Sample details: 1bbd74ffbbecf915c000ed831f09f63d --

Hashes
MD5: 1bbd74ffbbecf915c000ed831f09f63d
SHA1: 3341fbdbd4b9ba6da455e606bad74f2838e6032a
SHA256: 1be5c39f1b26e294ad423f63e23b6748214051297fc058cd5342d3119a251466
SSDEEP: 3072:s3JIa1KMRLUOU9+RoQNAH+5sD6GzSa5LsjyZoJ/ETiwMoxw0ZLnlNJltM6RQawzG:fiLQ9+Rm+5sOGRsjyZC/Erx3ZfLM
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_token | YRP/win_files_operation |
Source
http://193.124.117.153/crypt/qt.exe
http://193.124.117.153/crypt/qt.bin
http://193.124.117.153/crypt/qt.bin
Strings
          	            !This program cannot be run in DOS mode.
`.text1
`.rdata
@.data
.rdata
.data1
.trace
@.rsrc
@.reloc
PPj&Wj
ZPPRPRh
PRj$Qj
VWSUQRP
,$RSPU
u*h$KB
slj1X+
0WWWWW
;t$,v-
UQPXY]Y[
QQSVWd
0WWWWW
9] tI9]$u?9](u?
<\t	<.u
9E vKP
9u(v(V
^SSSSS
^SSSSS
HHtXHHt
>If90t
0A@@Ju
F\=pTB
j hHtB
^SSSSS
^SSSSS
0WWWWW
0WWWWW
@@BBf;
@@BBf;
0WWWWW
AAFFf;
0WWWWW
AAFFf;
^F<-uB
<xtX<XtT
0SSSSS
j,hhuB
s[S;7|G;w
tR99u2
HHtYHHt
0SSSSS
GWhdNB
t"SS9]
_VVVVV
^WWWWW
u&h8TB
t$<"u	3
>=Yt1j
< tK<	tG
jThhvB
j@j ^V
v	N+D$
URPQQh
^SSSSS
j"^SSSSS
FVhdNB
0SSSSS
PPPPPPPP
PPPPPPPP
t+WWVPV
0SSSSS
v	N+D$
_VVVVV
<+t(<-t$:
+t HHt
PRQSWVU
P]^_[YZX
list<T> too long
deque<T> too long
vector<T> too long
invalid map/set<T> iterator
map/set<T> too long
\\.\%S
%02x:%02x:%02x:%02x:%02x:%02x
Integrate.
frbidden.
Ability FIA PresentatinFramewrk astrnmy SMPS wealthier.
typesafe MSExchange hmed.
Lgicde.
psitinal behest fncdcmap.
Ripping neuro Aprps attractins Extent SIGINT Tokyo.
0x%08lX
KERNEL32.DLL
%lu - %lu - %lu - %lu - %lu
bad allocation
string too long
invalid string position
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?i!VPCr(
UUUUUU
W`.]tB3?Q
?@s#0?{
9y>m0_D@H_
Tp=9y>m0_D@H_
=7p7M}
6p7M=:P_:}u
RlK8`K8
?/]7X&
?8bunz8
?vmg$9e
?@En[vP
?1Ui74
?WbL6P
k?JG:yN
UUUUUU
Unknown exception
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
bad exception
`h`hhh
xppwpp
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetUserObjectInformationA
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
CONOUT$
Constant propagation error (%s substitution):
FORMAL
RETURN
GLOBAL
	I32 %lx != %lx
	SI32 %ld != %ld
	F32 %f != %f
	I64 %lx:%lx != %lx:%lx
	SI64 %ld:%ld != %ld:%ld
	F64 %f != %f
Bad second argument
Fatal Error: Can not initiate the Heap
Usage: %s input_file output_file
Usage: %s segment_size input_file [-trace]
Conversion from text file %s to binary %s completed
segment_size = 0x%x = %d
Cannot allocate memory to hold segment (size = 0x%x)
Input file: %s corrupted
routine_name = '%s'
file_name    = '%s'
prof_dir     = '%s'
Dynamic profile created from file %s completed
Fatal Error: This program was not built to run on the processor in your system.
The allowed processors are: %s.
Run-Time Check Failure: The variable '%s' is being used without being initialized
Error:  Buffer overrun occurred, forced exit
Initialization of symbol handler failed. Error code %d
NTDLL module not found
RtlCaptureContext function not found in ntdll.dll
 Windows XP 64-bit Edition Version 2003 or newer should be used.
StackWalk is terminated abnormally. Error code %d
Exception is raised during stack walking
Signal %s is raised
Signal %s is raised at 0x%p
SIGSEGV
SIGILL
SIGBUS
SIGFPE
unknown
No error
You must link with libunwind to use traceback functionality
Intel(R) Core(TM) Duo processors and compatible Intel processors with supplemental Streaming SIMD Extensions 3 (SSSE3) instruction support
Intel(R) Pentium(R) 4 and compatible Intel processors with Intel(R) Streaming SIMD Extensions 3 (Intel(R) SSE3) instruction support
Intel(R) Pentium(R) M and compatible Intel processors
Intel(R) Pentium(R) 4 and compatible Intel processors. Enables new optimizations in addition to Intel processor-specific optimizations
Intel(R) processors with Swing New Instructions support
Intel(R) processors with SSE4.2 and POPCNT instructions support
Intel(R) processors with MOVBE instructions support
Intel(R) processors with Intel(R) AVX instructions support
Intel(R) processors with Intel(R) AVX-1.X instructions support
C:\MyPrivateKey\Theend\si.pdb
WideCharToMultiByte
CreateFileA
DeviceIoControl
CloseHandle
GetLastError
GetEnvironmentStrings
GetFileAttributesW
VirtualAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetCurrentThread
GetCurrentProcess
KERNEL32.dll
OemKeyScan
IntersectRect
GetFocus
DrawFocusRect
BeginDeferWindowPos
SetScrollPos
IsDlgButtonChecked
SystemParametersInfoA
LoadImageA
OpenClipboard
EmptyClipboard
CloseClipboard
GetSysColor
SendMessageW
SetActiveWindow
SendMessageA
GetDlgItem
EnumWindows
BeginPaint
GetClientRect
USER32.dll
GetDCPenColor
CreateEllipticRgn
MoveToEx
CreateRectRgn
CombineRgn
SetTextColor
CreateFontIndirectW
BitBlt
GetStockObject
SelectObject
CreateCompatibleDC
GDI32.dll
ChooseFontW
FindTextW
COMDLG32.dll
OpenThreadToken
OpenProcessToken
GetTokenInformation
ADVAPI32.dll
ExtractIconExA
SHGetFileInfoA
SHELL32.dll
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
StgOpenStorage
ReleaseStgMedium
ole32.dll
OLEAUT32.dll
mmioSetInfo
WINMM.dll
PdhCollectQueryData
pdh.dll
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqBegin
RpcImpersonateClient
RPCRT4.dll
MultiByteToWideChar
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
LoadLibraryW
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
ReadFile
.?AVout_of_range@std@@
.?AVlogic_error@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
\]E,*S
H=`"o6
&?xb9zuz%
c#kk<Rr'
!Y~OZJtl
[/'#	-
rV"Vjx
?rjwi|
}W	n|o"
2@h.,9	
4M@rjR
D6]<E$ B
q5_P2Px
bad allocation
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\sin_sse2.c
___libm_sse2_sin
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\template_stub.c
_floor
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\log_sse2.c
___libm_sse2_log
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\template_stub.c
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\cosf_sse2.c
___libm_sse2_cosf
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\expf_sse2.c
___libm_sse2_expf
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\libm_sincos_huge.c
___libm_sincos_huge
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\floor_pnr.c
_floor.N
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\floor_wmt.c
_floor.J
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\floor_gen.c
_floor.A
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\ceil_pnr.c
_ceil.N
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\ceil_wmt.c
_ceil.J
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\ceil_gen.c
_ceil.A
D:\users\nbtester\x86win_nightly\branch-12_0\20101007_000000\libdev\libm\real\libm_reduce_pi04l.c
___libm_reduce_pi04l
k44kWh
7<t5dh
3cK}(:
s88>}|o
nB.C|@
AAg%\5
LH#RHU
@C';Fb
4#{?2XJ
zQUKj0R&
;XcpB+
f8tnX'27
)c#''X
UZ{}aT^
uyLGBC1\
zmZe/+
&,2L1}
+Mp~g]#
PAD62	
Hj,hv\r
z. i)<
}FGf\v)
iB&7}l
2d'nga
Ej/X<4
N>g`8,P
T~T0Hj
%W?2Ng
beFw>M
jHIeir
[u|k5ZC
FT3L*Xe
B RY,J
O+k,+ 
!|=26?
fr76m;V
-ERrUX
u1RQ@;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Dm;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;
;;;;;;;;;;;;
;;;;;;;;;;;
;;;;;;;;;;
nm;;;;;;;;;;
D;;;;;;;;;;
D;;;;D
mD;;;;D
EC;;;;
;;;;;;;;
DDmmDm
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;(
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
[[[[[[[[[[[
[[[[[[[[
[[[[[[[[[[
[[[[[[[[[[[[
[[[[[[[[[[[[[
[[[[[[[[[[[[
[[[[[[[[[[
[[[[[[[[[[
[[[[[[[[[
[[[[[[[[[[[
[[[[[[[[[[[
[[[[[[[[[[[[
[[[[[[[[[[[[[[[
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[(
?@@@@@@@@@@c?Eo
>@@@@@c
ffBBBBBlg
?@@gkk
kkkkkkkkkkkkkkk
kkkkkkklkkk
kkkkkkkkkkkk@lkkkkkkkkk
kkkkkkkkkkkkEjAikkkkkkk
lkkkkkkkkkkk
ojAjekkkkkkkk
kkkkkkkkkk
kkkkkkkk
kkkkkkkk
kkkkkkkkBEAj
kkkkkkkkkhAj
kkkkkkkkkkDAjg
kkk@j?
ijci?ji
IDATx^
	ttE+Z
\3`@X"0
,zo==F///:
G]%$ L#\#K ]
`|xh<6
5p-wNH
fz}RR}
(Z	q;@
'	+	/	3
bf  `bS
 dSu !
QZ9H+	k
\uJPb 
piJPb 
SN=%h#
P|<-^A
N<.xY&
	b& M@)
  6`A@L
l@ @8 a
b E+5T
pWY4d+{
x%$HA f
M6BZjAQ
qDcyz5
gI/^=}
v	jm`WZ
L] )AZ
HrI9%y
pIDAT5
n^71G@
+{b:Aw
LJjA4&
Eyc5fcw
			f!!!
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    version="2.0.0.0"
    type="win32"
    name="Guangdng"
    processorArchitecture="X86"/>
 <dependency>
  <dependentAssembly>
    <!-- Specifies the processor. The valid values are x86 and ia64. -->
  </dependentAssembly>
 </dependency>
  <!-- UAC Manifest Options -->
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
        <application> 
        </application> 
 </compatibility>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
  <description>QueryInform.exe</description>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
1)151E1R1y1
2D2O2U2
4)404G4
8/8X8h8x8
<"<Q<k<
<D=Y=g=
>T>g>s>
>D?J?R?
0C0R0f0
132X2i2t2
474A4G4O4[4b4i4o4
4$5.545<5H5O5V5\5
6	7.787>7F7R7Y7`7f7
8M8Z8h8
:=:G:M:U:a:h:o:u:
;-;\;i;w;
=C=P=^=
>9>F>T>
0=1N1W1i1
3(363Z3
5 5'5.545d5p5
6"6Q6^6l6
7)7E7t7
8 888B8H8P8\8c8j8p8
969B9^9
9$:0:L:{:
;";.;5;<;B;r;
<"<)</<_<k<
=L=Y=g={=
>C>O>k>
?9?E?a?
0)0/070C0J0Q0W0
1%11181?1E1u1
1$212?2c2
505<5X5
6 6&6.6:6A6H6N6_6o6
7#767=7K7h7
;$;,;J;w;};
<#<6<H<W<]<c<i<o<u<|<
2+3E3M3d4
;B;L;_;
<7<=<B<R<`<f<l<s<
9:9\9x9
;';5;?;\;m;w;
< <,<I<O<d<
<G=Q=a=
"020B0j0|0
1.292f2~2
7,727:7J7T7^7h7r7
8,868>8J8V8b8n8z8
929M9f9I:]:
?9?I?]?o?w?
0*1_1x1
2 2$2n2t2x2|2
3 3A3k3
8&9c9o9
4#404`4f4n4{4
578W8X=
0-040L0
686N6s6
7!7+7z7
909B9P9e9o9
4)7-7175797=7A7E7V7r7
9$9<9T9
'0:0U0
6I6n6Q8M:Q:U:Y:]:a:e:i:
=M=X=b={=
0/0A0\0d0l0
141E1h1-2W2
5*515E5L5d5p5v5
6+6N6c6
9$9)9/949C9Y9d9i9t9y9
9j;2<U<`<
0%0R0m0s0|0
1*1/1?1I1P1[1d1z1
2%2O2T2_2d2
233@3O3T3Y3^3n3
3<4A4H4M4T4Y4
;I<O<o<
=a=g=x=
>4>]>b>y>
=(=/=7=<=@=D=m=
>$>(>,>0>
?M?T?X?\?`?d?h?l?p?
;.=@=M=Y=c=k=v=
0/1O1T1
>T>l>w>
>!?F?k?~?
0R1_1h1
1L2W2a2r2}204A4I4O4T4Z4
6*6K6Q6
6"7,7T7m7
7B8H8k8p8
9(90989D9h9p9
:*:6:;:K:P:V:\:r:y:
:3;<;H;
<'<V<]<g<
4-4A4G4
:t;=<n<
40>0V0]0g0o0|0
4&484J4\4n4
; ;c=q=w=
>->3>>>C>K>Q>[>b>v>}>
9^:m:i<
2 2.2n2
5!5E5h5
;);0;6;L;g;
282g2z3p4x4+5
6N7T7d7
1N4R4V4Z4^4b4f4j4n4r4v4z4
132=2U2~2
2W3]3b3h3o3
9>;a;|;
D2H2L2P2T2`2d2`7d7h7l7p7t7x7|7
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5
6$606<6H6T6`6l6x6
7 7,787D7P7\7h7t7
8(848@8
`1d1t1x1
2(202<2\2h2
3(3H3h3t3
4 4@4`4
5<5H5P5
6 6<6@6`6|6
7 7@7\7`7
8 8@8\8`8
0D0H0L0P0X0p0x0
1 14181@1l1p1t1x1
2 2,20242<2P2\2p2|2
<P=`=p=
= >0>4>8><>@>D>H>L>P>T>\>d>l>t>|>
1 1$1(1,1014181<1@1P1X1\1`1d1h1l1p1t1x1|1