Sample details: af9ca336473ba3bd0866a84568de8d66 --

Hashes
MD5: af9ca336473ba3bd0866a84568de8d66
SHA1: daefdcf6f7f68e82e858306a559a7ab392e1328f
SHA256: f7a07211fb96425d9cc74eed1e673918177ed155cd9118fcad132d5c994e0c54
SSDEEP: 6144:iqnS2M8UsURXbrfxNV/FZR9jst4zytGLHartth1bf0HT6d:Vn9MOgXnxNlLIt8LHar1VMWd
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/keylogger | YRP/win_mutex | YRP/win_files_operation | YRP/suspicious_packer_section |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.;1s(N
HHt4HHt
Ht`Ht,
teHtFHt&Hu
ty<%tA
t^9(uZ
tD9(u@
^WWWWW
^WWWWW
YYuTVWh
tNIt?It0It 
_VVVVV
^WWWWW
0A@@Ju
0SSSSS
YYu-9D$
>:u8FV
.VVVVVSRSSj
VVVVVj
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
0SSSSS
PPPPPPPP
0SSSSS
YYu	9F
u|Vj@h
PPPPPPPP
HHt@HHt
2If90t
^WWWWW
t$<"u	3
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
j(j ^V
URPQQhH
zukSSS
	X 9} 
0SSSSS
v	N+D$
_VVVVV
^SSSSS
^SSSSS
t+WWVPV
^SSSSS
j"^SSSSS
v	N+D$
;t$,v-
UQPXY]Y[
u,VVWV
<+t(<-t$:
+t HHt
u&f!;f;
YYt\VV
YYt SVW
Locale is: %s
Date is: %s
Currency symbol is: %s
ffffff
@333333
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
GAIsProcessorFeaturePresent
KERNEL32
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
(null)
`h````
xpxxxx
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
_nextafter
_hypot
`h`hhh
xppwpp
1#QNAN
1#SNAN
CONOUT$
XrcckS
LWnM>d{,
',`+H2Rz:
F&V,s^
2Fq_Za
adzO{z
C:Zj5(
E%Z@[g
Q-'CH.:,j
znWnFc
FNmhiR
NLivvFT
wLhHFR
nFjzUwn
wKqnSM
sEnTWzR
fTCqZLw
zQPpPP
MlLpLn
nYsPNL
ZPTTvTmH
LUtScw
mNnFZjw
qmfpPl
pfMRqSqm
jNqKlT
whLcFctvSH
pNPcwC
ZlZEMc
EwPvlmMl
MilUTREl
CfsTmtqpN
NESUjC
zZKjtH
cftFUs
sllZNnt
zSNmnhUKR
LRwZfR
RFSMZSv
YvvlwQ
TiwLNU
SYTTnm
ptEStQFNK
lCZwFw
tqSTtM
sTKzWCQ
UQCicNN
vPwjsNts
FnMRHn
HwCHtUP
ztRmpU
fZHfYQ
HPpWTmh
vSSPYHq
iiwSfH
ipiFtRFm
ncPCYw
mwTPUh
LFFKNwf
ctKmjYE
PLRHqlqPl
wTSjHNS
FLCfsC
KMzjjLM
cnFEcC
CUUmMFv
PLCcmEs
MsppwF
ZtFFfc
QqStUh
UctPZM
ZwZYtj
jNjNYF
PqHWmmM
sFNpKs
jUMcNmCqn
RvzPZU
phENFzt
pRqqsQHR
PWKTHsnzz
RpWUsR
LClsvw
pWzSZS
QCZqzq
tiNQSls
MmYTTlPM
qRmKHt
UqRKlm
hhNZwE
pHPHPh
fsECsT
MpfjZqWW
zjjqsZ
YKjCit
YhpMcZ
tjETSZ
SNMizKt
cYfctftfm
SKTZnt
nCTmiiLY
FPEiQP
CsFwZmRL
ZpjwZj
jTlMlnLQ
QRtnlY
