Sample details: cb47db092132c66ed0ed6d705cacd72c --

Hashes
MD5: cb47db092132c66ed0ed6d705cacd72c
SHA1: 884cdfb481b5f38485d7844b015728665eedcc51
SHA256: f52720305e8cd88c48de5eecd5965983d48693e4c693e3f82cfa48f1f2edfd78
SSDEEP: 6144:up2jrNSfUetDI1LdsVifhSMQ35HpYHYpOPYN8v:y2/NyUeJI1LdsHMQpHp9UYN8v
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/anti_dbg | YRP/escalate_priv | YRP/screenshot | YRP/spreading_share | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
hlM3OQ
T$HRPh
VQSVVVV
9t$|t.
3OVVVV
Sh(N3OSP
3O8\$Pt
3O8\$Pt
+|$dj@
3O+D$L
3O8\$Pt
3O8\$Pt
3O8\$Pt
3O8\$Pt
3O8\$Pt
3O9\$xu#
l$HVSh
3O+D$h
3O+D$h
3O+D$h
3OSRWQ
3O+D$h
3O+D$h
3O+D$x
9\$xu!
3O+D$h
3Oh8N3O
hXN3OVVV
h\N3OhdN3OP
PhlN3O
RhtN3O
3Ou'9E
uTVWhWD2O
j hpu3O
t h@g3O
h8%3OW
^SSSSS
h$&3OVS
HHt$HHt
?If90t
*2O!+2Om+2Ox+2O
<at,<rt"<wt
URPQQh
Rh&:2OQ
\'3OV9P
P'3O9M
t$<"u	3
< tK<	tG
3OVVV+
3Oj@j ^V
3Oj@j 
t"SS9] u
PPPPPPPP
Z2O [2OD[2O#
 ]2O(]2O0]2O8]2O@]2OH]2OP]2Oc]2O
PPPPPPPP
hh/3OS
tIj"[:
ukSSSSS
3OVVVVj
v	N+D$
tCHt(Ht 
;t$,v-
UQPXY]Y[
3Ou09E
@ht73O
QQSVWd
hTO3OSV
o5pY3Of
f-00f=
j,h@|3O
t*=RCC
;7|G;p
tR99u2
f-00f=
(5po3O
X5`o3Of
v	N+D$
tWItHIt9It 
tRHtCHt4Ht%HtFHHt
<+t"<-t
+t HHt
	X 9} 
2O.F2O
1O@r3O
1OUnknown exception
cmd.exe
COMSPEC
1OCorExitProcess
1Obad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
(null)
`h````
xpxxxx
UTF-16LE
UNICODE
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
SystemRoot
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
53Ot53O
3Ol53Od53O
3O`53O\53OX53OT53OP53OL53O@53O<53O853O453O053O,53O(53O$53O 53O
43Ot43O`43O@43O 43O
33O\33O<33O
23Oh23OH23O 23O
13Od13O@13O
03Oh03OL03OC
color 1f
7zqvvv
nvvv];
~svfvv&
svfvv&
4wvvvv
CLSID\
EXPLORER.EXE
winsta0\default
No network detected.
