Sample details: 80fb4b0bc0d8eb87fc2ee774e648c950 --

Hashes
MD5: 80fb4b0bc0d8eb87fc2ee774e648c950
SHA1: c002d0525c5bc8b15d01a5f7ee5497cd16349c29
SHA256: 29b61912c688c3a266f0a2cd5e43911007d16f71de702045041c1915481beceb
SSDEEP: 3072:oo9px4eL2RI5h+77B8AwXajulyskTSxZSq6TO0Bn5A/lhrn1gZGxC0TZWhVqzNw:f9UBOdAEaCysPkq6DnGthrzCDhMzNw
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://89.223.30.132/avsc.exe
http://89.223.30.132/avsc.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
QQSVWd
URPQQh0B@
~pjCXf
jdh`MA
j@j _W
QQSVWh
j"_f9y
<v5hjxA
,SVWj0X
Wj0XPV
j$h@OA
tf=xnA
v	N+D$
;t$,v-
UQPXY]Y[
jA[jZZ+
PWWWWV
PSSSSV
v	N+D$
PP9E u
Ht+Ht$Ht
~';_t|%3
+t"HHt
tfHtWHtHHt/
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
Unknown exception
CorExitProcess
(null)
`h````
xpxxxx
UTF-16LE
UNICODE
_hypot
_nextafter
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
bad exception
`h`hhh
xppwpp
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#SNAN
1#QNAN
generic
unknown error
iostream
iostream stream error
system
masurano
VirtualProtect
string too long
invalid string position
ExitProcess
SetProcessAffinityMask
GetModuleHandleW
GetTickCount
GetProcessTimes
TerminateThread
TerminateProcess
GetTempPathW
GetFileSizeEx
GetProcAddress
GetAtomNameA
GetProcessWorkingSetSize
LocalAlloc
AddAtomA
GetThreadPriority
SetProcessShutdownParameters
GetWindowsDirectoryW
GetCurrentProcessId
GetFileInformationByHandle
GetThreadTimes
KERNEL32.dll
EnableScrollBar
GetScrollRange
SetPropW
GetPropA
USER32.dll
LookupPrivilegeNameW
OpenEventLogW
SetSecurityDescriptorControl
GetUserNameA
InitiateSystemShutdownW
ADVAPI32.dll
GradientFill
MSIMG32.dll
WinHttpWriteData
WinHttpOpen
WinHttpReadData
WINHTTP.dll
EncodePointer
DecodePointer
GetLastError
HeapReAlloc
GetCommandLineW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentThreadId
HeapFree
GetProcessHeap
CloseHandle
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
GetStringTypeW
SetFilePointerEx
CreateFileW
WriteConsoleW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
onwGO=
WDe	ph`
[k&G 2id
}AH^G 
0lS,V9
pKoEo#4
;SH$#$
dRt98i
OPUYhH
|\E9Ev\I
Uj?3@AH@
Uh3t/\n
skpe/I
s^n?<J
F~9YoX
4`G\%N=
p]vvzF
z2z/)~a
y,m6Z\
+ixDnLd]
^c9q6"r
9?3B[3a
e1Bd@" 
P'^'"3
#vs)AV
VQt)Dp
wq Yuf+
ch!{jc
H3N)=F
o^p)c4
Fv*k)EB
zc!Bf=
d5*BPf
"\JH#$
z[jSD0
%}bfD*
	9eQRc
UR?0xE
Bf%i0{i
jfm^QmNi
~]l^PH
uK0Ylex
uK0Ylex
Q9L@::
BJ;K7M
#mls%}
#x'w4#
b]4/bu
@]=P?`o
~h`)AZ
\Fv+=~
G45JhH
7ZY{S	/
 &1,Jb
xbg6s*"
m)@:|}
asH`Tv!
|E~7!_
f]nWD0
4^9!YZ
8rXA)8V"q
Z#XhKMj
%eO:#k
)T4!8PU
DBVv+9=X8NT_
J}GP|1
Xu6AW>/
PP05F>
s%sR,v$
DH&?Yj.{?T
}}Y0H:
TFAM8Eh
dC7>Ms<
kdSG	bQ
m0h";?
!r_AjU;
mG,	[[
B-#n:%
bQ|,b8L2
!I}*S#
9+W5S6
zS@CsH:
E,(!cP
CJ2|8s
;I<73(
bTOo)1
yNk+7y
`pEr2F
bwu<B7
R*AudP/
!;P~g[-
>b}n>Kf
BYn,)k
vQKa@*@Q
0x>[q2G
MnDibY
r:Z)CgV
9@QAn"S
{oEKS,"LU
a^ u@@
'Byi<anT
Z]ATE@
qMFeix
v1s(w1
>V$2oz
	=a.[L
r>8[\P\
j*t,j-
@5o&@x
5x)`]S
q:Y`Z?
