|
0?[5Xw
'Xog55
Z@~7SP
p4!(k*/pr
on}:=M
4U .(|
Eu%#@r_H
l?jdF2
[q,[lD
;0qXn.
/&@AX:
gu,,^}EW
s5|dLq<
;l/KmhEW
!dC5BA
|3[xK.
b	R$;%-4(
PfP4LS9Q
d?;/=IX
2ZAMJR
v|]!c*9
/|<zI{v
a&VCq`
GY	?oZo
]yZxg,M!
1X~gJ)c
UR=_=4~
#SM=9^
THSsS%.
k%0Ov+W
lbVs1-
9\`!Wa
75wJX'
O0#.q9
}r 1JP
>!'$p 
QDWoEEz
y<IxSN
mcg7EP
X@]x#Z
Cg}~&E
D<)I};
)[\h9H
47;\5j_
ZjToIZ
kcMAf/<y
hkAiwr
8n+tH@
mcPK!G
*!<Ok-
#X"A-m
T[>by8
#g4k$oe
1%j~(^
pYJVf*
b.ORe?
=%9 ce
k-3Q J
2rxPl\
\!Mw^k
nLr>yp
[94Svr
CJd=-Q
~S _3=t
lHe>Xq
|y''%8
hsb&nV
'u]f(i@
^]h|ZY6p
7'jAtTu
ba=3$!
{rYx^ +
/+Uv[dWddetN
-.-+.+9@f
]+,+0@-)-
|6,0:/
;299+1D~}fy
B++,:.
-1=--421./
/2+;+.02211p
;0*/'-,4<:-
1,/,)2+7
./-+.;21/)Zl
+//91/0>.
.9:2.<A,.201022,
11-,::/.2132+:.,<-
.<:=2,>:-2<2-
-=1+8+-
'  &## &
""  &% "#& 
###.&$BF
'#0&4!#mv" 0!
$ . #& Snd`!4#"'$
"+;10#E
%4020 7|\M
A*%0%.%
2."'&!]
YxkTTD .'0
0)#!._m{
[OAAss< %%0
503#T}Z~
_' .0!
;$0'.^
h#2;10
!"04.UqVi_j=gw5004:2
0#4.7c]
K^|?0828.0
05#.IIJpE?
L/0030/
55'.03.Rofe#58:.5/
0.2.50%kw>.-0:0*	
/84/1.BJ44;340	
01/;1/.31504
/551/694
0 04080<0P0T0X0\0`0d0h0x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
3$3,343<3D3L3T3\3d3l3J5N5R5V5
6+64696?6I6S6c6s6
:1:6:C:
:;;I;d;o;
<O<^<e<
?!?0?9?F?u?}?
$0)0O0
7K7P7T7X7\7
;J;Z;q;y;
<$<K<T<Y<^<
="=,=Q=c=o=y=
1'1=1O1]1
7[<d<l<j=|=
>;???C?G?K?O?S?W?
=4Y4]4a4e4i4m4q4u4y4}4
?'?/?Z?b?l?r?
1#171x1f2p2}2
5"5>5n5}5
0!1&131?1X1k1
2'2,2>2L2S2[2t2
8Z8b8v8
9$909<9H9T9`9
:(:4:@:L:
<;=<>L>]>e>u>
> ?S?f?p?
	0,0G0T0b0p0{0
0N1V1'2
6(6/656P6W6`6
617Q7{7;8E8o8
6O6`6z6
?-?<?C?[?b?
7	7E7U7l7t7
8!8&8>8_8j8o8t8
9 9;9E9a9l9q9v9
:':,:1:d:
;';2;F;K;P;r;
;k>1?X?
2 2S2Z2a2h2
6C6X6f6o6
;.;P;};
;!<?<J<
<*=7=D=Q=h=/>
071F1T1q1y1
2Y2`2i2
5+5=5O5a5
:1E1P1V1_1
2;2f2~2
3g3W4x4
/0C0l0{0
3$313<3
8"8D8N8
:9=.>6>m>t>
1+212>2I2Y2
?#?0?B?
'0<0E0N0
2!2)21292W2_2
<4?G?e?s?
!1X1_1d1h1l1p1
6Q6V6\6c6j6o6u6z6
637:7A7
7 8%8*808
9)919C9I9Q9k9
9M:U:a:
;8;>;D;J;U;v;
101<1X1x1
2 2@2`2
3 3@3`3
4 4@4`4
181H1X1h1x1
7(7,7074787<7@7D7