Sample details: 502d430abbc5d9c6955b3959013dc2c8 --

Hashes
MD5: 502d430abbc5d9c6955b3959013dc2c8
SHA1: e072332d3bb9c58fc3ff9e0e5d5e7c1ec4604276
SHA256: dae6ad407a30ef51bee6037833253293847f1ee8828c9aec312b869091c4a4ea
SSDEEP: 6144:tOsqpMX0jTZ6KMMchy3DktQU7e/1ITBShz4Pb2hSmR2alo9k4xt5PB:tOsqpnMKMM53oX7euSKHmIag
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation |
Source
http://www.momarch.it/imgvarie/php.scr
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
to=8DG
jXhXJA
v$;5\DG
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
t$h<:A
F\=pHA
Y;=hCG
0A@@Ju
0SSSSS
PPPPPPPP
0SSSSS
0SSSSS
PPPPPPPP
u&h8HA
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t"SS9]
j hpLA
URPQQhH
^SSSSS
^SSSSS
t+WWVPV
u,VVWV
t VV9u
;t$,v-
UQPXY]Y[
v	N+D$
Oritos opytob utokom
Ixoz otih %d iwuqoj evad = avan
Isud = ogydix: ekucol uwus
Yxyc %s ipyq udyg
Ucucov opeq ijedoc izywov
Ovon %d uhovos odik
Ikim* ugotyl ynicul* yxos
Ikeqiz oliq
Ixyr ogolab ipigil
Ylabyt ykenaf* emif
Ykefem.dll ogon ihuquw
Ydyt ykaz
Yxop yxuv idyhyh omuzyx
Uxagis umik: uzis
Ohonit elyh
Uvyg enef uzutah ecuc avym
Otew = iket
Iqacah yxegoz icas.dll ylagef obyw
Azyt %d amul.dll ybexoz %s uzym %s uhoveb
Anifak.dll ysow ekun ivur ifyx
Ekuxef. urup yfal uxac
Ecyfef obezaq etovin
Iraqel enuwev* ufunek
Yjix olijyj amaniz
Ygal %d yquz %d uxoged osamax = ejyqip
Ojah* igyq. idykex anis
Uvycuc yzyvuc: obij omuq iragun
The quick brown dog jumps over the lazy fox
         1         2         3         4         5
12345678901234567890123456789012345678901234567890
Obet eficyb
Amiqin awuq ocyw ucew.dll esud
Okub ylimov epyk; ezocyz
Iwac: aras ozuqol.dll avyceb
Oqap exajac yheq. ykurag
Anib uqik asezud ynonow* iraf
Ymizyn
Ujecyk arysit yxynat irinyj
Ehiwyk umed enyn unor
Uhenah
Ivej* yhyf ytadiv yxetav
Imyt.dll imudyf iter: edosom elir
Epelyj
Yjov aketef osaden
Emogow yjyvup
Ykecys yradys
Ohyv.dll owoc; ajylil. ilun
Ysux* abuw* ahakyl
Yqicon
Uriz axemif
Yxugij ahovax.dll uvyr eseg
Ezyd ynarar; uxugob
Ywez* inewop eqisaq ujopuf ysoxyf
Inosin %s ipec yquw
Anyr iqab = yfus igep
Amapip
Yqik awef
Oqog oxyriq
Alug etoven = asomez apuquj
Otelew
Ocycec edol
Ezomox ewaxac %s anyceh owod okiv
Ulas %s ugojog. uqiteb
Ukiq uzaduk
Ysag.dll anuwom asuquz: uryb
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CorExitProcess
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
ExitWindowsEx
LoadStringA
MsgWaitForMultipleObjects
TranslateMessage
MessageBoxA
SetWindowPos
SetWindowLongA
SetTimer
SetForegroundWindow
ScreenToClient
RegisterClassA
PostQuitMessage
PeekMessageA
OpenClipboard
MessageBoxIndirectA
LoadImageA
LoadCursorA
LoadBitmapA
IsWindowVisible
IsWindowEnabled
IsWindow
InvalidateRect
GetWindowRect
GetWindowLongA
GetSystemMenu
GetSysColor
GetMessagePos
GetDlgItemTextA
GetClientRect
GetClassInfoA
FindWindowExA
EmptyClipboard
DrawTextA
DispatchMessageA
DialogBoxParamA
DestroyWindow
DefWindowProcA
CreateWindowExA
CreatePopupMenu
CreateDialogParamA
CloseClipboard
CheckDlgButton
CharPrevA
CharNextA
CallWindowProcA
BeginPaint
AppendMenuA
USER32.dll
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
SHBrowseForFolderA
SHELL32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
ADVAPI32.dll
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetDeviceCaps
DeleteObject
CreateFontIndirectA
CreateBrushIndirect
GDI32.dll
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
COMCTL32.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VERSION.dll
GetProcAddress
FindResourceA
FormatMessageA
GetACP
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFullPathNameA
GetLocaleInfoA
GetModuleFileNameA
GetSystemDefaultLCID
GetSystemInfo
GetUserDefaultLangID
GetVersionExA
GetWindowsDirectoryA
IsDBCSLeadByte
LoadLibraryA
LoadResource
LockResource
RemoveDirectoryA
SetErrorMode
SetLastError
SizeofResource
VirtualProtect
VirtualQuery
GetFileType
GetSystemTime
GetFileSize
GetStdHandle
RaiseException
ReadFile
RtlUnwind
SetEndOfFile
SetFilePointer
WriteFile
GetLastError
GetModuleHandleA
MultiByteToWideChar
TlsGetValue
TlsSetValue
WideCharToMultiByte
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetCommandLineA
FreeLibrary
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
DeleteFileA
CreateThread
CreateProcessA
CreateFileA
CreateDirectoryA
CopyFileA
CompareFileTime
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCPInfo
HeapFree
GetModuleHandleW
TlsAlloc
TlsFree
GetCurrentThreadId
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
HeapSize
KERNEL32.dll
Agug; idawag yzihij
Uriv ypiz igib
Yhazos ihofes ekidyq olawef
)H"0)yab
,$nuE{
Oezx%e
eaG	OEK
F1^C7F)
i/;`Y%
-/)9p=
UspwdY
v|o:Xv
vGD Ru
L9CN:7
z`UhN{
.e& \)YP
Q'z[^5
uqiCX\
&qo/!'~u
j,N%ro
2Zl^vz
r-!l| 
-eBvIh
:So[gHg
874dgi
v;6`$\
u\7B=2
y!9Au5
,aBw}1(}
%d&q5e
oLDAAa
_i TPd
JF9;&X>
i};!vf
)p8=q?
*T?}PP
#[R5|J
YvI_sr
nD:@>[
qr"3=f
h^5yAe
qGlK#5
@,1KZVK(L
8z>`K|L
1-7U&G'
Qa8?/5>
2!27Ki
j}=Gj.
XJibS1A
9Q8npY
bit2^ 
e	H}QW
@(z>}9
6v7g3?
="A4%c
LCr{9W
%E]~xEe
%ZO5%=9F~F
j]~`5OJ
E/Xo ^o
6S q@^!
GguOL5
D[H-"s
/z9TU>
U9#F;!
/5UA{1
uQ2)V/
z9:uUV
EqN@0J&
) (IbO1-
%a=1oB
+Bd,[W
F|-nX!
r}'aD!T@	
r&E?i]	 
0s^M$]
X>)0FU
Ffd}bO]Fnl
YW=<u(6.
YMnqnrz.
m:)2A-uqJ
K-G}T5
Kq_E%s
-%A^eB
9&WC	YM
Qm(iez
aq7{4EcHq
#=~=rt
i=07mP
9#z!i]
*PC]Nt
w0U	O8
][K?sD
PB}IkI
1_PG^,~
#g_CV}y
 :M4&b
4n19;a
U[e112u
Lp8vfe
Xc(D		.5
WP>OCU
%jE--Y
\Rhg9H,
@MQYfT
	[b5Lca
pb((?_
5'Z3ZD
%#q}LTF$
NA%t	a
yOHD+Q
7C5M\s
Cd9&,a
U0`>$y
EwJ"q|l
qa:|ak2e
I5%	r [
Es#%I[b
n^-RnIa
0jkW[I
Q.C|Q?
y~NAyB(j
Nlq4q[
m%}:1i
mTXeXOvB
e9]8$bo%
Z?gH}]
3s#*#5
sq1"&	
7TrL15
"'i6X_
]u-)V(
v][_;!
#jqQ~e
8'yaDc
<5vhJ.
`1mEH5
He*z$U
	6.pi|eyE
cY|V@.Aa
[w<$c&
tc]8uM?T
u;ATvz
ubQu H
/D(zae
)U1	jg
e<"pyC
XYC}Y=
!25w[q
qPaA~?
~!EC)%
jdi1\9
GNZ	i!%
A+A$5)
br=	b%
q]kN[o
UuDysQZ
uofaM1
S`1198
7iJ8hY
g!.OXP
	w9	Y^k
hq*g1>
	ypQ^5
-HiDH+S
Fy3oj,G
m$2GlB
G$S5v`
28lM~c<U
Qb-VNI
cbZUY{
<@Y`5nuQ
9Ie&Xj
{p^ Y@x
!^l(}\
I|%+&-
USPnYw	V
&	mlfe
BOTIbD
LbR.yEx
34q.6e
wQFB}^
~E6|V6
HA!n*[
XlKE;+?
v#^}p`
AhEI{+
mlYkh(
&%Nz!@*]
&*(RpH1
oUr@6)
K3Q_0L
:eZOq\
il@Z=A 
wPkj<roF
Evh1;,Q
?Dsd.U
aD:{4y
jmb;R5
\UB^uk
EcWoIh
SG6VX$
V7=pHc
MQaq7"
Zctu	2)<
q`'n!"b
17)4`4=-`%N
=6P<~T
y5|G!kd
(`w	ac
>"W0@`
X!2fyS
L"%4]5
H]m5)'k
 vklQH
~xIF<)
F,jj5^
n^MO)?
x8	KQu
BL6/h4
S"6IzC
r%Geh[L>
dX!#vzx
&l1Do-
?s%Z6s
UWcY5)/E/
gf+nWI
O+CA+e
2ctpE(
}[kaMC
mA chz
\|H	"e
6	-,>	
r/5|;O
I_p>7V
ia>LuE
p[qi}T;
X/NPZY
5Bu60-=
5%)kzLtg
&=P4rU
E2BACU=k7v
l/*N_k
eczq q
01pJnr
m9W|"ve
&5*L9S"ns
ydcef1
a!Jl$Mb9
h(0	e[
_1pD'u
wdV>t'
u'Wsr<q
}LUNPd
0bQKn*
e{h9k*f
u.\eiqA
	\rMTn8zI
Bn$)	b
& |:&5
TGkUdb
CxGr,8
tU"uhAX
g'7"3<d
@)851Al
y 6!SL]
%	(T88
J9]N!QH
C]A\!V>
bQ~>5+
1w1Su%
mH)1qkl
TL}EL\
5r<xWqO
V67wA\
Lj"qwD
@3w-r!
mq={sXCh
W2p(*!
	ySB]z
+47^Ewe
iFIn|q
q[MIIu
~	e+Nf
f![Z}Ve>
b9Q$%\
R4AWz-a%I
Ub"^Ce
HTKcYQ
QRDszZI
f?SZ4Q1
!2~ReN
-BKrO]
^T4}h1
@dp'	Sb
^&UIO	
ZD$_h"V!
)= #iv
?.,13q
:`x	A{
s0%s1D
Be9$2!(1E
(/6!9BF1
c55CF1
%@D_B1#8
cD3%D#5
44*aBb5
)35869
6J%058E#c__3
*&ff7C
F__90e
!68!_(
Ae80$c
(B!d8Bb
9%(@)A!
=DA2*_ff5
ab3a7f
4644607f(
2Fc2aB(
=*$#^b5
b#EF9!e
fA)b$#
_26EBe(=!F
f$#2)A
~a&*A)dCc#
5)E98$F3
996d7$
J}k5:U
E%,M8]
~PXB)6*
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>