Sample details: 0791c6c9deb9e121931876b36524cd72 --

Hashes
MD5: 0791c6c9deb9e121931876b36524cd72
SHA1: 22212750c07376bda25ac94804a0b55076f050c0
SHA256: ea0e41946683b27ef69b5d8eaa675478e0bd65070c3d999130a8fdfc638c9971
SSDEEP: 6144:P0jCsGdXOtKEMf8OOQMIQcZt8yjmD6AZ12laC/UM6c:vjUtKEMkOOVi8yfAZ12laC/UM6c
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation |
Source
http://193.124.117.153/crypt/netwire.exe
http://193.124.117.153/crypt/netwire.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
PQQQSVW
PQQQSVW
PQQQSVW
.t|PVj@
uMh|MB
HHt$HHt
?If90t
F\=0DB
tWItHIt9It 
uTVWh0
^SSSSS
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
PPPPPPPP
Wj@h8AB
PPPPPPPP
<+t"<-t
+t HHt
t$<"u	3
< tK<	tG
j@j ^V
v	N+D$
t"SS9] u
	X 9} 
URPQQh
t VV9u
;t$,v-
UQPXY]Y[
v	N+D$
u-hlMB
QQSVWd
t*=RCC
;7|G;p
tR99u2
tRHtCHt4Ht%HtFHHt
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
bad allocation
(null)
`h````
xpxxxx
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
`h`hhh
xppwpp
_nextafter
_hypot
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
1#QNAN
1#SNAN
message
WindowsCard
user32.dll
SetLayeredWindowAttributes
Notepad
FreeLibrary
bug categrize AVR.
Construction Dispsal incmes.
crossing vide.
infinitives Diskcmp elevating Dispsal chclate Governance.
LaserJet createApplication Payments falcn reproduced Tarball 16bit relegated.
MDF surfers ptimize Zones Bazaar.
Conndata dinners LanguageID acceptance snapshot eyeball rebt dmeter.
perhaps scratch unincrprated.
kernel32
powrprof
HeapCreate
File not found.
Konexx APP1 
1.3.6.1.5.5.7.3.1
1.3.6.1.4.1.311.10.3.3
2.16.840.1.113730.4.1
memcpy
invalid string position
deque<T> too long
list<T> too long
string too long
?5Wg4p
"B <1=
bad exception
?Dj0Q:W$=
5s3R6=
?ZEM-'^
?{yK+;
?765@Z
?e')lW
UUUUUU
?333333
?333333
?UUUUUU
?$rxxx
FindResourceA
FreeLibrary
LoadResource
HeapAlloc
GetTickCount
GetConsoleTitleA
GetEnvironmentStrings
MulDiv
lstrcatA
MultiByteToWideChar
SetConsoleTitleA
GetStdHandle
GetLastError
GetProcAddress
LoadLibraryA
GetProcessWorkingSetSize
GetConsoleScreenBufferInfo
LocalAlloc
LockResource
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
LocalFree
CreateThread
lstrcpyA
KERNEL32.dll
MoveWindow
GetWindow
ActivateKeyboardLayout
VkKeyScanA
DrawFrameControl
EndDeferWindowPos
FindWindowA
EnableWindow
SetWindowTextA
IsWindowVisible
GetSystemMetrics
OpenClipboard
CheckRadioButton
IsDlgButtonChecked
ShowWindow
LoadAcceleratorsA
GetCursorPos
SetWindowPos
DefWindowProcA
EndDialog
GetWindowRgn
