Sample details: 282862fe7c2e70585a84e60367e65315 --

Hashes
MD5: 282862fe7c2e70585a84e60367e65315
SHA1: 8d596203cb403f30a28c41400d9211a7f75ef707
SHA256: 039abb3bacbf5d337fc6a7e0f511135abf9b814ea6b46ec189f2082eb263fb4f
SSDEEP: 6144:C0wfZyoNliuTQsxKa/PFoqj0eZlroLSY26:afZlNlnFBPHj0evrSY6
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/win_hook | YRP/Big_Numbers1 | YRP/Big_Numbers4 |
Source
http://jitrenka.wz.cz/ves.exe
http://jitrenka.wz.cz/ves.exe
Strings
		!This program cannot be run in DOS mode.
%0Rich
`.rdata
@.data
.gfids
QQPPPPh
PQQQQj
QQSVWd
PPPh@0
URPQQh
;t$,v-
UQPXY]Y[
^$+^8+
< t1<	t-
SSVWh 
f9:t!V
Wj0XPV
WWWPWS
u-PWWS
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
%i:%i:%i %ims
%i:%i:%i %ims
suspended
continue
confirmed exit
Are you sure you want to exit timer?
UIControl
Directory
Settings
Create
Version
Operation
_Total
Shell_TrayWnd
deque<T> too long
list<T> too long
[Unknown exception
[bad allocation
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
[bad array new length
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
Main Invoked.
Main Returned.
[bad exception
[__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
_hypot
_nextafter
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
?5Wg4p
"B <1=
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
InvokeMainViaCRT
"Main Invoked."
FileName
ExitMainViaCRT
"Main Returned."
FileName
Microsoft.CRTProvider
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
build.exe
Exception
1vdF`d2
}J[h\i
HYkL"|2+j"
W{dt{Q
^2%zh8/ 
m? ICN
<^#J/Z$
`BbU`f
ymN=bu
3*;0a$
9W#J4Qlc`
'4vgS|
L:te(bH
k$z'L"
GetProcAddress
GetEnvironmentStringsW
GetCurrentThreadId
GetLastError
CloseHandle
GetSystemInfo
CreatePipe
lstrcpyA
lstrcatA
lstrlenA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetVersionExA
GetConsoleScreenBufferInfo
SetConsoleMode
KERNEL32.dll
wsprintfA
GetMessageA
TranslateMessage
SendMessageA
AttachThreadInput
DefWindowProcA
PostQuitMessage
RegisterClassA
CreateWindowExA
IsWindow
DestroyWindow
MoveWindow
BeginDeferWindowPos
IsWindowVisible
GetDlgItem
SendDlgItemMessageA
GetDialogBaseUnits
SetFocus
SetTimer
KillTimer
EnableWindow
LoadAcceleratorsA
LoadMenuA
DestroyMenu
GetSubMenu
InsertMenuA
RemoveMenu
TrackPopupMenu
ReleaseDC
BeginPaint
EndPaint
SetWindowTextA
GetWindowRect
MessageBoxA
FillRect
PtInRect
FindWindowA
FindWindowExA
GetWindowThreadProcessId
SetWindowsHookExA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadStringA
DefMDIChildProcA
USER32.dll
CreateFontA
DeleteObject
GetStockObject
SetBkMode
SetLayout
SetTextColor
GetObjectA
TextOutA
GDI32.dll
FindTextA
COMDLG32.dll
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ADVAPI32.dll
SHBrowseForFolderA
SHELL32.dll
CoInitialize
CoUnmarshalInterface
CoLockObjectExternal
CoCreateInstance
CLSIDFromString
RevokeDragDrop
CreateStreamOnHGlobal
ole32.dll
OLEAUT32.dll
timeGetTime
WINMM.dll
GetOwnerModuleFromUdpEntry
GetPerAdapterInfo
GetRTTAndHopCount
IPHLPAPI.DLL
StrFormatByteSizeA
SHLWAPI.dll
ImageList_AddMasked
COMCTL32.dll
PdhOpenQueryA
PdhAddCounterA
PdhMakeCounterPathA
pdh.dll
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SETUPAPI.dll
SetWindowTheme
UxTheme.dll
AuthzInitializeResourceManager
AUTHZ.dll
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
SetLastError
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
FreeEnvironmentStringsW
GetFileType
DecodePointer
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
SystemFunction036
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
rtrdZ.
1pn*2oV
H,p,-,
}906:?!
^,09VX
)rJ"pH
R}]:-^
STFe2Pc
1DoXed
Q6(x&;
kUWrc"
3].!7H
w#	!`t
~T"J5^P
6!|OECw
 :=}4`sM
hiVyS"
X7/k[U 
\`YnHd
/tG1>T
p-Dg|O
N]qrxr
NgN|}%
htm0KP
	c()e	
ce/[nC0<(o
$p_3oS
F4K/:5
g zZ('x
3AWz]\.
EsubJP
<Tay`E
4N$-8|B
wz)izv
NA4""g
%x_QcC)W
+ULy9b
[ @\Sg
IscE0L
N%`]W$
K\r	TH
Fvc{{$B]
gP0m)OH
 :Elt;
UB7Pd?
'9~(4(7
8kFgma
g=j1U>{c
;CPkBla
VxA\	q
74qq6	]G?G
 42N[^
]p->9Y
q{QSs3
<3uQ]x
&sPmU(V
Q~ |8t
U/2 ~K
rE=^_&
i\%M4$
xGdhuk+
0&s.hO
>4:>^T
<80ZXg
g8w~?8Q
71lN^g#p^
uXvS1I
/j]|*`
:wzG2py
}sgvdwH
+ILDxZb
V$]bBK
-G@E3Lm
h%i7c~@
~>1@z/
=XD4.	
YY=r`J
(n35H 
IY>X%o!2
"Q=g<J
%MMt,0l
Tq*&+e
o%ChII
/~wi;,Ir-
1hiii&
aW9pl'
T-^vLw
)(lef#$
:8TWgZ
>Pf1[;
J:y*"a
j,@,P$
6tdY[1
yb)F{")
^<u<=U
 oz[\p
(?j.aL
((FB[f
r\tIO<
pVGf"yO
N~^-/!:
H`bQ[1
o\W!HL(
'K0'ny
WoL-ul}
\4%7I!>p
.~q&4,
@:&Q`x
8*8m~:N
01HN !
IcP6qw
/ :YUL8
w}p.5X]J
7Gi2@"
\]&)O\
G6~{gp[,
E@E>u"
@da2`$
c1\dzC
a)S^SR
Cf>HR-
b)Ag :"
}g},[d
x%ShgB
M"x)A3
N}reg1
U0a#Xs
!dYuEG
t53aQz
?)C:$#?
vP%{x &
Y~L.ibL
T`X,T;
HTRbLi9oT?
.g6a&%mwc
84$OR{fTv
p7nR*F
]ovmP|
6$pduA
)=`.WUP
n+jxe3
VGCi(s|
 {#lTiu`
dos047
"`1yBO
q:!k	E
 IGl5\
;|R~UcH
p*2lRZ
z3hrYbQ@
:y}B&n_y
R`(t,q
IDATXG
7',Ds}G-D
[E3wv':
P:r<3p
Q:::z6
evv6*vuu
9cwfik
{J|q9j
L YI,-
]]]o?W
IYCXe]
~?MMMD"
cw_fq1
O_$rs4
}htd$C5S
f"IG5S
"IDATXG
 13S4,
DJn~GZ]
IDATXG
>I^u>M 
j^Gii"
0@Tcffffff3
-<Paffffffffffff3
-<Paffffffffffffffffff3
-<N`ffffffffffffffffffffffff3
*:I]ffffffffffffffffffffffffffffff3
%8I]ffffffffffffffffffffffffffffffffffff3
$8IXffffffffffffffffffffffffffffffffffffffffff3
$3GXffffffffffffffffffffffffffffffffffffffffffffffff3
	1EUffffffffffffffffffffffffffffffffffffffffffffffffffffff3
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffffffffffffffffffffffffffffffffffE
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffff]XPM@Gffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffffffff]XPMXffffffffM
ffffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffffc
0ffffffff8
Xfffffffffffffffff3
fffffffff
*fffffffffffffffP
ffffffff 
@fffffffffffffffff3
fffffffff
*fffffffffffffff<
ffffffff	
-fffffffffffffffff3
fffffffff
*fffffffffffffff,
Uffffffa
fffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffff
@ffffffM
fffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffff
-ffffff8
Pffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffffU
ffffff 
:ffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffff@
ffffff	
%ffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffff0
Uffffa
	ffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffff
@ffffM
`fffffffffffffff3
3333333333333333333333333333333fffffffff
*ffffffffffffff
-ffff8
Ifffffffffffffff3
fffffffff
*fffffffffffff\
1fffffffffffffff3
fffffffff
*fffffffffffffG
fffffffffffffff3
fffffffff
*fffffffffffff1
fffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffff 
Xffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffff
@ffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffa
-ffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffffM
ffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffff8
cfffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffff%
Pfffffffffffff3
3333333333333333333333333333333fffffffff
*ffffffffffff	
:fffffffffffff3
fffffffff
*fffffffffffc
	ffffE
 fffffffffffff3
fffffffff
*fffffffffffP
%ffffU
	fffffffffffff3
fffffffff
*fffffffffff<
`ffff1
8fffff
]ffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffff,
fffffG
Mfffff
Iffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffff
fffff]
afffff 
1ffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffff
(ffffff
ffffff1
ffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffffU
8ffffff 
 ffffffE
ffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffff@
Gffffff3
3ffffffU
Ufffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*ffffffffff0
XffffffI
Gfffffff
@fffffffffff3
3333333333333333333333333333333fffffffff
*ffffffffff
fffffff]
\fffffff
,fffffffffff3
fffffffff
*ffffffffff%
ffffffff	
ffffffff 
fffffffffff3
fffffffff
*ffffffffffffffffffffffff;
ffffffff1
cffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffP 
Offffffffff3
3333333333333333333333333333333fffffffff
*ffffffffffffffffffffffffffffffffffffffffffffffcffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
3333333333333333333333333333333fffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
ffffffffffffffffffffffffffffffffffffffff
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
fffffffffffffffffffffffffffffffffffffffE
*fffffffffffffffffffffffffffffffffffffffffffffffffffffffff3
	0@Tcfffffffffffffffffffffffffffffffffffffffffffffffffffff3
1@Ucfffffffffffffffffffffffffffffffffffffffffffffff3
	 1@Uffffffffffffffffffffffffffffffffffffffffff3
 1EUffffffffffffffffffffffffffffffffffff3
$3GXffffffffffffffffffffffffffffff3
$3GXffffffffffffffffffffffff3
%8IXffffffffffffffffff3
*:I]ffffffffffff3
*:N`ffffff3
33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD