Sample details: 392c4dc7aef6e3259b1589213b863763 --

Hashes
MD5: 392c4dc7aef6e3259b1589213b863763
SHA1: 5e5af3c8fa708932a94c4421b5d0cd0ee4a070de
SHA256: 88d3ce872b9c783ba8fe017224cdddd18fe5acdbba2a7bfe2e40c232b4eb3e97
SSDEEP: 3072:X471zswOAQxOtwRjR28OBNRIy6TBoQG5X7OJVamJkRikMNLsDzTbIHC9qi4+jMk6:GocdxqTBoQyXaJFJkRikpDUoI+x2t
Details
File Type: PE32
Added: 2018-02-28 12:48:32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://acpzsolucoes.com.br/blog/w/1080cp.exe
Strings
		program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$(Pj@
t.hTTA
URPQQh
;t$,v-
UQPXY]Y[
< t1<	t-
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
QQSVWd
j8h``A
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
UUUUUU
333333
?333333
?UUUUUU
?$rxxx
_hypot
_nextafter
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?ZEM-'^
?{yK+;
?765@Z
?e')lW
?log10
?5Wg4p
"B <1=
sodniasudf asdfiuhasdoif asldifboaisudhfoiausdhf
kernel32.dll
VirtualProtect
string too long
invalid string position
bad exception
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
GetSystemTimes
SetSystemTime
GetTempPathW
GetCommTimeouts
GetModuleHandleA
GetLastError
GetMailslotInfo
GlobalAlloc
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GlobalMemoryStatus
GetProcessHandleCount
GetDriveTypeW
KERNEL32.dll
GetTextMetricsW
BeginPath
GDI32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
EncodePointer
DecodePointer
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
"w-<%C
):T$A	i
<~%yHV
:jvM:':
Qt.()3
4->jbO,
fpK%2d(
FaarNx,q
UzlCX!
S3Xg3	
g&i}oR
?:=r07
j(LI^G
Km`|.I
S	]Hc,
:JKus2
S3Y%&0l
ysQdeo
{>`cJ[
oR6$]@
I3lTZ1
fd(N	)EH
2&	9fk
'@uMc`
fw)_$N
^@@nTdO;
""3>)z!
Z_\il7
2,5b56
!=9^dNQ
`nCvC%,J2
.-jaP5{` 
{"*n!QH
n2gu'4*
}uDT|Kt	
AS/!ek
<<:~Wu
JQj2s3
NkNg1O2/s
V|H@6\
7cN,%0
i'vtH%
hr^26j
9}HwE^
44H%"4
*|D4&2g
O&qPG`4X%)
=AH,m>h
ThUGr~
+c,b]!
IMLE/[,
hI)HQU"
"}MJHQ
.xKbKq
[\{U3UT
U^1s>cE
wBS*P>
{-	_k5
{qnK{:@
x\<{2]
(E]9f7
NdhOxe
ah[()M'
y:$$y[
w*c}+d$
|[dd7!
ffaAm>
85&	NcG
Q!_:gz
77)N+(
F:A!0X
>s8:-^
	ReoFo
!uzB_^
K{;mdF
)$?` ;c
>JEL{b
Lw5w&q-
'y*:@z
;%Je`'
8 pr1e
RdcOjM(&
EC((/E
uuJbYM
^1'RBb&
l>z+Hh
aU1}{b
J@}c[;M4
14N-M-
,#RdMJ
( G}cgli
X1soR<'
&GHk6}N
t JX7A7
EX:(/p}
%[i<`&$L
nd<$!T
;^hgL0	
mFV.?+V
V%8*:Ye,
@C(]B,82@$
!Bba/e
(.iH7d%
(%'rP:
.}>tgW
_azXeH
Wk/t+]n
{%{H$@o
j!EWY.|z
OsPgQt
y5Tl@&
@5a+Ls
]'@tCX
GE)I?7
CG'>m'
<@,jpV!%
~thl43
N^Y}E%
*Ryqbl
0qE0H0
y5VAv.8
Z_DmaST
eVwRN7,ph
:WaeE=`
-]V;7Ts
ce,$-r
{i4/PF
j:G+mD
7L*|M,!
-`d0o4
"D?tdZ
AIvi}Tx
&srk.F)
1%pB(v
q0$Gs>
R"	zy(l
VS.5km
]zMAwR
7Z7?::hu}T
hf5nY][
Jy|8>$Y
kl2U"(
Cn;=k4
_Nx;sf
G}kyn|
.2.w	\
*1|)_]
yi(,^g
dQ&`]B
&S@W{hP
};I,h4
NS,l3/
%";J#B9-]
&Na3w	
S5[{}3i
P$_!7C
XUYaXVCZ
`@Y;f_
!:lEWol/m
ZR:O-%Lu?