GetDlgItem
ReleaseDC
SetScrollPos
GetClipboardData
MessageBoxA
GetWindowTextA
InflateRect
SendMessageA
GetClientRect
wsprintfA
IsWindowEnabled
SetForegroundWindow
FillRect
IsIconic
PostQuitMessage
SetTimer
SetWindowRgn
CloseClipboard
GetMessageA
USER32.dll
CreateSolidBrush
AbortDoc
GetPixel
SetTextAlign
GetTextMetricsA
CreatePen
CreateRectRgn
AddFontMemResourceEx
EnumFontFamiliesA
Ellipse
CreateCompatibleBitmap
SetMapMode
CombineRgn
CreateCompatibleDC
GetEnhMetaFilePaletteEntries
SelectObject
DeleteObject
CreatePalette
CreateFontIndirectA
AbortPath
DeleteDC
SetWindowExtEx
LineTo
MoveToEx
GDI32.dll
GetOpenFileNameA
COMDLG32.dll
CryptAcquireContextA
ADVAPI32.dll
CoCreateInstance
CoUninitialize
CoInitialize
CoMarshalInterThreadInterfaceInStream
StgOpenStorage
CoInitializeEx
ole32.dll
ODBC32.dll
SCardEstablishContext
SCardFreeMemory
SCardGetCardTypeProviderNameA
WinSCard.dll
GradientFill
MSIMG32.dll
CertFreeCertificateChain
CertGetCertificateChain
CRYPT32.dll
ImageList_Create
COMCTL32.dll
SaslInitializeSecurityContextW
Secur32.dll
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupCloseFileQueue
SetupDiEnumDeviceInterfaces
SETUPAPI.dll
HeapFree
EncodePointer
DecodePointer
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameW
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
LoadLibraryW
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
|3x\gM
L{U,KU
1{r4@}9
YEp;-8A)	
;5@ _M
~E2<8`
\3yQYY
Rh(5;/
aqtp@pYYtY
Nw;;T<
Ke @Y;
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
/ GCot"
,e}bk%
6NYokT-
`\i1"UX
~ItiR1
Q`_%~y
Y9t-E<9
p	{.8N
X?$Rx{k34~J
fCCa*Q/
]u+1RQ
SmUyd3|
E+_*ASVs
lIEc#ND{
ew-GL*
c>	71s
O9(\3~
G9vLke$
\XBce5@}
\~\U]o
f)=J(h!
I:vjaw
d."a![
}p$9cMc
(wGx+Wn
UnZC>@
IgVT~Z
UhTNNi&a
<_?	F{
>KmswdC
3ro7mi
?^Oyr3
');kKe
+gfD3)
.+:3]B
\:SE|)c5f/
.+:3]nb
<G)PQqU
m"e^Uh
cEn?oA
gg-wLj
wMBW1A
^C\-7-
_#D*6k?
:p//9"
}Zo7QM
NfK]s{d
	<I@vB
ew![vA
.+:3]Nb
BomJ%7
)YBU3A
.AF^{	;j[
}\/=ci
'5sw{/
9_MBW1I
Bh4iWM
F@]/5 
HYte(l
=,.B?v
'g)ilN
'iChSy
pU]oE+
/su@c	
I_*pzT
8aHp	C
1)q8-$
8A'A>@{/
.{4vX,d
]t98:@G
	wtYThj
ZGB;rzw
fd6iWm
9oCH}Sd
~#UjDk
W!:E'"
O"KVnH
[6<s6n
h8Q>iZ
v/_Uzs
ybY=o(
"?-;nT
.	ZBtU
&3|8%8
P8NYmX
)&r@h'
;KAhAwo((
Z{-8Yeg
Q)z`n2
G	@={j%mc
;J-`25
	l#v:BG
h1ELm6
u'5_SE
ki{1?d
c#J=Ke
ra,`<M0
?Aw}@T}
E}q~e"0
tNB:zj
zO}?TY
D 9cL"j
L2FbP~e
hefd*UT`?9
]"Y_W>&8
/tv;H]
UKCc90	
P20ac	
Xkz$i3]
E'V*8L2J
mV(CBz
'JnoHi+Pa
CL7CbX
/oB?,T`+
sPJ*XEK
9m.|IdC
k1ti1r
!/L[QW&
]JRdf($)
oIMGhsy
JCadi/
`d]LI\
~]8%19'
}\/Qci
G*A6ABf
r6=Jaur
}`&x+?
}\/Uci
p	/SnZC
(O&$0)
Z	LG}b
9Ps_oE
KMGh{y
[u+1RQ
HF(;w)
/	wxc9Pb
:r; yA
F%*H;D
 BDM|<
}\/]bi
_>_aEu$
9_=%lK
X[gp}>
KOEHwM
_t3$**
(:4|e;[
A?p"~l
HR;V_I
mKz!Qv!p
7U^qw[g
be?-g$C
fdxiWy
Ni'#ZC
Hyw+1RQ
L?oI]c#
x-0l(U
M5rMX(
	c$w=e
k*?a8-
`{iO/LG
Z7@O1PL
(_t$xV8
3n;B#Yh
N(Sv,5
D8S^{E
/X.uk9
;LKbSp
ttceNNNt
z{{{wr
t|||}|{|B
_i{{xq
zppzpzge
zozppyyvpe
ppozoypym{mge
pmpppoppymouufge
mmmyoymymymymuswfe
ljmmmmpmmmmmmmumsBumus
8<@m@ulumumu@u@u@u@u@u
f8:<@jmmmmmm@mjm@m@sB
=:89<j@u@u@u@u@s=s
98#<<@@@@@@@@AB
8$#><B<B=B;B
z8$$;;==>=
t::#;$B
""""""""""""""""""""""""""""""""""""""*U
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUQ
(qUUUUUUQ
QUUUUUQ
(UUUUU
S3QUUUUU
UUUUUQ
4DDD! 1
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UZ"""""""""""""""""""""""""""""U
xwbxr"&
wwjwzx"w
gt(zww
(x"wzx$wv
wwjwzx"w
gt(zgw
r(x"wzx$wv
wwjwzx"wzgt(zgw
r'w"wzx$wv
wz""w*Gt"*g
wj"$wv
Zwwwbww"Gwrgwb&ww'wr"ww$wv"gwv
Zwwwwwwwwwwwwwwwwwwwwwwwwwwwwv
Zwwwwwwwwwwwwwwwwwwwwwwwwwwwwv
gwzgw*'wr'wz
ww"wwt
wwBv$wzgzF"wr'v
w"d'w"wwt
wzgzG"wr'v
wzgzG"wr'v
w*gzg"wj'v
wwvDgwtwwDGwvgwtFwwFwtDwwdwwt
wwwwwwwwwwwwwwwwwwwwwwwwwwwwt
wwwbwv"gwrgwb&wv&wr$wwDwv"gwt
vgfJgb
&vz&v*
vffJfjg
vffJfjg
vffJfjg
EFzVfTB
fff*fdU&fj&f%Rfd
fbU&fd
ffffffffffffffffffffffffffffd
ffffffffffffffffffffffffffffb
&fb&fj
vf"ffb
feFj""fj&d
feFj&*fj&dVj&f
feFe&*fj&dVj&f
f%Fe&*fJ&dVj&dRf
FfjFf*&fb&fj
ff"ffb
fffffffffffffffffffffffffb
vffffffffffffffffffffffffb
;b""""""""""""""""""""""""*
33330j]
UUUUUU"""""""""$
UUUUUUUUUUUUUUUUUUU
YYYa			
nnnj}}}
@OS/2JZm&
&thead
$hmtxW["
@OS/2JZm&
&thead
$hmtxW["
3!4&'2
3!2632
#"&546%
!5!5#".
2WuB/Z'
3WtB/Z'
'Z/BtW3
!5!5#".
9fK,,Kf9
"'576$32
#"&'&"#"
	/a^[*
,rxrZ7
gj)NrI
IrN)jg
7Ysws,
<az|q("L
%4&5465%
54&'7'
N7`H))H`77`H))H`
)H`77`H))H`77`H)
#"&546
#"&546%
2WuBBuW22WuBBuW2
BuW22WuBBuW22Wu
@2WuBBuW22WuBBuW2
BuW22WuBBuW22Wu
L-P<##<P--P<""<P
"<P--P<##<P--P<"
!5!5!7!
L-P<##<P--P<""<P
"<P--P<##<P--P<"
L-P<""<P--P<##<P
"<P--P<##<P--P<"
!5!5!".
!5!5!".
!5!5!".
g&''&g
%/|BFz[5
!8L+&91-
%/35[z
-19&+L8!
u@#Ca?.
.?aC#@u
889988
988888
 2014 Microsoft Corporation. All Rights Reserved.Xbox GameBar MDL2 AssetsRegularVersion 1.20XboxGameBarMDL2AssetsSegoe is a trademark of the Microsoft group of companies.http://www.microsoft.com/typography/fonts/You may use this font as permitted by the EULA for the product in which this font is included to display and print content. You may only (i) embed this font in content as permitted by the embedding restrictions included in this font; and (ii) temporarily download this font to a printer or other output device to help print content.
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    name="Sierra"
    version="2.0.0.0"
    type="win32"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
  <description>Windows Store</description>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX