Sample details: 819c4b0426ed253fe96fdbd9fa0f96f7 --

Hashes
MD5: 819c4b0426ed253fe96fdbd9fa0f96f7
SHA1: 3b0a1a53ec7384bcb57437f8e396a24955130031
SHA256: 2989e22f5b1a4234f4be6a8a3e42486824a4701c0e1132a93b41919104eeee8c
SSDEEP: 6144:iwdMz44njlHfRmmDqli5Aw1nUh99xwAgLn8ZI3tve9s8z95bAXFHTRUP:ik94Xm7li5Z1UTTwsZIdr8z9N+NVUP
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation |
Source
http://www.bikner.de/ri.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
8JN.8KN
8KNRich
`.rdata
@.data
jXh`RA
j@j ^V
URPQQh
HHtXHHt
>If90t
t$<"u	3
>=Yt1j
< tK<	tG
t$hTFA
Y;=(GG
;t$,v-
UQPXY]Y[
0A@@Ju
Fh= AG
to=(HG
^SSSSS
j"^SSSSS
v	N+D$
0SSSSS
0SSSSS
0SSSSS
t"SS9]
v$;5LHG
PPPPPPPP
PPPPPPPP
t+WWVPV
Uleg azuxut ucylom: idoh
Yneb erokyc apox upoh
Axumyr %d atyg = edeh
Upuziz odikys oqiz
Iwasec asef ojygaj
Ifox ujowaq* ucuter
Usif; usiz %d ulicim oleq eloz
Obyb.dll ebaw* omup ypizex
Owimul ylutyf owirox atow
Acyjus uximib: asutyt = efil unubex
Iwox ihar uvup ecacaz* ixil
Ovipoc egah
Edyf ucis uzoh
Efudax efim = inel
Oqujis umajyt; esoxer.dll uvif
Ysyzih ufugyc ytiryh esabyf
Yxop yxuv idyhyh omuzyx
Ycesyh
Owimul ylutyf owirox atow
Uvag ucyr
Ujec %d acex. uxojyw %d eraweh ynotow
Uqib oqaj ynazix adulyh ipet
Azaweb egelut
Ywataf. yciduz elypur
Iwatek
Erojen = efum %s acywet
Ewyvig %s ypyf: imukac iduxut %d awep
Ywilij = ysifor ymisux
Udyran ohutil ihyb iziwad
Axox* osiwef
Yqoc ybyb.dll yxesyf: abucud. abegow
Iqyg adukat
Yrinuc ufihew
Ysob = yrin.dll iteh ubyc
Yjov aketef osaden
Uhidag; agos; enucih
Oqoq %d ymicog ytec: yteb; atuqab
Avazop %d opov %s ifaz eqyhyh
Uxyb %s evoheb ugod. yxaw
Abig acit
Uxyfux ipimup %d yfyc
Ynofup iqozoz ahup
Umeruf.dll elus
Ufalug* eqocyx
Ylyj okudag
Ewezis = apoj: uvatyg
Uqam. yxyk: aceg eheqep
Ohyxeq evyg
Amofar
Agylov azuv* alev
Uhomak odufos.dll egureb utaf avop
Owizox uxud imupek
Onym; okol omoh edek ewub
Efew ytyw.dll adol
Imimez asykum
Atilul
Utiruz isyx
Orydiv
Yhubyq ipyj upes: ypyril
Ejan eqaxow %d uhadoq.dll umyv = omur
Otuxeg %s iboqyb ozeg
Yxiheh ajol. usin
Yjyh %d ocibyf omydoh ebyr oqasyj
Ewer ovoded ibul.dll aziquj
Orefam. ipub uquqyp
Ujow ihoxiv
Ytuviw ipaj ebug
Ydesuj egybit ulines
Afyx ocevit.dll efac amukok
Udaj ikozab
Ywyluh ajyl ovokud: omyjup
Udifus ifud = osic ylub umum
Ogicax ores evyf
Eluxyg
Yheq. ykurag
Ymukiv igif
Ydap azew* adapub uvav
Oziz ukipiv ivurug
Unysaf utoq azusit
Uwomuh uquzaj %s ybibac otunat aqiron
Adejif umiqyq
Edypal ijyg
Uzonik
Ynex enyf
Avux %d ufysud
Ydap azew* adapub uvav
Yjuj. edij ityf = ukiwaj.dll uwog
Yhoz %s ebuhuh
Ikim* ugotyl ynicul* yxos
Awov: exag olanah anudum ucalyf
Yxiheh ajol. usin
Edefyt
Ypyhes edel
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
IsWindow
GetNextDlgGroupItem
GetWindowLongW
DrawIconEx
GetClassLongA
PrintWindow
SetWindowLongW
GetWindow
GetSystemMetrics
SetWindowTextW
GetWindowTextW
SetWindowPos
GetClientRect
GetWindowRect
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ReleaseDC
SendMessageW
wvsprintfW
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
GetClassNameW
SetFocus
DestroyIcon
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
OemToCharBuffA
OemToCharA
CharToOemA
CharUpperW
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
FindWindowExW
ShowWindow
MessageBoxW
GetDlgItem
EnableWindow
USER32.dll
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHChangeNotify
SHGetMalloc
SHBrowseForFolderW
SHELL32.dll
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromString
ole32.dll
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SetRectRgn
UpdateColors
GetGraphicsMode
GdiGetBatchLimit
GetCharABCWidthsFloatA
DeleteObject
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GDI32.dll
SetHandleCount
RequestWakeupLatency
SetLastError
GetWriteWatch
GetCommandLineA
GetTapeStatus
GetProcAddress
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
WriteConsoleA
CreateFileA
GetCurrentDirectoryW
GetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
CreateFileW
CloseHandle
WriteFile
FlushFileBuffers
GetStdHandle
SetFilePointer
SetEndOfFile
GetFileType
ReadFile
SetFileTime
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
SetCurrentDirectoryW
GlobalAlloc
GetCPInfo
IsDBCSLeadByte
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
SetEnvironmentVariableW
GetTickCount
CreateFileMappingW
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetTempPathW
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
ExpandEnvironmentStringsW
GetNumberFormatW
GetLocaleInfoW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetModuleHandleW
FindResourceW
GetModuleFileNameW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
DeleteFileW
MoveFileW
SetFileAttributesW
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
KERNEL32.dll
8L /B~
eLO0*K
OkYJMW
RU3^*(
C!7=@2
RL)r?4
d%TYNo
C\2{l 
\g2]0E
YyVo`	
Ux 'B\
L$'Vfm
@c(_^^
jyi29#
^_270&
o.#YsZ
0'p!/:
53$^C=
=>KFq0
=(6~5E
)F@44#
.W)dp.
F^bB45
5JUK3{
pO[B3>
1!*:r=
%" 7%|
^aG9=R
+UG%zi
Xy-+!	
etDrh5
qUD\*0
&#"iuH
xQpEUU
~|6Et:
S4E]v~
 O#w-u
!&]suK
a7<gq 
yAly{[
b8wkb"
rli{mZ
o~}6V8
WqU4K_
OQ%'89
qEzWr=
]=)&?A
4+2\Y\
;B%$o2
	tDU?v
i:It4i
bi	A#?
W-Ty\t
]CKs~>
QBU5SD
hk$J}3
xX j3F
Btc~k}
kEu7^(
Apj	qJ
Ul6.b9
^	^T!}
zg\R|I
HY5hF+
mn$8q	
JABbZ	
5wti6.
FEfz-`
euhIv[
/9iH@5
dwxslq
`9^26Q
4%>)n*
y8:te)
{fNa 0
k35Rr-
	1N	|=
EM%"5/
]I.5RM
.9`|D#
Wi)ioH
u+FcDh
n~(	_E
&Uu3F{
<{ctyx
tFeB:X
YRKgiO
"rF_S%
Z:*+Py
`y9[SO
!s!7V>
A=|A2F
uy,uTp
,`%M6+
W	C7L8
4U%(`z
[w)q?t
;PXe(v
70c.*k
&w0YgA
/+s!!`
O1alyl
P]J]s 
i',}C"
3NnF.	
V!LNk;
a^i)j!
tQ2,fS
SsP7XT
O	e-uW
'2Nu>i
05.je*
9rqaME
,9?p2w
)um{2.
\T'E*5
 k#ZyU
S5i	Cm
=bJ	-f
[,}jz%
y-Jiee
Ebz'$V
h/5p4K
m?/br~
)~O(9Z
acb#n(
d4!BV9
CdBF%6
*2E8	(
5c&A3D
B4!0s)
@&#DY~
90_5-&
^C1=J!
(e6==C
!04$vE
#3~*"0
6FB7)1
6(~Aq0
_724A4
!=_8f@
lkxGxy
f~C&8F
494@4=
!3F!26*7C
Y>`y?y
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>