Sample details: 144e97d886c64b1e11ad394cdf10e4ff --

Hashes
MD5: 144e97d886c64b1e11ad394cdf10e4ff
SHA1: 79213f1e708cfc884c65538e9f23777bcfced64d
SHA256: 4ced511a7aedfa4fefe0efb5647abf5f2e5628453cab0e19cc07eec2c83a6b5d
SSDEEP: 12288:Vs1tKhUsO24bI3j5nk9oVpqClZWrxn+bw2ES8ahugM:VYQBj5Lp3Zdxhi
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation |
Source
http://crystalmind.ru/versionmaster/nova/load.exe
http://crystalmind.ru/versionmaster/nova/load.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
jEj2j2WVj
uTVWhQ
HHt$HHt
?If90t
^SSSSS
j@j ^V
URPQQh0
t$<"u	3
< tK<	tG
v	N+D$
t"SS9] u
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
++f]^JW
)Fz""'
;(UBO|i
2?,YFs`m
	6#P]Jwd
:'TAN{h
1>+XEr
JV@6)j
	k#0OC
%}IUcP'
x I[h}r
*k-a ^OBI
rVI>1X,
<DNKhu
f%lNfTGF
eX]K>M
D{i\Y}4(
wDA9,c)
QQSVWd
f-00f=
t*=RCC
;7|G;p
tR99u2
v	N+D$
tWItHIt9It 
tRHtCHt4Ht%HtFHHt
<+t"<-t
+t HHt
	X 9} 
Unknown exception
CorExitProcess
bad allocation
(null)
`h````
xpxxxx
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
UTF-16LE
UNICODE
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
Error getting size of owner SD: %d
Out of memory for security descriptor!
user32.dll
SetLayeredWindowAttributes
ID GUID
Notepad
STATIC
HeapCreate
kernel32.dll
Save current changes in %s?
string
Version
Version Dev
username
list<T> too long
vector<T> too long
deque<T> too long
?5Wg4p
"B <1=
<8bunz8
l,kg<i
<@En[vP
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
bad exception
?Dj0Q:W$=
5s3R6=
?1#QNAN
1#SNAN
_nextafter
_hypot
FreeLibrary
HeapAlloc
HeapFree
GetProcessHeap
MultiByteToWideChar
SetConsoleTitleA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
KERNEL32.dll
CheckMenuItem
SetDlgItemTextA
EndDeferWindowPos
DialogBoxParamA
GetDlgItemTextA
LoadCursorA
FindWindowA
MapWindowPoints
SetWindowTextA
GetSystemMetrics
BeginDeferWindowPos
DeferWindowPos
DrawMenuBar
DefWindowProcA
EndDialog
SetScrollPos
CreateWindowExA
MessageBoxA
SetWindowLongA
SetRect
GetCursorInfo
GetWindowPlacement
GetMenu
GetForegroundWindow
GetIconInfo
DlgDirListA
BeginPaint
SendMessageA
GetClientRect
FindWindowExA
DrawIcon
wsprintfA
DlgDirSelectExA
TrackMouseEvent
LoadBitmapA
DeleteMenu
PostQuitMessage
GetWindowRect
GetSystemMenu
SetCursor
SetWindowPlacement
DestroyWindow
EndPaint
USER32.dll
TextOutA
CreateSolidBrush
GetStockObject
EndDoc
GetObjectA
PolyBezier
PolyBezierTo
GetMapMode
StartDocA
Rectangle
CreateCompatibleBitmap
SetMapMode
DPtoLP
CreateCompatibleDC
PolyDraw
SelectObject
DeleteObject
SetBkMode
SetBkColor
CreateFontIndirectA
StretchBlt
GetDeviceCaps
DeleteDC
CreateHatchBrush
SetTextColor
StartPage
BitBlt
EndPage
GDI32.dll
GetSecurityDescriptorOwner
GetFileSecurityA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
AVIStreamGetFrameOpen
AVIFIL32.dll
CryptUIWizImport
CRYPTUI.dll
PathAppendA
SHLWAPI.dll
SetWindowTheme
UxTheme.dll
lineGetAgentActivityListW
lineGetAddressStatusW
TAPI32.dll
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
LCMapStringW
GetStringTypeW
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
K}=!0.
u*X<IU
0zOrU!
,	+l=Y1
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
FJus#V
!*F HH
6U=_~&
E28wG4_&
0pQ7O~-E
?v*@JH
b`Zp{g
h,>n!b
[GADDwd
UI	-dj
w@5{v>
	6}k.>j
B*>D{9
`3-Cgl
On8gMs
;]|!HZ
+/V9}N
zjyM?r
D.	9ON
D5l'm[
n<:FPr
Y >, ^
~fi6_3
Rk}/"R'!
