Sample details: 07119b7596b5bcda84e1c8c10ce33c32 --

Hashes
MD5: 07119b7596b5bcda84e1c8c10ce33c32
SHA1: 8ae08e2481f10d6c75ae4dd2ef8bc75031271146
SHA256: 62f1bb3010c5ca6f6c41f7ca320ac1e04ce25ff38b212dafe7150957d9314d12
SSDEEP: 6144:jZuNh6neNwh4HtcTm92OxUC3wCzfy5Pl74snmqozMSGY8T:IfGeNwh4HtOXiwpPFNsbk
Details
File Type: PE32+
Added: 2018-11-06 12:51:17
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation |
Source
https://wptest.md4.xyz/wp-content/themes/twentyfifteen/inc/sum.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
.gfids
@.rsrc
@.reloc
H9D$ v
HcD$4H
HcD$4H
HcD$@H
HcL$0L
D$h9D$ s@
H+D$8H;D$@s
t$8H;D$@s
+D$8;D$@}
+D$8;D$@s
D$xH9D$h
D$xH9D$hr
D$hH9D$Xr
D$8H9D$(s#H
D$8H9D$(r
D$HHcD$HHcL$8L
HcD$0H
HcL$0H
D$0H9D$Hw
(HcD$HH
D$ H9D$0w;H
9D$H~:H
HcD$HH
(HcD$HH
D$H9D$ }
D$x9D$ }
D$HHcL$(H
D$HH9D$@t
HcD$PH
D$x9D$h~AHcD$hA
D$x9D$h~
H9D$Hr
H9D$Hs
$Hc@<H
D$ H9D$(u
D$ Hc@<H
 5Genu
 5Auth
 H3D$0H
H9D$ u
D$pHc@
D$8HcD$ H
x	;^Xu&H
I(H9H(u
9D$d~FD
L$xHcI
D$d9D$`
L$hHcI
L$hHcI
L$hHcI
L$hHcI
L$hHcI
L$hHcI
L$0Hc	H
L$XHcI
HcL$$Hk
L$PHcI
HcL$ Hk
L$PHcI
HcL$ Hk
D$(Hc@
L$(HcI
D$(Hc@
D$`Hc@
L$hHcI
L$hHcI
D$xHc@
|$ RCC
|$ MOC
|$ csm
HcL$ HcD
HcL$ HcD
L$`HcI
L$`HcI
L$`HcI
L$hHcI
H9D$8t[H
L$`HcI
L$hHcI
D$HH9D$ t"H
H9D$8u
H9D$@t:H
D$0H9D$Ht:H
D$0H9D$Ht:H
D$8H9D$(t
D$8H9D$ t<H
H9D$Xrd
H9D$XsL
H9D$Xu
D$8H9D$0u
ffffff
H9D$0u
D$@Hc@
D$@Hc@
D$PHc@
D$PHc@
D$PHc@
D$@Hc@
D$$9D$ sAH
D$@Hc@
H9D$P}
D$@Hc@
L$@HcI
D$pHc@
D$0Hc@
L$8HcD
H;D$Ht
9D$ s(
L$8HcD
D$XHc@
D$XHc@
D$$9D$ 
D$XHc@
9D$h|0H
D$XHc@
@XH9D$@s
@XH9D$@u
D$ H9D$@u
H9D$(r
H9D$(v
H9D$xs
H9D$Xs
H9D$ps
H9D$xs
H9D$Xs
H9D$ps
H9D$pt
|:HcD$0H;
H9D$pu
H9D$puDH
H9D$pt
|:HcD$0H;
H9D$pu
H9D$puA3
H9D$pt
|:HcD$0H;
H9D$pu
H9D$puA3
H9D$Ps
H9D$Xs
H9D$Ps
H9D$Xs
H9D$(w
D$P9D$ }"L
D$P9D$ }&f
H9D$(s
H9D$(s
|$  t@
|$ #tJ
|$ +t!
|$ -t	
|$ 0tF
|$  t@
|$ #tJ
|$ +t!
|$ -t	
|$ 0tF
HcD$0H
							
																			
							
HcD$0H
							
																			
							
HcD$0H
							
																			
							
