Sample details: 1147dd76c17664ac1f6a8f6a12357b85 --

Hashes
MD5: 1147dd76c17664ac1f6a8f6a12357b85
SHA1: 84804c523b8308273fa4bac607af33dce6e60b70
SHA256: 5e7fd541f43f9a69631133720fff1e8b7546e0ab7530b556bf3bd5659bb65238
SSDEEP: 6144:PaVtBnFszYDn0NJYB+aWfcU2tf3AvZ4xOHkWOOp3Qkn0tpDv77Jxj+olzHY:SjbscD0/Ys712tf3oZuMkW3pyjuoz
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation |
Source
http://www.bikner.de/red.php
http://bikner.de/red.php
http://134.0.117.224/exe/1000.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
jXhxwA
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
0A@@Ju
Fh=`\G
0SSSSS
PPPPPPPP
0SSSSS
0SSSSS
PPPPPPPP
u&hPuA
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t"SS9]
j hpyA
URPQQhp/A
^SSSSS
^SSSSS
t+WWVPV
u,VVWV
t VV9u
;t$,v-
UQPXY]Y[
v	N+D$
Ehydiq ybefag = agyr
Apahox ytidas anib uqik
Ufisux avyt ibug enyl
Agovam yhur ebuj
Ybok emymow ilob
Osow uposek ohuhux educok avim
Ygaf.dll acow ijyk icuz
Iwoloc eqys yneb erokyc
Yteh uqyg
Ojad uwod ofiq ijys
Ycydyq; enov ezohon azec
Emij utoz idev* ojyqoc ybyb
Icyg acot %d ifohoc
Ukak yrejiw
Idurum uzytur
Oxyjyh owijun atesyj egeqym
Afyfyt ovyj uwub
Utokyz ujyk
Ezukat
Obohed yxefym ubocyn yzahes
Usem iredop
Yxax ufyp ezyd ynarar
Ybarab
Osud.dll obok eraq iryq
Yrok aneq abuder
Ibogec upuqan akifyr
Obim: efec idoxoz* ecyj
Esyj utyjap
Odocig = inarow. atiwez
Idupex
Enux acin yseg ejequf ihub
Eran ivyxuf
Ubov uzopev obukuw
Ebexin
Emil otewil yxyp.dll ukefyf
Abykor ivefyk ebed
Uzurel oleb. acuv iryj. evyhev
Yhymyc osor ajug azyc ytyh
Yjypis ovis ynib
Elihut = ywokov ycys azafeq uragec
Upow elucat anac: ysakoq
Uzoxyv: esonij
Yjykik yxow uxef. urup yfal
Ulyk egyvem %s onoseh ahij
Epiwas
Uruk ovanow %d ilabeb
Ilymyv ajoj aqyd: ucobem ajyw
Ivaciw ikyd: apiwev ehukug
Yhymyc osor ajug azyc ytyh
Ozesop uqyj: eqep
Epax. ytijec emavow ygid
Ynahuz uzohos: afaf omij ysod
Ydal usuk anelun
Uvyk %d ytog
Amofar
Yquv ybicak ijap
Esip %d egep
Esecej urymug
Ikaj enic azivav; ubyx oculeg
Uxuzez inyw utoqaq
Idulid %s ilir epirah %s ytep ydet
Ynuriz esuqit
Asyhis ibup* ebyl %s ivebim
Anyciv arafok %d elib obovyf
Awab osyq yhuz ixolaw = otal
Omemub erab
Upuziz odikys oqiz
Ujecyk arysit yxynat irinyj
Uwuvog obuvev ovefac* icubas
Ywyw ewufum efih.dll yhyzyl
Uzurel oleb. acuv iryj. evyhev
Ixavyk %s awupyh axahos ocaj ybaz
Ukafig ewynud %d usuw ivij odej
Udifus ifud = osic ylub umum
Uriwan.dll avut aner ogog
Uvyqot %s owovir acyhyz ezeleb
Ufodip ocyqaf isitaf
Eneleh obot ypod yluz. ajoqon
Emuh azonod olax* emeker oxet
Ydyx; ilakir %d ufavyz ehyres
Osolig yxykyt abilyf. enyzum
Oqewul alonel yvem
Isyc = unyjir = irucem yboxil; ihez
Ajihok yjacoz* emug
Uleqon ohelur
Azaqev yqup: uqisif ufykol
Ogas esiraq %d usenuw %d aquf
Ojitif
Erirop
Acugok
Ebyryt
Isyr. ipyl
Ynodag %d acazir okusim
Iwivok
Uqun umob
Ixyxag %s ovul agul owuqeb ixoboh
Uhynev ilaw
Uvyqot %s owovir acyhyz ezeleb
Ufodip ocyqaf isitaf
Itetip erow %d ymyxip ixon aqag
Agedeg enot
Anylob
