Sample details: a1d6470a5733f5f109fceb65b7ffb063 --

Hashes
MD5: a1d6470a5733f5f109fceb65b7ffb063
SHA1: 92223f2dbe5ec15cffb4d2c0df3d4a53b96e3856
SHA256: cdf6578401ee009c4281cd86c7f4a45ce85ebe836f49d1206d5e91a9465d854a
SSDEEP: 6144:13KRuPFPVBPGPBdtPjPBpxzPXPVR1PTPd/PPPhHPrPVPPPzPZPLPDJPvPndP3P90:1WNHvbyVfbWWbyHjaSabybbybvkblebj
Details
File Type: PE32
Added: 2019-09-10 01:02:52
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook |
Source
http://backpinging.com/m1/setup.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
URPQQhpj@
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
{sefzgfc/11%/2cHzdr
/22Bh44#}
omadHiecQfFMr
XetAqduX{HaRzle5
C qse<
D$@	"j
bJR=gm!Q
P?!D]rl3/
u-em!Q
nub4e$
?p ?iu@;
[RE9Qic/3so3f\W40do2o N
rn0032
EchoFno`R
Im]\rs
J"St<?kS4Xe
,>va-I32]
Zis-Jro
Oam=?an
.r0>oc
]6'BM )
{	94p+
;><0+2<E:
>]dE1FO
 >#psA
>iY>]e
e,nAXd
P`m=@`n
!.t0is
@-rq?sa
ar`lzxAo%Q`rln@
En1Vha9of
 Ge1Vkg$fdmM!
KDR^+-d
De9|seSxkeL!
GeqYnmx
b{sMz|tlpVhlpN`m@a
Ge!Jqo.}rs%}`p] j
lmt] +
isr){mA
 KE?NDL
RerZko^|Jed
|fC/|`tpRd
Re2Vdl0fdK0a@
eUa9fdE
P22[{kl
Fe!Ynl1vqP
?Vikwnwn?Bu_mdnaIdr.tnn
MtnZqbe
NeS%msd:kmR
ret	Khn
rvs	Wtr/~mt
-w`e/t-d9w
thnnn`ly:rosnva_}
st +}dd
tou!}q !s
m`l9:or
uol@nd @thn
n`l9}q:
!;r0Ale
s ?e!agm
R{lC Rje
|lL|RlEoQgr
{mlp]alpeYmp`
 ?e!egd F]H
!?e!rjo
B[e.P@e
*"?e!kYp@oYr<F]t0Mk
@!?eqh]rnIgn
@\o"P<i
CEu!=pA
9Olr.AlA
iLlry>fA
KhpAdE
y[u!y=x
Je2^do
Jerahe{e]y
Jerkme
Je2o]t
HDcf(WZuAZ
a@Od\RB
	)V i95
00.	13M[EX
NLI[9F_
kq9?Ys5E\d
!Ziq<grpHma_=
-7n=--
Yb@A%c0F0e3F]2
;Y9\44dU
%8#:1-
/fa<(e
4-4>:%4
l3Yan;%e\
/8r34a
)2|	[0s:%0];*-a
8[8]=\-
*d\;\8
%9.<^-q
-1/:]1.
>(f 9Y-l8\18
	)9l?*1
%4A8)-
07r8(3l
/-!<+c8<.f
;-c>8[-
%9a>*-p8.ao
8+-e:*4X
7--a=]1X>*1
s7,el>-3
9/e]7[2X=[5>549
07o>/1`
6[1H80
;.11o%33>\-
,bp5Ze]
mQNFYBP
JIZ[09^
_EP.^KC
g<u-uac$=q
Tgle9cAO
oq FeaMgrv
agu<]r
[=Fdagnsg_
lgN0NHl,Sea]
mLP_?da;A]rJN*.
]fpe\e_
SfdoQQat@"Mt:Rac
*t]i/i[O
<do!":i
Ea#>ji
9RN@]n0P
MlexAlrd6
Ke\M]nn=j
[]r#=l
Q>i;j]r
cAei99Oe0g]n1
[arqNYl
Oana>jD_jne/
Ja.MZe
OqMlsma)Xae"ij
Yr2jYl]nlr
hj2{O)0
Yhfo#rKu49]
=asplYnrqdi
Ni/jan
fHa1Lgl
c501Y1
-8dg/aX
4,epB-1
(d7M6\3
]d#5%4
)^-%%d4H/4d
51231%9
"0-q/[f
81p@%0b0dfC049>1/
..--)17
9fd*fk\^ljr0OlV0kki
?dli&Z2
/%4q(--
%+1`9Ze
\6?,.4
)/-/A11
!*7./-c
2Yd;<dl
wd0\io
\sdole
/*\~M\.pf]
n`e92Tvl
/\-3oe
je35je
6`as2gr
0fia0ji;8
$ Spi%M
jeC9je;?] 