Create
Version
PrintDlgBox
WriteFile
kernel32
Malloc
Delete
ReBarWindow32
MSTaskSwWClass
MYCODE
Message
invalid vector<T> subscript
invalid string position
vector<T> too long
deque<T> too long
list<T> too long
string too long
invalid map/set<T> iterator
map/set<T> too long
2Oe+000
?5Wg4p
"B <1=
<8bunz8
l,kg<i
<@En[vP
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
1Obad exception
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?1#QNAN
1#SNAN
_nextafter
_hypot
C:\acetne\Transformationa.pdb
r3O$r3Ols3O
3OTr3O
dr3Otr3O$r3Ols3O
r3O$r3Ols3O
s3O s3O
3OPs3O
s3Ols3O
s3Ols3O
s3Ols3O
t3OXt3O
t3OXt3O
_@2Oc@2O
FindResourceExW
LoadResource
CreateProcessW
HeapAlloc
HeapFree
Process32First
WaitForSingleObject
GetProcessHeap
FormatMessageA
EnumTimeFormatsA
GetUserDefaultLangID
OpenProcess
FindResourceExA
WideCharToMultiByte
LoadLibraryW
CreateEventA
GetConsoleWindow
GetModuleFileNameW
lstrcatA
GetLastError
GetProcAddress
GetLocalTime
LoadLibraryA
Process32Next
ProcessIdToSessionId
LocalAlloc
WTSGetActiveConsoleSessionId
lstrcmpiW
CreateToolhelp32Snapshot
CloseHandle
LocalFree
lstrcpyA
KERNEL32.dll
GetWindow
GetWindowThreadProcessId
SetDlgItemTextA
DrawFrameControl
SendMessageW
SystemParametersInfoA
PostMessageA
IsWindow
SetMenu
ShowWindow
GetCursorPos
SetWindowPos
GetDesktopWindow
EnableMenuItem
GetClassNameW
SetScrollPos
GetWindowLongA
MessageBoxA
SetWindowLongA
GetForegroundWindow
SendMessageA
GetMenuCheckMarkDimensions
FindWindowW
FindWindowExA
IsWindowEnabled
GetParent
IsClipboardFormatAvailable
LoadBitmapA
GetWindowDC
InsertMenuItemA
CreateDialogParamA
EnumDisplaySettingsExA
USER32.dll
GetStockObject
GetObjectA
SetTextJustification
SetStretchBltMode
SetMapMode
SelectObject
DeleteObject
GetTextCharsetInfo
CreateDCA
GetCurrentObject
SetBrushOrgEx
CreateDIBSection
SetWindowExtEx
GDI32.dll
EnumPrintersA
WINSPOOL.DRV
CreateProcessAsUserA
OpenProcessToken
ConvertSidToStringSidA
GetUserNameW
GetTokenInformation
RegSetValueExA
RegQueryValueExA
SetTokenInformation
RegOpenKeyExA
DuplicateTokenEx
AdjustTokenPrivileges
RegConnectRegistryA
RegCloseKey
ADVAPI32.dll
CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitializeEx
ole32.dll
OLEAUT32.dll
ODBC32.dll
WS2_32.dll
NetShareGetInfo
NetUserGetInfo
NetApiBufferFree
DsRoleGetPrimaryDomainInformation
NETAPI32.dll
EnumProcesses
GetModuleFileNameExA
PSAPI.DLL
CreateEnvironmentBlock
USERENV.dll
AVIMakeCompressedStream
AVIFIL32.dll
acmDriverClose
MSACM32.dll
PathCombineA
PathCanonicalizeA
SHLWAPI.dll
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
WinHttpOpen
WINHTTP.dll
SetupDeleteErrorA
SETUPAPI.dll
WTSQueryUserToken
WTSEnumerateSessionsA
WTSAPI32.dll
GetNumberOfPhysicalMonitorsFromHMONITOR
dxva2.dll
DeleteFileA
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetFileAttributesA
RtlUnwind
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
SetFilePointer
GetExitCodeProcess
CreateProcessA
CreateFileA
FlushFileBuffers
HeapSize
HeapReAlloc
CreateFileW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
ReadFile
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
,3Oh.3O
8&3O(&3O
3O`(3Ob*3O
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
D,'5y@zK
\8k]L7
V8Ci,|
~M	im0
MDjV@jJu
&Uaf#h
+=x:M8
N(]U$Z?
'9-=3Uy
`kew3Fa
LwWB1"
6;B<,,
Ayt9th
l/tl'l
-O@@YK
(jo[R:
`&(j-w
JU?U}0
ib]b0a
/u(\)XS
}VG6<$
ZV"8D`
f=^xe<h5
div,k:M
9$G)}`?
%^)?b k8
v~W3)/yk]
eyVM~H<
g=x{S7SS
-O@@YK
wdqZ+YbN17 L
eo)KdD6
GYB"Xz
ZqA%YW
TC	F1<&
8Wt[9d
sKPh7Rc
D<^}?I
>wicwb
N\	|Sx
<xxlA=i
zOHp.-\9
gt Y}[
Y4la/,
0l6~R3.M
z{Kp}HR
U&2Jsl
 O.m~u
f ko&_6
oXd FcM
sXK4?.z
.F$Fb&GsZ
TD|&>>
A8rnJ.
