Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 56fa450de71bf401b285c97094338020 --

Hashes
MD5: 56fa450de71bf401b285c97094338020
SHA1: ba0a270fd909f5f1cae5b6f19b7728306ad5d06d
SHA256: 563ac5f59e9ccc0755d597b60aa2b6547bf545b89fc34efeb56d4cd47da7573c
SSDEEP: 6144:oKPSXt0tzo0ysV9U8q0Y0c8Q/AKebd6zGKjxF4FGpXXSp9Hs2:oKqZUUT0dQ/dekzLFuFGxd2
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/escalate_priv | YRP/keylogger | YRP/win_token | YRP/win_files_operation |
Source
http://134.0.117.224/1300/red.php
http://134.0.117.224/1300/1300.exe
http://www.kfzgutachten-berlin.eu/TempCont/r13.php
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
0A@@Ju
uL9=tUI
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
0SSSSS
PPPPPPPP
URPQQh
t+WWVPV
;t$,v-
UQPXY]Y[
v	N+D$
Anufoc ofymeh
Yxoxaw epyb
Opik ekap itec
Esib; eleq olapih
Idulid %s ilir epirah %s ytep ydet
Iwobaj %d azofut %d ulyrut afaj yfyfuh
Ypis ovis ynib. irihej
Ylok elal
Ytafok ihafal; ixir ykah iqon
Opynoc %s usyn. ugib asik
Esyqyk oxided = udaj ikozab
Ejoj otylaq avyl udor %d ywyd
Idylic
Yqoq ixyzew: urug = eqym
Ufomaw ydax owox udok yzatof
Those Who Will Not Learn from History
THOSE WHO WILL NOT LEARN FROM their mistakes
Amuj ubow
Yhyz: oxyn %d amoqyf isenyq.dll yjal
Ufaw umob okedof
Yhyn ysym* yxip ukyjuw
Yriqex = idisij
Irak %d oxik uvific. arywag ypoj
Yluqof uvoh aqul emecip
Arykyl yvaj ymenig
Yhufek ydesuj egybit ulines
Umukon ihaban ugoqic. iqyhuz %d ibodyn
Ecav imyf; oluc
Ojitif
Itypir
Osamax = ejyqip yfog* emaz %s uhuden
Ojokev icil omoc ivelah
Abax igaz adoxyp iqat evijar
Asamez
Irod %d ipoq = azekys omih* oqosyt
Icyb ygiqax iwyfal %s ilehov
Yfemac yjunew
Ysifor ymisux
Uciq* axuxil eliv oryx icad
Osan oqiq omeg
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetKeyboardType
IntersectRect
GetActiveWindow
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
IsWindowEnabled
EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
USER32.dll
ShellExecuteW
SHGetMalloc
SHGetDesktopFolder
ShellExecuteExW
SHELL32.dll
RegEnumKeyExA
QueryServiceStatus
OpenSCManagerW
RegDeleteValueW
RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueW
ADVAPI32.dll
TranslateCharsetInfo
GetEnhMetaFilePaletteEntries
GDI32.dll
InitCommonControlsEx
COMCTL32.dll
GetCommandLineA
GetProcAddress
GetThreadPriorityBoost
HeapReAlloc
RaiseException
ExitProcess
RtlUnwind
IsProcessorFeaturePresent
GetACP
GetModuleHandleExW
HeapSize
VirtualProtect
VirtualQuery
GetStdHandle
GetProcessHeap
FormatMessageW
HeapAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
HeapFree
GetCommandLineW
GetFileAttributesExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
UnlockFile
LockFile
GetVolumeInformationW
GlobalFindAtomW
SwitchToThread
WaitForSingleObject
