Sample details: 8b607501725d998c14f6a34eb4e8dc3e --

Hashes
MD5: 8b607501725d998c14f6a34eb4e8dc3e
SHA1: 3a30289b2e6459123d746125f9c30d491d959c2a
SHA256: d27ea2a862848c82b7726584c6e66e41cb4988e3e92a42391d85d24fbe4e3d9c
SSDEEP: 6144:4c7AygSrgK2caDFONm/S081j7IlfY0FRzCfHqshbZz/dN1e+vY/H:T7AyXgK29DFONSF81XufY0bynD1eQY/H
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation |
Source
http://agricom.it/nyRhdkwSD
http://agricom.it/nyRhdkwSD
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
																								
													
													
										
t.;t$$t(
VC20XC00U
u!hx	B
u!hx	B
u!hx	B
u!hx	B
GetModuleFileNameA
*mode != _T('\0')
mode != NULL
*file != _T('\0')
f:\vs70builds\3077\vc\crtbld\crt\src\fopen.c
file != NULL
str != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\_open.c
filename != NULL
CorExitProcess
mscoree.dll
stream.c
Assertion Failed
Warning
dbgrpt.c
%s(%d) : %s
Assertion failed!
Assertion failed: 
_CrtDbgReport: String too long or IO Error
Second Chance Assertion Failed: File %s, Line %d
wsprintfA
user32.dll
Microsoft Visual C++ Debug Library
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module: 
File: 
Line: 
Expression: 
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
<program name unknown>
szUserMessage != NULL
stdenvp.c
stdargv.c
a_env.c
ioinit.c
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
Client
Ignore
Normal
Error: memory allocation: bad memory block type.
Invalid allocation size: %Iu bytes.
Client hook allocation failure.
Client hook allocation failure at file %hs line %d.
dbgheap.c
_CrtCheckMemory()
_pFirstBlock == pOldBlock
_pLastBlock == pOldBlock
fRealloc || (!fRealloc && pNewBlock == pOldBlock)
pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
_CrtIsValidHeapPointer(pUserData)
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Allocation too large or negative: %Iu bytes.
Client hook re-allocation failure.
Client hook re-allocation failure at file %hs line %d.
_pFirstBlock == pHead
_pLastBlock == pHead
pHead->nBlockUse == nBlockUse
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
DAMAGE: after %hs block (#%d) at 0x%p.
DAMAGE: before %hs block (#%d) at 0x%p.
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
Client hook free failure.
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
%hs located at 0x%p is %Iu bytes long.
%hs allocated at file %hs(%d).
DAMAGE: on top of Free block at 0x%p.
DAMAGED
_heapchk fails with unknown return value!
_heapchk fails with _HEAPBADPTR.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADBEGIN.
Bad memory block found at 0x%p.
_CrtMemCheckPoint: NULL state pointer.
Object dump complete.
crt block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
{%ld} 
%hs(%d) : 
#File Error#(%d) : 
Dumping objects ->
 Data: <%s> %s
Detected memory leaks!
_file.c
onexit.c
string != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\sprintf.c
format != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\vsprintf.c
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
sprintf.c
isctype.c
(unsigned)(c + 1) <= 256
chsize.c
size >= 0
osfinfo.c
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
_flsbuf.c
`h````
ppxxxx
(null)
output.c
ch != _T('\0')
Program: 
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
a_map.c
a_str.c
fclose.c
_getbuf.c
convrtcp.c
_freebuf.c
stream != NULL
LoadLibraryA
GetProcAddress
GetSystemTime
GetLastError
KERNEL32.dll
CreateWindowExA
USER32.dll
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
CloseHandle
CreateFileW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
VirtualQuery
InterlockedExchange
SetEndOfFile
ReadFile
SetFilePointer
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
VirtualProtect
GetSystemInfo
GetLocaleInfoA
0%151e1
797i7x7
9,:@:v:
7	898i8o8
1A1q1w1
1"2R2X2
6	787h7
8*9Z9`9
:*;0;{;
0;0j0p0
1&2,2w2
838c8i8
9%:+:t:
;	; ;U;
>(?W?]?