{!.{fYd
Q`+~W+g:s
oEd`Te
nO@:-\
Pk]d)Y
A4QV"If
kedijoxoluhapomelufozidamoxerelavacupiyocikofocosudodemuzodupatovajufizezonunuzawawajakihegilapefopumixebufalehiboperazitasifucejelafetetoyofuwuxefogodoripujijimoyoxafepegijemimizotupafelegocunolusovuvunoruzaxafobafumogawibehujekacetoxelisifekuyapezekuvesuwedacisoxaniwuzinimujiwijuhekisabudamifojukopozudicokazudenemikawegijopewiwiliranayigasanolinotuzedasilavisijupoyahexefuwihihufijojagutejoviwunezucazibetituwikatetivenutoyinepetokedegiyecofalunufasokigagipecogukovawodizuxazavesimudojacasacekuhifogozuvuyenu(
1/= /= /= /= /= /= /= /= 
1/= /= /= /= /= /= /= /= 
1/= /= /= 
_!{_!{_!{_!{m
_!{_!{_!{_!{_!{_!{_!{m
#@a#@a
_!{_!{_!{_!{_!{_!{_!{
_!{_!{_!{_!{_!{<r
_!{_!{_!{_!{
_!{_!{_!{_!{_!{_!{
_!{_!{_!{_!{
gKK`KK`|
t Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
gKK`KK`KK`
) Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
gKK`KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
gKK`KK`KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
gKK`KK`KK`KK`q
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
_KK`KK`KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
_KK`KK`KK`KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux
_KK`KK`KK`KK`KK`|
 Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux Ux(
oMMooo
ooMooo
ooooooooooooooooooooooo
oooooo
oooooooooooooooMoooM
ooooooooo
oooooooooMMoooooooooo
oooooooMoMMM
ooooooooooo
ooooooooMMooooooooooo<
<ooooooMoo
ooooMoooooo
oooooo
}MMoooooooooo
ooooooooooooooo
ooooMooooo
oooooMo
ooooMo
ooooMMM
oooMMo
MoooooooMooooooo
ooooMoMoo
ooooooooooooooo
oooooooo
oooooo
oooooo
ooooooo
++++++
ooMoooo
MMoMoo
ooMMMooMM
oMMoMM
oMMooo
ooooooo
ooooooo
oooooo
oooooooo
ooooooooo
oooooo
oooooooooooooo<
oMoMooMoooooo
ooMoooMooooo
oooooo
ooooooMooooooo
ooooooooooooo
o;		;o;
ooo;;x
		:::		O
		o		;	;
		oo	x		
;				mm		
			m				
o	xxxx	
o				;			;oo				
	m				9
xx	xo;;		
xxxxo;
;mm	9O#
[i[R[[
R[[[[[[
RRRG[[R[4[[[[[R[R
[[[[[W@
RRR[R4[4WW[[[[
[R[W[[iRi
RR[!R[RR!
Rii[[[[[i@[[[
W.[[[[[[RiRR
iiii4iRR.iRR@[[[
RWR.@@R[[[
Rii*Ri
IIrIII
Irrrrr
rIrIIIIIrr
rIIIII
IIIrII
IIrrIIr
rIIIIlI
IIIrrII
rIIIIIr3Ir
IIrIIr
IIIrIrrr
rIIrrI
rIrIIrIIIIrrrrr
IrIIIIIrrI
rIIIIrIrI
rrrIIr
QMO+uvr^urq
ywm^uws%
~xu/vnq
uxsBvyp
{rvptxq
#`^h0utt
bc`Dqwx
sqpuuxw
qnq6457Pyqq~vuv
JMBceb^<
>P"$TMQmt|u
03$:|~
OOQC~w~
 USYhuso
437&633Psrx~wyx
W\`g2+51
IL;Lrup
g_`Qswr
Q`a6ttr
U`MAuur
2B3J3R3Z3e3w3
4)4D4N4Z4d4n4|4
5&5<5H5V5\5
;;;A;p;
?,?3?;?@?D?H?q?
"0(0,00040
1Q1X1\1`1d1h1l1p1t1
1E3J3O3f3
3.434<4H4M4
4-5E5Y5
7&7/7w7|7
;%;,;0;4;8;<;@;D;H;
<0<7<<<@<D<e<
<.=4=8=<=@==?V?
091Q1V1
4"4'4-41474;4A4E4K4O4c4
5J6S6[6u6
787L7|7
:3:I:S:Y:d:
:";(;M;b;~;
=#=:=X=
>0?;?A?
0$0/0>0H0n0
151<1R1\1
3C4I4r4
6&6]6s6y6
627=7O7
9U9::U:k:
;,>!?2?
1?2`2e2
4'4,5R5]5
8@9F9M9
<C=O=Y=h=s=
=0>H>R>n>u>{>
0'060?0L0{0
1.141D1L1R1a1k1q1
2)2<2B2H2O2X2]2c2k2p2v2~2
3!3)3.343<3A3G3O3T3Z3b3g3l3u3z3
4 4%4+43484>4F4K4Q4Y4^4d4l4q4w4
5]5d5w5
6"6+60666@6J6Z6j6z6
7\7b7g7o7
:I<i>w>
1+1\1t1
1F2K2]2{2
23393E3J3O3T3]3
5V5^5o5
8-8e8z8
=B=O=T=b=
2%3?3H3
5l6+7,8<8M8U8e8v8
919D9f9m9
:#:S:p:
<8=A=_=
656F6L6X6h6n6}6
7!7*707:7E7
3S4e4w4
5+5J5\5n5
1Z2b2n2}2	3 3W3
:0>0B0F0J0N0R0V0Z0^0b0f0t021K1Z1{1
B1H1R1
172L2U2^2
4?4Y4`4i4r4{4
4 5$5(5,5054585<5@5D5H5L5P5T5`5v5
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
6(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0T2\2d2l2t2|2
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
7(787<7P7T7d7h7l7t7
8(888<8L8P8T8X8`8x8
9 90949L9\9`9d9h9|9
:$:(:,:0:D:H:L:P:
; ;(;0;4;<;P;X;l;t;
< <@<\<`<
=0=P=\=x=
>$>(>D>H>X>|>
?4?8?X?x?
4T4\4d4l4t4|4
5$5,545
5$;(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>p>x>|>
303L3l3