Sample details: 1b231f7d645924e32733315e0f121ce2 --

Hashes
MD5: 1b231f7d645924e32733315e0f121ce2
SHA1: 0407adf2c402c6ac6ff397d5735720a49b80cfeb
SHA256: 615d7bddd51740fb8c73d6cc18532328727ae87837649cd39e84cf6ce99a070a
SSDEEP: 6144:s239hBcWl+Yo7dlemzdAOcQeLxMmVFu8/aNhaNA67qcucr/9MFkJ:vcWl+j7dHdAhLxi8/aNk68qRcruFkJ
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation |
Source
http://multifunctionaltechnology.com/St65fdfTG
http://multifunctionaltechnology.com/St65fdfTG
Strings
          	            !This program cannot be run in DOS mode.
Richv~+
`.rdata
@.data
@.reloc
t.;t$$t(
VC20XC00U
											
J ;H t
P$;Q$t
PPPPPPPP
PPPPPPPP
u0j~h<
GetModuleFileNameA
typname.cpp
mlock.c
dbgdel.cpp
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
Client
Ignore
Normal
Error: memory allocation: bad memory block type.
Invalid allocation size: %Iu bytes.
Client hook allocation failure.
Client hook allocation failure at file %hs line %d.
dbgheap.c
_CrtCheckMemory()
_pFirstBlock == pOldBlock
_pLastBlock == pOldBlock
fRealloc || (!fRealloc && pNewBlock == pOldBlock)
pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
_CrtIsValidHeapPointer(pUserData)
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Allocation too large or negative: %Iu bytes.
Client hook re-allocation failure.
Client hook re-allocation failure at file %hs line %d.
_pFirstBlock == pHead
_pLastBlock == pHead
pHead->nBlockUse == nBlockUse
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
DAMAGE: after %hs block (#%d) at 0x%p.
DAMAGE: before %hs block (#%d) at 0x%p.
Client hook free failure.
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
%hs located at 0x%p is %Iu bytes long.
%hs allocated at file %hs(%d).
DAMAGE: on top of Free block at 0x%p.
DAMAGED
_heapchk fails with unknown return value!
_heapchk fails with _HEAPBADPTR.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADBEGIN.
Bad memory block found at 0x%p.
_CrtMemCheckPoint: NULL state pointer.
Object dump complete.
crt block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
{%ld} 
%hs(%d) : 
#File Error#(%d) : 
Dumping objects ->
 Data: <%s> %s
Detected memory leaks!
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
generic-type-
template-parameter-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
[thunk]:
public: 
protected: 
private: 
virtual 
static 
`template static data member destructor helper'
`template static data member constructor helper'
`local static destructor helper'
`adjustor{
`vtordisp{
volatile
 throw(
 volatile
signed 
unsigned 
UNKNOWN
__w64 
wchar_t
__int128
__int64
__int32
__int16
__int8
double
cointerface 
coclass 
class 
struct 
union 
`unknown ecsu'
short 
const 
volatile 
__pin 
__box 
{flat}
CorExitProcess
mscoree.dll
stdenvp.c
stdargv.c
a_env.c
ioinit.c
tidtable.c
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
InitializeCriticalSectionAndSpinCount
Assertion Failed
Warning
dbgrpt.c
%s(%d) : %s
Assertion failed!
Assertion failed: 
_CrtDbgReport: String too long or IO Error
Second Chance Assertion Failed: File %s, Line %d
wsprintfA
user32.dll
Microsoft Visual C++ Debug Library
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module: 
File: 
Line: 
Expression: 
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
szUserMessage != NULL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
string != NULL
sprintf.c
format != NULL
isctype.c
(unsigned)(c + 1) <= 256
onexit.c
mbctype.c
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
f:\vs70builds\3077\vc\crtbld\crt\src\sprintf.c
f:\vs70builds\3077\vc\crtbld\crt\src\vsprintf.c
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
a_str.c
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
_flsbuf.c
str != NULL
`h````
ppxxxx
(null)
output.c
ch != _T('\0')
Program: 
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
a_map.c
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
convrtcp.c
_getbuf.c
_file.c
fclose.c
stream != NULL
_freebuf.c
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
KERNEL32.dll
CreateFontW
GDI32.dll
CoFileTimeNow
ole32.dll
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
HeapAlloc
TerminateProcess
GetCurrentProcess
ExitProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetLastError
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
VirtualQuery
InterlockedExchange
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetFilePointer
SetStdHandle
FlushFileBuffers
CloseHandle
.?AVtype_info@@
151n1t1
9L9Q9t9
;`;f;0<
3.3g3m3
8*909G9
9):/:|:
:";(;u;{;
<!<n<t<
?#?\?b?