535b5h5
;>;m;s;
;"<R<X<
</=5=~=
232c2i2
8E8u8{8
8#9S9Y9
?4?c?i?
5?5n5t5
6(7.7v7
<<<k<q<
=%>+>s>
2G2v2|2
2$3S3Y3
40464~4
9H9w9}9
>1>`>f>
?2?8?u?
3"4(4h4
8:8j8p8
=.>^>d>
?2?8?x?
2*3Z3`3
:1:a:g:
?<?l?r?
484h4n4
4.5^5d5
:	;9;h;
<*=Z=`=
=.>4>t>
?	?I?y?
1&2V2\2
2*303p3
6"7R7X7
7&8,8l8
;H;x;~;
<!='=g=
0D0t0z0
1I1O1l1
20262v2
5(6X6^6
6,727r7
:$;T;Z;
;(<.<n<
0D0t0z0
0%1U1[1u1
7,8[8a8
90969v9
<(=W=]=
=,>2>r>
4H4w4}4
4(5W5]5
5,626r6
9$:S:Y:
:(;.;n;
4&5V5\5
7-838{8
>0>7>?>D>H>L>u>
>&?,?0?4?8?
#0U0\0`0d0h0l0p0t0x0
0-161U1^1y1
1&2+2k2w2
354T4e4
9 9;9H9M9
:!:*:/:5:=:H:Q:V:c:h:v:
="=(=<=I=N=T=l=y=
=9>C>W>
?#?3?K?]?c?u?
@0F0V0\0~0
2 2;2K2W2r2
4%404D4^4u4
5'5?5G5T5]5
647W7f7
;F<O<^<j<u<
=)=N=q=
>2?E?c?u?{?
0I1P1f1k1
5-565Z5
7$7;7q7
8 808<8R8^8g8l8u8
:':-:6:<:B:I:N:T:]:m:v:
<&<2<H<T<]<b<k<w<
=E=J=j=
0(0F0P0\0w0}0
1(242J2Z2
2+373X3
4&4C4M4Y4s4
5'505E5Q5
7%7*7X7
9B9F9J9N9e9|9
=,>X>]>
0$020;0I0O0X0f0p0~0
2.252_2i2
4,4;4V4i4o4
6Y6k6q6
7(7i7}7
:1;8;?;P;a;r;
<.<K<z<
<6=B=H=V=`=e=k=z=
>$>H>Q>`>m>
1O1Y1d1v1|1
3(3U3e3o3}3
4T4]4g4q4
6A7P7e7
8-83898?8I8S8w8
> >+>4>K>U>[>f>m>s>|>
4#40484?4X4^4g4l4u4
3#353?3`3u3~3
5=5R5c5
:9;B;];f;!<*<B<h<
<4=>=M=c=
?)?8?T?
060?0.171
3*363{3
3;4X4s4-575A5w5
5:6O6_6i6
6+7@7P7Z7
7?8L8d8
9I9b9n9
:/:;:b:n:z:
;(;M;Y;_;u;
<!<T<X<\<`<d<h<l<p<t<x<|<
?&?+?D?S?k?
1V1[1x1
787F7N7X7d7o7y7
;%<,<0<4<8<<<@<D<H<
>0>6>Z>f>{>
151?1y1
2&2D2P2
354P4m4
5%5N5g5
9 9*9`9
,303L8P8X8\8d8h8|8
0$0(0@0d0h0l0
1$1,141<1D1L1T1\1d1l1t1|1
GA;>a	
Qk.#Oi
Zc8&?O
soL%O0
Y-N9)?
v}9n[w
MP2>gx
Cpgz:V
=qSp?Z0
Yg.YN8wUX
w9rk=/
f~(2QJ
{2i|_s
E:(&.9
|:%b_QW;
;/;MllN
3;]>E[
E~`Vi$
[-|`6O
(,-N3lb
:KUOg5
T@ VduD
w&/<- k
^!BL3Kb
#-bUk*
+=tE*FU
7"m>K[S^@
:02!#(
!;c]3 &
oRLr^r
:BOO4N
GqO>7FH
.S8JW|
tXQBb&
he3jl\
LV _7 X[
!]h,	U
JIL=:Q\ko
\7Yx:\
[:J1gYK
/#aO2:
R.hWHw
riPU[,
o&4K&6
N$|Jii=GXwU
t'wt8{l
{m$d"M}
I)`z(M
o`j	j`
9>AIJU3
poRKHdN
3vs>5L
<\-Z/b
#UNW?q
P\ESh?
:3)_%p[e
=bN.FQS
5dGL/~S4
+v	K2u
M57D\.
|Pt5<>
=`za<g
H55?]lo
f_W>3y
twjG8O
=ic~)|
mfVo,=
8sy/4y
BMvN@|
; Dn&I
{]R~~!K
'aeysj
3KVE2G
!E<R2m?
 #g{&~
}8<*%T
{~^+X	(t
qh@i6+R
0Abg?& 
xK5vg4p
O[n-NB
+rO>>*
**{BKY%
,XswQy
\I!.kxR
6fuz/;
v/hTsr
!3\Vd:{_X
-W0E^V
~fKc !
L0TaZc\ID
)TVj#v fXd
X-	fl$
,sG\\q*
YJ?Hja
JzFXQf{
^mARvx
]f9FB<YX
,v{692
txi~Lce
Wy6N6&j
"8jQUdW
P!(5,f
!WD;qQ
^Zt$4L
0xxE>)
Eg=&as
)l"Gd[
V#GvMD
|6C>y<
Uh_Cb0
0 Hi'i
K _~>bZX
x8:e}}&
YK!Wj'
:w`xA^
{7n=+ga
C#	8\`X%
b4nM!)
Ah7(|-yY
'y7+Ps
x^YiHz
*'$?H,U
l8~psKV
:B32$0{
B1w:f?
rMczT8
FDU+;G
N30&&>
{U83i9
j	:u~'4
UYB1`5
4Fc23,
|_.Fl`
4LFe}b
T^8F&A<
M-_j&.	'
rDQd0+_
p:WxOc
v{SX@RL<
;9f!=`I
J>3)/%
m\]^n.
E%NVvw
S2H(o#
w_GEc/K^\
&=t?O8
b5MjiB
{0	f.[+cQ
2GfcgP
n@Ua}'rH
woknwj
QL`N3q
_i2hsK
ZCn!N$*9
!tW?m7
O_TY\s
jPVul#
_cl5-[
TpSm7.tEg1
Kb9]4 
A$ZCg[ksQ
T#oSn?
}oCOT~
%PR2b92jhkE
g	H2c,
9;e^IzIJ>u`
'1$xMD
}	RhS2
o^@"kW
-7ninQk
v_@Z`tR$
t!+o?q
9Rx>V}>
)NYsZQ
0!,m6gp}
riDEi	
V])KkU
tB1fwr
J1/7gwK
le$\V-,S
Xgc* .
@<c_HH
z!e%|p
Q/Hh}/
_TcJ1g
o"JCO{`8ov
wyjm3+*
27@HwuUJ5
1)	jq}>]
`n8FE}B
o>[*{Cxd
 |u7A_y
`Klt]a
6K]r\4W
`TPJ6I8rrG>FO
G#w'%O
qU l~|
.?P-qV>|
\qNz"&
"^D;<=
d- Q!\
gAL$AT9
K4NPThl
1RNTO!
:V"k2.
#`7h=7&whr
r3UDM`
W(gXY.]
M}SJ4W
zc')'e^
(qzx:u
WZ_)f#_|
uEm</y"
":i~|/
2k1CEs|
]'TxC3,7
@_JQm$
S9<#cau
F U#1I
F~L\*v
{;=Ep 
a$5":b
s5]k;n
,]|l4.
4)s)0X
%gY*@;
ejCXfids<
5N_`[I
yNM&Ze\
l_=;ZLu
.Vl>*n
"*ej`n
J*\\O _i
6sj`1{u:
'Y"Q"W
3XSHuv
NOYFhj&~
g$=UFT
&TjUEI
:wkr$.
/!E9>:2
'%b;T>
-*	MeC
m_]nX/g
8\	(@L
bNKRk/
2gd%BL_
Mu7SZ$
`7a?vp
#%8bC&TN
U?)*zp	
Lx\u{1d
|=7>iR
YG1NBz
axr=\uW(%
)%8N;9
jh{*]P 4
z=snY7
7w~g=wl
pw{`w%g
$rq=S.p
{]O,*	
1@HJ$} ao
\9k+d	H
;HZMQ@
qP,Me[
12xnm=/
W(w%!_b
JgK$/_
Iv\X3^~2<C
ddw[2hI
&&Wqj#L~R
@U27|F
0:'.V@}
w@!OSM
	jQ?ol
`C\{dl
RJTtCR
A$[:W8
k<TI_|
ZW7<:q
o}(=_g
j0\g#H
__Gu1$
#'F[`Rr6
"#H9l{A
Az15F)
U,%*fjD
RGVw)(8
yuu_8X/
%_KB+r
	C0pd~
4%1>/05.=l;CL
*"R#H[
r!-fse.
G~D	TF
A;d@,h
`B@R-jtz!+t
1xic"<
(?s/PWUdT
0XKl6Wc
g,*F8:A
rC&\?7
21;YWlYH^OM
2B4a`J
!1_dA@D
/0neO&
eXA3X5
_+THWG
 5P:Yr
'c~%b9
3{,4~B
X2Vyy14[#
=cK{Rg
iQ-9L%
762,N4McR
HWbO^1g
6@!UnP
N0L5F^
?a)W^g
?/;#2K'
0sB4?h
99~X<,
V4g&g~(hh
h6"91u
,#tV<\6
r\G]:c
XVab3f
H`q54%
JiuoR*
nVeWjn2
k >vj6l
8C9{%G
N^;Cg 
<~f<8&c
	P6VrQ
z%36 u
@<!oGP
Cd]Q=-
kv#)mDP86
QM0iD,
,px/D_
d!NgfP
Ve$Sc{
-#&O.'
Q<Mx"}JzN
6=;'GT
=A2X8#e
T$x|`eo
b~,:%V
Ah1Ml])j$}@
bPCUa%&
_H$"v>
tJc_~<
%3B3k`|]
f_5#)D$
 &/,m_zo1
=fxlNa^
Cl6!0W
Lc,Af58=
\W{.?n
kW$F{\O
Z9&anW;
2-E%$ma
!eNwES}
Vh}P~T?
#SS#ag
q!ec3U
_SKn$M	
QuE8_q
QAE$R}ya 
D%O-~2
cB\.+.
`a76]@
YaB&:3
'B&J{;
\G<T`c
*ge6q#
tmmve?
u~wc`[
P4E'1?
)|dq&D`r
0?V?uI7
pB~yOo
do{e.^1
wr|J[]
q9V8:"
V	XLJ{'
}1]}q:
C%13.|
o**=!eym
l^(I9~
_"m	2d
yf_T1h
p&^G`&(Y
#"hXt:
c[-<qtZ
!_*TVP
"BCUiS
p%]Ff	
 |b/g,q.
+P.I0Tst{]t
whB2-?`
2z60p_I
H|DJp?
	Z_X]?[
o@tQhK
s!M3	\
u`}p|E#
An9/9_
|iPfVS
K-;6ftau
l:?-o,
-(IZWY