Sample details: 65ab089194a4080e861171e1e1cffd77 --

Hashes
MD5: 65ab089194a4080e861171e1e1cffd77
SHA1: 095f1c0e07f77c2cd1b24f128dc508670cf2ff51
SHA256: e3e9f6286b9203402802576a1ebb67caa43498330dd44ae92b159738ab1915ab
SSDEEP: 6144:jbwlNXmpOcPFDTuGMiY+LJ9oRPQvHAuXlADedtv:Q7WpOcNTjMmLJORofPWGtv
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation |
Source
http://193.124.0.151/crypt/sv.bin
http://193.124.0.151/crypt/sv.bin
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.data1
.gfids
@_RDATA
@.debug_o!
B.rsrc
PRQVWhT
PPWPRV
/Y][_^
D$@;D$8
D$$PRj8R
RQSVWU
]_^[YZ
]_^[YZ
]_^[YZ
PSQRWV
^_ZY[X
URPQQh
;t$,v-
UQPXY]Y[
Tt1jhZ;
^$+^8+
^$+^8+
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
< t1<	t-
u0jAXf;
u0jAXf;
SSVWh 
f9:t!V
Wj0XPV
WWWPWS
u-PWWS
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
Bitmap
USER32
EnumDisplayDevicesA
FileDescription
CompanyName
FileVersion
InternalName
LegalCopyright
LegalTradeMarks
OriginalFilename
ProductName
ProductVersion
Comments
Author
\VarFileInfo\Translation
\StringFileInfo\%04x%04x\%s
	Path: %s
BUTTON
\Processor(_Total)\% Processor Time
USER: 0x%08lx
MYCODE
Create
HeapAlloc
%TEMP%
S-1-5-18
pid=%d
%02d/%02d/%d  %02d:%02d
SessionInfo\%08x%08x
list<T> too long
Active
DISPLAY
string
access
comment
vector<T> too long
deque<T> too long
Unknown exception
bad allocation
W`.]tB3?Q
?@s#0?{
9y>m0_D@H_
Tp=9y>m0_D@H_
=7p7M}
6p7M=:P_:}u
RlK8`K8
bad array new length
GENERIC_IA32
FXSAVE
SSE4_1
SSE4_2
POPCNT
PCLMULQDQ
AVX512DQ
AVX512F
RDSEED
AVX512IFMA52
FULLY INORDER PROCESSOR
AVX512ER
AVX512PF
AVX512CD
AVX512BW
AVX512VL
AVX512VBMI
Constant propagation error (%s substitution):
FORMAL
RETURN
GLOBAL
	I32 %lx != %lx
	SI32 %ld != %ld
	F32 %f != %f
	I64 %lx:%lx != %lx:%lx
	SI64 %ld:%ld != %ld:%ld
	F64 %f != %f
Bad second argument
Fatal Error: Can not initiate the Heap
Usage: %s input_file output_file
Usage: %s segment_size input_file [-trace]
Conversion from text file %s to binary %s completed
segment_size = 0x%x = %d
Cannot allocate memory to hold segment (size = 0x%x)
Input file: %s corrupted
routine_name = '%s'
file_name    = '%s'
prof_dir     = '%s'
Dynamic profile created from file %s completed
Fatal Error: This program was not built to run on the processor in your system.
The allowed processors are: %s.
Run-Time Check Failure: The variable '%s' is being used without being initialized
Error:  Buffer overrun occurred, forced exit
Initialization of symbol handler failed. Error code %d
NTDLL module not found
RtlCaptureContext function not found in ntdll.dll
 Windows XP 64-bit Edition Version 2003 or newer should be used.
StackWalk is terminated abnormally. Error code %d
Exception is raised during stack walking
Signal %s is raised
Signal %s is raised at 0x%p
SIGSEGV
SIGILL
SIGBUS
SIGFPE
unknown
No error
You must link with libunwind to use traceback functionality
Intel(R) Core(TM) Duo processors and compatible Intel processors with supplemental Streaming SIMD Extensions 3 (SSSE3) instruction support
Intel(R) Pentium(R) 4 and compatible Intel processors with Intel(R) Streaming SIMD Extensions 3 (Intel(R) SSE3) instruction support
Intel(R) Pentium(R) M and compatible Intel processors
Intel(R) Pentium(R) 4 and compatible Intel processors. Enables new optimizations in addition to Intel processor-specific optimizations
Intel(R) processors with Swing New Instructions support
Intel(R) processors with SSE4.2 and POPCNT instructions support
Intel(R) processors with MOVBE instructions support
Fatal Error: This program was not built to run in your system.
Please verify that both the operating system and the processor support Intel(R) AVX.
Please verify that both the operating system and the processor support Intel(R) AVX, F16C and RDRAND instructions.
Please verify that both the operating system and the processor support Intel(R) AVX2, BMI, LZCNT, HLE, RTM and FMA instructions.
Boundary Run-Time Check Failure for variable '%s'
Boundary Run-Time Check Failure
Conversion Run-Time Check Failure
Please verify that both the operating system and the processor support Intel(R) %s instructions.
Please verify that your application was built with compatible Intel(R) libirc library
Use of incompatible or internally inconsistent Intel(R) libirc library
Run-Time Check Failure: The variable '%s' is being used in %s without being initialized
%lu/%s
irc_msg.dll
printf
printf_s
__iob_func
fclose
fflush
fopen_s
fprintf
fprintf_s
fwprintf
fwprintf_s
_snprintf
_snprintf_s
sprintf
sprintf_s
sscanf
sscanf_s
swprintf_s
vfprintf
vfprintf_s
vprintf
vprintf_s
_vscprintf
vsprintf
vsprintf_s
_vsnprintf
_vsnprintf_s
vswprintf
wprintf
wprintf_s
_wfopen
_wfopen_s
fwrite
fgetws
fgetwc
fputws
fputwc
ferror
freopen
freopen_s
_wfreopen
perror
_errno
SYSTEMROOT
\system32\
msvcrt.dll
Warning: Missing '%s' function during Intel Library Wrapper initialization.
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
C:\docker\second\60\dr.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data1
.gfids$x
.gfids$y
_RDATA
.debug_opt_report
.rsrc$01
.rsrc$02
GetCurrentProcess
GetVersionExA
FindClose
FindNextFileA
FindFirstFileA
LocalAlloc
EnumSystemLanguageGroupsA
GetModuleHandleA
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExA
WaitForSingleObject
CreateMutexA
GetModuleHandleW
FindResourceExA
LoadLibraryW
LocalFree
GetModuleFileNameA
CloseHandle
GlobalUnlock
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
lstrcpyA
lstrlenW
lstrcatW
lstrcpyW
OutputDebugStringA
WriteFile
FindNextFileW
KERNEL32.dll
SetPropA
FillRect
MapWindowPoints
GetWindowRect
DestroyIcon
CreateIconIndirect
wsprintfA
LoadStringA
DrawIcon
GetIconInfo
ReleaseDC
LoadBitmapW
SetScrollPos
GetSysColor
SetScrollRange
GetDlgItem
OffsetRect
GetParent
GetSystemMenu
DefWindowProcA
EndPaint
DrawTextA
GetClientRect
BeginPaint
GetWindowLongA
DefDlgProcA
CreateWindowExA
SetWindowLongA
MessageBoxA
EnumDisplaySettingsA
GetWindowThreadProcessId
SendMessageA
AppendMenuA
LoadBitmapA
LoadMenuA
CreateMenu
GetWindowTextA
GetWindowTextLengthA
SystemParametersInfoA
USER32.dll
CreateDCA
SelectClipRgn
DeleteDC
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetBkColor
SelectObject
CreateSolidBrush
SetTextAlign
GetTextAlign
GetDeviceCaps
GDI32.dll
ChooseColorA
PageSetupDlgA
PrintDlgA
COMDLG32.dll
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
GetTokenInformation
GetLengthSid
OpenProcessToken
ConvertStringSidToSidA
ADVAPI32.dll
SHAddToRecentDocs
Shell_NotifyIconA
SHGetFileInfoW
SHELL32.dll
StgOpenStorage
CoCreateInstance
CoInitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
ole32.dll
OLEAUT32.dll
ODBC32.dll
NetUserEnum
NetApiBufferFree
NetSessionEnum
NETAPI32.dll
GetPerformanceInfo
GetDeviceDriverBaseNameA
EnumDeviceDrivers
GetDeviceDriverFileNameA
PSAPI.DLL
ExpandEnvironmentStringsForUserA
USERENV.dll
mmioClose
mmioDescend
WINMM.dll
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VERSION.dll
PathFindExtensionA
PathMakeSystemFolderW
StrChrA
PathFindFileNameA
wvnsprintfA
SHLWAPI.dll
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx
COMCTL32.dll
PdhOpenQueryA
PdhAddCounterA
PdhCollectQueryData
PdhGetFormattedCounterValue
pdh.dll
phoneGetRing
TAPI32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageA
GetThreadLocale
InitializeCriticalSection
LoadLibraryExA
LeaveCriticalSection
GetModuleHandleExA
GetEnvironmentVariableA
EnterCriticalSection
RaiseException
RtlUnwind
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
MultiByteToWideChar
GetStdHandle
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetFileType
FindFirstFileExA
GetCommandLineA
GetCommandLineW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
DecodePointer
vM2?tC
iy\}?I
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.itt_notify_tab
optimization_report_version
optimization_report
.itt_notify_tab
optimization_report_version
optimization_report
.itt_notify_tab
optimization_report_version
optimization_report
.itt_notify_tab
optimization_report_version
optimization_report
.itt_notify_tab
optimization_report_version
optimization_report
pU#foY
ASq9f<
	-M!~o
1Qk^%+[
;U8hL2
/LaG:Q,
M'Q\CN
X09sY/Y
E?_Dt=
/LaGRQ
vLaEbQ
8^XFm)(
@o%1@)/B%
uUq/+\
}B8B!(
XMqx%Vr
!5UcfaL
UdR=&Fu
!'c$pt 
[f0/v6
fK^&T"
UCO%Ja
H3#[7y
-7,_N1
/La	bQ
ALWBdP
O#uk*x4
D-47 ~d
HS{byU
 qp;km&zn
"]F[|	
j3AG`<^#)N1
|wN<u 
bJ$3%O
_kA1py
hHz&V9EG
nhh}`s
|9ic;VU&
=6CI[|
l'=K	+
/F~}:f
?utxk>
^m3#hp
)LVDC8
oSmH]$0L
Hmq`%Bp
MA11\.
