Sample details: 0390ef1233a7a303c998a3dc2b5086cc --

Hashes
MD5: 0390ef1233a7a303c998a3dc2b5086cc
SHA1: b77d43428efc3a78e7bc898c8a31be0338b8f94a
SHA256: b76f6a0083f0bafa6622d488ff1d2d005e8cf3bc43efdc22657582e011bfd3eb
SSDEEP: 3072:OUZu88pdqUzlRi0L9N7Ge50EaM/uSvIlviHv:OUZubz3jaD8v
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_V3X | YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
319850
44905142e8d706019c42addb11b21b69
AppData
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
:Zone.Identifier
urlmon
URLDownloadToFileA
netsh advfirewall firewall add rule name="
" program="
" dir=Out action=allow
45574597
http://vitaetortorvitaesuscipit.us/aklejthAa/q/index.php?id=45574597&c=2&mk=319850
C:\Users\michael\AppData\Local\Temp\per
c:\users\michael\appdata\roaming\45574597\svchost.exe
C:\Users\michael\AppData\Roaming\45574597\
c:\users\michael\appdata\roaming\45574597\svchost.exe
C:\Users\michael\AppData\Local\Temp\_
45574597\
45574597
C:\Users\michael\AppData\Roaming
C:\Users\michael\AppData\Local\Temp\
7c9bdd53-4557-4597-91c9-77e845cbb850
7953455745979197784585
SOFTWARE\Microsoft\Cryptography
MachineGuid
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [8]
regini C:\Users\michael\AppData\Local\Temp\per
GetSidSubAuthority
GetTokenInformation
GetUserNameA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetFileAttributesA
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetTempPathA
LoadLibraryA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
WaitForSingleObject
WinExec
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
malloc
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteA
ShellExecuteExA
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="q" type="win32"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
tR99u2
v	N+D$
t"SS9]
PPPPPPPP
0SSSSS
PPPPPPPP
URPQQh
;t$,v-
UQPXY]Y[
t+WWVPV
2zy^VS
:2}7xs
v."<<'
xQY3x+z
&9M'd(Y^0:W
0&r-4v
b"IV=i
dA|"q<H
<"q|Hf
$'h=+m
p"IV}i
$br'G7,
(nH,PF
kMATuG]
f2B`m>y
\L<}iR
r"I~--Q
`"b.,e
]L]i4#^
:e]ax8
P_0Qxm)
}? nr?Ss
}w%nrkVs
}7#nr'Ps
BrGZx8
@"vBM?
 n4k~w
pAp-RX
DHT" Q
CJ~(#;
E^tCl`
6sQp4!-i.|
J.&iAV
C{F{pP
Qj|boC:
Rtg8|y
2spmh0
Ur;6Vr$
XrAoYrL
string too long
invalid string position
Unknown exception
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
bad allocation
P6U5ol
AppID\{10000002-0000-0000-0000-000000000001}
AccessPermission
kernel32
Menulapkievent
STATIC
Drivers\
Report
PDFDriver
Windows NT x86
list<T> too long
C:\Uniformity\Barak\Released\Bruce.pdb
GetComputerNameA
CreateFileA
lstrlenA
HeapAlloc
GetCurrentProcess
GlobalLock
WaitForSingleObject
SetEvent
FormatMessageA
CreateEventA
MulDiv
lstrcatA
MultiByteToWideChar
GetLastError
SetLastError
GetProcAddress
CopyFileA
LoadLibraryA
LocalAlloc
GetModuleFileNameA
CloseHandle
LocalFree
lstrcpyA
KERNEL32.dll
LoadCursorA
CallWindowProcA
MapWindowPoints
LoadImageA
GetSystemMetrics
ReleaseCapture
IsWindow
CreatePopupMenu
SetMenu
GetCursorPos
DefWindowProcA
GetDlgItem
ReleaseDC
CreateWindowExA
GetWindowLongA
InvalidateRect
SetRect
GetMenu
GetCapture
BeginPaint
SendMessageA
CreateMenu
IsWindowEnabled
RemovePropA
LoadIconA
TrackMouseEvent
GetParent
LoadBitmapA
GetSubMenu
GetPropA
DrawTextA
SetCapture
FillRect
GetWindowRect
DestroyWindow
EndPaint
USER32.dll
CreateSolidBrush
SwapBuffers
GetStockObject
SetMapMode
SelectClipRgn
GetPaletteEntries
SelectObject
DeleteObject
CreateFontIndirectA
GetDeviceCaps
SetWindowExtEx
FrameRgn
SetWindowOrgEx
GDI32.dll
DeletePrinter
ClosePrinter
OpenPrinterA
GetPrinterDriverDirectoryA
DeletePrinterDriverA
WINSPOOL.DRV
GetOpenFileNameA
COMDLG32.dll
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
LsaClose
CryptGetDefaultProviderA
RegCloseKey
ADVAPI32.dll
DragQueryFileA
DragFinish
SHELL32.dll
RevokeDragDrop
CoCreateInstance
CoLockObjectExternal
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
ole32.dll
OLEAUT32.dll
NetUserAdd
NETAPI32.dll
GetModuleInformation
PSAPI.DLL
GetAppliedGPOListA
GetGPOListA
USERENV.dll
midiOutOpen
timeGetTime
midiOutShortMsg
timeBeginPeriod
WINMM.dll
CryptHashPublicKeyInfo
CRYPT32.dll
GetBestInterface
IPHLPAPI.DLL
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
PdhGetLogSetGUID
PdhGetRawCounterArrayW
PdhLookupPerfIndexByNameW
pdh.dll
WinVerifyTrust
WTHelperProvDataFromStateData
WINTRUST.dll
UuidCreateSequential
RpcServerListen
UuidToStringW
RPCRT4.dll
glFinish
wglGetCurrentDC
OPENGL32.dll
msi.dll
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapFree
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
                        
        
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
MT,#o[
ST.%8p
|PI!eLk
Kx,#2iS
6po'Pr
JW(*wi
#G#@W%
8eij;E
FG26ao
A[o<=%8!
72)6.?
textmode
.?AVlength_error@std@@
.?AVbad_alloc@std@@
C:\Users\michael\appdata\roaming\45574597\svchost.exe
/SeQjR
gQL].~
[.~>e	
@b	gq_
:y@b	g
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    name="Prefixed"
    processorArchitecture="X86"
    publicKeyToken="447e125cdaed00e0"
    type="win32"
    version="5.0.0.0"/>
  <description>Activate decode</description>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
  <!-- Describe metadata for files  -->
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
1 111Q1u1
4^4p4v4
6)686=6C6K6i6o6t6
7)858=8D8r8
9"959;9\9
:M:S:a:
;C;O;W;c;
;1<7<E<c<|<
= =3=:=z=
=?>H>e>
?4?`?f?m?
0%010B0T0Y0_0
2)232A2L2Q2b2l2s2x2
4#4(4.4P4X4
6"6(6-6J6X6h6n6
6 8&878T8b8q8v8
9]9d9n9t9
:%:*:G:U:d:i:
; ;Y;g;v;{;
=!?'?8?@?q?
1#1)10161;1X1f1u1z1
1;2B2L2R2h2r2w2}2
4.444K4W4
5Z5a5k5q5
6 6+606A6K6R6\7b7r7y7~7
9*969}9
;$;v;};
<"<2<8<O<[<a<i<
=2=<=A=G=_=i=o=
>)>/>6>;>X>f>u>z>
? ?%?+?C?M?R?Y?^?d?
1$1<1F1L1i1w1
2%2W2j2
2"353S3a3p3u3
4\4c4m4s4
7;7I7X7]7y7
8!8&8B8N8
96:<:M:V:[:a:
;-<4<><D<Z<d<i<o<
=	=/>5>
?+?0?L?X?]?f?l?v?
0#0(01070A0r0
1&10161S1a1q1w1
2(3.3>3J3P3Z3
4!4'4?4I4N4U4Z4`4
6 686B6H6P6
7V7]7g7m7
8 8F9L9\9c9h9n9
;V;];g;m;
<a<h<r<x<
=.=8=F=Q=V=g=q=x=}=
?$?0?w?~?
0,070@0F0P0~0
121<1A1H1M1S1y2
3+353:3A3G3L3i3w3
6	6:6L6R6Y6_6d6
7 7&7<7F7K7Q7i7s7x7
9"9'9.93999_:e:v:~:
;#;(;/;4;:;`<f<w<
=!=7=A=F=L=d=n=s=z=
>c>j>t>z>
1)1.1?1I1P1U1\1a1g1
3!3'3?3I3N3U3Z3`3
40575A5G5]5g5l5r5
6!737:7W7e7u7{7
8)8/8E8O8T8Z8r8|8
:&:+:1:I:S:Y:v:
;";,;2;H;R;W;];u;
<1<;<@<G<L<R<
=#>)>:>C>H>N>t>
010=0B0I0N0
191j1|1
3c3j3t3z3
5*5:5@5W5c5
6M6_6e6l6q6
7!7(7-737Y8_8
9,969D9O9T9e9o9v9{9
<5<C<R<W<s<
>L>S>]>c>y>
?"?.?4?<?n?
0"0*0[0m0x1~1
3*313?3J3V3k3s3
505C5t5y5
6F6q6v6
7.7?7m7
8?8E8L8
;M;^;x;A<
> >,>\>
?N?Z?{?
060U0m0
:":,:I:Z:d:
3&3K3_3q3x3~3
:":(:.:4:;:B:I:P:W:^:e:m:u:}:
< <$<(<,<0<4<~<
=#=(=,=0=Q={=
> >$>(>,>
)1:1t1
5/5K5T5Z5c5h5w5
9!9-9B9I9]9d9
:$:*:3:?:M:S:_:e:r:|:
=$=?=D=L=R=Y=_=f=l=t={=
>)>7>=>J>j>p>
?U?[?{?
2!2(2,2024282<2@2D2
3,33383<3@3a3
3*4044484<4
616Z6_6v6
6@7F7[7d7
7C8K8^8i8n8~8
;#;*;3;s;x;
=+>:>r>|>
0F1L1b1m1
1*2=2o2
3.4^4p4
5J5O5]5e5
6;7U7x7
8S9s9c:
1C1U1c1x1
3S3\3h3>4P4]4i4s4{4
4}5-6P6
7'818I8P8Z8b8o8v8
9":):3:]:k:q:
2'222D2W2b2h2n2s2|2
3%3?3P3V3g3
:*:2:A;M;Y<
>*?/?t?y?
131A1G1W1\1t1z1
1'2D2a2
3L4Y4t4
7!7O7]7l7z7
A1H1b1
4&5R5z5
525M5p5
034383<3@3L3P3
4$4(4L4P4 <$<(<,<
p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
30444D4H4L4P4X4p4
5(5,5<5@5D5H5P5h5x5|5
7(7H7h7
888X8t8x8
989@9D9\9`9|9
:8:X:x:
;8;D;`;
< <4<<<@<D<L<T<\<p<x<|<
= =,=L=X=x=
0$0(00040L0
8 8,848<8D8L8T8\8d8l8t8|8
84989`9h9
<0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=