HcD$DH
HcD$DH
HcD$DH
D$`Hc@(H
D$`Hc@(H
D$`Hc@(H
HcD$$H
HcD$$H
(HcD$8H
D$H9D$ }DH
@P9D$4
@P9D$4
HcD$8H
D$(HcD$pH9D$(s
HcD$pH
+HcD$pH9D$ t
D$(HcD$pH9D$(s
HcD$pH
+HcD$pH9D$ t
H9D$ps
H9D$0w
H9D$xs
D$H9D$@t
D$P9D$@t
H9E t	H
H+D$`H
D$8H9D$@t
H9D$(t
H+D$XH
D$@H9D$8t
H9D$(t
D$xH9D$h
D$xH9D$hr
|$ $w	
D$hH9D$@
D$ H9D$8s
D$0HcD$0H
D$ HcD$0H
D$8H9D$ t"
D$XH9D$H
D$@HkL$H
D$XH9D$Ht:H
D$XH9D$Ht	
D$HH9D$@u4H
t$@H;D$Hs
t$hH;D$ps
D$0H9D$8s*H
D$hH9D$@t
D$ Hc@<H
H9D$pr
H9D$xr
H+D$@H;D$8w
x ATAVAWH
fA96tzH
fA94nu
0A_A^A\
D$`H9D$8
D$PH9D$@r`
D$`H9D$ht
D$0H9D$(r
D$0H9D$(s
D$@H9D$Xu
D$8H9D$`t(H
D$`H9D$0t!H
D$HH9D$ t+H
D$XH9D$(t<H
H9D$xs
D$P9D$8r
D$P9D$8u
D$T9D$@v
D$X9D$<r
D$X9D$<u
D$\9D$Hv
H9D$ u
D$pH9D$`tAH
|$hd|IH
H+D$XH
HcL$@H
HcT$DH
HcD$LH
HcL$<H
|$8d|4
HcL$0H
9D$,ucH
HcD$,H
HcL$0H
HcD$(L
HcD$HH
9D$D|QH
HcL$HH
HcD$TH
HcD$4Hk
HcD$4Hk
HcL$4H
HcD$4Hk
t7HcD$ H
HcD$ H
D$XHcD$(H
D$$9D$ 
HcD$$H
|$XPta
(HcD$0Hk
(HcD$0Hk
HcD$4H
H9D$pt
HcL$4H
D$PH9D$Xw
D$HH9D$ t"H
H9D$8u
H9D$@t:H
D$0H9D$Ht:H
D$0H9D$Ht:H
D$8H9D$(t
D$8H9D$ t<H
H9D$`t
H9D$Hv
H9D$8t2H
H9D$8t
H9D$`u
H9D$ t
H9D$@v
|$PArO
|$PZwH
|$ParO
|$PzwH
H9D$ tbH
H9D$ t
9D$ w@
9D$ w(
D$hH9D$X
D$hH9D$Xr
D$XH9D$Pu
D$XH9D$ t4H
D$XH9D$ u
D$PH9D$ t;H
D$HH9D$@u
D$@H9D$ t/H
H9D$xs
H9D$ps
H9D$xs
D$PH9D$0
D$0H9D$ t
9D$`|XH
HHcD$PH
H9D$ t
HcD$0H
t>HcD$0H
HcD$0H
HcD$ Hk
T$@H9L
(t,HcD$ Hk
HcD$ Hk
HcD$ Hk
t,HcD$ Hk
HcD$ Hk
HcD$0Hk
T$PH9L
(tgHcD$0Hk
tQHcD$0Hk
u9HcD$0Hk
HcD$0Hk
HcD$0Hk
ufHcD$0Hk
HcD$0Hk
HcD$0Hk
tKHcD$0Hk
t5HcD$0Hk
HcD$0Hk
H9D$0u
HcD$ Hk
T$@H9L
(t,HcD$ Hk
HcD$ Hk
HcD$ Hk
t,HcD$ Hk
HcD$ Hk
D$HH9D$ u
H9D$ t
HcD$TH
tAHcD$TH
9D$P~!
D$`HcD$`H
tAHcD$`H
D$`H9D$8u
D$89D$xv
D$h9D$<}
HcL$<H
HcL$<H
;D$8w#
H9D$`v8
D$49D$H
D$49D$Lsx
D$L9D$,
D$H9D$4t]
|$$stV
|$$stb
|$$su!H
D$$9D$,
D$$9D$4t
HcD$ H
HcD$ H
t'HcD$ H
D$$HcD$ H
HcD$ H
#D$H;D$Hu
D$$9D$ t
D$HH9D$8
HHcD$PH
H9D$Ps
D$HH9D$Xr
H9D$Ps
D$HH9D$Xr
H9D$Xs
HcD$DH9
H9D$Xs
HcD$DH9
HcD$LH
HcD$LH
D$L9D$P}eHcD$PH
H9D$Xs
H9D$`s
H9D$xs
D$$9D$(
D$ HcD$ Hk
HcD$ Hk
HcD$ H=
HcD$ Hk
D$`H9D$h
D$hH9D$(w3H
D$(H9D$ t`H
D$HH9D$@vWH
D$@H9D$Hs3H
D$HH9D$@wWH
D$XH9D$Hw3H
D$@H9D$8v3H
D$HH9D$8s
D$8H9D$@u
D$8H9D$@sWH
D$@H9D$8v3H
D$8H9D$@rWH
D$PH9D$8v3H
D$8H9D$Ps.HcD$0H
HcD$0H
D$XH9D$Hs
D$XH9D$Hs.HcD$0H
HcD$0H
D$8H9D$Ps
|)HcD$0H
D$PHcD$0H
ffffff
fffffff
D$(H9D$ t
HcD$0H
@CH9D$(r5H
H9D$(v
?H9D$(sZH
D$ H9D$Pu
D$`H9D$H
D$`H9D$HsPA
D$X9D$Ts$H
D$0H9D$(
D$PH9D$@
D$XH9D$8siH
D$PH9D$@s]H
D$L9D$Hs!H
D$PH9D$@
D$XH9D$8stH
D$PH9D$@shH
D$L9D$Hs!H
D$pH9D$X
D$xH9D$HsiH
D$pH9D$Xs]H
D$P9D$@
XHcD$`H
XHcD$`H
D$49D$8u
XHcD$`H
D$0Hc@<H
H9D$8r H
H9D$8s
$Hc@<H
:cD$ @
:cD$ @
:cD$ @
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
<program name unknown>
Normal
Ignore
Client
Client hook allocation failure at file %hs line %d.
Client hook allocation failure.
Error: memory allocation: bad memory block type.
Client hook re-allocation failure at file %hs line %d.
Client hook re-allocation failure.
Error: memory allocation: bad memory block type.
Memory allocated at %hs(%d).
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Error: possible heap corruption at or near 0x%p
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
Client hook free failure.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
DAMAGED
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
%hs located at 0x%p is %Iu bytes long.
Memory allocated at %hs(%d).
%hs located at 0x%p is %Iu bytes long.
Cycle in block list detected while processing block located at 0x%p.
Heap validation failed.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Bad memory block found at 0x%p.
 Data: <%s> %s
Dumping objects ->
#File Error#(%d) : 
%hs(%d) : 
{%ld} 
client block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
crt block at 0x%p, subtype %x, %Iu bytes long.
Object dump complete.
Detected memory leaks!
CorExitProcess
minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp
minkernel\crts\ucrt\src\desktopcrt\env\environment_initialization.cpp
minkernel\crts\ucrt\src\appcrt\startup\onexit.cpp
minkernel\crts\ucrt\src\appcrt\internal\per_thread_data.cpp
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
minkernel\crts\ucrt\src\appcrt\stdio\_file.cpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Second Chance Assertion Failed: File 
<file unknown>
, Line 
_CrtDbgReport: String too long or IO Error
Assertion failed: 
Assertion failed!
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
GetActiveWindow
GetCurrentPackageId
GetLastActivePopup
GetProcessWindowStation
GetUserObjectInformationW
LCMapStringEx
LocaleNameToLCID
MessageBoxA
MessageBoxW
minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp
minkernel\crts\ucrt\src\desktopcrt\env\get_environment_from_os.cpp
minkernel\crts\ucrt\src\appcrt\lowio\osfinfo.cpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp
minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
1<.	/>:
/>58d%
>jtm}S
)>6{1n
r	Vr.>T
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^	c:>
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
	kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
JScript
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\atlexcept.h
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\cstringt.h
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.tls$ZZZ
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
HeapFree
SetLastError
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SizeofResource
MultiByteToWideChar
LockResource
FindResourceExW
LoadResource
FindResourceW
KERNEL32.dll
MessageBoxW
USER32.dll
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
ole32.dll
OLEAUT32.dll
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
HeapValidate
GetSystemInfo
ExitProcess
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
GetFileType
OutputDebugStringA
WriteConsoleW
CreateThread
HeapQueryInformation
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIAtlStringMgr@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AVCWin32Heap@ATL@@
.?AUIAtlMemMgr@ATL@@
.?AUIUnknown@@
.?AVJSEngine@@
.?AVCAtlException@ATL@@
.?AUIActiveScriptSite@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>