Sample details: f683cf9c2a2fdc27abff4897746342c4 --

Hashes
MD5: f683cf9c2a2fdc27abff4897746342c4
SHA1: a855bf8668a3357721aaa5a5cb3ae67439fc5e85
SHA256: 2a5a0bc350e774bd784fc25090518626b65a3ce10c7401f44a1616ea2ae32f4c
SSDEEP: 768:bscDMmfHSbTJ9pfLMa+LbzHwa7Vtfa4LrHJvPJ2xTW7sgYdZ/w5Or:FDMmfSnl+//faQrpvP8xhgh5Or
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/VM_Generic_Detection | YRP/anti_dbg | YRP/network_dropper | YRP/win_registry | YRP/win_files_operation | YRP/VC8_Random | YRP/Str_Win32_Winsock2_Library | FlorianRoth/Pirpi_1609_A |
Strings
		!This program cannot be run in DOS mode.
LORich
`.rdata
@.data
@.reloc
D$HVWj@
L$P_^3
D$hj\P
L$$QRRRj
D$4PQQQj
HHtXHHt
>If90t
teh0P@
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
0A@@Ju
^SSSSS
j"^SSSSS
v	N+D$
URPQQh
0SSSSS
0SSSSS
0SSSSS
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
12811[%d].gif
ctfnon.exe
\kernel32.dll
HARDWARE\DESCRIPTION\System\BIOS
flv%d.exe
\system32\
ctf.exe
"%s" %s
v%d-%4.4d%d
%d-%4.4d%d
%4.4d%d
"%s" "%s"
expand.exe
expand.exe1.gif
CreateFileA
GetFileSize
GetSystemDirectoryA
SetCurrentDirectoryA
CopyFileA
GetModuleFileNameA
CloseHandle
GetTempPathA
DeleteFileA
SetFilePointer
SetEndOfFile
WaitForSingleObject
GetTickCount
SetFileTime
GetWindowsDirectoryA
WriteFile
TerminateThread
CreateProcessA
ReadFile
FlushFileBuffers
GetFileTime
CreateThread
KERNEL32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
WS2_32.dll
StrStrIA
SHLWAPI.dll
URLDownloadToCacheFileA
urlmon.dll
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0+040W0
1'2j2p2y2
3I4T4r4
7T7,8C8d8z8
='=7=h=
>7>\>r>!?9?@?G?N?t?
7!7r7w7
7Z8`8f8l8r8x8
9 9%9+919G9N9X:_:
<7=J=e=
1*3Y3~3a5]7a7e7i7m7q7u7y7
9&999|9
:.:B:H:Q:d:
;=;K;P;
>&>,>2>7>@>]>c>n>s>{>
,383k3
6\7d7|7
8@8[8a8j8q8
9-979>9I9R9h9s9
:=:B:M:R:p:!;.;K;
;"<'<O<t<
<!=.=W=]=h=t=
>&>>>J>P>\>k>q>z>
?(?=?c?
232>2C2N2S2^2c2p2~2
2/353X3
858@8W8c8p8w8
9B9[9i9}9
9-:5:u:
<2<?<K<S<[<g<
2k344e4{4
7.7;7G7W7^7m7y7
8B8Q8Z8~8
;Y;f;p;~;
?0?9???H?M?\?
2(313=3t3}3
7*8_8x8
9 9$9n9t9x9|9
: :A:k:
<X=]=o=
2"21272F2L2Z2c2r2w2
8$8(8,8084888<8@8
;&;-;3;I;d;	<w<
<"=/=4=B=
>@>K>n>
>&?8?E?Q?[?c?n?
31383B3J3W3^3
7%777I7[7
9S9Y9e9
;4;h;n;z;
112K2T2v2
2"3-3P3
6'7D7p7
;	<=<l<
6(646L6P6p6
7,707P7l7p7
888T8X8x8
3$3,343<3D3L3T3\3d3l3p3t3x3|3
< <D<P<T<X<\<`<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=