Sample details: 970ab9a91aebd24ba2157b215b72be65 --

Hashes
MD5: 970ab9a91aebd24ba2157b215b72be65
SHA1: e3c2d0564011752053f5c80deb0f2155550d07fa
SHA256: 0f25bdf140a5652ba482085fb4abce072e082c9774fa8d5a72020786e789336c
SSDEEP: 3072:YtvNxZYH7jHA/ERx8+kbgF9AysqrXY/W+TFz3dwF:Yt1kXfSb+G1I
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/inject_thread | YRP/screenshot | YRP/win_mutex | YRP/win_private_profile | YRP/win_files_operation |
Source
http://backpinging.com/m1/setup.exe
Strings
		!This program cannot be run in DOS mode.
9Richz
`.rdata
@.data
899}834
nQkk1Mc1aZgExu
meP#knt
mst&nen
Wr]ueF]me
C`lse|bndPf
krt!clF&ge
m\ae_]
C>L_DMFX
>JR}Km!
PDcltr@
2ubt9$
?p`ciu
R>NFTB@REyLiconsos9\Wtkdo
`me]GsW
fcrnpl32M
8Asdjch/ino -
7rsJjat0
Rt|dkSt;e
5ism.ro
+am}[an
h r`` ik
M#daqc
.rpaoc
TTB`MT
{	y0p+
	vGF&Y
+u;FPc
	zP!#	
+`m}\`n
e-r1dsa
0@]$/t
Aoe.`r,
Dnq9hay
Deyhse
`}htMwnc
Ge1Fnm8dmdYlm
"hsM:itl0Khl0S`m
GeaUqonhrs
YusrigmA]
NLDLY51.
OgfCog`t0Mdy
RerIdlpydKp~@
yUayzdE
KFeaEnlqjqP
d\Xgbr
pnfa\Vi+dnw.\Bu
rdn!VdrngnnIRtn
PeSersdzpmR_nuiybfe
Btrobmt
mc`eoh-dyc
NMSQFKL
@ihn.k`l9
ro3kva
Dht k`dd
qn _`aozq
330,66f!)a0$/,4<3b-<0ea
c0e-d27.
fbrztnfaYVi{anw
/54056-
d81x)c8  76~<,
JeKYEenmYg0R
:rpdle
?ea=gmXcfd	kfe
WlC`nje
RWlL<mlE/ngr
RWlMJXml0Bal0JYm0C
>eaJgd`i]Hl_\l
^[ent@e
>eaGYp
SYr|j]tpqk
>eqGac
>e1E]r.fgn
RblWD]\obs<i_a[tZpqA
_EuaapAM
yslrn]lA
)slr9afA
\]l.0&d9^
Kh0^dEUV[uaV=x
b]s^Egk
IerBdo^TCed
OT_CoTYt
I]yPy9
Je2>he;J]yPy9
Je2Pme_wNaYc]EU@
IerR]t
/HD#I(W
=@O$?RB
$)V`E95
Kjo]V[8
OCC:9T@
<OBJlRC>:
oSm-00n%13
KJ.W91
J@Z"+NL	?9F
jqy[Ysui\d
Yi1[gr0gma
b3+-7.Z--?h,f
^%cpi0esi]2
8%8cf1-\h02b6)5
g]0]+/f!h(e
-4~f%4
*1-o6[38[]22*[8!*8a
16 7*c
4a86/82
h[2M3/2
h*-!*)4
c,ap"[1
d.ah7[d`"12
2)au8^7
X+e|"47
Z--ZZf!6^d
3]5,48211*4
d+7s7%9ng^-
-1of]1n6
b(f`eY-,d\1x6-8
 11#c%6
.23)4a
d+9 !47
e0b<)86 !Yc
/-a`+cx`.f
_-c~d[-
0%0/`.1
4304%9!c*-0e.a/185
+9^01bu0%c
c--!a]1
%b3d,e,a-3A5*
b%al00-s
%4d1)-
d0d 6.3
_.1qK%3sb\-
0%d!a+2
L\ezCan
9EbNKE
B9LA?PNA
K<umQacdYq
Fe!rgr6
ag5Y]r
7=F$>gn3L_
HgNpqHllnea
cda{]]r
c_e^n]aaIj_c
]f0J\e
KoIIOrDX]
Ltzmac
Oaczsf
Eacbji
TaecFfd
qle8^lr$[
r]n.bj
-CEbYt^
9S@TFeq30
R<O]qamt[]r
m>i{F]r]PYr
]eiyUOepK]nq
LmeaXYl
4ar1qYlMpan!ajD
JanrZe_pqM,Lmai7aebFj
Dj2;s)0]B<N
qKt_DYm
o*.o1-
DfocNKutU]
kDgnOIqt
Pr@bas0QYn2Ndi{
NioEanMNana
Be_IHaqogl
Zbs1.1
%8/2860/1d<
.8$D/a
0]dcY%4
^-e	d4
da#2]5#
16,2810]%0"
lfdj:k\
8jrpSlVp7ki
kfsaddl)
*1 fZe
.-od11
mYd{hdlM&,x]k
w$m\i/
\s$4leH
)\>R\.0;]
l]t^m&e
2`eynTv,,0\mooe_3`eYn&eUi
Rp6%M]
jesije
_deOi`a3mgrXofi!oji{g
S06%M]
fje{`] 
b] 8Dpc
b]s^!jukedl
LhPod^e_dfc
 %EUbdu.hgnP9le{1aoK!dl9
Ydcfar06Yli%^iodoayQ
Qgwm0joam[oi
XnT przeja
kannIYl
@TCzklr
]rcl[e^
Kh</]d\^[e
.TP,/Ym@I]rn
aY`Hoil[y
la{aYrq
kynH]m
[r`j\li
CJEY?aco4lo
]rnkgnI
Foqf^y
-dap3g
_lrZ_Keq
]rcf[e^
EB\JKeoEac
Cgn!1gl>bl0
1ni>bk\
A9M>bjvdb]
neo,ao
`[oA6fg
'MTS"8'
+laK[Yl:a]=
YsnhebyD
hjsd_f=
_ko3*&WD`\ob+&Md;goY=hp
po`[e^,gr
5]=r*an
<qhkc_,httbf>W
6apa,gn
<1hhe;i]n.<6 
demgfd0clA^5]m
O4a^6]moaqI
acoako
c\ob5&Cj/eo{
:o{8jo
 '*]rn+gn(
-6gc05ko
CjcE+le>8mr0
3mby.[Kp>LovZf=
d_eh("'}I'>}I4/
Xhe[g]nqFkspbZld
cemZfd
fks@bZlT
>>&a|R
>=* {B
;a5lF/
cxQkXT
]W9PFa
;tK1pSw
PkC3-Q`
v_K>/0#
![;%7DB
o*1c,&
$NP}G%KJ
.&z9w<
K-*80M
PShzA$AI
-a8Mv/
eiB::0^
/+0#swE@M
jXhx'L
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t hdlL
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
URPQQh
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
AreFileApisANSI
CancelWaitableTimer
CloseHandle
CompareStringA
CompareStringW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateProcessA
CreateProcessW
CreateThread
CreateWaitableTimerA
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumCalendarInfoA
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommConfig
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessVersion
GetProfileIntA
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MapViewOfFile
MoveFileA
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadExecutionState
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory
lstrcatA
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
KERNEL32.dll
LoadIconA
USER32.dll
BitBlt
CombineRgn
CopyMetaFileW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectW
CreateHatchBrush
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EnumFontFamiliesExW
EnumFontFamiliesW
Escape
ExcludeClipRect
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
FillRgn
FrameRgn
GetBkColor
GetBoundsRect
GetClipBox
GetDeviceCaps
GetLayout
GetMapMode
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextCharsetInfo
GetTextColor
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MoveToEx
OffsetRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetDIBColorTable
SetLayout
SetMapMode
SetPaletteEntries
SetPixel
SetPixelV
SetPolyFillMode
SetROP2
SetRectRgn
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt
TextOutW
GDI32.dll
RegQueryValueExW
RegOpenKeyW
GetUserNameA
ADVAPI32.dll
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
IMM32.dll
InitializeCriticalSectionAndSpinCount
111QueryValueExW
VirtualAllocEx
kernel32
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
HOkNpp
3N'n||nK
2mKm||wN4
sAkKm|
o}}mnpqu)!
%qqzzq))%
q(9n}#
#koqqq%%
)(9pq!
!#%okpqo
 %%kk9
z#(9n 
#%%#(o
#99}#%
o(ouq%
ihb``]???>*c
@`]??>>>==+++++
e*==+<++>ZZZ___
^,ZZ^Z_ff
GOGLcmI
uuOo}J=
xoNqH<?p
uua`uc`
'cYoX{
CBA75688;
T8PQRV
V.v.Y[
K(E.v.v.4'
0ssN>NA
v.4.42&
II4XQ31H{
96+)%x
-"%"*,5:
4/('&%%$$/
LLKJJHGCC?
;;;;;;;;;;	
BGBBBBGBBD
MMMMMMMMMM
,MML)M
0MLL0M
1LLL,M
877777
M!?;,"6016666166,>
# |#*'
&#w%+'
;#+%|*1,
?E@uLQM
>(-.}@GH
$*)H*0-v:A@
:',+m?EC
^b`3]`\
rtt}kmm
mmmfqrr
,1.#+-,%
/56(377B#$#m<?=
299'8>>B-/-lCHC
BGC!5;9F+0-iOTN
xxxm\\\
xxxmxxx
1OaV2Ghd#2GrWJ
VPAATSHJHOWARDLFFC0
190908140255Z
391231235959Z0
VPAATSHJHOWARDLFFC0
VPAATSHJHOWARDLFFC
.j63d-
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
110427000000Z
200530104838Z0z1
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA0
190502000000Z
200530104838Z0
Greater Manchester1
Salford1
Sectigo Limited1+0)
"Sectigo SHA-1 Time Stamping Signer0
https://sectigo.com/CPS0B
1http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
1http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
http://ocsp.sectigo.com0
VPAATSHJHOWARDLFFC
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA
0WrI0	
190909121105Z0#