Sample details: 2c84882c90ef972732fd01b0a40fe4fe --

Hashes
MD5: 2c84882c90ef972732fd01b0a40fe4fe
SHA1: 52cdf1f1e820a477bf152e80fa6ad2d7dff0a4de
SHA256: dc91f000cf30f4cfa01262c38c9661035496a1002e0dc9492b85e61762b90f2d
SSDEEP: 6144:ZJLmIC6J4sbRaJUL0dKZtCGNf8xxvjRaseJP3WQdsyizeknzNCXBgyGWFrG+nHR:ZNmI731DC1HrRo7eNlAlGG
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://www.orbital.sm/rn.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
jXh IG
HHtXHHt
>If90t
^F<-uB
<xtX<XtT
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t$hT=G
0A@@Ju
^SSSSS
j"^SSSSS
v	N+D$
URPQQh
j h@KG
0SSSSS
0SSSSS
0SSSSS
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
&mQ@WMl
M#NBfA
M17/%t)q;T:
<@|p}"d
8o%aeE
HU9fcH
E0qUe+ox
S+&g\kCI
')n\D7
H9*$G\
(6RpKl
i!m pooG
1T:*#$>
`hwlDWi|6
h-AG >
58QO;*
#p4/j=
tkkE(G
Q[CC!>
8-96;m?
Ci?|3JV
yt/eaM
ah:[z.R
ztmGQ7_e
-p"K!w
CU44Ds{
5ho.?*
#j2,T,
;^{dV2
4-QT-?
8q1=]5
L9qO2x
T>7.{a
MMSb[1
!3cGn\
Q	|48lmi
JeZm;a
ioq/K9
=)K"Sg
Ad8\#R*N!
m4keUz
)O	 Qj
5q=Quq
C[!{%t
{{6~Ag
W~!|!JR%
+A-is4k
"Td	^A
MmfI]O
tU@k[8/%
(E)mys
"f7<H.&
DSSh/)~
]HY<|^,+
PU,BkW
q$	b-V
L"yV!E`
4-_!UA
mJZEAhB
k	%Z;O
S^Z#>K
MG?GKc@
{w6pzV
-GYPjYjk5
5VN65@$Q
aS,}{	;
22aAcR
NB3JiU
uSk/'bWW
2[]L1\
VFm'kx
451~"c
m[Ymq-r
C5,Wil
fmca5HVI
D-~9+d
_*$"Ob)
';h`]Ma
R80-dxv
9_"~($$
 ;o':A
CNA?m4n
33yEa$+y
Wa]g&!
ex#\T.
m5l"{%
UA7@<x
f;[;[{\F
{63x|Z>
@t%h$7
9yE{TZ
SW>J@`x
8+Y]|zvP
lQKl_C
a$Y d\
e@ygB(
*I)UNv
<)j)p)
|v:!_m
-<%r#5 w
aI+KF-
o}Cz8X
A~tbav
$-Xm+]
ydn#9 Z
H_>0~HR
TZmCwi
db-t:@4
u\=7zi
3O&x/{
X#$.W'
Qe*h#4
Q%'89(
ikwYb[
R?B5nsW
y1V0	@,
D6~(#>
Hl)Y%B
ZErNH#
\jc+]/
_AkMUF
,$9f @W
i3@jO=
MK7['D
,\+fUk
7M2Ea7
65Yb#&MgE&
Lz]h%#
me==$	k.
-ATS	/'V
RJbf|]
XB"lhi
U*ZIje
Xfy6[-J@
[-El<>
f9_b$~
Ean'|1s
@A;|/_
xWq9bT
|vPErPLerYP
zIk	BA
BNGoJm
"0'q*:
c6	|CY
qYUPIm|
]=3=esq
OC0axd
V1C<58
tx7jEV
hFsDo'0
;HNFq'
qPma1*
[Zwj-D
OuOXyj
..{3^-
MiuuUA9
YE)g|R
\>dq~35
IES+:9
fAQ:hZb
OYe_1oC
w!Z{mT
tK}_U?
 !HEc(
4bXpL;#^
_9QFuv 3
]'Q[-$
,_ONPE
*YHI!"`
>fa|Bu
=n%MD6
t{Iqqh~
	"r5%lq
3BKlKf`M
+!*N2Yf
V;-ElM-
9+eMLG
P;<|d?
Hymc-|B
E%2eMQ
>bC,b~
}S>kuC
y/l*xut)
cPPdw{
E.kkLy
zu%j'j
ec<WE.
tQV3r$
nLd&Pv
	7+#`u
u_w[R0
E7.9qoNU
BF*4%*&
J{n	E^F@
"pCHVB9
Usu,Z 
5-I3 4
f[O3w:g
QX?	Kie
3w?uMY
{G-_i<M
M/U4D6sX
nj4wPM}W
$[B1XN
#+Rj~M
OT	n>gc
>-KZY<
lYD\Ot
3B^jdJus
k*'R'SM
0&z `x
Y)WC/:
	]LzAH0%
~Pb,q]
M[+|,[
9gmt!D;i
&731!c2{E
: 8(/Y
uY*6O{
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
DialogBoxParamW
GetDlgItem
MessageBoxW
ShowWindow
PostMessageA
EndDialog
DestroyWindow
CharUpperA
CharUpperW
LoadStringA
LoadStringW
LoadIconA
SetWindowTextA
SetWindowTextW
GetWindowLongA
SetWindowLongA
DialogBoxParamA
KillTimer
SetTimer
SendMessageA
USER32.dll
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
SetCurrentDirectoryA
CreateProcessA
CloseHandle
WaitForSingleObject
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
AreFileApisANSI
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
GetTempPathA
GetTempFileNameA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
wwwwww
wwwwwx
wwwwwwwxp
wwwwwwww
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
      
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    </application>
  </compatibility>
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel level="asInvoker"></ms_asmv2:requestedExecutionLevel>
      </ms_asmv2:requestedPrivileges>
    </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>