Sample details: af0b810ee30058e5cea264fed2a15f05 --

Hashes
MD5: af0b810ee30058e5cea264fed2a15f05
SHA1: 7aae8004f0042d3c4d250ace81053dbc3e31fecf
SHA256: 087b9f549d23316dc43dd3f6b2280fdfde113bc457b785066f8657115a7ef555
SSDEEP: 6144:03vUYIu85OAx9jN5CrAue2x9Bi3QByMNebsdz:yvUYIuonL+xxHi3QQbsdz
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/win_files_operation |
Source
http://185.77.128.139/wall2.exe
Strings
		!This program cannot be run in DOS mode.
Rich	!
`.data
.reloc
4'3ePg
~U2"eP
nlePgo:
Pg6R,"ePgw
ePg^'	
'=jePg
ePg0*R
ePgj?n{
Pgqb5@
wo1yeP
Pgx{4D
ad yeP
PePgGE
0=ePgH
gH_^eP
nePg~`
PgS2'2ePg
<EePgX
GLePgv
ePggu(
gk)!UeP
ePgS%D 
#/VePgs
ePg!'A
-+ePg4
BF7ePg
MZePgp
{ePgatPh
(ePgm;
S<EePg`x
PgyJ4(
Pg"<%4
ePg{3h
,mYxeP
PnyePg
;#L\ePgw
eePgGI
,ePgnc%
ePgi/G
gs,a@e
Y"hePg
LvFePg
7ePg>b?
Pg';_^ePg
t@@CePg
Pgech2
 ePgMxt3ePgu
g*<)Ee
,}uePg
wESePg
g4DVPe
VePg)j
ePga%f
C-yePg
F)9ePg
Pgv:}i
	TKePg/T<
+ePg2T
+ePg3<
'P|ePgz
KAePg4D
ePgrYl
Pgyzd[
gi!m7ePg
W'hePga
t!k3ePgM
gPK:UeP
g0RVXeP
ePg%7:
gKI}:ePgo
S`ePg/
PgOrD6e
Pg" Lx
Pg#W:$ePg
E0-ePg
PgfXk	
T(8ePg
bbxDeP
4L`ueP
@ ?ePgv
BinePg
J'|:ePg-
GePgoW
C8ePgz
gLY6(e
SHD2ePgK"mM
E[]ePge
GH(ePgk
PgIJ+xe
PglQXR
ud>'eP
teePg0
PgTAL4
gJ]&?e
\kePguD
]IrMeP
 eePgg
Dd+ePg
 ePgM^
PgmM!d
M	ePg'J9@e
(8*ePg
tOePgL
gEE)neP
$ePg h*\eP
ePg@&r!
ePguPDCe
(ePg7rrI
Pg{C@"e
>IePg:_
PgbBOK
_PePg+#%ueP
k|uieP
dLV'eP
g3^T&e
_NvwePg
Pg3!3ieP
C,ePg3
ePgE*D
bv$HePg
ePg.z,
+ePgGK
ePgEhw6
ePg;+O"eP
PgSfcB
TePgdI+
Py"ePgoX
GePg[D
ePgwlk
PgsG;5e
PgXAQpePg
Pga,ApePg
$~ePgX
ePg,q/!
)%u	ePg
*ePgAxK
#%ePgY
ePg3A<KeP
ePg]'U
TAMJePgQ
!{ePgS
HIePg[
jePg A
MePgGS
G:GePg
(ePgW]
ePgoxb
ePgs:E
ePgTKbR
GaVePgm:Sue
Pg<#]Z
ePg#[	#
ePg#y	
g[^vbePgr
Pg^~ @e
gj&ble
Pgzp"n
.>zePg
v/#ePg
<J!ePga5
DePg}>
gQI(TePgzu
ePgK&J
ULePgg
ePg7	^
ePgdjQS
K&'ePg_
ePg_	/
CMH'eP
:ePg!h
5`;ePg
ePgczA;
gxGP|e
JePgR$
n?'ePgg
.-;ePg:
VU<ePg
Pgq	v:ePg
)*53ePg*J
ePgMaU
e!ePg*z
zWePg\
PgHn4Ye
FePg;E
PgK@@:e
fbePgf
2ePg//1
'ePgO.^Le
ePgC	>
7#ePgS
;<ePg7
Pgl!)1
Pg"_ZKePg??
-zJ0ePg1.B
MBePgl4
CePgy%
g+6?de
:8qePg
ePgt		MePg
j}6%eP
Lv*oeP
s.+hePg+
EePg7_
gWjBee
ePgG2 
gq{jdePg
YgGePg
bjePggo
gsg83ePgctY
A*P$eP
?~]ePgTZ
Pg$M(;
,,;@ePg
Aw6WePgr
,rePgf
?"ePgQ
ePgdu]
PgQUN:ePg
ePgkP9
`<dePg
dW$[ePgOd)I
tePg_(
ePg]F`
#e+NePgg
<]HePgS
!ePgD 
{BG;eP
'ePg[_OP
gjd~\e
^ePggA
JaABePg
gZNT>e
P{ePgm
eePg%e},
PgbDoVe
PgUI_o
gj"x	ePg
ePg1~h(
"ePgr'F
Pg`#7Ne
:]]ePg
PgTNV eP
`ePgL$KP
Y"JKePgq^
_ePg^l
ePg2F#
g0I1(eP
Pg|F5_
 -ePgK
ePg[Hv
0=ePg?P
o"ePg_
s	ePg\
PgoQ7>
ePgDM~$
WiIeeP
PgrE`E
dv		ePgH
gm5)'e
ePgtq"	
XePg:&''e
`ePggf
1^ePgW[yW
ePg!8&
2ePgIC
? ePgm
`ePg4t
;Tu\eP
ePg4C"@e
Pghj.;
g]Xi]e
g.#ZzePg5
hRePgc/w
ePg{8Z
RePg4S,P
PgoH\-
OPePgb
ytePgZ
-4-ePguV
^BSHeP
|`@ePg
ePg`~3Z
ePg:QT
gf.f%eP
>ePgK<
CMePgL
gkgP.ePg
5x<)eP
Pg(M2K
wx?PeP
ePgcNl!
gi+&\ePg
l04ePg#4k5
!!ePg%
[$ePgJqD
g!P~	ePg
ePgg17
,ePg%Q%4e
"ZePgGJ
P\>@ePgd
ePgRBqHe
t>x#eP
NtrePgu=
~'ePgW8
ePgz_d
eIePg`zY
m ePg!>RTePg
V~yePg
BePgcAs
c);XePg
PgPf@&eP
ePgl/$
ePgck`Le
ePgb>`mePg'
ePg"Ow
Pgc-Xie
NePgTU
VePgb8e
0v-ePg
g:Md[ePgc7?
ePgOT|C
K\qePg}
mtePgiQ
vePgO d
g,1BMe
uePgof
1ePgsP
nMUePg
Pg{^B-
z3ePgZ
Pg]zJ6eP
)ePgXR7
gm46,eP
,ePg!Y$O
wA)ePg
24hwePge
J\'ePg
hD~EePg
PgpVkT
>jrePgl3HS
d9ePg{
rePgb<
]EX3eP
zG'ePg
9l#ePg
z`ePg'
G#ePgj+M
ePg*d0
mePg["
{JFMeP
[{zePgh
x:ePgc
gePgCr
pePgv;
ge~#ee
AQ$ePg
$HdePg
3L9ePg>
%7ePgE
5$ePgwy
PgvHIGe
T9PePgi
ePgmIVV
cL2ePgy
f7ePg`
\ePgc*G
Pgi{[R
TNoePg
mePgf[
Pgb"F1
eeePgK
a\ePgn[G
B}pePg
cEy ePg
]NaePg
%OIePg
	ePgcWh
PgfZ{re
ePgkwi<
PgmZvH
]VBePg
ePg`gd
PgN`jh
gDKA$eP
ru0ePg
ePg*8K
ePgtr+
0ePgD$
PgaW5b
1$ePgN-8
SFFiePgd
?ePg2X
ePg'UE
Pg;kY"
Pgm{EuePg
HlQePg7
{x&MeP
v$ePgf_.#e
V!5ePg
ePg4TI
:XePg9Z
ePgo>$geP
gO3fze
ePgnY~
ePgQVK?ePg	^@
3	ePgF
w^rUeP
5ePg,Q
'ePg$^
Pgc49Y
yePg#(
,6ePgO
 ~ePg0
9ePg(VFm
Gt$ePg
Pg	+h1
K|$ePg
)R5YePg
`EePgEk<
Pg#`Z9e
7ePgb>
ePg3[?
gRDyBePg
/v'ePg
Pg#?8le
PgtPMR
=GePgkbT
ePgqP{
(ePgzE}
/(0ePg
ePg"b-
*3BePg{
gsW.pe
gs/`jePg
F)+ePg
G+tePgd
xePgkpCP
e ePgf~g>e
D3RePgi
ZK1ePg
oePg!z
r~-ePg9
PgsA%|
gV:~qeP
gGI|FePga]
ePg]{)
;ePg;R
#^ePgS
UePgvK4|
ePg3Yu#eP
~ePggN
ePgSG}1ePg
(ePgmdqZ
`ePg#M
:ePgHA
:ePg~A
ePg$ZmO
ePgsLI(e
Pg<,SV
V{>ePg
T9NePg
Pgi~>8
:\4ePgi
gyWr3e
ePgnJf
S#:ePg
CePgx 
ePg?P'?e
xePgNi
Y;37ePg
ePg|z82
ePgmN:Ke
40~ePg
?ePg[G
xePg/S
gv:8he
fePgO3
uNePg+b
ePg3Xz
ePg]@4
_VVVVV
^WWWWW
YYuTVWh
t$<"u	3
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
j(j ^V
0A@@Ju
t^9(uZ
tD9(u@
Y9>t7j
0SSSSS
0SSSSS
v	N+D$
_VVVVV
_VVVVV
_VVVVV
zukSSS
0SSSSS
0SSSSS
YYu-9D$
URPQQh
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
.;1s(N
HHt4HHt
Ht`Ht,
teHtFHt&Hu
ty<%tA
PPPPPPPP
YYu	9F
u|Vj@hp
PPPPPPPP
<+t(<-t$:
+t HHt
u&f!;f;
D$ #D$$
u,VVWV
;t$,v-
UQPXY]Y[
t+WWVPV
^SSSSS
^SSSSS
>:u8FV
.VVVVVSRSSj
VVVVVj
^SSSSS
^SSSSS
0SSSSS
^SSSSS
^WWWWW
0SSSSS
8VVVVV
v	N+D$
tb9} u
YYt\VV
YYt SVW
U_&QV}
|SV}%+
             
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
             
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
KERNEL32
winscard.dll
SCardDisconnect
GAIsProcessorFeaturePresent
KERNEL32
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
SystemFunction036
ADVAPI32.DLL
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
SendMessageW
MessageBeep
SetWindowLongW
CreateWindowExA
SetWindowPos
CreateWindowExW
GetCursorPos
UnregisterClassA
InflateRect
SetWindowTextW
USER32.dll
GetEnvironmentStringsW
GetCurrentThread
GetVersionExA
VirtualAlloc
IsDebuggerPresent
GetEnvironmentStrings
GetCommandLineA
GetTickCount
GetProcAddress
LoadLibraryA
LocalFree
FindClose
ResetEvent
lstrlenW
LeaveCriticalSection
GetCurrentProcess
GetVersionExW
KERNEL32.dll
SHDeleteValueW
SHLWAPI.dll
SetupDecompressOrCopyFileA
SETUPAPI.dll
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
SetUnhandledExceptionFilter
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSection
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
>*?7?>?Q?
2:3X3^3d3r3
7(717:7
1t2+3m3
6#6;6b6v6&7t7
0h162O2U2k2q2
4=5C5P5X5+6
1t2h3u3v4
>r?x?~?
0/1Y1a1w1)2i2v2
2'3C3t3
394?4E4K4
9":g:o:
:";(;.;4;:;@;F;L;R;X;^;d;j;p;v;|;
< <&<*<4<:<O<b<l<v<
=(=D=T=}=
:";(;1;8;Z;o;u;~;
>7>?>G>S>`>
1/1O1t1
2C2I2b2h203=3F3
3)444<4N4Y4g4
6"6*60656=6
7	8*808[8
:5:S:u:
;5;;;F;R;g;m;v;};
<)</<<<F<L<Y<h<o<|<
=-=3=O=g=
>$>\>d>
? ?&?<?A?I?O?V?\?c?i?q?x?}?
0&040:0J0g0m0
1)1@1F1L1\1f1o1x1
1o2S3[3t3
3 4-494A4I4U4y4
7&707>7G7Q7
9H:T:g:y:
;C;l;};
=4>K>\>
?%?.?7?C?O?[?g?r?z?
2'3A3V3
<0<`<j<v<
8(8/878<8@8D8m8
9$9(9,909
:M:T:X:\:`:d:h:l:p:
p0g1n1x1
202C2g2
6C7N7e7
7(8@8H8`8h8
8	9P9U9
9&:/:5:
;5;<;M;
=#=-=8=E=U=
>2>M>Z>
>$?5?<?K?P?]?
0R1Y1_1
4P4V4g4
5T5]5i5
6O6h6o6w6|6
7^7d7h7l7p7
9W9b9q9
:":(:0:6:B:G:
=!='=,=5=R=X=c=h=p=v=
2#2:2@2E2T2]2j2u2
6H6N6r6~6
7V7)949<9e9q9}:
;&;.;9;i;
7R7d7v7
91:3<}<
0/090C0n0v0
[2c2r2
0#0'0+0/03070;0?0C0G0K0O0S0W0[0_0c0/5
g6k6o6s6w6{6
}3s4{4.5
6Q7W7g7
1-1H1)4
>3>B>n>
6"6(6.656<6C6J6Q6X6_6g6o6w6
:1:9:F:M:
=>=^=u={=
=%>3>w>
>.?4?@?
2)3C3L3r3
7	8!8H8Y8^8d8u8z8
< <-<5<;<A<
=&=/===K=
8.8X8q8~8
2#363|4
9!9-989
>%?/?@?J?
3"3(3.343:3@3F3L3R3X3^3d3j3p3v3|3
<$<,<4<<<D<L<T<\<d<l<t<|<
3<3H3L3P3T3X3`3d3
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
p2x2|2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
6T6X6`6d6
7(7H7h7
8 8<8@8\8`8
9 9@9`9
: :<:@:`: