Sample details: 3d5b95079e4885eb4355a9140bccfacd --

Hashes
MD5: 3d5b95079e4885eb4355a9140bccfacd
SHA1: a1cbdfb0509e5548ce12f1e8db1ffab67707dde8
SHA256: a82c6ab1718da8d34375a7e29c76a892544f8117e0689812f9d61da9902a97fa
SSDEEP: 3072:+dh41EQCimfnklkTWSjAS+KmwNYU6J4u:+dh/dJ/CkTWsPmmYU+4
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg |
Source
http://195.54.163.92/LGvlPdCfew.exe
Strings
          	            !This program cannot be run in DOS mode.
bBRich
`.rdata
@.data
0SSSSS
0SSSSS
t$<"u	3
>=Yt1j
< tK<	tG
jThX-A
j@j ^V
F\=0!A
j hH.A
0SSSSS
0A@@Ju
URPQQh<
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
Upumil epijon avujub ewut
Edof azaxoh ijek opynoc
Onek egax
Oqumyb
Iwybir exiw
Elepic ywozan: arebyh
Aqasyx iwik: izonev
Uzoxyc. uhopod: arop ytesit ekitog
Ymir.dll azup upis edis
Unaqug efad
Yduquf ilyt ijulup* ocugut
Isocib asaw izex = azivux odyh
Azakow yhikal* anubyf oxic
Iruzav egyn %s ehis %s ifohek: ofyq
Iwudit. aqif
Uhenah
Osidag ytazot; ovijod efolil urydop
Ofimam
Ohonit elyh
Ylykeb
Agicip
Uxiw usoqyb = ecudin
Ojorib arojop
Abos: ebyc = ybul apes axysaj
Efapiv izykuj uvutim utevud.dll ofebux
Azoh odicet
Enas amozuk izesix
Awafap
Exojek
Azoh odicet
Asaqat onih
Igem oler* apav
Ymydih ymus
Orozar ejymok
Eluneb emaroz uxej
Ohonit elyh
Utahis = ucul. ymuvat. ekyk owavuc
Ylynir aduh
Afot okev odaloh asymyh
Ytavyf ebezef eqyq
Uboz* ideg ovovib
Inofyx iqacah yxegoz icas
Ekiv ucax
Ipek: yroseb exizeh yweq umarok
Yqar ivuk %s ovuz
Eqyn ohypel ygekuk imosop
Icer aguz
Ohyxeq evyg
Osoc uxor ovix
Iwasuv oxev ykital isupib
Okozom acan ehip izugiw imihar
Oqyram yseq azines yperow
Asamez
Hello world from 
strcpy_s 
strcat_s!
Ujem uqaj ysyd
Iziwad idonel awukiz
Ojazed onut = uzusyz; yvel %s opefag
Otaxig oliwup
Inex eheb urumow ihahyk
Aqul emecip; ilopuj
Uzykar.dll afyz agodin; ubog. acof
Ydap azew* adapub uvav
Azil avurar ivekos
Aroh ulyvyn esus
Avew ohux
Imid* omin ibocez ydemim.dll exuv
Ysux* abuw* ahakyl
Ohaput %d elumom
Imegyj; ipew atyt* yxykyn imikek
Owyjaj oqazyb ifirij yjaqap esip
Icyv* odov abumyx aqevit
Usop %s ihihic ebejan eqaxow %d uhadoq
Oxitim
Axaq %s ybuwyx ojiryj: ofot
Yvib atom
Ovifyf ityqog.dll asyj igid
Axosyl ijol ibyn alyc
Ykofid* azal ukubol = akod
Obor ubonat yjiraq* odexyn
Ohuq %d uqizeq ipin
Ujec %d acex. uxojyw %d eraweh ynotow
Eneqiq owypyf
Ofoj: yvoz uger
Ynem.dll agyvus
Iceqys yneb erokyc apox
Ebyryt
Afutub %s upibyr ogavep
Adejif umiqyq
Umecac.dll axejyc %d ozih uwob anupaz
Ejidih
Ogit ifij edif ipocik ahaz
Iwoj ekisis ubojul
Ecapar yvyl; ywizid utivaj
Uwikin okaq exun ekuryn anydyv
Ofyjim avywas
Ufaz %d onylom uqunix ugub igax
Efafym: izaf ekoq ofyd
Ipen oxyval onijiz
Arat apoduc uvum azugag emokyz
Udifus ifud = osic ylub umum
Uwup; ixet ybah yxuh
Akekan ivon %d edaq
Epyc eber
Igufoj ylycev: utibyt
Uvehoq
Ifujoh
Eqez olosid inolij
Omumok
Ivegaw alen
Owoj* yxymog
Ycur %d opudac ywif
Ygyxyh
Osojac. okazad exelip* izaq enor
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
RegisterRawInputDevices
GetClipCursor
IsDlgButtonChecked
USER32.dll
OffsetRgn
GetGlyphOutlineW
CreatePolygonRgn
SetWorldTransform
GDI32.dll
PostQueuedCompletionStatus
GetCurrentThreadId
EncodeSystemPointer
GetProcAddress
HeapSize
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapFree
GetCommandLineA
HeapAlloc
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetModuleFileNameA
LoadLibraryA
HeapCreate
VirtualFree
SetLastError
GetACP
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
KERNEL32.dll
ebW:KX
B>9j0'
%mNA<@	
sso/X,
2pDpp 5
HiY^P]z
tu"q!m
"$w[VTZ<
*Zu>VJ
kea	et
R/5Gk?
6p|7qr
8_Bp^c
D<yb(D
6^Gm?+
R?b< +
3As_Ch
8q(^; d
,+E5(&
" <~d=!#236
Dio(~ t
p9fd)3
p2dN\j
ECcd!0)
f&~*526&a18
c_d)4(d=
\Df-*-
@~90e0F
h;1 a6
E3F8beC
[<m<js
_*C(~&2
Upyr edeq ajuj ozab
Axub oces
Evodes = ojaj: ugucej
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
3333f3333333?
3336Dc3333338
333>fC333333
c333333
3333333333338
3333Dc3333333
3336fC3333338
333>fC333333
333>fd333333
fC33333
3333>fd333338
fC333?3
33fd3>fC333
fDFfC338
33>ffffc338
fff3333
3333333333338
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>