Sample details: 3327aa9f47736450e6026a7987cf1600 --

Hashes
MD5: 3327aa9f47736450e6026a7987cf1600
SHA1: baf52b00b3ebb10344942e60a205a0565acda792
SHA256: c8549267a9dc4afbc6b922f7d5171969ba817a7ffa4c8cfb6203dc218e7ad7ee
SSDEEP: 6144:th4SzSMP8UlJkCcsI7Hvm4+U8U/rBW4tu7:thVzB32CcsI7PY2rBWx7
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://tiendatresort.com.vn/KlfhsYYs
http://dlamure.com/KlfhsYYs
http://tiendatresort.com.vn/KlfhsYYs
http://dlamure.com/KlfhsYYs
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
0WWWWW
0WWWWW
PPPPPPPP
jXhxqB
QQSVWd
uQhd"B
s[S;7|G;w
YYh8$B
tR99u2
GWhH$B
t"SS9]
^SSSSS
^SSSSS
j@j ^V
t h($B
HHtXHHt
>If90t
0SSSSS
tehp%A
<at9<rt,<wt
URPQQh
uBh$SA
t$<"u	3
>=Yt1j
< tK<	tG
FVhH$B
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
0A@@Ju
0SSSSS
0SSSSS
PPPPPPPP
t+WWVPV
v	N+D$
^SSSSS
j"^SSSSS
HHtYHHt
tGHt.Ht&
^SSSSS
8VVVVV
;t$,v-
UQPXY]Y[
tNIt?It0It 
_VVVVV
^WWWWW
tRHtCHt4Ht%HtFHHt
u,VVWV
t VV9u
0SSSSS
v	N+D$
_VVVVV
	X 9} 
<+t(<-t$:
+t HHt
u;hh`B
u,h``B
bad allocation
string too long
invalid string position
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
(null)
`h````
xpxxxx
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UTF-16LE
UNICODE
RUUUUU
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
`h`hhh
xppwpp
i^^?(>
Y:/(A6>
<e+000
GAIsProcessorFeaturePresent
KERNEL32
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
_nextafter
_hypot
1#QNAN
1#SNAN
bad allocation
hujomiperokufo.txt
jehokoji moyikopa biyizotuhicijokazedezunuyulixeli
jexapodobenuduhibi
tasekaviridusuhivololupabero muzokowiwesosicatato cabezekasoge
vezezezufufubefibagudu %d memojecemejasuhefadariwemobiyite %d
VirtualProtect
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
vector<T> too long
bad cast
GlobalMemoryStatus
GetCPInfo
GlobalAlloc
LoadLibraryW
TerminateProcess
GetLastError
SetLastError
GetProcAddress
GetExitCodeThread
AddAtomW
AddAtomA
GetFileInformationByHandle
KERNEL32.dll
DispatchMessageW
GetDialogBaseUnits
GetDlgCtrlID
LoadCursorA
LoadKeyboardLayoutA
UpdateWindow
OpenClipboard
GetMenuInfo
RegisterRawInputDevices
LoadStringW
GetRawInputDeviceInfoW
LoadCursorFromFileW
PeekMessageW
CallMsgFilterW
GetRawInputBuffer
LookupIconIdFromDirectoryEx
GetRegisteredRawInputDevices
LoadIconW
TranslateMessage
LoadMenuIndirectW
PrivateExtractIconsA
LoadIconA
LoadMenuA
LoadBitmapA
LoadImageW
GetNextDlgGroupItem
TranslateAcceleratorW
USER32.dll
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetFilePointer
CloseHandle
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetModuleHandleA
LoadLibraryA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
.?AV_Locimp@locale@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV?$codecvt@DDH@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVcodecvt_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVfailure@ios_base@std@@
.?AVlength_error@std@@
.?AVbad_cast@std@@
.?AVbad_alloc@std@@
dasekapavuyajidexuletocixojezuhovabazebatogixixicutuhetekininihefosujanonuvoregohifozocovivusotawebidinozaciwudigamofegotelexigivefesokubuhogugafetodifofiziviboluyuvibacezatepazenuyeyusojenotuveyicesilukonabuhimazuzotomiwuyevulebiwucibeteviribiyuciziyahewebiwofisaxepasuxegifekudufozekotalakomagiwecafajesayetugonipinowipidigehigorakinaxokigizesadinamicodefitafewokema
2]<8\#Un
lhkUr-
d,0,{I
fc%ye5
dl	HEw,
Qg~Y9T
"6i|	P
+ImxiK\
{B'sfL/
IX|P8PP
 "rqw(N
b&hkF!
gNfI-SRT
Z1]PcG
}3XRqv
YcfaL-
jhX0>#
+=zzxi
5KUFi\
xi1yr[[*
MXr;!m
# C:>(`@
|j{%b`
a8t*b<
ds<Es~
hg	2YQ0
q<+S\`6
\,QVwp
}}$=#qst
MZO-#Z4
qk*-MW
7?W`cO
.:kB!Z~*c
/Z2cp1
4NQ@#]
<n_dGC;
]hpEoAKF
FY1sU ^W
p H& ~
[SqtXw6
~nK8Z$
3.meYpZ
s9iU</
w9sc&f
 ls^P6(
YXr,Q{
i!eQ/P
^:t4\h
Rfbli	
SWU8Ga
-/IyhG
Bk?`JV
5VA{ti.z
556>6G6,7L7(9l9
677N78:X:{;
3[6|6$7
2!3)3p3}3
0I1A4\4e4
415<5M5Y5a5g5v5
6 686I6z6
6!7+7?7
8 8*898F8L8V8e8
8	9&979A9^9~9a<j<
>/>6>I?]?
!090Q0n0{0
00161G1
2 5C5N5q5
6a7i7x7
1I2S2e2
8+8@8e8y8
:6:I:~:`;
=#>+>I>Q>o>z>
0#0L0Q0h0
778N8_8
9{:#;t;
3H3P3z4
525b5l5x5
3%3c3u3
9O9h9o9w9|9
:^:d:h:l:p:
>#?A?H?L?P?T?X?\?`?d?
&010L0S0X0\0`0
1J1P1T1X1\1
2 2-2Q2c2q2
3%3T3^4e4
93:Q:w:
6>7D7d7
8)808:8d8r8x8
9 <.<4<N<S<b<k<x<
=3=:=@=N=U=Z=c=p=v=
3#3/3D3K3_3f3~3
4"41484E4h4}4
555M5s5
7$7)7.74787>7C7I7N7]7s7~7
: ;@;`;
<5=A=M>\?
3D4Q4)535
6B6q6D7V7
;*;6;B;n;
<&<G<[<v<
=!=8=>=O=f=m=
>L?k?p?v?z?
+0,1<1M1U1e1v1
6&6>6g6
8&8-8O8
9$9/9I9U9]9m9
;>;V;a;
<0<U<h<
==>J>S>
>7?B?L?]?h?
1,141:1?1E1
3(3-3S3v3
4#40474g4
7Q7d7s7x7}7
8`8e8l8q8x8}8
:":n:y:
;$;*;0;6;=;D;K;R;Y;`;g;o;w;
1.2L2^2p2
:):7:@:J:~:
:$;Y;l;
<A=M=`=r=
><>e>v>
0+0<0Y0
5*636L6
V=Z=^=b=f=j=n=r=v=z=~=
i0x0A3
797E7l7y7~7
=8>V>|>
7:9>9B9F9J9N9R9V9
:+:F:`:s:
1Q1q1S4u4
<M<V<q<}<
=!=*=3=<=E=N=Z=f=o=x=
90969?9F9v9j:
;';-;;;D;S;X;b;p;
;)<0<6<
=-=5=B=I=
0!1D2V2h2
8a9W:_:
<5=;=K=
6.6:6H6T6`6f6p6x6
7&727:7B7T7j7x7
889=9T9d9
 1@1O1\1k1
2&2-242;2B2I2P2W2p2
3$333:3@3a3m3
3(4K4f4q4
5&525>5H5T5^5j5v5
2 2D2H2L2P2T2X2\2h2l2p2t2x2|2
2H3P3T3X3\3`3d3h3l3p3t3x3|3
3(4,40444
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3`3d3h3l3p3t3x3|3
4 4$4(4
5,5054585@5X5h5l5|5
6$6(6,646L6\6`6p6t6x6|6
747D7H7X7\7`7d7l7
8 80848D8H8L8T8l8|8
9$9(9,90989P9`9d9t9x9|9
: :(:@:P:T:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;H;`;d;|;
<$<(<@<D<\<`<x<
= =$=4=8=<=D=\=l=p=x=
? ?,?L?T?\?h?
0(040P0p0
101P1p1
2 2,282X2`2d2|2
3 3<3@3H3P3X3\3d3x3
484X4d4
5(5H5h5
6(6H6h6
7(7H7T7p7
8 8(8<8D8H8L8T8\8d8x8
9T9d9x9
9(:<:H:P:
; ;,;4;d;x;
04080X0\0`0
1 1$1<1
5X7h7x7
709@9L9T9\9d9l9t9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
1$1,141<1D1L1T1\1d1l1t1|1
5$6D6`6
989<9@9`9|9