3)4/4{4
5*606|6
6 7&7r7x7
:1:m:s:
</=5=v=|=
-030w0}0
1;1x1~1
21373{3
3&4,4|4
4(5.5~5
9 9c9i9
<1=7=z=
>4?:?~?
4;4t4z4
5.646x6~6
72888|8
8'9-9}9
1	1X1^1
<&<u<{<
5%6K6i6p6t6x6|6
6N7Y7t7{7
8 8$8(8r8x8|8
9'929>9P9V9_9k9p9y9~9
;%;Z;;<J<T<l<
=+=8=E=R=f=k=
Z0t0}0
3/474@4P4\4r4~4
5?6G6M6V6\6b6i6n6t6}6
949Q9V9
:(;1;@;I;O;X;a;j;p;y;~;
;&<2<v<
=4=F=K=
>&>F>y>
?$?:?J?~?
131=1I1c1t1
2(242=2c2o2
4-424O4T4q4v4
4+575>5i5
6%7<7T7Z7f7
8T8q8x8
:F:K:z:
;	< <V<
>`>p>u>
.040:0L0T0\0f0v0
1,191k1p1
22282D2K2Z2
343E3M3
415d5r5
5	6-6R6Z6b6m6v6|6
6>7]7j7
7	8Q8`8i8
8"9B9J9P9r9
:-:5:[:b:h:q:
<8=A=X=c=v=
>$>,>R>]>
?j?n?r?v?z?~?
0$0,040?0G0O0l0u0
061G1Z1e1
1%2,222A2O2W2
3,343<3E3N3k3t3
5$676@6
8)868E8N8b8p8
9)92989C9L9y9
;A;W;_;i;
<G<f<s<
="=Z=b=m=v=
=-?d?t?
1t1x1|1
575?5E5V5h5w5
7)878?8E8N8T8s8z8
8S:[:f:w:
="=+=9=[=_=c=g=k=o=s=w={=
>:>G>S>\>{>
?4?`?n?w?~?
0'000l0s0$1(1,1014181<1T1b1k1
2 272@2
3(3O3]3
4G5`5i5n5
707>7Q7
8G8X8c8l8
949F9O9r9y9
;T;[;d;
;-<B<Y<
=>=B=F=J=k=o=
>$>3>B>Q>u>
050<0E0
1*121>1J1Y1b1
2^2k2x2
5#5b6s6
7 7%7L7h7
8n9w9}9
:M:V:-;K;
?&?.?H?V?e?n?
3.373<3
4%4d4q4y4
7$7D7d7
:!:):4:=:B:O:T:b:z:
;I<]<c<
?+?1?A?
0(060A0I0O0S0Y0a0n0x0
4H5X5y5
:6:;:W:c:
:5;\;b;t;~;
< <D<K<j<
=.=5=K=p=
0F0K0Q0b0h0
0#161X1u1~1
3(313:3>3E3K3Y3c3h3n3w3{3
3	4O4`4
5)535W5`5i5f:s:|:
;+;5;;;F;M;S;\;b;m;w;
;0<o<{<
181>1G1L1U1e1l1
0@0U0^0g0m0
222C2p2
4;4`4l4
6,6;6h6o6y6
7N7\7h7
7,8H8T8s8
9'9B9R9^9
:V;];~;
>V>[>|>
2&212=2K2V2b2p2{2
4&5V5e7n7
8<8K8g8u8
9#929>9D9
;0;@;O;
=$=2=^=f=
=$>0>Y>e>l>z>
???C?G?K?O?
0#141X1
3(3V3b3h3v3
4%4D4h4q4
60676?6D6H6L6u6
6&7,7074787
7#8U8\8`8d8h8l8p8t8x8
8Y:b:}:
<I<P<W<t<
=)>->1>5>9>=>
2#2>2R2
3&3B3V3q3
;F<M<\=c=w>~><?