wMUfNEHU
iUsLzR
MKFRnZ
LmWRTH
LFSUSUCT
QzcNKP
TsztjK
QmZiWjc
SZFPPhjqlR
jjmCmv
qtmfKFF
YMWmFW
FqssFQ
UftcTiCcf
cZnNUi
piFhjTNm
QHMltc
tTjNRY
RRCNEU
pjnhnSS
KqjLnW
WfpwEfC
RzPvnp
mMSzFz
ZstKlF
LYwERL
iLmfjSjR
MZzTsn
YZwMctU
MEmLPR
MvWYhT
HHitjh
htKScP
QjTmFU
fllifnY
SHYzwnN
lZCYcL
PWLcFl
RsUpwT
lRERUc
lRtEcKn
RnntKvv
ZCRscL
PClzSZS
vHqNqw
TtYlvSPf
QcQFTSW
RmPnfCm
vSvEWR
sCEhKZ
YijMFH
HFSPjF
mUcQhCP
QQUsiClm
WviFqCZ
NMKMTfjY
SZvmQYH
qmfKTEFY
ciFNZC
QKhRvW
nZqvjY
viEZft
jKYHRs
tZlzhth
plSNfLw
ctFtHn
zsSWlc
ZWHvPTN
QcWMzWNWC
mpZtCfLsz
Ufiflh
HCtYRQMNR
TvHiRC
ZqwKCc
tvYqlq
UEWnHWEc
UMtZwRjN
MfTffCYv
llmwfN
qTvMpW
KlWHQwENHC
KEWYTipT
jszEhF
wNtfjf
fQSszfEM
RWijlN
EwZsRS
mWQWFh
sqnTsM
hfPlnSS
HTvQYW
zUtYlLL
nnnLSlHp
LtNwvU
WFhRlh
jpKPztw
QNfRtt
lnETpTf
UsSwiKv
tYtHCTvw
sYzmvN
vLhcZQM
mpsjNK
RMESvHp
cjzHUCF
YUEvUqpjv
spzslK
ZRwWZFKlt
YvliQctKl
sYYljnP
vClKFZS
wQfmHj
tRmKZRmN
KSFmMq
lZivsp
UwiSlT
SSUPFN
ZHEhjKUz
ZQlQqN
NZYint
TZfmqjq
zPhzmh
zZiWsv
qcCKCY
NicFcWHch
LHsllR
YjKmTF
HiRZsENq
YhLFni
TtZKnc
hfLRNtiZf
KQUlhtnj
wSPHiK
vTRUHz
UpMtUh
MWZTNpHlEKm
WiiRFwh
LzMmRZEjtZip
CiFjTK
mwpfnW
hcFjpti
qcZTYtM
lSRpRU
NLvSUP
swQTCf
WqtWcTT
iRUYHTS
nTKPcT
mZQhpQP
FTSlHM
YPQpNtfQvzqN
KiFKfm
FMmfHZlH
iLqqwzflT
jmssnC
sHcSlm
Tmchmz
tfThlW
vSSfimtS
KwnQjHSlFQ
WZMPNhp
chmcKLfKs
qsziSURv
QjzFcjv
imCMFjv
EpjwttjLH
lSPPfsvs
YHWZfT
vfWYCm
LFlqsQl
clKhTmm
jTnTjE
ifthhnR
mhpSRsl
RZZYpY
YfCSSH
LHqnqY
vEzLUqj
tSTvfs
zfcvhP
EEqSli
sUfEhZ
FPPmLMQRFiY
NNzWjwL
PLNSYQC
cNititT
hEmMtKj
thZLShch
QPSQSUY
lKSKCw
TtjwQH
WLtwpR
lvHHQnK
wTPmml
slsZmnzp
NRwNwP
CWFEhl
TthUSlcF
pnpKlp
pTCpflZq
Tihvzi
sjwLQF
RLEmQs
QYFlZi
NlNRlSz
ZhNzvjm
HmpMvLt
fZRjmf
KMvHsPYZz
USRppj
hQZpKc
mHZWKtE
NPCWPP
WPllFl
pWwptS
LTShpZ
QnTQLW
LqtKHELY
ScpPWUK
KlKEhKR
QTSlps
tcfvMFjE
QQiLsMYf
lZZLPZ
mfCsmtZ
QLmqnK
CsKRQsT
TiESQw
WNTQvv
ZZqNRSn
WKnnTHf
vcpcRQf
TCKNqZH
jKLspm
vqmhRR
fETCRWPh
vpfTlsE
WtqFWS
tUNPhNE
RCNhSf
TScqRY
vwNYnfsQ
ZRYEfY
hTipCjw
ScKTfm
ijsfNF
TpmSnc
niRwmZ
RNZwpM
pMwhZv
jSTwls
SvzHURcPW
hvFKEqc
jKRhsFcY
LqvqQn
llQlCQQ
ilpjtK
vizfzt
WpRLZHT
njlWvhWp
PscnnmS
cQYElS
LijTtf
qvUhvU
YTEPZCH
EYhLNFF
fCUFZL
zlfYcf
SZsMll
hvFMfSTU
ZMiQzLNwc
jCmtvRc
tYcEzwYFEwqzt