%}L9Wh$
v4eX!ID
[gOS	vE
1wePgt
biFs@KvP
=!.6A$;T
v=&R1j
a#CLZ]
5|;qiJ3ju
9.Z~T/[)(Y
9y*vKAAa
L><\1e$
	T	8pB*
/	*1z:1
GU|r\X
jiX,%{
.{+8JY
sHol;P
V|b6Q+1
&yacIc]p
Ed	D[G
~/u{Xku+yM
qZ@)eO
?#OQ){
77tP2Sr
PB@'kH
1_.(:a
F;TF|e
a,Hz%<!
o8h;$^
&m$e%Er
6{,n"j
/E-F:3
io[CoN%
k+}C{a&m
9bYl'=
Js~KoR
>l9E`I
Ee3D7-Z
kKA!5<
4v{m?&
-S+@a3
Un|N99
>9it]9
&*yz2*G
':W3;I
0gF=TV*'
3TNNka
i^~9[:
T#8hlN
GXEt	6
SS,GJW
f)""B[
?@5LH/
h#f(u8
Zy7PEP
GPgZzh
CN`H^9
6zNH4M
"4!0a;V
!Pcuue
avn11-`	m
[0U,`P
I^hl>T	
\%DN@C
*tbL:+e{&o
O$k<BN58
["6#{M
{d9[sJ
rb2,PE
.oSd$4
t<bR) 
xHvnN!
waIkrh
,<+0dM
u1]ppw
VKEyfn
MVFUP4
I{^`3#k;i
Te_&Uu13+
X4m!	b
1??u<+
?l6k1@
A*f(f4l 
9V~/}n
+L:3td
X/D_=A
]aD/up
<&<+$GO
o6#uhYVi
	`C}&Tv2
~?y838
4xV1pc
@f/"}d
+m%:GI 
Q:pJ,D
Q-m-:$
X169b:`H#
nvD YkL[
4Cw(kv4
<)Qk{C
y6KL0|
Xyr>&<+
^DWjSm
[Ds?F=
F.K!aw
U)e\,*
wf;1"f^
	d+foz
Bly]&CT_C
$[ZzN=s
6.d?^G
\dH+sG
VJXgrs
WI*zjF
>^0cSu
Bm*/v9
'ePaKH
k]WN:4
!@AeRS&wE
>M+6?R
jMLWsh
n1"$y|
AV4I)u
}K\x+u0
O1Usyw
?Qq`Qk
SNU(6CGl7qA
C.#]	 n-
1KTdXd
B*?)~HP
_WS("t
7`B"DWT
OJlZqI
:C.___gr'
djI}*uUBOD8
D\q_IgY
\F//&g
JAWB<d
+V9<lEu
?_~T|0cB+
-Hezjc
v#B2.5
j/#w)F
/zt6%P
LVS]e>
Zb;.m|
"DCW2Orv(z6E
Lu]lmj
g~5E#t
*+mPKu
fk//#(
:2hn~~
c{,wE%X2
Gg	zmy
R5U,X*\A
80p6j	T
7h3AnJira
5z%- V
dt`Q%y
G"c]sU
:^W<IC
/UxUal
nMLSsh
%S`G[m
`J`3`n
,D/[nm
e,yN_E
1l4Ek-
,ZZURg
^/%wz/j
wX(^9c
+/"yT5
};'(0c
)aI#AK
=(O&R8
vA`G_*~:j
\!6w>A
HV^jC}
CgkM6D77p5J
0!q}x-
j{qpK2
l}Ak6s
wup_2$
%|qA	 
8 sQ.\
@@#x^2
`| |W~
-3c}]a,%?
ec+@eqx
Bku9?W
7d5qsX
~-}n*z
AYe#hs&
 Z$8Ba
x1nZm[#
XW/C#y
D]$8F}	K
+AEPXyx
Q>}qW6k
wR5U,X*\A
20H|n,
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD