Sample details: 92840e71f76db17349ebb35d2c5676df --

Hashes
MD5: 92840e71f76db17349ebb35d2c5676df
SHA1: 7d3dfdde2575a3b9915ea37a4f2e7731c39669ab
SHA256: 6ae710af5ffff004b0db97293b7817dad124a1819acf6860cecf29b190e06de9
SSDEEP: 6144:cTLBUtFrHwta7RRcyxE2wH01Re2nCjHbdQuXHoeb5871hu0LX:cTN4rH59RcyTjK57dJ3oMn0j
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/url | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/win_hook |
Source
http://134.0.117.224/exe/stat.php
http://134.0.117.224/exe/red.php
http://134.0.117.224/exe/1000.exe
http://www.passionerobur.it/red.php
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
0SSSSS
0A@@Ju
HHtXHHt
>If90t
t hX~I
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
^SSSSS
j"^SSSSS
v	N+D$
URPQQh
t+WWVPV
;t$,v-
UQPXY]Y[
On program startup, the locale selected is the
On program startup, the locale selected is the
greater than
less than
equal to
greater than
less than
equal to
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Enter year: 
Enter month: 
Enter day: 
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
GetParent
MessageBoxA
CharUpperW
wvsprintfW
GetSystemMenu
EnableMenuItem
IsWindow
EnableWindow
MessageBeep
LoadIconW
LoadImageW
SetWindowsHookExW
PtInRect
CallNextHookEx
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
DrawTextW
ShowWindow
SystemParametersInfoW
GetSystemMetrics
SetFocus
UnhookWindowsHookEx
SetWindowLongW
GetClientRect
GetDlgItem
CreateWindowExW
SetWindowTextW
wsprintfA
GetSysColor
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
wsprintfW
SendMessageW
EndDialog
DestroyWindow
KillTimer
DispatchMessageW
GetMessageW
SetTimer
GetWindowLongW
ScreenToClient
GetWindowRect
GetKeyState
CopyImage
ReleaseDC
GetWindowDC
SetWindowPos
GetMenu
IsWindowVisible
USER32.dll
ShellExecuteExW
SHGetFileInfoW
SHBrowseForFolderW
SHELL32.dll
SetBkMode
GetDeviceCaps
GDI32.dll
GetFileVersionInfoA
VERSION.dll
GetCommandLineA
GetVersion
GetStringTypeA
GetLocaleInfoW
ResumeThread
GetSystemTimeAsFileTime
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
KERNEL32.dll
4+-]/A
QX;s +
`y{E-R
q?xj/Z
I_YS4O
Nw2<gK
/mE;|H
A6Gu.G
p,rQ,U
_v!!qy
GlY}4q
H-Cm?P
[#ZJaH
O>q'4L
#tk&*v
n:W}c;
_@skLx
ew&zdi
SU9Tpn
1=H5+:
SY,yT>
)fKoI?
z;=Z]=
,	[/Ij
U|F3/R
Wt-,CP
gob6nB
.ckoKJ
M].j+o
eh@i+X
+j		1`
+a%[6"
IgmOU\
SI]t<h
>{K+iO
o({yto
TbzE5y
=X:q(c
o&4.Ee
86Y+\m
gM+)\A
)}]_Sp
d$5.i?
i[md !
gfn|n]
yBe0$;
358)|'
!m6JD]
C]kK,b
-FgR[r
m+]O"D
QQmiC1
.+-TZJ
~&0$}m
m!\e}^
M+e!mw
foPBzl
mS`T14
O^Nt8O
bf?oBG
]W*W7+
 jK4Ya
VkWnL'
!AsXpP
nXI`QI
+P^=+n
fntGi[
J;irer
gf=\u^
w:Uy>*
8:L/B#
m+X5bC
T)=@mf
Wqx(Um
dN!K)2
.2TeAh
tEmWg#
7I2]8B
5|N#	I
uZ)osb
[J+|+E
.AU:YH
HQnrQC
cj:Fl`
:H,b>e
rgW8!o
My|mTj
tNdlmm
Km9f4u
G&m	ZB
n||_=S
GKm>@d
[1t"[e
Cd@0e"
aX5vha
y,%-#t
=4&N>Q
v{@--5
21xQHv
\( id6
;t:B2`
"&cirs
G[+<gm
i,tUeK
eLR$Yl
f"|"Gi
Z1-]Ol
E!*%7d
$1f1e~
%a1)a)
D$0f	E
0fa0+^
&1~efb
#EBa14
)8689E
e*5A[@
80E(b^
e&Bf9~
1*6*e0
l-1-()+V
Eb85A=830
cb(baQ\S.
96a*08
Amad ygaq* oryk* efif
Yfun* icejaq uqyvok ejijus ipelod
Enam. ulud. umavyf
Icaw oquh
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
xn`#I;)&D6#
L?-:}iVg
L<()D6#
^QA,TC0U
YF1?D6#
eO9VD6#
u\DsD6#
D6#!D6#
D6#5XL;
D6#@D6#
~lcD6#
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
      
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    </application>
  </compatibility>
  <ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2">
    <ms_asmv2:security>
      <ms_asmv2:requestedPrivileges>
        <ms_asmv2:requestedExecutionLevel level="asInvoker"></ms_asmv2:requestedExecutionLevel>
      </ms_asmv2:requestedPrivileges>
    </ms_asmv2:security>
  </ms_asmv2:trustInfo>
</assembly>
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
161207000000Z
171207235959Z0
1091251
Moscow1
Moscow1705
.d. 24 pomeshchenie VI, KOMN 1, ul.Saratovskaya1
INFORM VT, OOO1
INFORM VT, OOO0
[+!?Ge
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
20171025073225Z
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer0
fO\r6{
'1Oqtn
lZGfD{
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
171025073225Z0+