wiHKvRcS
cRmSRl
jwShZR
tfzztf
cUqEtE
ShfZWmT
QKwWFn
RlHYUv
CFRLcUYQ
FiWlUFHW
RpQlZCn
HlqzWT
vzTHpN
FiQnsqMs
NPwWiE
ijcFpti
PwCwUnCY
SzNsERN
McWtZF
HnYSwtc
RvmUSs
lMnfjE
CjtKjh
wmjlUP
nvfvcNPYl
YlnNFK
YvCCHH
FFUpmUE
TicUTEq
RwnwfT
vQYHqL
YpiPUC
ctLQTjE
hZwmKh
wsNzCvT
CzqiiF
RStHpw
WMhfSn
LCqQRh
WCzCWj
RlsFvU
EvTFlMSSz
RMvNpF
wvnlwN
KSzzpiFhn
KcnlTFw
FvlwcEpl
jlqNHnS
zKPscW
TKRhYzj
jscpER
vHFWLR
lqYMpQ
TPziwc
ZwwffQMC
zFRZljEl
QtwtQE
fSKmvpZ
ZshHfw
vRYWTF
jUTzhF
clPKYh
LlKTWf
tQRNQms
CZfMcQt
fqNFmE
FNtUfmm
fKnwEnsK
SqYzjNs
mwNYKtpcL
wwPUpM
zhLLWKc
lcLPES
EcwMHp
fENjli
RfztsM
ZmQHPTR
zECUvp
wLWtHU
twYURFS
WKsNzc
nTFNwp
Ejtjjc
KsRcic
qQjmKl
hcvwKP
ZUtwvEt
vUUtURH
nUvCCitLl
LpwTPl
FcSqZS
YYciHS
WtPPWMsw
hLZZtmE
ctMYqN
tCwYNHFc
SvYmvt
MWZqHp
PTlYMTQz
YmPMhw
ijiLfi
zSSQRH
tzttqc
WSSwjli
slNiFHS
UtmSvNpPQ
itWEWivYc
ShcKspE
vzzwlf
UiPcMj
lplHmfH
NQKpqQ
YNlHPY
PtmQzm
YEFHnRF
mPmwcjl
iTRKwf
TvWFqfq
vtlQwT
fFEZRtF
ThfhsWQK
ZRtKWz
ZZtHFf
tffqFLL
QnptMT
plqjht
wYinhnFL
wYZNZWFl
npTUMUE
PClTUC
MzLnww
ShSfEcK
WFjpiF
tsYLiSUq
qwwcSq
sMNshHiN
pUKhTf
WSvFKh
vYSYWcF
vjKhUtH
YNzTccpj
sUtlFM
pNYPSZ
ZCEtSWM
mjhKKj
vwELTfi
hMZnEYzF
PjqQqqv
EfUmwZ
MjhmmCpN
cnFcvL
KnnpnHwPT
UpcYqL
FRHlEY
ULzhNT
NjcwhS
mNffKvP
nFRznE
ccTphH
wmqvtH
iQNEfm
pNpwZsNm
TPHjUl
YQhLMQ
swsmESM
WjvWNzi
jfhZvw
SzKlTU
lTYlwFtTN
ZslYSjzM
mncZFN
sHCKRpUtm
NQKCSF
nWKZTwv
NWSRtQ
pFWMHz
QSqwNUC
EWcPSl
TzULpt
KFFsURf
LENplPpS
MvTqSH
MmSTTp
vmvUfT
mwpzFKf
TzFcLNNE
fKSQNsEQ
FimmPRQtwj
zMSvhM
fQTFLi
HNiYpHPSipc
hsHKwp
FEKhmf
UHKzncq
EwqpRj
HiKWTp
TULKjt
UiQLsMl
tMftQj
MsWjmtLz
cswjKwCvvmZQ
TYpEcR
SEstiUnl
FntRhRS
YQtCEYCY
NWYcWic
FPRRqwS
fqcKfj
jnTmhQtc
nCnRzNHN
MlFhtq
ptlwit
slZzPN
sStEZE
ivsnCjKp
TwpjSY
NiwYjt
csNTqM
sPizSj
hzZZYvf
shQpvv
WvmHTzpm
qZTHNQ
EvwvlHRz
cEpYpF
iLfNpp
cfTTjS
RYNiNK
pLsnKhT
TviPSN
FZHmTps
iEnvUjQm
TSZlmhc
KZKMKU
lwQMsU
NSmhLP
QzwwnSH
EWmRUi
NMNFqQ
PNcwjHCL
pNtRfUqF
fEzSYC
RKFiCTW
tFCqwZ
qEqWfv
jnWhqwz
KYYjpC
LYKNpQt
GetInputState
WindowFromDC
ScrollWindowEx
ReplyMessage
IsGUIThread
GetKeyboardType
DdeImpersonateClient
UpdateLayeredWindow
ReleaseDC
USER32.dll
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
OleInitialize
ole32.dll
GetProcessHeap
InitAtomTable
DecodeSystemPointer
SetStdHandle
GetModuleFileNameW
lstrlenA
QueryPerformanceCounter
HeapReAlloc
FindClose
FormatMessageW
GetTimeZoneInformation
GetModuleHandleW
GetVersionExA
GetFileSize
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleA
lstrcmpiA
LocalFree
LocalAlloc
FormatMessageA
GetEnvironmentStrings
CloseHandle
ReadFile
WriteFile
CreateProcessA
SetHandleInformation
CreatePipe
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
DeviceIoControl
CreateFileA
FindFirstFileA
CopyFileA
SetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
MoveFileA
LoadLibraryA
SetLastError
SetFilePointerEx
CreateDirectoryA
GetDriveTypeA
GetShortPathNameA
GetVolumeInformationA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
SetEnvironmentVariableA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitThread
ResumeThread
CreateThread
ExitProcess
GetSystemTimeAsFileTime
TerminateProcess
IsDebuggerPresent
GetFileAttributesW
GetFileType
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
VirtualFree
HeapCreate
GetStdHandle
HeapSize
GetFullPathNameA
PeekNamedPipe
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetVolumePathNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryExA
GetTickCount
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetLocaleInfoW
FindFirstFileW
CreateFileW
FindNextFileW
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentThread
WaitForSingleObject
GetFileInformationByHandle
GetSystemInfo
UnhandledExceptionFilter
GetCurrentThreadId
SetFilePointer
GetFileAttributesA
LockResource
GetCurrentDirectoryA
GetCurrentProcess
GetFileSizeEx
FlushFileBuffers
GetFileTime
SetFileTime
CreateMutexA
ReleaseMutex
VirtualQuery
GetCurrentProcessId
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement
HeapDestroy
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
      
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    </application>
  </compatibility>
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel level="asInvoker"></ms_asmv2:requestedExecutionLevel>
      </ms_asmv2:requestedPrivileges>
    </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING