Sample details: 6d0ce21804a0ab7eed015123186dcba1 --

Hashes
MD5: 6d0ce21804a0ab7eed015123186dcba1
SHA1: df25f558f1119f26b735d316caa20145c045278d
SHA256: a14e897b929dceea36203b05426af91b198d8b6e592f7b2b999984d5205fe25c
SSDEEP: 6144:exO1RST+FdLI1OguhGD2+V5MZAqE7c6gWnDDjEe8Jv5eah9Q2Cye4:e0hcBxZVyZAqE7c6gWnDDjEe87ekAy
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/SEH__vectored | YRP/anti_dbg | YRP/keylogger | YRP/win_files_operation |
Source
http://bikner.de/red.php
http://www.bikner.de/red.php
http://134.0.117.224/exe/1000.exe
Strings
		!This program cannot be run in DOS mode.
Richq	
`.rdata
@.data
u&hxAA
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t$h,BA
Y;=H#G
j h`OA
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
to=0$G
URPQQh
t"SS9]
v$;5T$G
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
Afor: yriwoz
Ynos* ypalek ibesyf
Iziwad idonel awukiz
Abucud
Usymeh; ovacoq ikebyq ajof. ytew
Opypys ovap
Esyfaw ucud. abegow %d ywox
Isocib asaw izex = azivux odyh
Inyb %d ubafuz yruh avep: osyk
Enakuc
Ekuxef. urup yfal uxac
Acugok
Iqasup
Yxyh.dll iwypej %s evyw %s ylal ozeh
Aquq %d eqeh ewijob awyxoc
Abit inyk %s ilymyq evysic
Ybytaw iqiz
Amaqoq. yjokuc ebop owas = ojux
Elagon
Etyv %s ipix: exoc
Equqyd ijeqew ekijet
Ezomox ewaxac %s anyceh owod okiv
Ajixym owom anuw; odew ahas
Yjiren ucemyd oxil; ihez
Abis. ywajit %d yjunoc
Uwakow ozav
Oten ahedoh egek
Egax uxykug ynahub* obyrod
Akiras
Yhejad
Uxuzez inyw utoqaq
Emigor egeq ozit
Avyf oduxim ezumit
Abunyn %s utov: avijow
Uvag ucyr
Ydec. yjicup yhedis
Aqed; emac yhic; ubav = ynimej
Apos; okufax %s yliqos %d ogem.dll esesuc
Oxuxyz eheq
Anis ehunoj ehic
Olitat ohin ymolok = eqipil yfytyq
Enevyc ezac umyz oxaw. ybityg
Oxuxyz eheq
Anis ehunoj ehic
Emuh azonod olax* emeker oxet
Elyxit efibas
Olisog uxyd ozyc
Efapiv izykuj uvutim utevud.dll ofebux
Acigyc; erivom ujuh
Ojorib arojop
Ivuhel = olyqar ivuk %s ovuz = ypep
Afuk* utuwyl odiqoj ideved
Anujud
Ecuwon yfol evewoz
Icyv ozydec = esim
Ojipuz arecyn
Idagod azoteh ijodyt olil urydop
Arunyv* afaquk. ekyvow* efih.dll yganym
Olafon inyv: asug %d awubom
Ifujah umeg unamud usyzat ujalov
Udymuw atezaf eput
Icefup ihucus
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
DrawFocusRect
GetAltTabInfoA
SendMessageW
GetKeyState
MessageBoxA
wsprintfA
wsprintfW
GetWindowLongW
CharUpperW
USER32.dll
CoInitialize
CoCreateInstance
ole32.dll
SetBitmapBits
GetPaletteEntries
GetPixelFormat
PolylineTo
OffsetClipRgn
FixBrushOrgEx
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SelectObject
DeleteObject
GDI32.dll
UnlockFile
RemoveVectoredExceptionHandler
GetProcAddress
GetStartupInfoA
SetFileAttributesW
GetCommandLineW
SystemTimeToFileTime
GetLocalTime
GetExitCodeThread
WaitForSingleObject
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
CloseHandle
SetCurrentDirectoryW
SetEnvironmentVariableW
GetTempPathW
GetUserDefaultLCID
GetUserDefaultUILanguage
GetOEMCP
GetACP
VirtualFree
VirtualAlloc
DeleteFileW
FindNextFileW
RemoveDirectoryW
lstrlenW
GetSystemTimeAsFileTime
lstrcmpW
GetStdHandle
WriteFile
lstrlenA
ExpandEnvironmentStringsW
CreateDirectoryW
GetLastError
GetFileAttributesW
FindFirstFileW
FindClose
CompareFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetModuleHandleW
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsValidCodePage
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
KERNEL32.dll
F]rm^Z
dtYqgU
x&gpv5
7*\LBlA
5CN7<S
8!\<4F
W)tP47
o?)0Mz
#,~"N(B
5&:Q)I
dM"zxe
5'Ma9u
i>1Ma>E
r~kM%Q	=I
O>*lLk
YK SY{
G )dlR
AcKu!b
8f+5YVYv
4R#2==vX
j=MB85*
vCe$ZE
"{]<}	9J
P/x{Iy
MQdo n
Ogr#\R
;xF'O9
vf)"f'
a[/vv+
sAd.&\
M)|&S	,
sMY/*b
z9=[:Y
[S')v5
{1# %W
	BF\)Z
Mx7Prd
@z	At<
`}n^"_%
j	Ydg:
A%qY~k
Yr<R773
u@DR2]
7cchu1
<qT .=
<3XmQz
i.|OB)m#
T"UA7tq
7B:nKi;
'95"*)
(!Dnp/
y?-X_j
[^t]'J
 #]`u;
S4l}@v
covyYZ
yO`*3R
b9_^L<3m
6jNxIn
4=u80M
BI-bcV0
m+Cs\y
^4R-<@ng.
kVt%5=b
	/[`6Q
bCeM_u
5Sh ]CT
X *HvZ*
[\3&_=
#mx0x=
VbK|hKx
A7jGA_
<Xfb5j]
0|6|!eL
!.piLf
bc;J^Q
AXSY1b
RNm`9)!y
omn|75
yU;W*OS
j)cpE.h
B,ho=A
+B|>:9
HwQ :.
*8FIB*
p1%5l)
^j	13|
~|l{l2
A|5MUq
: qyQ~
R%gBZE
KJ.oI;
_&zNmB
!Z{uD}
	udp %
E`Y(Jr
Yadp	+
z%256C
aOLa']
`DynhSU
Lp^x~y
?}P"5f
1Z)nqg
q </mI
0yMnk G
-88=CX
y]M<-'KR
=gh{Sn
;iI|ld
>=}+Rp
oCf6SM
yxZE;zy9
UFlby5]
E(aiaJ
bF![rh
O,bavLzo
aD!*^$d#Y
	]!r]n
<3Q3T+zwa
UPc\2m
,~6'~(
B#(M9^9
"lb(kT
eC7mUt73
%>f*TC
799a!$d
ktmQ}-
.	}v_(a
]\v-J91
uODe"U
+L%V@iJ[
PWy5,:
2CtyM8A
Z^xNAN<
$9s5QN83V
.*i^3,
\)aJ {
at1=VUJv
Jy	xz)
@)cw~#Y=
kTML!r
D$\:"TC 
;*-A=dZv]ZS
>h,#xlm
_tMb29
vs!-FZ
iuw[}=#.
^OL1@-
ht>^32
D*@)f*
>~(z3%c9
kdj;>*
`j{!UG
Y,_3&?j
Z<RQM7
v-t:z 
9@)4$^F_e
jRf//!
"]	4$e
S0!<{I
^{^IfK
X%GzL)
UbTP[I4
l_KI_E
T3VX6F
&7eB}}7
HcQf-n
.a|N9C%a1YZ#
cxW'VW^F
,b>=;#
EfFFMn
]yq5	$
1	-5AT
JQkMjW
BeYIa$6A
&am3!lUK2
fK-ef;
3AvgNP$B
FHL+Vl
q2.TV0
qX3}]*
Ffoj[y
A?^[[T,
$:}G,R"
j6]4L3k
tq>!kOJT
8c4.v4
ELNpmnY
5T1"sn
2K_X5!{r
~TfgRf
X^|F%J
1 Gy\!
M19	Ub
jJ'2xc
p}MZLlU
j'zIIFy
@qTe0^O
#1$^!ni
E}RH6E
0I8+K#
`gBYi[
~+47qx
FJ"~C_
eDd7n6
h{PFa)
0j9Pc~!
H|={]or
r!5.^Y
tH)^C5
JFM:"!
PlL92#
KL^;I`
![DZ62
`(vUmf
)r 	wZ
:bzr'n4
gHc|} 
=e!KmJ
BF74=9b8&*3
%}-mhVT|
Nc-"mq]
odyz$|)
A%kQ:!
Tc>jeZ
&'dSUR"$
>IEm6QY
T;x"Yi
|ap"$(
Saz>=Q
p)]3=6_
}w.YGs
3Kg-/<
8Sy}	hULa."
e}j|F7
t/ !SQ2
E2j~BI
b=&vbD
}59x%%
^$wtb=
lovQf>
dR\h-H
ixKyIK
1isH}+@
\D|5d%
l~%57>M
(]X{(Q%AUF
$_G/f,
N Y%R!>
6 5/9e
/q9$Ex
iaIoxZ
;SN-~u
3!f`?]Q
xoZC[ 
 e)02l
MnF'^r
39@iN7
Z,^M.9
cQZg[M
@-|K*|
\]P*aCa
|HYy\D~
w#<?&Z
:jhal!
x,4Ib	
r!*%z"
|J% S,
Q<Tn;qp
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>