Sample details: 713dc029eb9d885823a015670811e3e5 --

Hashes
MD5: 713dc029eb9d885823a015670811e3e5
SHA1: 9c9f4c0f14e48e9c9494a70d271cd2d7acb31cbf
SHA256: 92930b3a75c6c54dee11ff1733125dbe6aa4dbb24207f11bee3068334b32f0ff
SSDEEP: 6144:pEr4qfwf03wkXdOvf+T1PJ/LLCtsxdSBGRa6nM7+FHWJ:pyZflhJjLCixsb6nM7+oJ
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_mutex | YRP/win_files_operation |
Source
http://yamanashi-jyujin.jp/kmywfhl.exe
http://yamanashi-jyujin.jp/kmywfhl.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.reloc
SVjghh
PPPPQSPj
~&h "E
|&hh"E
t&h4%E
t&h(%E
Qjxh8#E
Pjyh8#E
u3h KE
}'hHHE
URPQQh
;t$,v-
UQPXY]Y[
							
																			
							
							
																			
							
							
																			
							
P$+Q8+U
P$+Q8+U
J$+H8+M
;H8te3
jChH*C
jChH*C
jDhH*C
jDhH*C
u#h4+C
jQhH*C
jQhH*C
u&hx2C
u&h03C
u&h\3C
jUh@5C
jUh@5C
jVh@5C
jVh@5C
j1h@5C
j1h@5C
j2h@5C
j2h@5C
u%h4;C
u&hD8C
u&hP;C
u&hD8C
t&hD:C
u&h(6C
u$h0BC
u&hPBC
u&hD8C
u&hP;C
jChH*C
jChH*C
jDhH*C
jDhH*C
u#h4+C
jQhH*C
jQhH*C
u&h SC
u&h SC
u#h$VC
j-h`VC
j-h`VC
j?h`VC
j?h`VC
j`h`VC
j`h`VC
u&hl[C
u&h(\C
u&h`\C
jNh8]C
jSh8]C
u&h4pC
jWhtyC
jghtyC
f9:t!V
u#hT|C
u#hx}C
j'hH*C
j'hH*C
u#h4+C
j2hH*C
j2hH*C
u&h4+C
u#h ~C
jAhp~C
jAhp~C
u#hh]C
u#hXMC
u&h03C
u#hx}C
j'hH*C
j'hH*C
u#h4+C
j2hH*C
j2hH*C
u&h4+C
PPPPPPPP
u#hXMC
u#hXMC
u#hXMC
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreW
CreateSemaphoreExW
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
CreateSymbolicLinkW
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleEx
SetFileInformationByHandle
GetSystemTimePreciseAsFileTime
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
Unknown exception
bad allocation
bad array new length
bad exception
f:\dd\vctools\crt\vcruntime\src\internal\per_thread_data.cpp
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
<program name unknown>
Normal
Ignore
Client
Client hook allocation failure at file %hs line %d.
Client hook allocation failure.
Error: memory allocation: bad memory block type.
Client hook re-allocation failure at file %hs line %d.
Client hook re-allocation failure.
Error: memory allocation: bad memory block type.
Memory allocated at %hs(%d).
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Error: possible heap corruption at or near 0x%p
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
Client hook free failure.
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: before %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory before start of heap buffer.
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: after %hs block (#%d) at 0x%p.
CRT detected that the application wrote to memory after end of heap buffer.
DAMAGED
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
Memory allocated at %hs(%d).
HEAP CORRUPTION DETECTED: on top of Free block at 0x%p.
CRT detected that the application wrote to a heap buffer that was freed.
%hs located at 0x%p is %Iu bytes long.
Memory allocated at %hs(%d).
%hs located at 0x%p is %Iu bytes long.
Cycle in block list detected while processing block located at 0x%p.
Heap validation failed.
Bad memory block found at 0x%p.
Memory allocated at %hs(%d).
Bad memory block found at 0x%p.
 Data: <%s> %s
Dumping objects ->
#File Error#(%d) : 
%hs(%d) : 
{%ld} 
client block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
crt block at 0x%p, subtype %x, %Iu bytes long.
Object dump complete.
Detected memory leaks!
CorExitProcess
minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp
minkernel\crts\ucrt\src\desktopcrt\env\environment_initialization.cpp
minkernel\crts\ucrt\src\appcrt\startup\onexit.cpp
minkernel\crts\ucrt\src\appcrt\internal\per_thread_data.cpp
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
minkernel\crts\ucrt\src\appcrt\stdio\_file.cpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Second Chance Assertion Failed: File 
<file unknown>
, Line 
_CrtDbgReport: String too long or IO Error
Assertion failed: 
Assertion failed!
%s(%d) : %s
_CrtDbgReport: String too long or Invalid characters in String
GetActiveWindow
GetLastActivePopup
GetProcessWindowStation
GetUserObjectInformationW
LocaleNameToLCID
MessageBoxA
MessageBoxW
minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp
minkernel\crts\ucrt\src\desktopcrt\env\get_environment_from_os.cpp
minkernel\crts\ucrt\src\appcrt\lowio\osfinfo.cpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp
minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\atlexcept.h
AtlThrow: hr = 0x%x
C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\atlmfc\include\cstringt.h
Warning: implicit LoadString(%u) failed
EXCEPINFO
Description: 
Source: 
Source line text: 
Source context: 
Line number: 
CharacterPosition: 
JScript
WScript
vmecwpipip213#pi
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
HeapFree
SetLastError
InitializeCriticalSectionEx
HeapSize
MultiByteToWideChar
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
WideCharToMultiByte
CreateMutexA
lstrcmpiW
KERNEL32.dll
MessageBoxA
MessageBoxW
USER32.dll
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
ole32.dll
OLEAUT32.dll
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
EncodePointer
FreeLibrary
LoadLibraryExW
RtlUnwind
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
HeapValidate
GetSystemInfo
ExitProcess
GetStdHandle
WriteFile
GetACP
GetFileType
OutputDebugStringA
WriteConsoleW
CreateThread
LCMapStringW
HeapQueryInformation
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIAtlStringMgr@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AVCWin32Heap@ATL@@
.?AUIAtlMemMgr@ATL@@
.?AVCAtlException@ATL@@
.?AUIUnknown@@
.?AVJSEngine@@
.?AUIActiveScriptSite@@
.?AVWScript@@
.?AUIDispatch@@
M?>=lKIH{fdb
KIH{A?>m
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0F1T1o1|1
3C3R3\3z3~3
4'40454@4
5$5/5A5F5S5_5i5r5x5~5
7#7,7X7]7
7	8H8M8X8
9`9e9n9l:
;a<f<q<
%0*060
101@1a1
2(3O3|3
4(4D4I4U4s4
5"696P6
6c7h7t7
?!?&?0?6?D?I?S?Y?f?k?u?{?
0$0*080=0G0M0[0`0j0p0~0
1-121<1B1P1U1_1e1s1x1
2"2'21272E2J2T2Z2h2m2w2}2
3&3,3:3?3I3O3]3b3l3r3
4!4/444>4D4R4W4a4g4u4
4.5;5A5V5`5h5r5z5
6$6G6d6j6p6x6
6)787T7Z7f7n7s7
8*8K8R8":[:
;';0;J;S;\;v;{;
>F?K?]?
2$2*21282?2F2M2T2[2c2k2s2
2*30363<3B3H3O3V3]3d3k3r3y3
6(7H7Y7|7
9@9W9d9m9u9
:C;K;i;r;z;
<:=E=t=z=
=&>T>d>r>y>
?-?<?E?K?Q?
&0+0=0h1
=6>;>M>F?K?]?
347G7e7s7!9X9_9d9h9l9p9
<D=I=N=d=i=n=
?4?9?E?l?
0*0/0;0U0
=E=M=\=
=A>^>c>
F0Z0y3
4E4Q4h5
6[8`8l8
979<9A9
;!;-;Z;_;d;+<0<<<i<n<s<
?3?8?=?
'0,080h0m0r0
4W4\4h4
4/54595l8
8>9C9O9
=@=E=Q=~=
=P>U>a>
>K?P?\?
0"1'1,1
8L8Q8V8-929>9k9p9u9
9D:H:L:P:T:X:\:`:
< <%<R<
1H1L1P1T1X1\1
2-323>3k3p3u3
5$5Q5V5[5
6$6Q6V6[6|8
9I9N9S9
98;<;@;D;H;L;P;T;X;\;L<Q<]<
=#=Y=`=
? ?$?(?,?
0!0-0Z0_0d0
6"7)70:4:8:<:@:D:H:L:P:T:X:\:
> >$>(>,>0>4>8><>
004080<0@0D0H0L0P0T0X0\0
;\=`=d=h=l=p=t=x=
1 2%212^2c2h2
4a5f5r5
5`6e6q6
6Q7V7b7
7P8U8a8
8A9F9R9
?!?N?S?X?
J0O0[0
0(1-121V1
61868?8i8n8s8
9I9N9S9
:D:I:R:|:
=>=a=m=
>6>U>a>q>}>
>3?8?=?s?x?}?
2@2L2i2u2
343@3P3\3
4R4W4\4a4
<1<6<;<
0e2j2v2
? ?)?S?X?]?
1$1)1o1t1}1
1K3i3r3
6I7h7m7
8	9I9U9
;';a;f;r;
=>=C=O=
>#>?>]>g>l>x>
0&020O0l0q0
1$1O1X1
7 7%7v7
8Q9Y9k9v9~9
;7;A;F;R;m;s;{;
<$<0<F<K<W<{<
>8?=?O?
0 1+1h1m1
3'3-3:3w3
3H4M4_4h5m5
5?6D6P6
=;=I=^=f={=
0"1'131`1e1j1
;";';2;=;
;(<-<?<
70j1F2K2f2s2V3f3j3t3
364;4V4[4{4
6M7R7W7^7
8)868Y8
>7><>A>\>`>d>h>v>
?6?H?M?\?
=0B0K0u0z0
1m2r2{2
3'515W5M6R6^6
-020>0k0p0u0
1P1U1a1
<$<-<W<\<a<
= =)=S=X=]=
>O>T>]>
>8?=?O?
80=0O0
7&80868g8o8{8
;2;7;<;
3	9W9^9e9l9s9z9
96:;:@:
;I;N;S;
<K<P<U<
=W>\>h>
>P?U?^?
0!0,060T0b0
1M1b1o1y1
8/8<8A8G8T8Y8_8
9!9&9Y9e9q9v9{9
:	:2:7:<:A:
;!;L;Q;V;
<(<1<c<
>:>A>K>]>g>
>C?x?}?
2O2T2Y2
2B3v3{3
3*4/444{4
6<6N6v6
8j8o8t8
<H=M=_=:>
1'1T1Y1^1V2e2
3h3l3p3
4 464;4@4V4[4`4v4{4
5 565;5@5V5[5`5v5{5
6.7_7}7
9?9N9y9
:9:g:z:
<	=A=y=
>.>D>I>U>s>
F1s1}1
555<5r5
5K6P6\6
8B9x9}9
3 373\3
4)484H4T4X4\4`4d4
;8;N;h;m;
2%2J2i2
494>4C4
8(9-9298:=:I:v:{:
<-<2<7<
> ?%?*?o?{?
070@0e0
2>2C2O2
373V3u3
4/4N4m4
5#5B548r8
<)=.=:=
6@7_7h7
=&>+>4>^>c>h>
?E?J?S?}?
072<2E2
1J1O1T1Y1
1H2M2_2
323h5m5
8F8K8P8r8v9{9
;G;L;Q;
;#<(<-<f<k<t<
<R=W=`=
?.?3?8?
0#0(0g0l0u0
1)2.232
6$8)858b8g8l80959A9n9s9x9
4K4P4\4
8::?:K:x:}:
=*=/=;=h=m=r=
4)5D5r5|5
526b6w6|6
1X2]2o2
3!3G3r3w3
3(4-464
4.53585^5
9p:u:~:
? ?J?O?T?
0	0'0/0
001Z1b1
2!3X3u3
6&6{6|7
798D8L8S8_8
8 9K9{9
787=7O7c8
:":':M:x:}:
=C>P>u>
p0t0x0|0
0?1D2S2F3Q3w3
9P:(;,;0;4;
>%>6>4?:?
b4~4!5>5
1L6P6T6X6\6`6d6|6
6T7X7\7`7t7x7|7
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
p;t;x;
9$9,9094989<9
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2
D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
44><>D>L>T>\>d>l>t>|>
p3t3x3|3
3 3$3(3,30343|5
6 64686<6@6X6\6l6p6x6
7$74787H7L7P7T7\7t7
8$8(8<8@8D8\8l8p8
9$9<9L9\9`9d9|9
>0><>\>d>
?,?0?8?@?H?L?T?h?p?
0,000L0P0`0
1 1@1`1
2 2@2`2
3(3H3h3
4$4@4`4
5 5,545@5`5l5
6 6<6@6P6X6t6
1H1X1h1x1
7(7,7074787<7@7D7H7L7X7\7`7d7h7l7p7t7
8 8H8h8
9 989X9p9