>] xXpc	iki
iu+9dl
=dun3gn
dle;nao
Yd#;arpiYl)
Mgw-ljo!1[o)
or:9ja8
/3\,[b
Han.mYl
NxKTPdTC
:Glr:EKe
tKh|R]d
A[e^QTPlRYm
l]r.u?i
EHo)I[y
rla;>Yr1rjo
Fji']\A
tky.l]m^
\r F\l)
?p>TB_JE
s;u_P]nan]r.Hgn
sFo1I^y
Qda0Pg
E]dgMmn
01Ip]r#J[e
_gnaLgl~=l0
~=k\X\9M~=jv$?]
>Ylz<]=
&Ys.Eeb9i
Ejs$;f=
^ac_@kosM&W
?\o"L&M$\go
U]c!Mj
I]=2Van^
Xht4>f>
<q;he{<]nng6 
$de-<fdp>lA
J]m?>q>
K]m/>qI
Uq WLqp
sac/=ko
?\o"I&C*Seo;
;o;Ljo9I
mIgcpJko_`jc
Xle~Kmr
Omb9Q[K0aLo6Ef=
-9`=.4\
!'=5'>=54/
;]n1Zk
s0>Zl$! 
;!*lFo
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CloseHandle
CompareStringA
CompareStringW
ConvertDefaultLocale
CopyFileA
CopyFileW
CreateDirectoryA
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPriorityClass
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LocalSize
LockFile
LockResource
MapViewOfFile
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenFileMappingW
OpenProcess
OutputDebugStringW
ProcessIdToSessionId
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseMutex
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
SetConsoleMode
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetProcessWorkingSetSize
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
KERNEL32.dll
BeginPaint
CallNextHookEx
CallWindowProcW
CharUpperW
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseWindow
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefDlgProcA
DefDlgProcW
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawEdge
DrawTextA
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowA
FindWindowExW
FindWindowW
FreeDDElParam
GetActiveWindow
GetAsyncKeyState
GetClientRect
GetCursorPos
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDlgItemTextW
GetFocus
GetForegroundWindow
GetMenu
GetMessageA
GetMessageW
GetMonitorInfoW
GetPropA
GetPropW
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextW
GetWindowThreadProcessId
InSendMessage
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconW
LoadImageW
LoadStringA
LoadStringW
MapDialogRect
MapWindowPoints
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromRect
MoveWindow
OffsetRect
PackDDElParam
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
RegisterClassA
RegisterClassExA
RegisterClassW
RegisterDeviceNotificationW
RemovePropW
ScrollWindowEx
SendDlgItemMessageW
SendMessageA
SendMessageW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetPropA
SetPropW
SetScrollInfo
SetScrollPos
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextA
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShowWindow
SubtractRect
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHook
UnhookWindowsHookEx
UnpackDDElParam
UnregisterDeviceNotification
UpdateWindow
WaitForInputIdle
WinHelpW
wsprintfW
LoadIconA
USER32.dll
FlattenPath
GDI32.dll
RegQueryValueExA
RegOpenKeyW
ADVAPI32.dll
CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateDataAdviseHolder
CreateStreamOnHGlobal
DoDragDrop
IsEqualGUID
OleGetClipboard
OleInitialize
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromCLSID
ole32.dll
ImmDisableIME
IMM32.dll
VirtualAlloc
kernel32
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50608.0" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
  <asmv3:trustInfo xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
    <asmv3:security>
      <asmv3:requestedPrivileges>
        <asmv3:requestedExecutionLevel level="requireAdministrator" uiAccess="false"></asmv3:requestedExecutionLevel>
      </asmv3:requestedPrivileges>
    </asmv3:security>
  </asmv3:trustInfo>
</assembly>
GZEVWVSBDRVXJRLHVT0
190907125427Z
391231235959Z0
GZEVWVSBDRVXJRLHVT0
GZEVWVSBDRVXJRLHVT
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
110427000000Z
200530104838Z0z1
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA0
190502000000Z
200530104838Z0
Greater Manchester1
Salford1
Sectigo Limited1+0)
"Sectigo SHA-1 Time Stamping Signer0
https://sectigo.com/CPS0B
1http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
1http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
http://ocsp.sectigo.com0
GZEVWVSBDRVXJRLHVT
Greater Manchester1
Salford1
COMODO CA Limited1 0
COMODO Time Stamping CA
0WrI0	
190910005711Z0#