,AB{U{
O7Ww^l\
)qvztI
tacayewifogecefehusexahamorehedasemacenucufebixiyedazubikecolupecuculepuyotojimapisuyeyovovadodatexapoyilugayakecuxohiberewikusemanapicocutovefigetomihafogomecurixoyicosovefusinativudicinupafawapagavuzinisulotoronolenubumotorijohipiwovahuwiwojozuhirumiverufufadilosewucicafoviwarazametavoyunewelasomomozofiferotamefiyimuvodovojogitexihiviverebofujajodetebisaxiviwajopexerofecoginegapu
v::$::$
::$::$
::$::$
::$::$
::$::$
::$::$
::$::$
::$::$::$
IKtIKt
IKtIKt
IKtIKtIKt
IKtIKt
IKtIKt
IKtIKtIKt
IKtIKtIKtIKt
IKtIKtIKt
IKtIKtIKtIKtIKt
IKtIKtIKtIKt
IKtIKtIKtIKt
IKtIKtIKtIKt
IKtIKtIKtIKtIKt
IKtIKtIKtIKt
IKtIKtIKtIKtIKt
IKtIKtIKt
IKtIKt
%P9%P9$
IKtIKt
%P9%P9%P9%P9%P9$
IKtIKt
%P9%P9%P9%P9%P9$
IKtIKt
%P9%P9$
IKtIKt
qIKtIKtIKt
+%P9%P9'
IKtIKtIKtIKtIKtIKt
%P9%P9%P9
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtn
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKtIKtIKt
IKtIKtIKtIKtIKt
 eIKtIKt
ZIKtIKtIKtIKt
IKtIKtIKtIKtIKtIKtIKt
4!IKtIKtIKtIKtIKtIKtIKt
ZIKtIKtIKtIKtIKt
W@$;@$;@$;@$;w
ii6f="
]5`YSfS
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0Q0F1Q1g1p1
4$414H5u5H6\6r7
8E9]9c9s9
:2:Q:p:
<-<2<?<
<>=\=e=p=w=
>(>2>B>R>b>k>
0'080^0s0z0
1.161O1
2$2*2Q2w2
4$4l4u4z4
405>5Y5d5
5D6S6Z6
7'7E7S7
989?9D9H9L9P9
>&?k?p?t?x?|?
4E455H5
8A8U8q8{8
9"979J9^9j9
:*:6:D:f:v:{:
;$;);.;U;a;f;k;
<!<&<<<
<%=?=H=m=
>%>1>D>I>U>Z>k>
?(?9?K?f?
424;4C475%6/6<6o6
6H7O7i7{7
:Z:d:j:p:
=P=U={>
M0Z0e0o0u0
1C1L1T1
595>5K5W5m5
6!6*6/6<6A6
6T7Z7l7
7J8P8o8
9 9\9l9
:(:3:8:=:X:b:~:
;*;5;:;?;];g;
;-<Q<m<x<}<
=;=I=X=|=
1$1Y1j1
2!2+2M2^2o2z2
3&323>3Q3p3
6%6H6c6
7,7@7P7\7e7
8D:L:q:y:
<K=L>\>m>u>
(0C0Y0o0w0
:":4:D:P:2;b;
<	=F=`=o=}=
>*>8>F>Q>g>{>
6"6'6<6o6v6}6
:/:_:t:
?"?b?q?
0$0_0f0
041F1X1j1|1
2-2?2Q2c2u2
4)5v5N6
; ;-;:;Q;
5I6j6q6
1(131@1R1
172L2U2^2v2
838P8r8
:/;9;c;
>@?j?r?
353H3{3
737U7[7`7f7w7"8(8
(0@0E0
@1H1T1X1\1`1d1x1|1
2D2H2L2P2h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
<$<(<,<0<4<8<<<@<L<T<X<\<`<d<h<l<p<t<x<|<
4$4,444<4D4L4T4\4d4l4t4|4
4 5$5(5,5054585<5@5D5H5L5P5T5X5\5X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:
*;.;2;6;
<4T4X4\4`4
5 585<5L5P5X5p5
6,6064686@6X6h6l6|6
7 7(7@7P7T7d7h7l7t7
7 ;(;l;
< <(<,<0<8<L<T<\<d<h<l<t<
= =(=,=H=h=
>(>H>d>h>
?(?H?h?
0,000P0X0\0x0
14181@1H1P1T1\1p1
1@1P1`1p1
7 7$7074787<7@7D7H7L7