2*2(7,7074787<7@7D7H7L7P7T7X7\7q7u7y7}7
:$:0:@:l:
;";);9;g;p;
<$<E<k<
=&=3===I=T=w=
1	2%3@3]3
4>4W4s4
6V7[7x7
9&9+9H9`9
;.<8<Z<
<+=4=J=S=`=
>&>/>;>D>R>[>i>o>x>
?,?>?[?v?
2(242J2
425@5O5e5
9&:+:H:`:
:6;;;X;p;
<1@1P1h1t1x1
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P: ?
024282<2@2D2H2L2P2T2X2\2`2d2h2
5L6P6`6p6
7T7X7`7x7
0$0@0P0p0
5`7h7l7p7t7x7|7
8 8$8,8084888<8@8D8H8L8P8\8p8t8
GA;>a9
Qk.#Oi
Zc8&?O
soL%O0
Y-N9)?
Z?zbv"
SqboQCz
:sPp*G
`eCwW3
w;2@Uy:V
jiAW	SS8_
> P-(<
KwN7{4
'Q+x>B
+bkdH]
lx7Gv	)
t12sRf,*
L{"1Ax|
"^S<=58
zBLK\C
u:jz%Q\
][a;_x+G[
D+kHu1]
@olwc]
J!wew&'
Nn`BCGb
5t#ruW
E~`Vi$
[-|`6O
(,-N3lb
:KUOg5
T@ VduD
w&/<- k
^!BL3Kb
&]	Ghg,
#-bUk*
+=tE*FU
7"m>K[S^@
:02!#(
Yn	ii}
C,_fmg
0m~1u 5
m\)3L%
^MHZ_b
fvuiR)
=rlo\P
27.1!\
Ox`+*~5
aEliEI
	fgwY?
i}'s{i
|pSUVyCOe
`,i asZT
y,b9nxUs
}7Q 2v
nZQkyI
, {)6t)
cWZ*r$i
dkk~qd
7qE[ma0
;361q0
DA`Ke;F
\CdEkD	A
;_]SDcL
G	Sjt6
w?,goQ
usI1%\
n~[71H
(W~~$,
-nGm\GL
7D}^VDzvo
:F%Iz=s
KzZS0-+=
&[N{WJ
p4= [/M
U:#),.
O+'|/7:B
v<$$Ti
)M]"id
3yB+<mPEj
d2$:`X
]xd%co
~#+BUc
[~0L/oL
r7gM(	
G)0V7>%
&vgj.:.
vj5v@+
c@tO1r
k]h'_v
H/B0$o
NE%d:y
BmSq;K
inRV5b
8 twC7b
~I)`}	
crX5yw
-@[Y~\
84*uSq
n&-)[' \
 ds<0C
PnriSBy
r4i3M!
Yb'ozZ
YU/yqg
T.i<}M
a3t0LJ
MU!mM&
?eoD7}L
HIqoe/
0'ii3c
Ni/*Oc
XlYN@V
a3NYK^
rT;XD[;HB
63}+zeP-
4jO88n
>vU>Ofx*
Kn~5Jh
_>yMBc
:JVVz<
3ukDw|
Rz;~j$O
c?C* b
]2bJ9c
Jd1Xlrn
uwBxFA-\j
,I]X\A
KZEr[H
ExP2Na
l 9rK{
S|Y+R#
@dN=69T
>i&=(joZ
[S,Er~T
rMul&>
Imn>*P
Fb_*,w
	Nz2W_Tl
vpZWpr
R":}F\
gC3Jom
{#%Q,\
|GsqO7
T"@,ku
,Z0u)L1
^x>0:fk
r*;dM_
!	k1c 
1d	WeK
YDc<IG
?NAu_#q
m'xIYF
[{#;mvf
v+t_7E
~(@wj9
KJfnuF
dGrD#&
NU;chv
)he:7`
3~`PgY
~j3LJ}
rI 7Vv
Nw4!9}8
*gmv4J/
FO{HCY
(-e BfL
dTlXB*
hA'L.`T-
 .Y6@-n#
b9ko/i
NHIsfA
v0)@"x
&M`,]{'pM
p$?+qs
&^|4L%bU
=ImE5<
W04|a=!
N/>_Fo
!|-+ }4
kuH!hxb
Q/Hh}/
;-f}$d
u86cu&P[
Nxwx#p
VkuFOe
d\U9hbtI
[0VA'q
_;gHz -#
&nDLUV8
04(o6>
r#QT<bX
+>d,Pp
O"umQ,auH
 9<ByUR6
Bz{b)x_
XV:*|2
x(gBo3
$TB[io
vF<I$&
~97n4OT
jytD$`4
#b3Tb6
Co8Dt&
P:u[Sp
9qo	#c,|`t
q82gjZNA
$6 Ogx
PY\X5T`&GI!
o):)to
^"'\-	
-#zT}O
f)ltIK
U	R:&>
lFx&rk
!c7sH#fx
Z]<r#=D
3'hq	2
BjZ W"
bE()efQ
A]KFc+
L{t(w_c
HM24X_
Dcq>Au
.E9JUs
,s)	kaA
g-LRA}
c=":A@
jEXjEeuC-
KE}znWMwF
H;Tb)X
G!2t?&
'a4:C9
G`'W4c
/!3}f~
}(<:*5
o`\u\Vm]
*s@Upv
B"cv,j
Ht5M-	mUp:
]7_RFa
$]8;J:
S^0/7l
o{>7^rm
SagcMJ0
E@SDIlNQ
Ets3D:
0]V%q)J
?`	Wgo
\J'I~@
w"	e.zgY
)'h!	*8
p]}p=<
0S\aa$i
N5ni4W
2#ZJ|i
>iU|Ia
Np k[^~
jyP*	=
k4yob:N
4gg6Bw
j}F/Vx
T^pY~1
D	? 2q
5]v~YQ
{]n (_
o'}nav
$QFIrK
4RX5nCw
B7_,z$?
5<#>C^[
cgS/7\}c
cd0ht!
NZU0jK%62
>648K24
tA40zt
Xak_M<
xY-uc+x@
=4qN h
{*)ebj
d1+bdaoW
au7{zN
	k}J'(m]
}oR._;,
$ylArU	PX
A5b)%Zu
*(L4|V
PK^B<=
i8GLPc
0cqv}s&,;F&
DdOHLI
`s(xEG
kFfyI5
)^Ol)PD#
0]0!o?&
.P[@`0(
lD8*k!
NL?e`G
^;-}Of{
_Qg"@]
D4W1wW
/#/,~/k
R<_"`s
i 7INO
z^x;fwdY
}L?;iw$
v.K^&&y
(g\>o1uB
Vx_sVN
!}@Pb*c
L m>"'
}|}`ISM
tM*s(z
h~-:yo
0]L>>gf
	v'>"["
k^o2eL],
pzWZsS
9	;Z-,S
k/PEjJ
FA5H{`
){G%]5
okJ	D$
w!H_<O)
uZ;J6$	
EtAv3NG
LmS'vRM
zX8?M9
un,l{Bu
f'w|#B(>
+d%.w0g
d!q'ZDf
qqv{C$
h+)! ^
G$U)aG{#k
!;k4<$
3Pi,\g
B9.7G>
~|UtXsk
qc[$4_
dI|_05,02
pe<XWq
h9q>bF
Z0!_O)
D)_{<u
>/;#2K}
Mo~XWK
Ru,lbJZ 
keEL5#
"=qT) 
&?OHC+
{YBtV=
Jq$Vb|2N
x6i<nl
ulpY$\
+5?bqX
p:wr+!H
3hSd>T
>a+vx[
Wc!.*X
Q]]B.z
g1ngfP
o4X/(;
_) #e*
!]FV\C
;T\f(D
MD7**V
N6^;1u
%xe*do
5C3a?%
TX6LV)+3B
%MSi?j:
RRzyBt+
^-c.^;
$.a5xC
,\G[_@
_p	DiYu
4?uK<U
#8M$L?
$ obJu
3Crod`
y:`lMK
U@og?I
FGPLpDs
?Ii|@i
gPLFHyo
5S,zK]
#s>?1n
=LK?ka
VVR#Ab
2ma\)x
RYpV A
cQW/+M
\;:@KV
<j|(IS
	]9;L?
hsktN'
z@/GGd
3?k~v(c
G!b	-znT[R
PK	.<@u
%CUK{%
~RMMzR
K`: 0|Kr
UCy}u7F
+RT\^(
?*JAr*
w!6[/`G
q(6?1.
\_K>.V
@IuFDD
.t~;xJ
L"GF%o
<z:.PS]
b(di6l
'|+9f*b
2yn']P
{'3!^<
*w'IxZYO
i40b:N
F1n=3BD!
9PE!'k
fN)dvr
6K]k	K&?~,