Sample details: d45aa2a3e8024dd0250a0b9130bb2b5d --

Hashes
MD5: d45aa2a3e8024dd0250a0b9130bb2b5d
SHA1: 7860bb4d9c9e88b9b9b3b15d877f2c54e3e079f8
SHA256: 361c4fa48418b5d24a0e0b93a91a5aa655227653f57e555e0e151e29f8eebfe6
SSDEEP: 1536:6tosZKT1eORA+ye8sIUxB3EAs7WtyxTIgPgFe5oMpeaHZ617ORw3Bbi:6tXZa1Nk53UxBUAsqKIGfbeaHZnRw3B
Details
File Type: PE32
Added: 2018-10-04 00:55:04
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__ConsoleCtrl | YRP/Str_Win32_Wininet_Library |
Source
https://eyemech.org/shop/image.png
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
ciOcd'wq
}ZzBN2K
(OdahN
c`	Pr>
:jE#bC
!$v^$+0
QUND7>
qLvN+#
o"O&Gf
)7<G`-
Y=I}bG|{
UJsv=	*Sy
)3B6.`!
e]&g6^
7qPW"]
W^&zc:
Cv+>p`
 M{-Rs
)@x}O7
;aV)G]~
 n/TUt
A@sg'>
1{/!H1
"j*II*
$]:nmy$
}6`YtFB
Az>;`:
NBd$^z|
l@5?/H
ORzw$ok^a_h
w c6<V
:GK-DY8;
y}Q!pEF
;bo2"A
DnYl{t
c	:>vi
<E~ZdV
D$ 5Bg
=pq.Xs
57_9J)
D$0%K*
D$(	 hR
D$0VgD
D$h+'>
D$lj@h
\$hPWS
L$D--/
|$`+t$\9t$@
Wf9t$B
malloc
towupper
msvcrt.dll
GetPixel
GetObjectType
GetStockObject
GetTextExtentPoint32W
EqualRgn
GetTextExtentExPointI
ExtCreatePen
GetDeviceCaps
FillPath
GetTextAlign
GetBkColor
GetROP2
GetPath
GDI32.dll
GetParent
GetDlgItemTextA
DefMDIChildProcA
GetClipboardOwner
LoadMenuW
InsertMenuItemA
GetWindowTextLengthW
DrawIconEx
GetMenuContextHelpId
IsWinEventHookInstalled
DestroyAcceleratorTable
DrawTextExW
LoadAcceleratorsA
GetMessageW
EnumThreadWindows
DialogBoxParamW
FindWindowExW
PrintWindow
GetWindowInfo
USER32.dll
DeletePrinterDriverExW
WINSPOOL.DRV
FindFirstUrlCacheEntryExA
WININET.dll
GetFileVersionInfoW
VERSION.dll
LoadLibraryW
IsValidCodePage
WritePrivateProfileStructA
GetLogicalDriveStringsW
LoadLibraryExW
DeleteFileA
GlobalAddAtomW
GetThreadSelectorEntry
GlobalCompact
GetTimeFormatA
GetMailslotInfo
WriteProcessMemory
GetVolumeInformationW
DefineDosDeviceW
GetCommConfig
GetWindowsDirectoryW
GetShortPathNameA
GetSystemTime
FindFirstFileW
VirtualProtect
GetProfileStringA
GetSystemDefaultUILanguage
GetSystemWindowsDirectoryW
GetDefaultCommConfigW
lstrcpyA
GetPrivateProfileSectionNamesW
GetWindowsDirectoryA
GenerateConsoleCtrlEvent
LocalLock
GetOverlappedResult
DefineDosDeviceA
GetFileSizeEx
VirtualProtectEx
LoadLibraryA
FillConsoleOutputCharacterW
GetCompressedFileSizeW
WaitForSingleObjectEx
KERNEL32.dll
EqualPrefixSid
IsTextUnicode
EnumServicesStatusExW
IsValidSid
LockServiceDatabase
InitializeSid
LookupPrivilegeNameW
GetPrivateObjectSecurity
ADVAPI32.dll
GetSaveFileNameA
COMDLG32.dll
%0y,X3y,
GkaP_Mf7n@
!|hVT;
hm!'S+S
I.t~F'(
q4D6{_
^#c0*Y
KesnWT
OksK0S
W;lgdI
1=hR8K
yoszOWB
FA?.v<
Ly~Eg.
Ioke@l
sBxEqV
")g=Ua
*:!%Gk
V,?:[&
H5#tt\
|YDA/w9
g)hpIU
l{hK?_
SB6Vft
~`?;8U
&oWEz7-'
AsvKA8x
o7@}Ry
k/Fl(5
LK	$sm
r;_`!kc
pY!F]H
+MWgKN06
o;X`B`|
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1*0(
!COMODO SHA-1 Time Stamping Signer0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180821000000Z
190821235959Z0
EC1V 2NZ1
London1
London1
320 City Road1
AJALA INVESTMENTS LTD1
AJALA INVESTMENTS LTD0
D_}U=&
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
RFFS$,
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
181003080850Z0#