Sample details: 201218d74cb36fa3b507b52b3f542e31 --

Hashes
MD5: 201218d74cb36fa3b507b52b3f542e31
SHA1: c263bdd2013425693351cc11b30477691be2b5b9
SHA256: 78fbd18cc7df53021f74b6879e254a605d866806bf22166f37628469347a6cf8
SSDEEP: 6144:fU2e+G0kOalRSE+eloY/8NJoGDgnZ+tpF397aNCJjXn:fU9J+eloY/YOGDgQFNKIXn
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers0 | YRP/Str_Win32_Wininet_Library |
Source
http://homerbongasi.com/dotnorm.exe
http://homerbongasi.com/dotnorm.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
uTVWheX
HHt$HHt
?If90t
>:u8FV
UPVVRV
VVVVVQRSSj
^SSSSS
tWItHIt9It 
Uj@j ^V
t$<"u	3
< tK<	tG
v	N+D$
URPQQh
	X 9} 
t"SS9] u
PPPPPPPP
PPPPPPPP
UVVVVj
;t$,v-
UQPXY]Y[
v	N+D$
<+t"<-t
+t HHt
2	nhlB
E,[;7*
WH70+3
jk_jX%
VgH0-#
]i~Te.
>!@qp,
0z-^I2
fOSOiv
p5wqFQ
:+\v9x
WZA=Np
Bu xy4
QQSVWd
t*=RCC
;7|G;p
tR99u2
tRHtCHt4Ht%HtFHHt
UUnknown exception
CorExitProcess
Ubad allocation
(null)
`h````
xpxxxx
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
UGetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
U_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
Ue+000
1#QNAN
1#SNAN
Shell_TrayWnd
_Total
----> %c
Callback
Result
%s failed with error %d: %s
Version
DISPLAY
Fatal Error
Printing Failed
(%d) %s
SOFTWARE\Microsoft
subject
invalid vector<T> subscript
invalid string position
list<T> too long
vector<T> too long
string too long
deque<T> too long
invalid map/set<T> iterator
map/set<T> too long
?5Wg4p
"B <1=
Ubad exception
?Dj0Q:W$=
5s3R6=
GetFullPathNameA
CreateFileA
FindResourceA
lstrlenA
MapViewOfFile
LoadResource
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
FormatMessageA
WriteFile
SizeofResource
HeapCreate
SetConsoleMode
MultiByteToWideChar
GetLastError
BackupWrite
CreateFileMappingA
GetConsoleScreenBufferInfo
LocalAlloc
LockResource
GetModuleHandleA
LocalSize
CloseHandle
LocalFree
CreateThread
KERNEL32.dll
DispatchMessageW
GetWindowThreadProcessId
LoadCursorA
FindWindowA
SetClipboardData
SetWindowTextA
OpenClipboard
DispatchMessageA
LoadStringW
GetSysColor
SetWindowsHookExA
GetDlgItem
EmptyClipboard
CreateWindowExA
MessageBoxA
TranslateMessage
BeginPaint
SendMessageA
CreateMenu
FindWindowExA
LoadIconA
LoadBitmapA
LoadStringA
RegisterClassExA
GetMessageW
CloseClipboard
GetMessageA
EndPaint
USER32.dll
TextOutA
GetStockObject
EndDoc
TextOutW
SetTextAlign
CreateICA
CreateRectRgn
GetTextAlign
SetPaletteEntries
SetDCPenColor
OffsetRgn
StartDocA
Rectangle
CombineRgn
SelectObject
DeleteObject
SetBkMode
UnrealizeObject
GetCurrentObject
DeleteDC
SetTextColor
StartPage
LineTo
EndPage
MoveToEx
GDI32.dll
DeviceCapabilitiesA
WINSPOOL.DRV
PrintDlgA
GetOpenFileNameA
COMDLG32.dll
OpenProcessToken
GetTokenInformation
GetAclInformation
InitializeSecurityDescriptor
RegEnumKeyExA
SetSecurityDescriptorDacl
RegOpenKeyExA
ConvertSecurityDescriptorToStringSecurityDescriptorA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
ADVAPI32.dll
Shell_NotifyIconA
SHELL32.dll
CoCreateInstance
ole32.dll
GopherFindFirstFileW
GopherGetAttributeW
GopherGetLocatorTypeA
WININET.dll
CertOpenSystemStoreA
CertCompareCertificateName
CertDeleteCertificateFromStore
CertOpenStore
CertFreeCertificateContext
CertCompareCertificate
CertFindCertificateInStore
CertCloseStore
CertGetNameStringA
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertComparePublicKeyInfo
CRYPT32.dll
StrStrIA
PathFileExistsA
SHLWAPI.dll
ImageList_AddMasked
COMCTL32.dll
PdhMakeCounterPathA
PdhOpenQueryA
PdhAddCounterA
pdh.dll
ImmAssociateContext
IMM32.dll
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SETUPAPI.dll
CallNtPowerInformation
POWRPROF.dll
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
WideCharToMultiByte
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
SetHandleCount
GetFileType
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
RtlUnwind
HeapReAlloc
FlushFileBuffers
ReadFile
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
^sKHe52
E;QIDG$
~D7`V|t
v~VKK]p
f\f&V6l
;]ZwBn
V c+1kV
}{Z	6.
Rfkvt'
N~v*})r
w;7(V>
>~x&4<
;>f&b~5.
4	}.&0^
a/Nv6N"
[K}CpPvM
VN5c%V
5rkFdX
|/V.'O
XvVJ-kf
 CrQc	
Gf#c.J&
6..M{{
'~%|Q	#
! ~&Rv4\
vVeg:G[Z=c
}{VR'S
y};~?t
	t"F-F
&G/->w
|"v63}z
C%:wZffnv
W&6v~6
;"2L\W
vVef?GS&]
vVeb:GSr[
cFj6=$
I]`+E@
~'O7}[
awVL-{6
zK}^q:3}M"F
vn[*ekb
C6	bWD.K
fvS`4<
z~V6u~
;.Rw+n
vfsV2 E
.3{mCV
97k|GY
Zz&vez
?69t">
X1ySPU
kwV%6kE
vwVeb6	
v~h&R?6
~j~1YH;
r/T2L~
sFy6y)
KV.]C>m
CZF	Vw
'~V~~`\
1lv.2+
9.E&&;6
wVogK#
NFJTvnGN
F5^=sJ
Ng^NX=c@;n\
QFrlOe!
6Zq9TfW
V=f!=S
a8^`<(
*U8'Jn8
EM0FrR8,m
APfC <tMh
z4f7:~
BVV6~)
i]o=w7
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*"*"$3338
"*"$33
:33:"$
"C8338
"J"C3333
3333:"$
#33338
"J333333
33333:"$3333338
333333
$3333333
333333:"33333338
3333333
33333333
333DDD33333?
2C4"""D338
2$B""""C38
2""333:"C8
2""#33:DC8
333338
333333333333333
333333DDD3
:DC33:""$8
:"C333
$334B"$3
"DDB""$3
3:"""""
333333
333333333333333333
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33D/''6f
)).b22K
33D_Si
33@O33O
33333333
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffj
ffffffffffj-
DDDDDDDDO
ffffffff
DDDDDDDDO
Qfffffffa
DDDDDDDDO
ffffff
DDDDDLDDDDDDDDD
Zffffff/
DDDDDDDDD
ffffff
DDDDDDD
ffffff
DDDDDO
fffffj
DDDDDO
LK333338
334DDDDO
333333
D3333338
33DDDDD
333333
33;DDDD
K3333330
333333
333DDDDO
3333330
3334DDDO
3333333
33DDDDD
3333330
334DDDD
3333333
33;DDDD
3333330
333333
334DDDDO
333333zfffffffffi
333DDDDO
333333
fffffffffi
333335ffffffffffi
34DDDD
3333335fb
vffffffi
3;DDDD
3333335fb
ffffffi
3333335fb
ffffffi
3333335fa
ffffffi
33333335ffffffffffi
33333335fa"
ffffffi
33333335fb
ffffffi
33333335fb
ffffffi
33333335fbUvffffffi
33333335ffffffffffi
33333335ffffffffffi
33333335fb
ffffffi
333333335fb
ffffffi
333333335fb
ffffffi
333333335fn
ffffffi
333333335ffffffffffi
333333335ffffffffffi
333333335"wwwwwwwww}
3333333338
333333333UU
EUUUUUUUUUU
333333335ff
&ffffffffff
333333335ff
&ffffffffff
333333335ff
	ffff@&ffffffffff
333333335ff
&ffffffj
333333335ff
&ffffffn
333333335ff
	ffff@&ffffffn
33333335ff
&ffffffjwzf
S33333335ff
	ffff@&ffffffffff
33333335ff
&fffffff
33333335ff
&ffffffn
33333335ff
	ffff@&ffffffn
33333335ff
&ffffffn
33333335ff
&ffffffffff
3333335ff
	ffff@&ffffffffff
3333335ff
&ffffffnU^f
3333335ff
&ffffffn
3333335ff
	ffff@&ffffffn
333335ff
&ffffffj"*f
333334
333335ff
&ffffffffff
33333<
333333
ffffH&fffffffffn333333LO
333333zf
&fffffffff
33333;
333333US5UUUU3UUUUUUUUUU333333<O
333333333333333333333333333333D
3333333333333333333333333333;O
3333333333333333333333333333
333333333333333333333333333;
33333333333333333333333333?
333333333333333333333333;
333333333333333333333333_
3333333333333333333333?
333333333333333333333;
33333333333333333333_
333333333333333333
3333333333333333
33333333333333_
ffffff
3333333333;
ffffff/
333333;
ffffff
Zffffffa
fffffff
Qffffffffj-
ffffffffffj
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
@t1\Bw3
@t1\1X&
Au2VBw3
Au2VBw3
@t1\Cx4
@t1\Cx4
Av3VBw3
Av3VBw3
Av2\Bw3
Av2\6a)
Av2qBw3
Av2q'H
Av2qCx4
Av2qCx4
Bw2qBw3
Bw3q+P!
9h,VBw3
9h,VBw3
;j-VBw3
;k.VBw3
TMadExcept	madExcept
Enabled	
NoSettings
CheckFileCrc	
CheckFreeze
FreezeTimeout
ReportLeaks
WindowsLogo
CrashOnBuffer
CrashOnUnderrun
AutoSave	
AutoSaveIfNotSent	
AutoSend
AutoSendBox
AutoClip
PauseThreads
	PlWaitBox	
AutoContinue
AutoRestart
	AutoClose
SendBtnVis	
SaveBtnVis
PrintBtnVis
ShowBtnVis	
ContinueBtnVis	
RestartBtnVis	
CloseBtnVis	
FocusedBtn
	SendAssis
SendAssistant	SaveAssis
SaveAssistant
PrintAssis
PrintAssistant
AutoShowBugRep
UglyBtns
SendInBackgr	
UploadViaHttp
HttpServer
HttpSsl
HttpPort
HttpAccount
HttpPassword
FogBugz
BugZilla
Mantis
BugTrAccount
BugTrPassword
BugTrProject
	BugTrArea
BugTrAssignTo
MailAsSmtpServer	
MailAsSmtpClient
SmtpServer
SmtpSsl
SmtpTls
SmtpPort
SmtpPort
SmtpAccount
SmtpPassword
MailViaMapi
MailViaMailto
MailAddr
iobitantivirus@gmail.com
AttachBugRep	
AttachBugRepFile	
DelBugRepFile	
BugRepSendAs
bugreport.txt	BugRepZip
ScrShotDepth
ScrShotAppOnly
ScrShotSendAs
screenshot.png
ScrShotZip
AddAttachs
BugRepFile
bugreport.txt
AppendBugReps	
BugRepFileSize
NoDupExcepts	
NoDupFreezes	
DupExceptDef
DupFreezeDef
ListThreads	
CpuRegs		StackDump	
ShowDisAsm	
HideUglyItems
ShowRelAddrs	
ShowRelLines	
FormatDisAsm
LimitDisAsm
Plugins
modules|processes|hardware	F1Classes
EDBEditError
F1NoBugRep	
F1NoScrShot	
F1NoHandlers	
F1NoSuspend		F1ShowCfg
F1Assis
	F2Classes
F2NoBugRep
F2NoScrShot
F2NoHandlers
F2NoSuspend
	F2ShowCfg
F2Assis
GnNoBugRep
GnNoScrShot
GnNoHandlers
GnNoSuspend
	GnShowCfg
GnAssis
Assistant1
SendAssistant|Send Assistant|ContactForm|DetailsForm|ScrShotForm
Assistant2
SaveAssistant|Save Assistant|ContactForm|DetailsForm
Assistant3
PrintAssistant|Print Assistant|ContactForm|DetailsForm
TitleBar
%appname%	ExceptMsg
An error occurred in the application.	FrozenMsg
The application seems to be frozen.
BitFaultMsg
The file "%modname%" seems to be corrupt!
SendBtnTxt
send bug report
SaveBtnTxt
save bug report
PrintBtnTxt
print bug report
ShowBtnTxt
show bug report
ContinueBtnTxt
continue application
RestartBtnTxt
restart application
CloseBtnTxt
close application
OkBtnTxt
DetailsBtnTxt
&Details
PlWaitTitle
Information
PlWaitText
Please wait a moment...
BugTrTitle
%appname%, %exceptMsg%
BugTrDescr
error details: 
%errorDetails%
MailSubj
ASC Ultimate Service
MailBody
please find the bug report attached
SendBoxTitle
Sending bug report...
PrepAttMsg
Preparing attachments...	MxLookMsg
Searching for mail server...
ConnMsg
Connecting to server...
SendMailMsg
Sending mail...
FieldMsg
Setting fields...
SendAttMsg
Sending attachments...
SendFinalMsg
Finalizing...
SendFailMsg
Sorry, sending the bug report didn't work.
TMEContactForm
ContactForm
Message
Contact Information
MinWidth
OnAction
madExcept.HandleContactForm
	INVButton
ContinueBtn
Caption
Continue
Enabled	
NoOwnerDraw
Visible	
	INVButton
SkipBtn
Caption
Enabled
NoOwnerDraw
Visible	
	INVButton	CancelBtn
Caption
Cancel
Enabled	
NoOwnerDraw
Visible	
INVLabel
Label1
Caption
your name:
Enabled	
Spacing
INVEdit
NameEdit
Colored	
Enabled	
Optional	
OutputName
contact name
OutputType
	nvoHeader
Spacing
Valid	
INVLabel
Label2
Caption
your email:
Enabled	
Spacing
INVEdit	EmailEdit
Colored	
Enabled	
Optional
OutputName
contact email
OutputType
	nvoHeader
Spacing
Valid	
INVCheckBox
MemCheck
Caption
remember me
Checked
Enabled	
OutputName
Spacing
PATPF0
TUninstSharedFileForm
UninstSharedFileForm
BorderIcons
biSystemMenu
BorderStyle
bsDialog
Caption
UninstSharedFileForm
ClientHeight
ClientWidth
Font.Color
clWindowText
Font.Height
	Font.Name
MS Sans Serif
Font.Style
Scaled
PixelsPerInch
TextHeight
TNewButton
NoToAllButton
Height
Caption
ModalResult
TabOrder
TNewButton
NoButton
Height
Caption
ModalResult
TabOrder
TNewButton
YesToAllButton
Height
Caption
ModalResult
TabOrder
TNewButton	YesButton
Height
Caption
Default	
ModalResult
TabOrder
LocationEdit
Height
ParentColor	
ReadOnly	
TabOrder
TNewStaticText
LocationLabel
Height
Caption
TabOrder
FilenameEdit
Height
ParentColor	
ReadOnly	
TabOrder
TNewStaticText
FilenameLabel
Height
Caption
TabOrder
TNewStaticText	BodyLabel
Height
AutoSize
Caption
ShowAccelChar
TabOrder
WordWrap	
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    version="1.0.0.0"
    type="win32"
    name="149"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
        <application> 
        </application> 
 </compatibility>
</assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD