Sample details: 680421fd524f0b12ecc08eee948d3630 --

Hashes
MD5: 680421fd524f0b12ecc08eee948d3630
SHA1: 114a1e95988d38e1cca5ce5ba98b487cfc5bf35d
SHA256: eab3c6733e783f0a85608582f6c47238809306801ab8e80862b03497358de944
SSDEEP: 3072:TMwmlOI6YhFNF4eQ7s0x9zYKW6b+1Isq/Mn02sivHkTgM4NS7+HGh:AW2F4LPx9jHb60cPk/4S
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://kooshesh-co.com/Mndv63
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
>FYY;u
PPPPPP
PPPPPPPPPPP+
t@97u<j
t@97u<j
tA97u=j
PPPPPPPP
QQSVWd
PP9E u
jA[jZZ+
t6h 2B
~pjCXf
,SVWj0X
Wj0XPV
j@j _W
QQSVWh
j"_f9y
tyPVj@W
_tcPVj@
u#j,Xf;
>Cu/f9F
RVSQSWV
SVWjA_jZ+
uBjAYjZ+
t WW9}
URPQQhP
HHtVHHt
v	N+D$
<0|m<9
G Pj*S
G$Pj+S
G(Pj,S
G,Pj-S
G0Pj.S
G4Pj/S
G8PjDS
G<PjES
G@PjFS
GDPjGS
GHPjHS
GLPjIS
GPPjJS
GTPjKS
GXPjLS
G\PjMS
G`PjNS
GdPjOS
GhPj8S
GlPj9S
GpPj:S
GtPj;S
GxPj<S
G|Pj=S
;t$,v-
UQPXY]Y[
PWWWWV
PSSSSV
v	N+D$
tQhT	B
t@h\	B
j	PjYV
Yu2Vj@h
tLhT	B
t;h\	B
Ht+Ht$Ht
~';_t|%3
+t"HHt
SVjA[jZ^+
jAZjZ^
uHjAXf;
bejijeponijapubezobe
cazexuyu zepituvaciyoxejogitavuweri votacupojofugiwisozeyeta
VirtualProtect
%s %c %f
johimehacice
bad locale name
generic
unknown error
iostream
iostream stream error
system
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
string too long
invalid string position
bad cast
bad allocation
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefABCDEF
CorExitProcess
Unknown exception
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
(null)
`h````
xpxxxx
_hypot
_nextafter
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
`h`hhh
xppwpp
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
1#SNAN
1#QNAN
GetProcAddress
GlobalAlloc
GetLongPathNameW
GetProcessHandleCount
GetProcessWorkingSetSize
OpenProcess
ExitProcess
TerminateProcess
GetThreadPriority
GetThreadTimes
GetThreadSelectorEntry
GetFileInformationByHandle
GetFileSize
GetSystemTimes
GetTickCount
GetModuleHandleW
SetProcessShutdownParameters
AddAtomA
AddAtomW
GetAtomNameW
GetTempPathA
GetWindowsDirectoryW
KERNEL32.dll
ReleaseDC
SetScrollRange
ShowScrollBar
SetPropA
GetPropA
USER32.dll
StretchBlt
FillPath
GDI32.dll
OpenEventLogW
SetSecurityDescriptorControl
LookupPrivilegeNameW
GetUserNameA
InitiateSystemShutdownA
ADVAPI32.dll
GradientFill
MSIMG32.dll
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryOption
WINHTTP.dll
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetLastError
GetModuleHandleExW
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetCurrentThreadId
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileW
CloseHandle
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVbad_cast@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AV?$ctype@D@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
z4WBy9
aa4?2z#
.R-jP8c
X&h{Mu
3&4T%v
}?*$F_
Tk_-H,
vVvwZB
(U$q])D
d1ubP9{
RSH#J-
;`s{q&
2$yzK{
sS*d]^A,Z
A?82eP:
<ANU(}L5
u-nMfm
3 tV]vkEI
^:EC,/
.YRl<!
EN@CJ/^4
lz/H@G
*vw`%_
?[JU9x
j?/x4Zh
X-_H+Y
RY|~HV
a(>#&C
y1>3 N
qf4NP_`
Bguz_wH
\(HD?	
9w(]zd1
lrq5ld
	I5f=Q
0%7fFM
G0B)186
k8#j^r
'y<OF:
4.ngV~
HMlTFT
T\s|bM
?-?@C.
6;~&~3
-k$@d@
h+cy=E
Oo&+5u
3}xtM,
u(Ro/OzL
bNZB&|<
K0%1|n
BG9[-|
lBP]~,
	F)8{r
&uvQiF
oX]Te&
0!0-070E0R0_0l0y0
1'121:1D1K1U1]1g1r1z1
2'222A2K2
3?3I3O3
3`4n4v4
9.939p9
:#:0:z:
<!=(=K=
>0?T?v?
0*1<1t1
1 2A2e2x2
3"3)3:3
4^5d5/9
9&;o;y;
	0A0=2y2
0%1?1K1
8%9I9u9
?%?3?<?
185B5O5_5
6"6=6X6e6v6
:.:l:~:
:7;H;O;W;p;
=-=3=W=]=
?Y?g?q?
3 3$3(3Q3w3
41585<5@5D5H5L5P5T5
8*868;8F8P8f8
8'9>9K9W9g9m9~9
:&:w:}:
<.<6<E<L<e<
153S3l3s3{3
4b4h4l4p4t4
8s8y8}8
9'919:9
<"<-<M<X<
= =(=A=(>
595P5_5
8&8,8G8W8`8h8
9!9&9,94999?9G9L9R9Z9_9e9m9r9x9
:#:+:0:6:>:C:I:Q:V:\:d:i:o:w:|:
;#;1;?;F;S;\;i;{;
@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
8"8'8-838A8G8c8m8s8
:B:M:_:t:
:J<U<[<}<
1Y1d1j1
1 2I2\2l2
303<3C3J3e3o3
4f5l5r5
6$6)6.636<6
758=8N8x8
;D;Y;g;p;
;"<K<e<m<x<
>)>D>\>h>w>
>/?9?[?v?
0 0'0.050<0C0J0Q0Y0a0i0u0~0
1!1'1.151<1C1J1Q1X1`1h1p1{1
8x:9;L>
0=1C1J1
4@5L5V5e5p5
6"6/6^6f6w6
;h;t;A<
=4>H>z>
>A?G?Y?j?
8K9Z9}9
:!:(:0:9:K:c:i:r:x:
;4;N;[;j;t;
<<<I<R<v<
8A9K9f9
1=1C1b1h1
3=5A5E5I5M5Q5U5Y5K6V667R7I8[8m8
9!9^9*<
?#?+?3?
;%<?<H<v<^>
=->~>_?p?
4.5O5V5}5
666K6U6
7&7M7c7v7
9 :B;J;
>&>2>A>
<"<&<*<8<
8,8O8j8t8~8
2 3$3(3,3034383<3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4044484<4@4D4H4T4X4\4`4d4
5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5
5`6d6h6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?
2$2,242<2D2L2T2\2d2l2t2$<(<,<0<
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
<(<4<@<L<X<d<p<|<
=$=0=<=H=T=`=l=x=
> >,>8>D>P>\>h>t>
7 7,787D7P7\7h7t7
: :0:4:H:L:\:`:d:l:
;$;4;8;H;L;T;l;|;
<$<(<8<<<@<D<H<P<h<x<|<
= =8=H=L=\=`=d=h=l=p=t=x=|=
> >8><>T>d>h>l>
?(?8?<?L?P?X?p?
0$0(080<0@0H0`0p0t0
1$1(1,1014181@1X1h1l1|1
2 2$2,2D2T2X2h2l2p2x2
303@3D3T3X3\3`3h3
4(484<4L4P4T4\4t4
545H5X5|5
6,686@6`6
7 7$7,7@7H7\7d7x7
8 8$8,8@8H8P8X8\8`8h8|8
9(9H9P9T9p9x9|9
:,:0:8:@:H:L:T:h:
;(;H;d;h;
<8<D<P<p<
=8=X=x=
5<90:4:d:l:t:|:
;$;,;4;<;D;p;t;x;|;
<$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
=,=<=\=h=l=p=t=
505P5l5
9(9H9h9