GetTickCount
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
GetLastError
lstrlenA
InitializeCriticalSection
GetCurrentThread
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
SetEvent
ResetEvent
WaitForMultipleObjects
ReadFile
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
FindNextFileA
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW
MoveFileW
GetTempPathW
GetTempFileNameW
GetShortPathNameW
FlushFileBuffers
GetFileTime
SetFileAttributesW
SetFileTime
GetSystemInfo
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
EnterCriticalSection
lstrcmpW
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryW
FreeLibrary
FindResourceExW
MoveFileExW
GetWindowsDirectoryW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
FindFirstFileA
SetErrorMode
GetVersion
LocalFree
FreeResource
GetVersionExW
ExpandEnvironmentStringsW
GetCurrentThreadId
VirtualAlloc
OpenProcess
DuplicateHandle
LocalAlloc
GetModuleHandleA
lstrcmpA
GetPrivateProfileStringW
GetLocaleInfoW
GetTimeZoneInformation
GetModuleFileNameW
LoadLibraryExW
GetUserDefaultLCID
GlobalAddAtomW
LoadLibraryA
GlobalDeleteAtom
GetModuleHandleW
GetSystemDirectoryW
OutputDebugStringA
GetStartupInfoA
GetCurrentProcess
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
SetLastError
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
SetHandleCount
HeapCreate
VirtualFree
GetCurrentProcessId
LCMapStringA
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
KERNEL32.dll
Imucax onyb. axel
Ivoz uqip ubew urefuj
Ahym; ogejuv
E%	M~3
uMu  I
:h[uF+
61!F@`
I9o9d3'
=s'Ifwj
w4qJZ6
K|12KRV
MAZL6N| 
fI$RBj
y:&<[ho
c~q+w}A
&<c}X<w
@3HE;\
.US>,m
kw+5!G5O
Z$x2_b
26n*/`
ehG.	es
wx$Nk*
k_aRSG
P6;fEM
#orFVd\`
KSS6|S
E,?z^<
<eq_f+
A(a}J}
<p	?n#!p
TT4lgyY
]8a6l%
c~D"	H\
#j-u6r
N@6R+O(
`D_g.Z
@bMzNo
UV	H0$
s%u*X	
#GDc*n
IQ-e;=
S`LfGC5
M w{F4
64\Jop
pQ?G~2"
m\_IF{Q
'L@|fYj0A
,G?	)=
_;{z5	
WpgYy=_
a(c7)a
&y;Urvb
".`4)D
W0}U-kYP
WB_I>=
Y/vUDF	
1q}d{%
RbcV4_
HrcU'p
rjc[(p
Mj#9?h
:,vAk40
?a3l@	
'lmi@l
ax!u@q3!
Sv@{!V
u}v-.F
vwC*3M
l\VLPk
?IFPy{h
.myu?m
T@wWHz
IxS3&8A
$[exmO2
t?MwcWP
*Jwamb
:UrDma
QQk{TF
7/"Ju)U
O^ZST#
^mm	DV*
-L-4!&
?mwBX'
`>q\dp[
xM?w:LT
Q@He@=;
}-=%kJ
3zA)<_
PbYoqVZ
2^ZV 44
Z.GiVG
^F7/al,
G3IF0\
LJg-Q-
&l'$5J
bwQ0C"M"
HQW+EGno
m*dvX>
<wTls!Gd
nc.ifd$i@
Hi%^$6
`A(C9f~~
.$?_=j
x]SzX1
oH!xI2=c
%%4c33
]II^6z
!KG\D'
GVz7Np
86zB* 
1jJvOh~
L@;x/X
Fkoq>X
2}tN:a
vFVssb
%	bR3UH
{ZA=F$
GiiK7g
p6&wRB
l2b0>-
627CIA
H?vk#m1
Jkzz$0^
0p|9:r
h@ZW2K
ZTM/njL
%GxzGo
P2fzdpA!2
|1nR$Z
)N],.Fz
AX@7!*
WSLv'sbY
$@C #r
?ub-dFa
}ey{k{
aLo,p7
t 8Yv=
bTxfug
Hp:5'w
$H8!=a%
3%!hSb
\b6D9KT
%R>m~OJt
Gd2041
nrm*o%
$vMe3= 
vf2rUF
zm:'j_
SWfUxL
8vseur
}qzr,%
WOc;ZS-z,
x8k5CM
K>2c:(
fE5n-N
~DI52B
}\]qi+
mQT"0P
I	1!Rl
BBwSJC:{
5e=JU;z
87Y9E,
JxTRPqA
Y/S9=w
w@)bf_7^
y* k2?
\jD;]j
F2_7$c
3Z}L5\
^- <N5
$D,bw'
+No&qj5
wI//ZX
.n?-<#
IM.oG"C
U9}';Uvf`q
)AI	B7873
fd0{%w
_Ae43\
B.r<MK
TZ^bS^L9
7d2LxY]
#6APDD9
2Oqu[D!
v8(LEMOp
Zi{$8'S
r9'h;9V	
G-2[a\`
qOWE2j8&
rS"|}& B
: ONWm
B~nx_u
QN6IC:>#
-xieSi
J>j2W,
S^#>G{V)6
yj[T9m
mtvDot
#_4=F1@B
/X9>fy
o,[w8l:
u)D3m	(
JC-\nw;rm
Jpeei$
 L6J0OV
SR9P:e*P
 "Y'CIS
08X,d?
fwfP_;
Uz:&"e
aH{U4FEi
a3dfd$c
_[mp%|
D8$C)1
Xmi,Nn
h2Lk<[
2)5~B3
Urq'rt
2\0Dh^
GL?"H6
f&}s_69
DC0_@D
C@D)e6^E
n.+H2T
e%dcyZG
\&7.lh^
)~o	<\
[y1_H!
~V<VE^[
wgK'P_
^6H<gk9
?j?1/E?;
AhSQJr
OvGqfl
V4U0=&s
{1$4x+^'i
3V])Nk
V,{o|!
3x+13)
*60c#D
ftih<!C
#`&z:{h5xJ4
J|xxa43
"yd]^)
rrhu	~
8YR|Ay
dm4GqR
S|PHO@/
C:{>qeS
UJ{!Ma
_$xWSh
gR{*L&
n.?^H>
_Zw/?fF
BGe|"w
bzox[	
5oTybG<
 {?Dl}!
_b))e=d6
IC>r!D{h
y`k`/-
]:G]JJ
tJzNgm>(
oYcA^2f
@G eLjj
+bO7=J
`sOP!u+:
L,q%"-
*_&C4u
Q}3H74
yDxQq<2
O+1Z_	t;
*[=+%+
bIK,;y
tJVyTjW
/Y<	t:
GxW.C{
%LG8?)
|X=77/
	f3W)c
.q&*gw4
U?;'+)
Dg>\s'
&cX7}$
pX7$A^
*ED5+9
2yx_\X
on$-O=
 ^(!zG)
YVc,z3
8J3\dL
;7g{H#
@g<2;6
-dV4-=X
Yw[i<.F
&DCO:U
P])%	>
o`g>z=
s:x8qd
y	4YZpN-
u	]$d 9
0?`=-.
b"!bY^@`
O&eR?L
@.bP*c
y]!MPKT
1>Y ~lt
_JFHhz
%oiBb)Q
|XYt6*
Lo{8G&a
[oDVV(
TiR+r}z
IYi-u32
2,zNS#
V<{|cm
Y]%8	TH
Ddr\[<
UtD1Z'
a;SP-	
eyg;_IA
AiHB.oD^
Po Z{<
jUq0B1
!->9n -d
hu?&ta$d
BSYLEs#
Xwsc*uL
RfWOR@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
170108000000Z
180108235959Z0
SE1 8XD1
City of London1
London1)0'
 207 Waterloo Road Waterloo House1
Tubatton Ltd1
Administration1
Tubatton Ltd0
p//LHH
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
admin@tubatton.co.uk0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
	r!bJm3
20171115092505Z
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer0
fO\r6{
'1Oqtn
lZGfD{
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
171115092505Z0+