Sample details: 0b786e33bed537819c723ae0712b2008 --

Hashes
MD5: 0b786e33bed537819c723ae0712b2008
SHA1: bcee184dcfb9aae0c9fa3aeda34c94625e37673d
SHA256: 66d807b6944316f10c890738cc88062b4220f6f2c1d2941734e27b8e645b4058
SSDEEP: 6144:N6APr7sjj199w+mi2viNTT+wJ72peF3f8sNAhpgewF1kSUc3nGOHZA2advVDU:NJ7sjxw+mi2LwJJFPOhCebXVU
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation |
Source
http://www.sabineclaire.com/girasoli/ri.php
http://www.sabineclaire.com/girasoli/ri.php
http://134.0.117.224/itexe/stat.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
_VVVVV
^WWWWW
j@j ^V
t$<"u	3
>=Yt1j
< tK<	tG
0A@@Ju
0SSSSS
0SSSSS
v	N+D$
_VVVVV
URPQQh
0SSSSS
0SSSSS
t"SS9]
PPPPPPPP
PPPPPPPP
<+t(<-t$:
+t HHt
u;h,	B
u,h$	B
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
Ijem isef ufunaf
Oxim.dll oxepim: ufuj
Emomut ukeryr asitim irezaj ivaj
Awih %s ebel icuv inuq = uvinoh
Azowub
Ynival otyn; ifod afib ohyniw
Amatat ivit itafun imug
Azamam
Atuxab* evun ewej = yhed apad
Izyvur
Uzikyz ibij efupel* uridax
Arezes: apum exybih ujuw
Ycik amefok ukubas
Axyzyg. izoz
Ikoc; eryguc
Uvomar udob azok itod ahacez
Eqyn ohypel ygekuk imosop
Exykys esax %s eciveb
Uwilew uzibom awyt
Ecez opiv: ucygof efam %s ofar
Ecod usif; usiz %d ulicim
Uvur = ucyb
Acux ohozyc; amihev.dll azor
Etar amat
Enid awakax yposiw
Egyw alehuc aguvyc.dll ahaq
Ijyx uhamyz omubyc axudib
Afyq.dll uriqaj.dll igywyc
Ocuhej: ijevuw elejyc emecem
Amok owyq. orys
Ydajyw
Imatis akas uxolen ysor %s ocer
Uruvyc yvexod
Yvyw asem ivevif atiw
Anyr iqab = yfus igep
Amusis edof ybosop iryfut
Olib; acorez
Yzak. ygat enun ononaw ujon
Egaz* ywajur onin: iqideh
Eror. ogukys = esyvor ovaweq azawav
Ahyc idar %s ozoxeb
Aqogib. yfedes ojih adicug ecob
Edadaq izam
Oxexek %s ifav egaw uvewuh abedyr
Ylomyn ycywug
Ired %d yzev ozej. ekuzys
Ajihok yjacoz* emug
Ecygys ylekug = idek.dll inod ocez
Izux: uwoz
Orupas ugasut etyw yvylop = yfud
Isov ytimuc anugeq opyxav isutux
Uranof avajug.dll alalag
Etebip = atudor abezok umacuc
Iqid ovuzof ukuj: opyc ymil
Afiqab = yfus igep
Okyjyf ykofid* azal ukubol
Uded uperyn ajuk ihipez
Uvinoh* ewydom
Odoh oden ofacad ufewip
Yzejez udivap
Ycaf = itol osoryv ekig
Ydozaq ovor* opus opityg. ewacys
Ecin; imebuh
Ipes aqyneg ylydow %d umar* uwovom
Esah yfim.dll ikysid
Elax %s okenix: inacir alen asicup
Ivan umek ikiqax: icoxoc adisot
Azatar ahyq ulakoh ycob
Yqygus.dll omocis* iqyg
Uvag ucyr
Imum* equx. ozed
Ipoduw
Iqyloc evywir ugiwoq usaqaw osek
Uwap akolug ojycuz iluqir ohebaw
Yjulyq otyxyh ukik ecydov
Ypapuf ynad uxuq
Ypoq = ofan; agyc oket: inut
Ifygyb ewozec
Amiqin awuq ocyw ucew.dll esud
Owacub ezoh ywexir %s ytefic
Idaq uxap atekow. egok; odowak
Esunyf isyq.dll ojohyq aqec ipel
Ihaziz = yfex ymum
Akolug ojycuz iluqir ohebaw; olid
Ulib esyt ekofyn
Inisew atuf
Ozefiq ytizaq: ocuxal %s ywufyf uxymyb
Ixasyt even
Anov %s ajufeh ixaf %d udicyn abadan
Onyvud enecyt
Ygurax: oqecun exerul
Uwiviv
Umap eros: yfyw ydoh
Yfygev ycin utec itybax.dll iquwig
Obyb.dll ebaw* omup ypizex
Uvah ozegud odyz yreweb; ohah
Uxiwyn
Ibus ireb isaj
Iquv izaqak uxal %s ywufyf uxymyb
Orakaz orupyr unid %d yqujiz
Etuhen inibac ejasys
Ikudel; onorub
Evanih amenyt* ukeh
Amixid
Ahomij
Efihyq isaled = oqel
Ydisad ucehin akopup uhev anyh
Uhenah
Ihopar
Otiqyb
Azyc.dll ejonir. uhed ekik
Yfetoz
Ymub obac ipyv
Ydoh. onilan %d ibog
Ocyk ixulaw.dll efosyq yhuz
Yxunum
Upotaq
Ufuv yhiwac amub %s ecew obaf
Yvaxag etup utyboq
Yjabox odohum itavax ufeqol edot
Eser ewep
Akubad elibiw yqaf
Emyjaw ykuq
Omac. eguqid: ewuv emis
Omog %s ywiheb ityk ifiqid ovuzof
Alog atuwih
Enupis
Yxuh ahukyg
Uguvej %s afyj
Okog ufykek* osyg ibymoz
Alag ohel ekotuj ymypug
Otet %d uraj.dll utadun; ywoq
Iren ucemyd oxil
Ifysoq
Eleven ahyc icog
Uxomes ifuh
Awizor uqequp
Olal = ejejir* ivytaq oselek
Ymuqam aloqyq uzum
Okenix
Ipir obix
Ulupop.dll obivid; ijiq
Afokod afal; ixir ykah iqon
Iticil ebujev %d udaj obym = igawas
Otux ufeter
Acux ohozyc; amihev.dll azor
Ubuh opev
Enyw.dll ofun ysalyw
Uzydaw uqit ujixer uvafod
GAIsProcessorFeaturePresent
KERNEL32
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
ADVAPI32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
GlobalAlloc
GetWindowsDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
MulDiv
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CloseHandle
CreateFileA
KERNEL32.dll
{6c1*/
9U~{m{
G]X;(}e
_&tB*z
7k!A47\
[O.e06
5?uebY	
Ux4E 8
*"2Rta-/
cBKtOj
tjf/b]
<)8kzC
YVJ6iO
~)(h[%
I1rg!D
DyKcQX
A"j_]F
+OJbI1
"%-Hj=
`t39\+
o~@v)X
HSJJ|P[
U`'(l;
8p`@UEW
3~hCf`
+wN1Z?pSD
 D|/PP
f]d(PP
\qF\.^Y
5>brC)
"&jSFi]
]| zWqO,
"w &5/
Y{d-0Z
)dynCt6$
k">u,gC
0@2ut 
f5O8dt
>,&V8q
\d`YwDX
orP&Q4(
&mI>*c
3RLg!S
s9&f8|
voBvW	
!4;g 	vja
BgiYOB
e;%^RYv
,[l0U'F
8W)mz#(J
{'j?bf
@b+,|-kJ
Y(2)T%
,[|81-
C_OE$V
S/H>/V
Pgf+(l
#}]?#E
S[):/y
XrqV:n
,vz;#P
"f|*\/
B>,a)k
4BT}k9
6x[	.G
LixE/-
8z-OGwE
l:>#oL
K`jXFG
uREu[n
q"@&bL
gd,Ys/
#TQtN5
6u	hV4
Swo4U:
Xs>9Lk
07k8IX
T-z:zt
M`k &H
{,js9z'
XBN%\;L
-R_dg_+
G~,VO/
K,K)mc
 6mH0Y
F9o;iAsd|
A]I(E8
G3I8dy3@
r`Iw5S
DgiRN?
rAvDTY9
JcM/D*-
0$o.#2B
>i?|rC
W[b T~
M!x$f6
2(sNAR
r,ujr"
~-2y$Z|
	,%W:\
dG	>oJn
J!c~V1
zATYxX
wLxc4Y
 6Xv(]k
({vD%Q4
T)] EM
~HjKcp
|}0tL:
 CLuP|
IN!%o*l
2UU$Q)
a'C*!a
]5A5go<@
8Mg~5'
YVqxC\
]k3/G]
XoSB~ZBt(1
1&B#TY
N2*j21
m'UY;@
RW#-o 
	KeHnA
:zE`6w7
PO6n36
Tx;2{dp
OhORAf
E`Sd<:
 95>	%
A=5iS!
\3ice>q
<69mc:Q
[M!Qd,
"D3tQh>
'ubY*A
K/+.kRhC
.AH]Al
*bt%1:
kJN>Hn
gQNBa5^
UyUL:<9o
e?aFAt
H{UyhU%
y[nlY"D
S,+LM7
9"s;9qy
qKeOp"
t4X~4&)B
M92-3@
Eb<=B3
Jw&ttZ
Z=NKsw
y[tN1s5
&\VZ;c
z'Y'5i
BR~a*vP
>@~:xKc
w-O1%C
[FaPVP$
?D@t^F7
<bD7B2!l
4^ER;[
"h{D#"
3(>tZT
<LSUY"
d,l:Oq
6FJ:D\
U4;&dU
~*#ObgM
aX28|	~h
ZLZIA(
6-II[dem
KjEl9L
>74uYv
6^*8g]
T~cc@BB
NI-(e+
`PA1|/
//0R_0
rAT0KU
z<63*\
89#x>|u
_/YMpX<
]TX@sGg
$.Sgn0
@|)R"*
b^K>:K
n@S5i6
#%wZEmD
`N@`z(
ZKA<b\y
}01;P?4
i*A5h0
~.AlmAU
vT6G%h
y9r=*[
%ijq`B
^A&f%>
)qj<	r
},R#w/
7D3SFPQj
NCS@{=
8$^D.*B
MnD4l*Y\|A
&BXm"kzM
c('N'|+P
7cCdT_
	C-j6u
(&]_;V
@xN1l#Y
v!`'M)|
>\BeBH
9w+A0a
q<FGRn
EEx*d+
X?4 0q
Rm!4	'
>:>-OOT
"q@O	LGfF
wSF=x,lS
9*OU4i
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>