Sample details: 008e3af19388cfa7d358117ad37c7a28 --

Hashes
MD5: 008e3af19388cfa7d358117ad37c7a28
SHA1: 7d0bd40598e95e237bb5a9ea964520c6c337d864
SHA256: d9ed19e19bc75aa1787ce3a77531637d93a8f387657489b60f87b001b8c0414d
SSDEEP: 6144:nCm2RYdkOFx0pOF4/1nT5tvjjnFJuFUnnjiGfu6m:CwdkKQ/B/3koGGBm
Details
File Type: PE32
Added: 2019-10-09 12:04:58
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_indirect_function_call_3 | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook |
Source
http://fornomonse.com/angosz/cecolf.php?l=icath2.tar
Strings
		!This program cannot be run in DOS mode.
0qn"0pnikyo
0pnikro
0pnRich
`.rdata
@.data
.gfids
@.rsrc
@.reloc
URPQQh
;t$,v-
UQPXY]Y[
j"^f91j\^u8
j"^f9q
t/j=[f;
taj*Xf
VWj\^j:
WWWPWS
SSVWh 
f9:t!V
QQSWj0j@
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
v	N+D$
v	N+D$
u>WSWS
L$(+L$ 
9\$ uJ
t$(=g[
lj2U	n
m(*<hw
s;\td+
EHQ=;f
#7s3xz
gqp"(L
E]m]Gt
js	a*p
T@c?1v
>Ip!_@
VGYGlPN
L.pj4J@
;IP |d
,b@*P;
ChW$YU
}8	1sw
q;@#PG
R<@r4{>w
Qt$1>-t
Rbw( p
b$-% c
aFP]`M
O_FvF|
n94SB@
aDlmp>
@E@jG#
?H(,%B
F4k9fv
9zapCl0g
ng2;eb
cxtx.2
l)	!JB
7n(/E^
H+^8(w
.UM,|T
i`E]nu
UUUUUUUUUUUUUUUU]
Unknown exception
bad allocation
bad array new length
Main Invoked.
Main Returned.
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
?5Wg4p
"B <1=
_hypot
_nextafter
Kqq9I@~
Ve6	fl
M@	PX	
fEhjBH
x	E!nM
:PHv+2I
iayn&e
wlle@iN
4etrMd
 2olnn4
oG(:ll
<]E)fI\
iCs-gne
isNt?%@
=,Ui4 
2u)!C4
tpn^7l
pibtrl
NfmlC1
eceivg6
1diEan 
udLOa_^
]aDstv 
@al<(uqst
v-NniG
Ze eAr
@ t!Se
s]\sUe
eOBeA:;
xnGieC
InvokeMainViaCRT
"Main Invoked."
FileName
ExitMainViaCRT
"Main Returned."
FileName
Microsoft.CRTProvider
c:\guess\Quotient\Simpleanswer.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
GetVolumeInformationW
EnterCriticalSection
GetCommandLineW
SetSystemPowerState
GetCPInfo
RemoveDirectoryW
GetModuleFileNameW
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
LocalAlloc
GetSystemDirectoryW
FindFirstChangeNotificationW
CreateEventW
FormatMessageW
TlsAlloc
CloseHandle
GetSystemInfo
FindNextChangeNotification
VirtualProtectEx
LocalFree
TlsGetValue
GetSystemTimeAsFileTime
MoveFileW
KERNEL32.dll
GetWindowTextW
ReleaseDC
UpdateWindow
GetClassInfoExW
DrawTextW
GetClassNameW
FindWindowW
EnumWindows
GetAsyncKeyState
ShowWindow
CallNextHookEx
EnumChildWindows
GetMessagePos
DefWindowProcW
GetWindowLongW
USER32.dll
DestroyPropertySheetPage
CreateStatusWindowW
ImageList_SetOverlayImage
CreateToolbarEx
PropertySheetW
COMCTL32.dll
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
COMDLG32.dll
CoInitialize
OleCreate
CoUninitialize
OleInitialize
ole32.dll
SetSecurityDescriptorGroup
RegQueryValueExW
RegOpenKeyW
OpenThreadToken
OpenServiceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
OpenSCManagerW
SetSecurityDescriptorOwner
QueryServiceStatus
RegEnumKeyW
RegCloseKey
SetSecurityDescriptorDacl
LookupPrivilegeValueW
ADVAPI32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
SystemFunction036
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
333D3o3
4(4=4C4M4
5K5\5a5f5
7$7+737;7C7O7X7]7c7m7w7
9"939Y9n9u9{9
:,:4:M:
;";(;P;V;|;
<-=6=;=a=f=
>8>R>X>h>
?!?<?G?
.0=0D0z0
151X1h1
2G2i2w2
6 707G7O7y7
70858:8s8x8}8
9'90959:9^9j9o9t9
:):5:U:a:x;
<'<G<U<\<b<t<
?)?K?Y?e?x?
0<0F0L0R0
5!5,5>5G5
6:6j6y6
6	7s7z7
9%9+9?9K9
:":>:b:}:
?%?*?;?A?L?T?_?e?p?v?
0/0]0c0u0
3O3K4_4
606<6M6V6
6	7N7<8F8S8
1&101A1F1[1
5,575N5~5
7J8O8U8Z8
939:9E9S9Z9`9{9
:	:0:I:X:d:r:
;,;6;R;];b;g;
<7<G<c<n<s<x<
=A=L=Y=n=y=
?$?2?O?W?
0"1=1x1
3/3A3S3e3w3
;e<l<s<z<
=J>S>k>}>
5)555C5S5h5
>E>v>|>
1-2N2U2k2
2'3Z3o3
> >2>z>
?,?5?>?
_0H1W1v1
2 3J3R3o3
5H5e5y5
8k8l9|9
:':2:8:A:
=(>e>o>
0"2\3w3
;;;O;U;
8;9@9D9H9L9
=-=4=K=c=s=
>$>*>B>S>i>r>z>
?,?2?9?S?g?m?r?z?
0!0-020=0F0R0]0b0k0s0
1%1-12181C1[1e1n1
20262=2H2W2c2u2
3#3;3E3S3]3f3y3
4#4/474U4\4d4n4w4
5"5(515?5H5S5d5k5
6#6(6/6K6R6c6g6
7'7-7C7m7r7
748[8j8~8
9!9+919B9T9l9q9
:7;\;z;
=3=D=W=
>$>:>@>a>z>
? ?1?:?E?U?\?b?y?
0"060<0D0J0e0~0
1.191n1{1
2$2*252;2M2S2`2j2o2u2z2
3"3+303;3a3g3}3
4*4L4Y4^4v4
565A5b5s5x5
6	6)6/6<6G6M6\6t6}6
717D7M7T7b7i7u7{7
343D3e3m3
4%4+444[4b4h4
5!5'5-53585=5C5I5O5U5Z5_5e5k5q5w5|5
6#6)6/656:6?6E6K6Q6W6\6a6g6m6s6y6~6
7#7(7-73797?7E7J7O7U7[7a7g7l7q7w7}7
$2,282<2@2D2H2T2X2\2p2t2x2|2
2,3034383
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6
=$=,=0=4=8=<=
? ?$?(?,?0?4?
`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
;$;,;4;<;D;L;T;\;d;l;t;|;
0$04080H0L0P0T0\0t0
0D5H5d5h5p5x5
6 6$6@6`6
7 7@7`7
8 8@8L8d8h8
6(6@6L6P6T6p6t6
8$8@8h8