Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 0d924d1ef056b0135e15c28b236737a2 --

Hashes
MD5: 0d924d1ef056b0135e15c28b236737a2
SHA1: 70034a6aff434b0c49412690d4728efb9c5a0a19
SHA256: 232c8d4a53620fa6d5c296eebc014ea0cee78e54f9ac5707eefa08cf2bc29891
SSDEEP: 6144:8WGKK0b11Q1kc7HBOfGT2/7FXCUSVqAD4o0W77ZbLsedh1CS1a/89H:8td0fQ1kc7sfFy7VZDIkZvP59
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation |
Source
http://bikner.de/red.php
http://www.bikner.de/red.php
http://134.0.117.224/exe/1000.exe
Strings
		!This program cannot be run in DOS mode.
8JN.8KN
8KNRich
`.rdata
@.data
j@j ^V
URPQQh
HHtXHHt
>If90t
t$<"u	3
>=Yt1j
< tK<	tG
F\=0FA
;t$,v-
UQPXY]Y[
0A@@Ju
^SSSSS
j"^SSSSS
v	N+D$
j hPUA
0SSSSS
0SSSSS
0SSSSS
GWhdHA
t"SS9]
FVhdHA
PPPPPPPP
PPPPPPPP
t+WWVPV
Uleg azuxut ucylom: idoh
Yneb erokyc apox upoh
Axumyr %d atyg = edeh
Upuziz odikys oqiz
Iwasec asef ojygaj
Ifox ujowaq* ucuter
Usif; usiz %d ulicim oleq eloz
Obyb.dll ebaw* omup ypizex
Owimul ylutyf owirox atow
Acyjus uximib: asutyt = efil unubex
Iwox ihar uvup ecacaz* ixil
Ovipoc egah
Edyf ucis uzoh
Efudax efim = inel
Oqujis umajyt; esoxer.dll uvif
Ysyzih ufugyc ytiryh esabyf
Yxop yxuv idyhyh omuzyx
Ycesyh
Owimul ylutyf owirox atow
Uvag ucyr
Ujec %d acex. uxojyw %d eraweh ynotow
Uqib oqaj ynazix adulyh ipet
Azaweb egelut
Ywataf. yciduz elypur
Iwatek
Erojen = efum %s acywet
Ewyvig %s ypyf: imukac iduxut %d awep
Ywilij = ysifor ymisux
Udyran ohutil ihyb iziwad
Axox* osiwef
Yqoc ybyb.dll yxesyf: abucud. abegow
Iqyg adukat
Yrinuc ufihew
Ysob = yrin.dll iteh ubyc
Yjov aketef osaden
Uhidag; agos; enucih
Oqoq %d ymicog ytec: yteb; atuqab
Avazop %d opov %s ifaz eqyhyh
Uxyb %s evoheb ugod. yxaw
Abig acit
Uxyfux ipimup %d yfyc
Ynofup iqozoz ahup
Umeruf.dll elus
Ufalug* eqocyx
Ylyj okudag
Ewezis = apoj: uvatyg
Uqam. yxyk: aceg eheqep
Ohyxeq evyg
Amofar
Agylov azuv* alev
Uhomak odufos.dll egureb utaf avop
Owizox uxud imupek
Onym; okol omoh edek ewub
Efew ytyw.dll adol
Imimez asykum
Atilul
Utiruz isyx
Orydiv
Yhubyq ipyj upes: ypyril
Ejan eqaxow %d uhadoq.dll umyv = omur
Otuxeg %s iboqyb ozeg
Yxiheh ajol. usin
Yjyh %d ocibyf omydoh ebyr oqasyj
Ewer ovoded ibul.dll aziquj
Orefam. ipub uquqyp
Ujow ihoxiv
Ytuviw ipaj ebug
Ydesuj egybit ulines
Afyx ocevit.dll efac amukok
Udaj ikozab
Ywyluh ajyl ovokud: omyjup
Udifus ifud = osic ylub umum
Ogicax ores evyf
Eluxyg
Yheq. ykurag
Ymukiv igif
Ydap azew* adapub uvav
Oziz ukipiv ivurug
Unysaf utoq azusit
Uwomuh uquzaj %s ybibac otunat aqiron
Adejif umiqyq
Edypal ijyg
Uzonik
Ynex enyf
Avux %d ufysud
Ydap azew* adapub uvav
Yjuj. edij ityf = ukiwaj.dll uwog
Yhoz %s ebuhuh
Ikim* ugotyl ynicul* yxos
Awov: exag olanah anudum ucalyf
Yxiheh ajol. usin
Edefyt
Ypyhes edel
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
IsWindow
GetNextDlgGroupItem
GetWindowLongW
DrawIconEx
GetClassLongA
PrintWindow
SetWindowLongW
GetWindow
GetSystemMetrics
SetWindowTextW
GetWindowTextW
SetWindowPos
GetClientRect
GetWindowRect
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ReleaseDC
SendMessageW
wvsprintfW
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
GetClassNameW
SetFocus
DestroyIcon
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
OemToCharBuffA
OemToCharA
CharToOemA
CharUpperW
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
FindWindowExW
ShowWindow
MessageBoxW
GetDlgItem
EnableWindow
USER32.dll
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHChangeNotify
SHGetMalloc
SHBrowseForFolderW
SHELL32.dll
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromString
ole32.dll
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SetRectRgn
UpdateColors
GetGraphicsMode
GdiGetBatchLimit
GetCharABCWidthsFloatA
DeleteObject
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GDI32.dll
SetHandleCount
RequestWakeupLatency
SetLastError
GetWriteWatch
GetCommandLineA
GetTapeStatus
GetProcAddress
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
WriteConsoleA
CreateFileA
GetCurrentDirectoryW
GetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
CreateFileW
CloseHandle
WriteFile
FlushFileBuffers
GetStdHandle
SetFilePointer
SetEndOfFile
GetFileType
ReadFile
SetFileTime
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
SetCurrentDirectoryW
GlobalAlloc
GetCPInfo
IsDBCSLeadByte
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
SetEnvironmentVariableW
GetTickCount
CreateFileMappingW
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetTempPathW
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
ExpandEnvironmentStringsW
GetNumberFormatW
GetLocaleInfoW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetModuleHandleW
FindResourceW
GetModuleFileNameW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
DeleteFileW
MoveFileW
SetFileAttributesW
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
KERNEL32.dll
JbpF	3J
4AY:h>(,
.#fQv`
N&L]?k!;
?DbMOC
HkUm!J
Mc"Ofs
WPWoP6+
#_,Pg,/
7_>s=Q
O\r:>M
+6'r@=
B[]2{7
Xkp"jL
r|{7$w
1yYIw(
o7~g];
6 ;%;gv
V[Cq7lC7
:"#:C>
IfZzRK
wk~8||I
%ZnZ$$
I7#LJN
/s	_j:
7LVGr6
ToW5m[[
EHvauNr
y8]gGB
mE2o%R
d*4kz2
I)7/jMFB
X;d,@$
Y'$OkBB
d+^S[/"
[bu^?z
bXP21|
3Dz=69^ 
=Gg3*Y
z$}7c^
L4R"T6
|gB7K	!W
6w\nBK
iNf? *Y
q&#qA=
SbowBw
%p[x0F
EyO.yn/
I0*y[\
(i<#:I
0G/q%s&
#.: 1-
) L*G85_
+	3_Y	
5x6f;N
>'Ol[Cq
P"c+'Q
/.K1!\
A:&^Mql
202zB(@
y*,kH.
<%. A 
GzEV0	A
!c*18:cK
PSZu`SP
0s6CWc
=L!Ewg
9D0R'}
v:&g3~~<
'Tb	y:<I
Kv:wC01
h5gytJ
SuD7*_ |
YyV~f 
XVJ}%>
hbN	d?}F
"d1 ,e
yyw\yV
OKe7#L
 V2$do
(}uxn@
;B]L?E_
Qx+)Pe
w*C\0N$
B&)cT5
F.s'}|
Y%CW!a4
b5faO"
9tKbm.R
7ob#X"
]GB|%z
I"O#tZ
y;Ih_`
^X*]w(u6
7EZpLJ;
U#Bv<#A
'.w+!gj
F9~)*+
c+/x:a
h0))GD
Cjp* 2B
U_]fVf
[kJcWi
F_-W2R
|9[CM4
6bA@,'
`#pw=C
y;Vy)L
[Y<B=T
}^xw{Z
~#_&j~$
z4i7d1
 f_JIa
!>Gjd+
h&El=R
6Uf:w;
#e>#5k9
w[A}vO
}ezD	Z
4yI,'l
5JW,Y}
'UZ7K+6n
>E2eu1u
!#^)jb
_G7;ggc^d
?e]?/Jc
NFSIr&
/^iS<C
uqO$[Y:
_wX.:LuKi
S.F3uE
F9J3A~%(;
/A>fHO
+2YJFj
xOWoicv
2DMZ;0
_tgy5c,
dJTDAN
4nIbg`
^Q<0DGR?
	<xljb	S
JBir5iN;
Mz#*Mr6
bz0/rC
7b=sJokkN
31$`L.
4yGGVV
Z?@4)&
I#j?fv
`/.-vt
WIk1gV
r*dy4+
:etFuK
ec:gR'[K
YB)^((E
XZE`2P
"vryL+|Q
*)7F[%
-6Ue;md
w$b3_K
dNr+#WO
`k9vh|
&?AV_s
!HT;7z
.1'Lk6CI
]vN3pN
Gtb<GS, D
q;"Ssc
)|vT\K
;FOUi4
so&D.v.
^k !\.
H,iT5 
9;3O?F
[je%6U
6tZA>`
atf]*x
'#T)^:
[`[8<E
bXxbZY
}gpk3M
a$82?B.
5{y6'}9
M|fo+u
Yl`2CS
(ts?i<
A?!g}/
]p|oh8
Pc>, 7
*zawj,
:z7:IM
*c(vzl
%/t\tR
di7/[.
Rjrq$oS
vX1om$r
Bs"D.%
f>rS?w
CKyuQ;
w,}*2#
7tc2nZ%
tb!Y	t
"h&D-a"
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>