Ob8gyp
y53$?olH
'/(_>&
aan_&)
t28ho1zv
wf[xD6
pzBsw>
SnYxe0
-$RXl[
j`*|)X
.L{E#2
=#8dlp=
Xi`r$g
8J|:jP=
lfZVc5
b8is.4
WmbW,Y
q_Mt{`
Y,9FPr
9tnVl~
pt>g6G
Be3Bpz
MS:\`d
<J|2W$
i,:>7+t
'Ae_(E8
,mfu>_
J,?BPp
byF*#s*
vMpZ8c
c}~{CJ
vW"K,8
dmzpSh>
+'xe2V
x(J_b6
j}jPAR
+~{2 Ga
B0		de
F (h`t
Xj$.<7
@7z{)/
@!'ayK@
]y[eBq
%>!M|6
cO1Inv
B@gY#hA
j"5i[x%U
<	q+%?
YW(.5C
[)TRUr
BPZ,yG
??o?,'
21Rct}?
POj9 U
xP|"{`
[p&`&:
[>h6jo
pG!HV5sC
a{y,wK
hpOr	M
TnqP[A
?*1oCe
8Uy_37P
/Hr"&	:
]<tT/d":
.rQ,&;
)ukM!m(/
]\b  q
`|fMS*
ARR'~K
#_%`\B
wnp^J1
ciSn8%^
"a#ihZTc
J	sBSgl
:2$f4	6V6
V=W!U_
\cN. W
)`>+6?
U,P<*E
1 p8D]
_Kh|fN
C4\Ob7
{VLii&
| <},3
iN)*[?
M(t4m@ni
-'BXd1
>-)"&W
KG6_K/
)^[fF1
sV*a#d
?@0|2p
:oCQ_&
kV^Uy|
O9$g^R
!WQ?L3
%Y\	#F)
hR8pgu
5i /U%$
A] Gx,
2I"l~q
4[3 :b
Ye( uy<
SkpRv$
l	(kE^
Jk;.lG
TnqPJI
qcx`Pd
(>3Wga2
GFB4Yb#
V_c:n@+
Ob:lvo
rF0ImlH0
ZJ4Rq*
#ZTKs)x
YC3lv/
-7pWF3
>{2("d
gh!*M=
HS7*+]
<kd;^L
3y%M%u
N$|%X[d
"7 D_P
sL^VES
='f@!i
ev@Rbah
+j}w@9
4tBzP&
dcy&tb
$_eD	 ]
QV	@UG
RZ"Rgl
vz$@N,
Z#`$}.
8$/	,/
z8""{&{
=v{pX 
)i3G6?
l*.n&;
sNe;+F
-CG}U)
3'F9 O
Yx}D{:
VK;{O|
ZuzFP-
Jh0dz,
EA`Z`1Q
,$y-M%$
r_<,o|H0
 |0gju
wv^ViD
	rR]yo
L<HnVF
!FL	pG
+|mzw$
r3`x$[
u,bS3R
nd/Si<
09vKn!
};`0:_v
*0Ru:nt
\rGNw3
r@zn=%
K.7,UG
(><||q52]
!UPhhT
?LlaD3
]~mf2i
!$qI[,1
E@<!_v
i^)a9[
v?}u><b
\rN|e:
+Uiq/t
JB&o_X
hF$RL,
}RFv 5
J$:;vG
6	__g&
<}H*/!
\Za@$)
W	*Q%]
%G:}aj&G3
LO#.N&
/0(<6S
Q*F;`#
7h5#Ps
y}_pnB
<hA1|)
BT]Ft	
D?=jAh
(Ou6f6
S!>c	*
Qh0M$g
4"F?bM
Ye(cIC+
hv;52:X
*bxJDF
``-.7$O
nB!v_Y
	/;:3U
?rb=<'
eX[b`;
jt[ZO2
}Ep;-?
OEaNT? 
]qe+PV
_0(oq-YD
]EC	RN
TTlvSs
JgIAa6
/-Abad%
#my"8G
vDPhFD
9ZdVu-
	u[yY[
s.	Tu%
z.xI?ex
&:Q#o9
0@,`nd%~
@s:FPp
F^j"#0
\b @I8
- 1y8c
%?%Oo9
sGF<~0
%NhC0h
$%>b\x
+Ooe+4w
t9Q"TdTo
Q}z|h2
bt{`{p
L	KBPp
Y(OOb5
(-4$hr
<{{2 $
?4T'L$
vn(@N-
^(j$g.
8)L&)"
*;j5GRv
8JYmk)
31E1PH
7+}x l:
dsRygn
k{*nZF
r42b:C"
*&=|?_
FX#=&x
ha<`z_
mD'S\ 
-#:G#@
^`4RA'
[mf767
19mxU.
#'F9S"
#4Sx_dC
\%>;5P
dsP9dN
WpU&F;
BapY^v	
j8M@hf
1>4Wer
|-5o:r
nw18?)
\tJZ{]
 : z-T4^
$V]%CM
ag&.GS=
RaQ'{$
bxhznd
(>4Uhr
(~{2 0
?4Q Ld3
~j$oJ.
-8t4m!mt
}~ga@<
}?Ktq{
R@+j]=TW
Uf_xhh
GR(T).
g~3W}|
:,!26V(
z$a4[ 7s
8MvalD
2N0X<a
1R`ZjE
_[:h|4
4>`^Y2
3'F1PH
t28ot$ZP
dsU	dZ
wf^Vc=
bxkp{p
wZ%B S
FM2#!$m#&
[b3gD]
1&;Z1*
$ $wGP:
pceq.'
\`d]9&
P[hf=o
)TXe-*	
f"hf=*	r
^`4R/>
DBpNDmw
\`dq-(<!
Xnjw=2	0
hB84h'
>`yof<
f8%z~M
""J3vP
`IYZ8k
dx 74,
@EU	dK
wjJVc=
W&3LL-N
bxkpOV
mp<o: ^
>4Uhz71]
(~{1-0
< <5,Z
8JTCE)
YaH\`(
o.>u[XX
dJeZ|K.
l2	PAA
7,Za>IN
B4i/9F*:
;/]%;c2
~[c@@+
( gA"-
>|^nhP=
+#eI@m
#}oc)s
LK@v|"*s
VCEgUW
@[iv4.
,PSbD"
b}op{p
\k^Ob6
~X&@N.
^(iEo.
, <24^
ZT*l^S
,>,pG8
+.'uc~
8IdR;<
IllGxl#1
)8Q#yx
m&^h~"
W"""L-L
]s:FWF
wz$cx-
lM)A}{
t'j5M'p
	eOMt[4
{?%-bT2
wf^Mj>
8CT?LL-L
Ky,`=$
$n!r1Z
}(d4m.
Nrd'GT
;;W;vG
jD2/_E
/ NY&1`
wC3yZ$qD
pDNBs=
L9:1<'-{5
P3[OsL
p)9wx1
h_n<e.
=rL9X 
!66fBMF
}+fNOJ
dh#pId
KUZ$%]
r$<OB\z
2 /DG2
-><bkD5
 G i5s
Ob9y~V
6+FW'*
HMPLvG3
$	|](:k
m&#H(k
a{L	AZ
Uq{.lG
_8m!D_
d24oVv
E$02t(
[|1VXc;
\~lm0)
s$J<1$
]5JHRO
^D]&d;
jU,<K"<5
H8a4v_
>xSbO#
b&23[&|
1lmCz:
'	eUI_
?A@( br
uG6T_V
ePI/C7
*%Mc0i
7 <:+]
S]:%x}
\qM!61
7q"a	t
?v9t60
cv4$H:
:e:*v$
Gzis\W
DA|xh?X
N\\N<"
)4VQAb
/_tEn.
7%-Hr 
FT=|0m
'xE+[%
fSSP2g*1
`!(N*"
 B}lhX
]IR (8
	7{I]2l
t28hSJ]B
tsUqd|
/9,	0`
R{kp{p
FPAb^[6*,
zckF!}
:1R @k#
Ub=;jd	[*"
![#ZZ@
f9zLD`
#j5M'p
8Yt$ZP
(W";LW=O
b~gp{p
Xo^LT6
(=4Ufr
^(o,m-
'i5]#s
8JTKs)
P@d>LS
|ehtm,
%a\qq8'
C-4?5D
f[5!,2#`q
Wb4DM.
TA]$4^
`n=7</
o|||mwwwkyyyisssfssscnnn_dddVOOOJ000=			2
A5%Qo^C.jU@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    type="win32"
    version="5.0.0.0"
    name="CatalgImpl"
    processorArchitecture="*"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
        <application> 
        </application> 
 </compatibility>
  <description>Device agent.exe</description>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING