Sample details: 19771cc7d4a738eb3e879d7a537dc260 --

Hashes
MD5: 19771cc7d4a738eb3e879d7a537dc260
SHA1: eb8b05f48826a090c3f84d468d3986a121bc0cd5
SHA256: cac09c5751194795eb27b2daf641bee4afbcb1638095d7055e89c9c505af038f
SSDEEP: 3072:fydfi5NYbjCOqGRhEkH8f4n3fIfkBo6Yn3EWejU:fyhi5N+OOLRikH8fEgsLYUO
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://produtos.site/dfjkgy7
http://reyplastica.com/dfjkgy7
http://ourmobilepcs.com/dfjkgy7
http://stainlessengineeringintl.com/dfjkgy7
http://urbantechits.com/dfjkgy7
http://sigyn-ug.com/dfjkgy7
http://primarynotes.online/dfjkgy7
http://oracellbd.com/dfjkgy7
http://urbantechits.com/dfjkgy7
http://stainlessengineeringintl.com/dfjkgy7
http://reyplastica.com/dfjkgy7
http://ourmobilepcs.com/dfjkgy7
http://oracellbd.com/dfjkgy7
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
^SSSSS
t	j\Yf
QQSVWh
j@j ^V
Y;=@-A
v	N+D$
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
QQSVWd
t*=RCC
;7|G;p
tR99u2
v	N+D$
<+t"<-t
+t HHt
Unknown exception
bad allocation
(null)
`h````
xpxxxx
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
ozusidhfoiuzyxshcf nasioudfghoiasuydf aoisdufhoiasudfhoiasudfyh
kidetufaxudububi pademusi
%s %c %f
fawizenivinegogomipilidu nusovikuniropokudiba hayewafafe
%s %c %f
dodugoretisozesosace sikoxibowevecepa maborubipero
vigacasunakolino
kernel
invalid string position
string too long
bad exception
1#QNAN
1#SNAN
ExitProcess
SetProcessAffinityMask
GetProcessIoCounters
GetTickCount
GetSystemTimes
GetProcessTimes
GlobalAlloc
TerminateProcess
FileTimeToSystemTime
GetMailslotInfo
GetHandleInformation
GetLastError
SetLastError
GetProcessWorkingSetSize
AddAtomA
lstrcatW
GetProcessAffinityMask
VirtualProtect
DuplicateHandle
SetProcessShutdownParameters
CloseHandle
GetCurrentProcessId
KERNEL32.dll
GetMonitorInfoW
GetMessageExtraInfo
USER32.dll
InitiateSystemShutdownA
LookupPrivilegeNameA
SetSecurityDescriptorDacl
GetUserNameA
OpenEventLogA
CloseEventLog
ADVAPI32.dll
ShellAboutW
ShellExecuteW
SHELL32.dll
TransparentBlt
MSIMG32.dll
WinHttpWriteData
WINHTTP.dll
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetCurrentProcess
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapReAlloc
CreateFileW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
d!5]qW 
i9<"Ai
sb}Wl[
o<3OH9P
'aTT8(
4;SdHr
O[9Z\{
T)rqBZn
9CU[KC
$Mj>?f
22l`z7qg
O3P^`?,
U/p.Qd
?;y^F6(
*Y$Hhy
!e@++j
"q-;lv
S+4qrC
9'JnGK
:OScu_
NP7;C8+P
{c)$aiOF
T[JA>87	[y
3aY2tpNff
.giZ7H
hj0(RE
*a@btO
bT!\H?
ya*}E>
M	)8%t%i
BjsM		[
Sk2+Q9$
[aQze	q
vV%3:|
7!ej w
a+VePf
+^$e}!oI
zb$GYR
yRZ]mK
iI5CJUc
6c1/hr^~=
<4|'dr
r$HmT:
qAU b&
7(l3U 4J
LL3alL
~eDKG6
.g|=Q\m6y#
xbYjQX
rOykto
X}>+~)
J*J9}[
_kyj%|
?Vbd{G
[eO{Z"
=L:!)'
# j\BU
|tyatikuhedodeseyafukikegasuvovurafikofomigiyehanobepuhusiwopiloyuvupihasacaboheluwayuvuritobonimihuvicomajatozutodenikigawiluhazipikucevabupipukomorekuhugibasusuhekidaxiyejogulucanopotekisosikesahuziwaxelalojakaxejanobacayimogitomopabaceyimumigepaxajuwogokeraroriyotukolemoburoyomatefakudiwopuhuhabawativibuvavocohokuziguwakefejumekage
0U0l0}0
4#4I4T4p4
7-74787<7@7D7H7L7P7
888?8D8H8L8m8
869<9@9D9H9
;,<2<7<?<O<Y<_<s<
=^=c=m=
=5>h>t?{?
0&0d0v0V1`1m1
2 3&353
4#454L5Q5
6#636:6I6U6b6
7-767Z7
7C8!909K9h<
4r4L5T5l5
:E;J;S;b;
<0=8=K=V=[=m=w=|=
0&0,0:0n0{0
3H5T5Z5_5e5
5'6M6s6y6
8J8m8s8
9"9(90969B9H9U9_9e9o9
:<:B:H:^:v:
;9;C;{;
<$<)<1<:<F<K<P<V<Z<`<e<k<p<
=*=N=Z=j=
=@>M>f>
2}3W4'5X5n5
:L:Y:c:q:z:
>'>0>6>?>D>S>z>
252>2J2
6!636J6X6^6
</=B=Z=z=
?<?T?[?c?h?l?p?
0J0P0T0X0\0
2(3H3~3
4V4a4g4
7"7*707:7@7J7P7Z7c7n7s7|7
:2:?:^:
2)2;2M2_2q2
21373C3z3
4"4+40464@4I4T4`4e4u4z4
7/787j7
;7<^<d<i<r<
<7=V=h=x=
>2>>>F>X>p>~>
?*?/?F?^?v?
0#0)0-03070=0A0F0L0P0V0Z0`0d0j0n0
H0i1b2
8%9/9:9Q;%=1=U=
4%5I5P?
3Q3l3w3{3
 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
4 4$4(4,4
5,5054585@5X5h5l5|5
6(6,60686P6`6d6l6
7(70787@7D7H7P7d7l7t7|7
8 8@8L8h8
989X9x9
:4:8:T:X:x:
; ;4;@;H;x;
< <$<<<@<\<`<h<p<x<|<
0 0@0`0|0
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<
=$=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=
> ?0?L?\?