Sample details: 36af79e222eab3b2beb1147d069c9e1a --

Hashes
MD5: 36af79e222eab3b2beb1147d069c9e1a
SHA1: 31fe5b8d3bfbd6a78870ffb1c23b27ecd04701a2
SHA256: dece48108cdd13d184641a4e0c683de102d9acd6b77d76d98fb3c920fdb59c1e
SSDEEP: 6144:7Xj1PdWKTNiHFPzxF7g06MhjdFywBbh/Iv2bJJzR4Je8ddkPm39CefyhW9gf:7zLC9F7s0nxth/Iv2bCb338
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vectored | YRP/anti_dbg | YRP/keylogger | YRP/win_files_operation |
Source
http://www.bikner.de/ri.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
Richq	
`.rdata
@.data
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t$h4BA
Y;=86G
j h`OA
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
Fh=00G
to= 7G
URPQQhl
t"SS9]
v$;5D7G
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
Afor: yriwoz
Ynos* ypalek ibesyf
Iziwad idonel awukiz
Abucud
Usymeh; ovacoq ikebyq ajof. ytew
Opypys ovap
Esyfaw ucud. abegow %d ywox
Isocib asaw izex = azivux odyh
Inyb %d ubafuz yruh avep: osyk
Enakuc
Ekuxef. urup yfal uxac
Acugok
Iqasup
Yxyh.dll iwypej %s evyw %s ylal ozeh
Aquq %d eqeh ewijob awyxoc
Abit inyk %s ilymyq evysic
Ybytaw iqiz
Amaqoq. yjokuc ebop owas = ojux
Elagon
Etyv %s ipix: exoc
Equqyd ijeqew ekijet
Ezomox ewaxac %s anyceh owod okiv
Ajixym owom anuw; odew ahas
Yjiren ucemyd oxil; ihez
Abis. ywajit %d yjunoc
Uwakow ozav
Oten ahedoh egek
Egax uxykug ynahub* obyrod
Akiras
Yhejad
Uxuzez inyw utoqaq
Emigor egeq ozit
Avyf oduxim ezumit
Abunyn %s utov: avijow
Uvag ucyr
Ydec. yjicup yhedis
Aqed; emac yhic; ubav = ynimej
Apos; okufax %s yliqos %d ogem.dll esesuc
Oxuxyz eheq
Anis ehunoj ehic
Olitat ohin ymolok = eqipil yfytyq
Enevyc ezac umyz oxaw. ybityg
Oxuxyz eheq
Anis ehunoj ehic
Emuh azonod olax* emeker oxet
Elyxit efibas
Olisog uxyd ozyc
Efapiv izykuj uvutim utevud.dll ofebux
Acigyc; erivom ujuh
Ojorib arojop
Ivuhel = olyqar ivuk %s ovuz = ypep
Afuk* utuwyl odiqoj ideved
Anujud
Ecuwon yfol evewoz
Icyv ozydec = esim
Ojipuz arecyn
Idagod azoteh ijodyt olil urydop
Arunyv* afaquk. ekyvow* efih.dll yganym
Olafon inyv: asug %d awubom
Ifujah umeg unamud usyzat ujalov
Udymuw atezaf eput
Icefup ihucus
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
DrawFocusRect
GetAltTabInfoA
SendMessageW
GetKeyState
MessageBoxA
wsprintfA
wsprintfW
GetWindowLongW
CharUpperW
USER32.dll
CoInitialize
CoCreateInstance
ole32.dll
SetBitmapBits
GetPaletteEntries
GetPixelFormat
PolylineTo
OffsetClipRgn
FixBrushOrgEx
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SelectObject
DeleteObject
GDI32.dll
UnlockFile
RemoveVectoredExceptionHandler
GetProcAddress
GetStartupInfoA
SetFileAttributesW
GetCommandLineW
SystemTimeToFileTime
GetLocalTime
GetExitCodeThread
WaitForSingleObject
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
CloseHandle
SetCurrentDirectoryW
SetEnvironmentVariableW
GetTempPathW
GetUserDefaultLCID
GetUserDefaultUILanguage
GetOEMCP
GetACP
VirtualFree
VirtualAlloc
DeleteFileW
FindNextFileW
RemoveDirectoryW
lstrlenW
GetSystemTimeAsFileTime
lstrcmpW
GetStdHandle
WriteFile
lstrlenA
ExpandEnvironmentStringsW
CreateDirectoryW
GetLastError
GetFileAttributesW
FindFirstFileW
FindClose
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsValidCodePage
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
KERNEL32.dll
a6Eg"4
UFj~gv
(11C23
9k{Im1
F6Thq%
d6	q"?
3)	{hz
WY&:m<
yH'nMo
g4zrkX
eWD7vs
UzU=9~
NO>"<{
d]g*wo
~It:T/
AGC?sm
+9\L9W
szsy50
!Eon"}
u8Hh>=
aysb>u
'	B+U)
//ZV-]
qp[dk#
jX~.9T
bS'!1|
NR,l}z
O$O%1I
+P80KI
(\g&qn
4FBH`:
874&vN
^6IW|?
VhFI6%
s0~r^b
b86l(=
EB` ,v
'N|6s1
Iy/3$k
t\Ul,`
\)T?C`
w2nj~a
EJC_82
"bCLJ$
<ewa&8
U6{XMm
7<	e>_
s$G)ou
pHr!(a
36ph'G
ws'sL;
t&|:5	
sey1h)
XwwOz 
}toi2H
#4\Hf:
#TixVb
=/ 2i1
&WKP"9
K:|?c(
(7qdeZ
Y^S&G,
iXP`g1
dn0}-t
/Pb):;
GE-p<)
;MWIAn
h?$ssTH
m-@.LN
~P!- ]
m~w]fr
NLf*Sf
<?doPY
oOf3Z2
tOyKcB
QjG7X	
ga Y.\
Cv6gjd
j>r'P0
W+y,Yn
LrZ0[x
kjY!f_
)@qscs
|pZQHn
jN7=Ag
Pz-PWI
3jG1{Z
.avle5
DKC{Z{
_z'3jq
wN+Fx{
uE>^)C
E"(-"/
cS!wZ;
/F)A`F
E~aY!d
KRT@Y<
mze$-G
r_64a~
_)_#bf
t8(CCc
%_#2D0
_)f3(F
Z_($$$
	B2*)@
F3@4~(
9hPQ[F
O#;KJd
ce2^I8
d7$bAbDA
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>