Sample details: 1c8bc73dcd85cb6bdece3c05e74a1887 --

Hashes
MD5: 1c8bc73dcd85cb6bdece3c05e74a1887
SHA1: 05c6dd41dec0fb4eca39a32970e341b96b53c4af
SHA256: 291ed3b7c84c59637a0ee2c4b51b7c46695cbe97d0c40c5881e6ffb1c08e3f89
SSDEEP: 3072:j/Xb8YZDjwbseaXdQbMUPbUJl/9siaYNBGrxK0itljcs:j/Xb8YZDjBXdQAUbGnaG0E0iTP
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Wininet_Library |
Source
http://microdocs.ru/axls/svita.exe
http://microdocs.ru/axls/svita.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
D$@9D$8|
L$4)L$0
9D$ u 9L$<u
D$(SRP
D$|h@RA
D$|h@RA
D$dh@RA
D$dh@RA
D$@9D$Pt
WPQjdjdV
uTVWhk
j h nA
jXh@nA
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
URPQQh
v	N+D$
;t$,v-
UQPXY]Y[
t"SS9] u
PPPPPPPP
PPPPPPPP
VC20XC00U
QQSVWd
tWItHIt9It 
j,h8rA
t*=RCC
;7|G;p
tR99u2
v	N+D$
tRHtCHt4Ht%HtFHHt
	X 9} 
<+t"<-t
+t HHt
Unknown exception
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
DISPLAY
kernel32
STATIC
Building Fundamentals Cross Exported 
\Windows
DISPLAY
U9AmCl
Q$#fe@
:(G?i_$
D7 mbD
j5YfZ~Q
FwHR[0
OgI4Qfo
!eV7'#
E(YZX4
invalid map/set<T> iterator
map/set<T> too long
bad exception
_nextafter
_hypot
1#QNAN
1#SNAN
RSDSC/F
C:\Simulation\HashtagO.pdb
lstrlenA
FindResourceExW
FreeLibrary
HeapAlloc
GetUserDefaultLCID
GetSystemDefaultLCID
GetLocaleInfoW
MulDiv
MultiByteToWideChar
GetLastError
SetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
EnumDateFormatsA
GetModuleHandleA
lstrcpyA
KERNEL32.dll
MoveWindow
GetClassLongA
GetDialogBaseUnits
DestroyIcon
GetDlgItemTextA
LoadImageA
SetWindowTextA
GetSystemMetrics
IsWindow
IsDlgButtonChecked
SetMenu
ShowWindow
GetDlgItem
SetClassLongA
MonitorFromWindow
EnableMenuItem
CreateWindowExA
SetRect
DrawStateA
GetForegroundWindow
DrawFocusRect
GetIconInfo
SendMessageA
GetClientRect
DrawIcon
LoadIconA
AttachThreadInput
GetFocus
LoadStringA
DrawTextA
FillRect
GetWindowRect
HideCaret
GetSystemMenu
DestroyWindow
USER32.dll
TextOutA
CreateDiscardableBitmap
GetPixel
CreateCompatibleBitmap
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
CreateDCA
GetDIBits
SetBrushOrgEx
CreateFontIndirectA
GetDeviceCaps
DeleteDC
BitBlt
GDI32.dll
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
ADVAPI32.dll
SHBrowseForFolderA
SHGetFileInfoA
SHELL32.dll
ODBC32.dll
FtpCommandW
InternetGetLastResponseInfoW
WININET.dll
RegisterGPNotification
ProcessGroupPolicyCompleted
USERENV.dll
AlphaBlend
MSIMG32.dll
ImageList_Create
COMCTL32.dll
EnumerateSecurityPackagesA
QuerySecurityPackageInfoA
Secur32.dll
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
VirtualQuery
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
textmode
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
:IDAT(
j^?@P}
/iB!@! 
\]u;gb)
%AQ(ag
OiCCPPhotoshop ICC profile
AHXLXN
9C3J3W
J'\'Gg
v m2=:
#F\/K*
4)Qc{(-
vVuUMJ=
OiCCPPhotoshop ICC profile
AHXLXN
9C3J3W
J'\'Gg
v m2=:
]IDATx
y2D_LL
$R4+`JM
P7O3X/
$F?e{'3
6xW-uc:
qx-Kw52
"rFD2$
qA/CA]
0axvJD
q:Enl\
p\M{}Z
Jyf{wr
_wcnNn
OIDATH
'n'P[|
9iv]a~\
p<;uXfN
$n=]b!
j8	&il
	5xo##K
X+qhX@
]lzd4x2
"!)%o!
1kxd^>2
X*6<w#
y-2%uS#
&g!d,(
o)Tm}LXn
i|q|d`
keB"e8
:va:@5}	
'RqRIh"<
c#\pl)
_$-V`"!
n@',%K
qW4j\@
p$QV$ 
}CHj(4<v
3UD`B9d
2M(9Z&
l<C%Gf
XqdApS`
PAR5jKI
qw=??C
K^5bzG
xIe#/Bu
=k Ry=^
=jQo_j
^XTrs!
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333333333333333333
33333333?333333
333338
33333833
333838
3333339
3333333333333338
333333333333333333
wwwwww
wwwwww
+_/V$\(
)`.&%^*
)b0i#_)
'g4N e-
*`/L#](
'b/-"`+
&d1(!b,
%h3L g.
)Z,L%Z&
)],;$['
(a/_#`*
%c/q"c,
%g2C f.
&a.T$d,
%h36!i/
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    name="Verused"
    version="5.0.0.0"
    processorArchitecture="*"
    type="win32"
    publicKeyToken="6595b64144ccf1df"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <dependency>
  <dependentAssembly>
    <!-- Specifying requestedExecutionLevel node will disable file and registry virtualization -->
  </dependentAssembly>
 </dependency>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD