Sample details: 7e12831b97ad63445fc0e9173b98b4b0 --

Hashes
MD5: 7e12831b97ad63445fc0e9173b98b4b0
SHA1: 36adafaafea6740027beef8d8f6d762ede47203d
SHA256: 16c2bfc8a95cd2996a5169d3fe441f6a8ac0d8fcf4c5562b6de6e68dac3ae35f
SSDEEP: 6144:axNbhnlpRcq/rJxF+AjpI6V/no/nu6wGg6r+ZfjLkKRvdhkPYXIIa6j:QpRcq/rJFjFQXN4Xjdhk3pu
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/url | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/anti_dbg | YRP/screenshot |
Source
http://www.kfzgutachten-berlin.eu/TempCont/ri.php
Strings
		!This program cannot be run in DOS mode.
P:Rich
`.rdata
@.data
0SSSSS
0A@@Ju
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t h@<I
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
URPQQh\
t+WWVPV
;t$,v-
UQPXY]Y[
v	N+D$
In order to use the default locale set in the environment
In order to use the default locale set in the environment
greater than
less than
equal to
greater than
less than
equal to
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
VkKeyScanExA
GetAncestor
ShowWindow
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
ExitWindowsEx
TrackPopupMenu
CharNextA
DialogBoxParamA
GetClassInfoA
CreateDialogParamA
PeekMessageA
DispatchMessageA
CharPrevA
MessageBoxA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcA
LoadBitmapA
GetMessagePos
CheckDlgButton
USER32.dll
SHGetSpecialFolderLocation
SHFileOperationA
SHELL32.dll
GetTextMetricsW
GetColorAdjustment
GetClipRgn
PathToRegion
SaveDC
GetDCOrgEx
Escape
GDI32.dll
LocalAlloc
ResumeThread
GetACP
GetCommandLineA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
KERNEL32.dll
Osileg* unon %d atys
Ifisok azoz aromuw
Igunir. ylaj ahez ymexaz ufib
Ugoj %d ifevus
['q77/
H)%.OO
J/KO1K
f-qqE*
BBc-u%n'
yJXnWm
zfJcm.
$_^i I
qq"W2qI
&Cpf|\
7g$6L*l
zjE.mF
A:__jFn
% v5_\
g2B2j$
:f@w/zCD
mIO8z6a
c=/iS.
qVo?POZa
a:{A/S
l3jXGLj
T7<m}N
-L)Vvcg
$pA>]+
wdv**m
oD7" <
`LPIO3
L[Y2zW
}W"-'X9
DD_6Uh
M#WBgH
E&XPp	4d7
w>AM$Q
PC%u7f
 WDvn)}
0U^H|d
>+N)w|
`>\cgB*
ZH/f2r
i{T#uS
>=+ LW7
_Gg#quM
kP^j'J
4=@vQY
dx#{vO
\"+o~ 
NstH@'
W>W.mq2
YJQ9#K
1/sen&s
:$fKn*
l,.$ "1
~6\}?y
WwX&}K
>NU=4a;
b:	;6Y
B'(K"/
RNe>Ul
A$=GLT
2t=lq_
@CzE '
{qT?E88
rzZV'#
F%dxS09?
wMoS~LmWcT
>`K7E6
i*_!8m
VY4[ob
Wj8aw	
'|~]C:
{Oorw0
%hkgu2
@B=>d;
D9#m7A
aNG*7.
phGXSF
ERjaVg
aK~nz60
AjBcA1
@kM0mzjZ
*C8]#E
R3O9Z~
_byC{;
?:h:DA8
>5kF7_
$g/\/h
)WYy!Q-
	KWe{z
Gdyet0.
!]Fn"G
/TmfaR5?
=-D>OY
:<OD'.
-31E3Rdc
&?W5AZ
Vd7zww
L1cCcI
.,r}Qu&o
Z[AcAGh
iLB_]F
sva_~_
vkO3]fw
?zn+AJ~D
K=an	g2
o+d`WS
9+X<]-
j/{,i:
N'Xh)o
OV*:$Z
a4M'-8
	6?HT.
<sD~~W
'K@c*H
*$a:-n
I32;C6
9.Qd:%
%(7P*}0
o=2'3\
^VTeed
iVXq}h
)w}~p_
^o? bm	bX
~JFi2[
48JW6W0 
z<4*Uw
/JV+	O
cPIy$+
*jD&1Y
Ew(C5k
+e&x9B
Nk#$_6
.P/lZ+Ac9
KE)63J
&{bgBE
~,T2A4z
%$c8Bc^8h!
rZO?bV
gZJ;c_
T?'Q(W
F6fGOr
*\?<Ky
.W/Ek#woJ|o
@64c!3'
	^zka "
an$7d2
62</dW
*n|:q*
'_U\"x
CTf}<t
F|C&`Q
a[PVbQ
*x2yWWrjo
d!aWa[
2nn>7'
6XN?Hv
ZfJ%"z
r,2o2I
'	OoCA.|
%%Aoo_
Z2ygO"$
'~xV7?
&xOKP>
?-CC|>>16
rz+g	7
_gOu2(M
^s&{uj
_J&j4H
%Oc845
9NLWYc
W\L'uv
5F.lo_
bIoXq|
DW]2I,7
/Z7&$Dq
go	6.o
k`,H_:j
MwEQ>w
=7(eBA
Xx6RD:
?mmW_(
5yY3q?
,N/rP 
_,>2r)
#mTj1+
ZMW]&$
$ENwHO
7JNt f0
vldQBN
2{`lnl
Ig,O"BH
@2BGFf
n8=;!^x~
=[Z7w&$
NO?#Z*7
=x_W!-
BaN%UA
	Ao7@U
0L(j3y
/Bp	=~~
y8"EK5
$l#]B$
%&d65$
=OdAv&h
:/Tj*l6
x+5hWm
g&w_4k
94'^f6>%
<&-U6&
+h%:Uz@
OFv->G_
_aoo&6z
$J\Wf34
GS`&:1
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
????>|||=====<&&&&
%%%%%%%b
||==<&&&&&&&
%%%%%%%%
bbbbbbbbggggggggW
VVVVVQQQ)MC..MMM
>ggggg
QQQQQQQQN...NNNNNNNNNNNNNNN.......MMM.MCBA@2S2d6ddd5dk
MMMNeVWE
xCCCBCCCCMMMMMMMMMMMCCT....NNNNNNNNNNNNNNN...MMx
xCCCCCCMMMMMMMMMMMMMM.NNNNNNNNNNNNNNNNNN.....
xCCCCCMMMMMMMMMMMMMM....NNNNN))))))NNNNNNN.M
xCCCCMMMCMMMMMMMMMM.NNNNNNNNNNNNNNNNNNNNN.M
xCCCMMMMMMMTTMMMMM....NNNNYYYYYNNNNNN....M
ABCMMMMCCMMMMMMMM....NNNNNNNYYNNNNNN.MMMM
xR'/////CBCCCCCCMM...NNNNNNNNNNNNN..MMCMC
L'AAAAAA2@@AAA(/TM...............MMCCBB@
LAAAAAAA''''A((CMMMTTTMMMMMMMMMTMMCBAA@
sLAALLLLLLL--'/CMMMMMMMMMMMMMMMMMMCBA@KJ
FGH*,x
x*HHHs
LAA@A@LLLL
R32S/CCCCCCCCCCCCCC/SS@LKJ,
FGHIJJx
**H*HI
L@@LLKL
LLLLL@AAB(((((CCCCCC((BAA@@K
GHHI,JL
**HHHHy
@@@@@x
xJKL@RAAAAAAAABx
xRRLKJJJ,
GHHI,JLx
**H*HH
LL'AAABBBBBCBC
GHH*,JL@
,***H*
''AAAA//BCBC
HH**,JLs
,**III
L@@@@AAAABB
H**,,JL
,*,,I,
LLL@@LLL'@A
***,JJL
J*,UIR
LL''''@@
***,Js
J,,,*Y
YL'@@@@@@@L
q54h_K
V3BBBBBAAAA
:ps:q(sssqj5:s
spss:sss
2ABBBBBBBB
skmsqNssqmk(qj
xBBBBBB
B3525BddC(B/M(
(/MCCCA(
B2AAABx
xABBAB
RAS'S2((2@@A0@
/BAAABAA
BAABABC
BBBAAx
22@2220x
xAB0S//B/
A@@@@AC
C////2A2@@A@AABSABSA2AA
CCCCSSSSCCMCMCC
@@@AABC
sB((//AAAAAAAABB/BCCBB/BCCCCCCCTTCCCCCBB
LRL@@AC
((BBAAAA@@@@@@AAAAAAAAAAAAAAABBCCBAAAAAA
RRL@SSx
''AA@@@@LLLLLLLLLL''''L'@@@AAAAAA@LLKK
LL@@LLLLKKKJJJJJ
KLL@@BAL2f
yPZDevaPW
LLLLLLK
,,,,,,,JJJJJJ
sLLLLLLK
JJJ,II,,JJJJ
@@@LLLLK
KKKKKKL'AACAl
s@AA@@@@LLLLL
LLLLL@@@@''A(CAY
xAAAAAAAAA@@@@@@@@@@@AAAAABBBBBB
x@AAAABBAAAA@@@@@@@AAAAABBBBBAAA@2KU
nooookk
x@@AAAABBAAAA@@@@@@@@AAAAAAAAA@@LL1XIHGFFFF
|f@@@x
s@@@@@AABBBBA@@AA@@@@@AAAAAABA@LLLL+,IHHHGGFFFx
DevVOW
|fL@@2ALx
x@@@@@@@@AABBBBAAAAA@@@@@AABBBBBA@'LL
+*IHHHGGGGFFFFFGGHHIIIIUIUUIU
|fKL@@@@L@@@LT\
SKLLLLLL@AAAAAAAAAAA@@@AAAABBBBBA'-L
JJJ,I*HHGGFFFFFFFGGHH
|fKL@@@@@AAA@R^
LLLLLLLL@@@@@AAAA@@@A@@@AAAAA@L
JJ,,IIIHHHGGGFFFFFFFG
|fJKL@@@@AAAA@022225R@LLLLLLL@@@@@AAA@@@@@@@@@LLLLLLRKJJ,IIIHHHHGGGGGFFFFFFGG
DlvVOW
|fLL'ABBBCC(C
((CBL,I,,-'''AAAAAAABBBAA@JJJJJJK@L@LIIIJ*HH,HGGHHFFG
|tqqpppppppppppppq8i$$fmmjjjjjjjjjjjjjjdcccccY
jn$lmkf
hkn7hj7lkmq7$7qknomqpn99$op7
ittttttePPaucDc{{
~}}}}}}}}}}}}}>	
lDZ]oaDf
#nDP]o]
#lDZ^f
#lD[cua
r]PDy}
lDP]7DZPorow^
#nDPataPDPus:
f]PPPV
#lDPataD
lDP]o]PPZvwvq
#lDPZo]ZPZ[a7
#lDP^t]Vow{
#lDP]ofcr
^kotoyy
#lDP^rf
OZVQQ)&
#lDZ]7
#lDZ]r7ff
#lDP]offf
lDP]o88]trfQ)
#lDPat^D
PP[r8V^
Z[ttVc
cvtoV)
D^qj8D
Dfyuux
qk8Vc{wvx
fZDw#us
7[VwyQ.
j78V]aDP
coDPPW
PPVVDotPcwy
#lVD[ouy
#lov{{
#ny#!{
{Vvtag
!#{yuval$
#n{wQca$zz=
#luo[$
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
      
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    </application>
  </compatibility>
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel level="asInvoker"></ms_asmv2:requestedExecutionLevel>
      </ms_asmv2:requestedPrivileges>
    </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
161207000000Z
171207235959Z0
1091251
Moscow1
Moscow1705
.d. 24 pomeshchenie VI, KOMN 1, ul.Saratovskaya1
INFORM VT, OOO1
INFORM VT, OOO0
[+!?Ge
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
20171024134235Z
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer0
fO\r6{
'1Oqtn
lZGfD{
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
171024134235Z0+