Yxaj izicin ufiz ibuw yqal
Ezig* asew ebukec = yrakek
Yjov aketef osaden
Acizyj %s udeqik ycom
Iwoqur = ucep osytym ator uvozyd
Uxusuq
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CorExitProcess
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
GetWindow
GetParent
CreateCaret
GetSubMenu
GetLastActivePopup
GetGUIThreadInfo
GetDCEx
SetWindowTextW
EndDialog
GetDlgItem
GetSystemMetrics
SystemParametersInfoW
SetDlgItemTextW
GetWindowLongW
LoadImageW
LoadIconW
ScreenToClient
GetWindowRect
ShowWindow
ReleaseDC
DrawTextW
SetWindowPos
GetWindowTextLengthW
ClientToScreen
GetClientRect
DialogBoxIndirectParamW
MessageBeep
DrawIconEx
GetWindowDC
CallWindowProcW
DefWindowProcW
SetTimer
EnableMenuItem
GetSystemMenu
wvsprintfW
SetWindowLongW
SendMessageW
GetKeyState
MessageBoxA
wsprintfW
SetFocus
CharUpperW
USER32.dll
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHELL32.dll
CoInitialize
CoCreateInstance
ole32.dll
GdiAlphaBlend
PlgBlt
RestoreDC
AnimatePalette
DrawEscape
ExcludeClipRect
SetLayout
CreateFontIndirectW
GetObjectW
GetDeviceCaps
SelectObject
DeleteObject
GDI32.dll
GetComputerNameExW
GetModuleFileNameA
GetFileTime
CloseHandle
GetProcAddress
GetModuleHandleW
WriteFile
GetVersionExW
lstrcmpiW
SetLastError
SetEnvironmentVariableW
GetUserDefaultUILanguage
DeleteFileW
FindNextFileW
RemoveDirectoryW
lstrlenW
GetSystemTimeAsFileTime
lstrcmpW
lstrlenA
ExpandEnvironmentStringsW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
LoadLibraryA
lstrcatW
GetTempFileNameW
CreateFileW
lstrcmpiA
CreateProcessW
LoadLibraryW
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
lstrcpynW
lstrcpynA
SetErrorMode
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
SetFileAttributesW
CreateDirectoryW
GetLastError
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCPInfo
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapAlloc
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoW
HeapSize
KERNEL32.dll
!mR01-
AFH%(g
}C.r1M
4_7De_
.SA2Ti
d!21%@
3O/Q&P
SlRAGS
P~%5jw
ZZ#c/H
Y=IR&T
U\)`tt
V;	J`[
gPN5nz
4B\u9Q
 `ElN`
e.rQvQ
p<Bf"m
;-Gx8F
P5?wIV
bU *7Y
Z{a+;&
Yq2&}x
b}+!c}
*5/9u!
8+n%>[
2oD:NP
$ZI&/&
y<8m_Y
^OTb.$
C.zj8@
Gv)U2.
L RB&}
gp.!8(
~upJ>1
DfSF8+
&*`v;2
8Mim2e
k.Hm6q
b*:WNL
i$Y8P\
-B8rai
;4(F	i
"ZP^9r
AR?>Q1
\^f?	V
DB~#mb
>dSwyQ
DC^S"1
9h 7c3
]y2p`4
^`mOqq
p2BA$-
$<EEsa
m}Ym:r
irGNKI
UTUn$a
Xw$k?	
^0oC0J
&`54ni
N?$91V
$6.\mP
>]:>,(
a_4_L|
*R(fhO
iY~8J4
&eJ>JZ
h^q4 .
KE',BU
^GXRdo
EL@K|/
k3vo}l
]H|9bp
|KY=	%
mIv\/a
yU]E.!
lm<:uJ
A-Bh-.
}L%ka6
JrVu	\
Vt9Q*k
;unHY 
duprU,
Od{U=;
m}zy_v
<ih2+'
ES[*h!
d&chf<
 {pbq,
_>;!#*
4\Sec1
r{M:GV
g1,4 e
iQbHw>
EKodbc
 |V(VZ
5Piz]2
a8	~);
k	8NZ3
2jQEUd
\]t-q1
7DXW~Z
Pd}g07
LBz=M8
zHwIra
HevZkS
/A/btS
ppd6Tr
3.V)+g
=M_LY@
rI*Imj
=5r#*_
@^r!D!
5Bi7)_
*fJ7%2
76Cc84
21L2!A
8)eF#$
!_}c!9
a04*D7
=5K3E8
(9:1#&
1dY4@%
E$t@*%
19tA@f
@#47(6
38#f^)
:1~zg*,
854$17`
0(@3%d3b3#
4A@aDb
=31f$3#e#
e~eAA3a8
^f44_C~F
PY3c9c^
8f8f6)0
(!28A~b
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>