{heTs4
ajXFe.
&Kc}lz
`3"[7y
?TC?2E
Schq	bQ
@c9o%$
=	"di+
!5+-faj
&[c}lbz-
Er%A|}
Sf4rl'
S]njc&V
#j]$##$
[kEgs:
y'?vuO
>f<fSM
]uX46b|
^DW3n 
S}57*+K
hIbPe]
=Q,W')
"Z>La	"Q
TQ#foY!
f{3|l$
"Hs![77
Nr9Lp+
w5|dYA
KkI-s:j
uz!8Uj
eG0M$?
|	Sw4V
kH/&pv
)!6U}0
r2C\8"
skI)s:
LNDCtW
eyQAw!
 |<$	G
xFoG|l
(^I`.7
iSq9ft
)LNDOtW
|kF`fe
0S6u[@
j@Mm<@
a_KE5y
s/-ALpmk
0S6u]@
e}NI0S
WXe[I^S
R+U8&d2
SKhu	bQ
%"6b,<
OM-k:>
)NVDw:
Qkh]	bQ
 CS}2JLWB
,\3\rUGO
EOW	QU
e_q9f<(+M
eC[%ra
a_~N:,
j_D^	6
Z.i\E:S
t4q/foY
H\{Q!gG
j)&?89:Q
/K8btDt<
vFLSGV
4SrBW!rf
CvAElu
^`DG	J
qbfZ~b
hCBY{-
|m)^SKn
HS_f{U
,#;eq/K@
XZL.>I
O];(Y 
K!0::>G
'<f;MX
Q"& "(pY
R*	Ui{
DQpE	[
yl_';v
*PW#f~
&X}rLA
Gf!\l	
T	e91H.
<3 [8F
+jld.lDM
0M27bK
$S	9H<
<P:I:H
:+g[pQ
Zmd.7tr66
5\v^n6
5SCF6*rnX
f+3|L|l
	$"|Wo
q7rfT>
AJk'A)
+#w+f,
t0"Y '
 g-B7Em
h("<Zc%
(vhSSn8
:>L].'u
>vQT->
zCXw5UI
RuZ3g$
JLt7C;
`[u.*d
7&iPv:2Y
W:-5%!k
/x|dDYU9
)[+xeB
jm P&j
"wTc}"gr
w|dDYU9
9Q(TfA
9CAhs|BJ
Q+ e$.
'V9GAho
}B1'e3
Ry|""h
sdDYU9
KE-C'H
;$hTv:
f0#<$>
G'<zGc
|`DF5j'
gZmd.C
&|g";Y
$wVfe4
h+xUBV
KT%oB~
xZ/>VG
###C###
###!%%%t%%%
$$$L'''
&&&y)))
VVVyZZZs[[[
ZZZK^^^B___
fffwfff
ggg"hhh
mmmennn
vvvwvvv
zzzG{{{
"""#"""
$$$^$$$
###=&&&
%%%k(((
YYYj]]]]^^^
]]]8```"bbb
hhh?iii
nnnyooo
xxxlyyy
|||'}}}
			g			
!!!$!!!
###c###
###J&&&
]]]|bbbbbbb
bbbIeee$eee
lllvmmm
zzz}zzz
   _   
   L$$$
fff]fff
fffKkkk
uuu&vvv
eee{fff
eeemkkk#mmm
xxx!{{{
rrr1ttt
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING