Sample details: 93201898c9776ad0f8f37063f953368c --

Hashes
MD5: 93201898c9776ad0f8f37063f953368c
SHA1: 441948dc6002ac480b06764bb38fe0eeaf49b174
SHA256: 4269158598a8eb142845b56f5d98901941bf23dc7b92ce745a530bc96ca2dae2
SSDEEP: 12288:JCebTocKPaoP8fm80SF2ENzzNFIM/13Jd/0jnvpvFGzUCD6091XxO:JL6V8fJ0SF2EJnWjvpvFydXO
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/antisb_threatExpert | YRP/screenshot | YRP/keylogger |
Source
http://barksupport.at/bigblacktako.bin
http://barksupport.at/bigblacktako.bin
Strings
		!This program cannot be run in DOS mode.
^Rich5
`.rdata
@.data
9|$xt-
D$@PQS
D$@PQV
L$@QRV
T$`RSV
L$4PQSW
9T$4u*
9L$4u*
9T$4u/
9T$4u*
D$L;D$XuQ
9L$4u&
jdjdSSSPSSW
jdjdSj
L$LPQSV
tWItHIt9It 
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
	X 9} 
URPQQh
v	N+D$
;t$,v-
UQPXY]Y[
t"SS9] u
v	N+D$
<+t"<-t
+t HHt
PPPPPPPP
PPPPPPPP
fMyk>E
W?0Fl9
Shvctu
fK4IuQ6
CIfK?{'
{->HHo
*4y>w ^
aULO;O
odrg3=E
H?V[o[
QQSVWd
f-00f=
f-00f=
t*=RCC
;7|G;p
tR99u2
tRHtCHt4Ht%HtFHHt
Unknown exception
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
_nextafter
_hypot
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#QNAN
1#SNAN
duplicating ARGB None structures vents 
new_text
WinClass
deque<T> too long
vector<T> too long
invalid map/set<T> iterator
map/set<T> too long
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?5Wg4p
"B <1=
<8bunz8
l,kg<i
<@En[vP
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
bad exception
?ZEM-'^
?{yK+;
?765@Z
?e')lW
UUUUUU
?333333
?333333
?UUUUUU
?$rxxx
C:\hlcaust\crashes\Dataquest.pdb
lstrlenA
HeapAlloc
LoadLibraryW
GetConsoleWindow
MultiByteToWideChar
EnumSystemLanguageGroupsA
GetLastError
GetProcAddress
WTSGetActiveConsoleSessionId
GetModuleHandleA
KERNEL32.dll
GetWindow
CheckMenuItem
GetDialogBaseUnits
LoadCursorA
SetMenuItemInfoA
MapWindowPoints
LoadImageA
SetWindowTextA
RegisterRawInputDevices
GetMenuItemCount
DrawMenuBar
GetSysColor
GetDesktopWindow
DefWindowProcA
GetDlgItem
EnableMenuItem
SetWindowLongA
GetAsyncKeyState
GetWindowTextA
OffsetRect
DrawStateA
GetMenu
GetForegroundWindow
PtInRect
BeginPaint
SendMessageA
GetMenuCheckMarkDimensions
GetClientRect
RemovePropA
LoadIconA
RegisterShellHookWindow
FillRect
GetWindowRect
GetSystemMenu
EndPaint
USER32.dll
CreateSolidBrush
CreatePen
Polyline
OffsetRgn
SelectClipRgn
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
FrameRgn
GDI32.dll
ConvertSidToStringSidA
LookupAccountNameA
RegQueryValueExW
RegCreateKeyExA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
ReadFmtUserTypeStg
CoCreateInstance
CreateBindCtx
CoInitialize
StgOpenStorage
ole32.dll
mmioRead
mmioOpenA
mmioClose
mmioAscend
mmioStringToFOURCCA
mmioDescend
WINMM.dll
wglCreateContext
wglMakeCurrent
OPENGL32.dll
SymLoadModule
dbghelp.dll
WTSQuerySessionInformationA
WTSAPI32.dll
OpenThemeData
UxTheme.dll
RasGetEntryDialParamsW
RasGetEapUserIdentityW
RASAPI32.dll
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
HeapReAlloc
LCMapStringW
GetStringTypeW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
PIDATx
B`31Cc:F
j9E(0(qx
XZ:>\u
!.+RZ 
v}%Iy|^
X"+@8X
`e0-V|
~IDATX
qfYv`<xat
<A4P	`"HH&N
qA&fHk
c;Xw*[S
w4D:;E
<2sdzNp%
OiCCPPhotoshop ICC profile
AHXLXN
9C3J3W
J'\'Gg
v m2=:
'puI3+
OiCCPPhotoshop ICC profile
AHXLXN
9C3J3W
J'\'Gg
v m2=:
*ub<v2
nYK>l*
&*}GOJ
!J&0JQk
CSPl_m
%mMM3l
Aa7Z(YD
3M2(y-
=O-#'w
"\z	?L
!t`u0S
ILw><~q
]DWv411j
5+o5W#
g54uk6
M[>G$K
*D:x[+
[2<,A=
pchwS{
*jGEul
"G.]E7
Qq9}	F
WLnX--
30={4k
'#9o?*
{u_AV>
RQ>dem
xcQ]olY
x':_7P
>3{>z.j
wdc-4I=5
@4_Ab*I
wGayp#
[/\zIL6q
W(x(|o G
"T2tl`M[gv|
N[Rh2,
(+Cizl96XPtJ&+
2GFR/aQ
OV!ZU_
c-ws]7{rq0mo
rppAd"
<hy$l~v
Wbz+qvp
B=ybC7
[WDjDJ
(TjRqRa
gO,Pm|
vo=r:U
RV{C:e
oXENrI K
+,zgpm
P9qc6S
;&?'xSB
Ht7jEV(
m>4Pb~S
yi2(A!5
')N+/Z
'4{\_EFo
|^WDgj`
|}Ul$N
USG&Aik=
n4>loIH
OzqfpLM
,R6)lOCl
B9dTb4
HJg,C_
r,Nqo\G
p53}.f
>}:Sv{Wat
^.>.[!	
-jDR-C
p])KPl
?:qY9Y!
e.-iJz
fw}}th
lCq<Kg
Q,Psh'U
fMPC	9
`#Mv$I62
a##q=/
U %,_r
aV"-l;
L:.`Y-
j%h4]^
8/$E )
B_<7{CD
;	PADa_v
$7i#w|Uk#
2emYD8&#Q?
@`U,O%f
x {&m\
J64gv..
q52(q'
'IcBJ-
J`TbHj
W-&-,^
.bl?<.
eqHRP.O
WFv#~`H
TOH0/c
	:CY@u
2g@:4a
d- jkg^
#t@(Gk@
 sZ)Pt)
u[k$In
0yuJG.!
6[_2wP
rGlIh]
	w_VRd
Q10 	_Ib
BP0Q(5
5v	}0w&
m1tO`%
!)|NbA
$Omtp0
u;XJ5e
gy.r(_
{(nB B
	YURV5
Hn0`EZK
T[T7<{
4&^IyP
#91v)^
y{!	_w
?4y-'~
2ZT0Oh
l /nVA
pfH||W%By
vdO>VG7re
\<>do}
z.@zsu
Sx3Ys5C
yu,cIi
6MYD5S
1abg)\T
+4x6($
1EWuM	R
4'4gR4
;n_6nl
T[k$(gF
E#sU5!
JKU`1'
OQ/{T;
I! V}j
M8Ddeg
YoQmr-y
	eQ qQ
(U*$Pc
OZ2kiM
G+[%^S
xzOi&[
p tn{}R
7L"BR-6
n>l6yS
7qT22E
aE/bN1
T_EnGogH
`_}CZ{U
2]y7No
Hhv6?P
C"pkk"
#`"`:$
_8+HX)
+fN~6\
-WviOG
f>-"c&>3
VK1n;l
r&c>&y
GPr	qz
ABucd_
:>l]p6
L	a#r@
q	=;^v
UVvZ4S
t9uX[p
C(Tga	G
j)(C1'k
e+dsRsd
E::Sr\!
08B7dM
d{VUX;
Q|=HC#!
"|En06x
BFy6J6
Lg 7!V
[wQUc1
qqb'Yh
uG'&7y
:v=.p-
zlzXaT
7A*Nn'
%\s[|J
d[Q	}^
ROZXv@
#_3j)4
YI&JXcRhZ
hl&y.-Ay
lCf`lZ
]A])B~Eo
Cd4p_	
!)%?s=
WDVgs.0
TS	)}l
\2UbBW
	~*^qy
R,sZ:^
!j'plk
FRUGQ!B
o^[`M@
_\{i'y
,(uf:O
T@E)R%
bk(oV 
)5(h5T
n=yIv%
-ILHRR
vr1EGJL
#pr]S7
Fl')_F.
8Fu#~V@Jx
~V2Y:iN
"A^U^_
hQQz@a
7p(eTk
=Huy_T
_h0:}Z
Ry_y-|4
XwN4].
w9T=$q
e)>w?H
aCQ[p(
gTxrPT
9B][,%
X~@J5y
P]S.SO
L<dAKw
[\t<Bme
%9OT%`	Z=
pP27{3
-8pE4Z
\|QdbP
>0l	6-
M%`S-3Iwu
R^OM[,
ZS4BuM
gF-66\
G?rT~W
F_\UY3
O:|]x0&*
Pj;Am1
eWe" ?:
()Win?#C$	
-(BFD6
DP3 {+_ E}
7tkuB/v}
u	&36Y
@ynu!}
RJJ-yOw
n|7XrG
qMrgXsO
s3UK{~
qo:4(E_
o{[.T!
U"ryuB
oZ	CG&
eshdsU1
Ojx@qI
lu,|yf
I-u`J2
<pVuP[
# c6~:
Nx]MeA
[0INh5d
>i&G:e
o F{qb
vZ>gjF
n:@s5n]D
_MtYC3
c@.uoB
RdLHvw
#u^c*y"
J_KXi&
&;u'r;:k
"CxzPg
R(;a:{Z
	XI@F.I
J]f:GV
 ]n^}.
+Wc2kZ
.}/@V;
)a/X`U
Cl{NLr
lSgb@7
`!TO@rF
q	}OS->NI
-q76f,
}QSr+?
K70<D<
?+yKO_W
UcmJ.~
zgv2F0
z5v=br9Wi
/a~C#H
vA(6; 
SkN~Xm
U&Zq~0
G)6pD)o
TErE?C
}V<4	)F
v@;-Lm
U"|z_|W^~
7L4x?q
cy9AgL
Q{	fSx
|Kv`h?
 `_3^-
6MZ+5A
s[$j{9
&bGkn<
57`lpO11
ZFQMvB'T
VG<Sa	
3Lxg6'nl
{!&$KC
$5zP)%
K|9gmc8Z
x)%'a t
cmyn.e
_!]NW;
xX5MT"
#rBv4G
u~Z%eJ
.pK(.ED}.
G_4l^7
Z5,~K[
9v[%%$
/p+T5<
]xo4m9a
%%X_bHa
a@K>i!
]w`@3#
nj.O$=.40
{2j44E
M9|S"!N
'~Kom[
e;,PsW
L+:k	=
	1?^[W
!o;XN&
thd Zz3
bQXmsv
10B<XlU
F[jSJ#)
ry-P",
W!ob	RW
 ~<HjQ7
'x?R	v
bCb5!#
2-S	sG*DV[4
#cG~S>
8%nmPc
 ^oAih
6f9M'r%
!M"L&T
+9qT!y;
b_1n27eC$
kfl[b6
0hgc4N
	?	pi'+
jBuxCvy
Ra0Z,M
 |7>;4
bI)Op(
S/m}#D8hn
a2i:(<z
o'=<Y]
2bN8t=
>r0R7V
z?*bM*
be`Rrw
Xl](c*
+)!zY;
BRRcfw
ZaZi9U
Zo7fx 
\XFOlz
B%\Y52@eN
K<(ddJEJBH
.+E9&!Q
|,WV0Q
UPp|A2
D7K/D@
rMA9-x
k31&S1
%M-1vTv
8EWQ(Z
/>1@$N
[fas?-~
9b74LE
>iN*eo
U-xB3*
fs0m0.
3XA1/wcj
8R 5Pf
}#\{E-
gQ@?"h	<\
s7U:<#
~urCWn
MiU\O,
rPsSp{
*4q"Md
A4o3w#
#c4kK?
lq\PKS
U_`'e@l|}
(foV9G
oEGqZ>
w}r},0
8:lg:3
{G)7)ux
tomxtf
0!w(uV
^_/,83
eej"|-&
>_a/4S?
o|w@)	P
eH4>	U2n|mF6
Ij_1g0
0qbO6[1
x_sP[%-
Su=>kUvF{
po[c5e
oWNZ;N
3[;E>0
{=)J2Z
:#:G({
BD0En//
Y]?Ed<
7sF+P#X
T<?&?}
pyz),j
x09U8\
|PBFt}
q	rV{M
6yFR<.
KgfG*dC
<*lt[Q2;
XfJJ[r
q\{6%`
]Zr`}7
<;\uxw
6^'f),)
%t+:	F7tI
b+BLu5.X
.{v+;\Dyl{
{A$=C]^
Q{pN~2y
UdFxZ)
L4=[Y6
~[BBe"
FWlIfj
(M).rR
xx-6]+
qRxv/O
P?D/G]1
-L&}Z@
 :\,Fc
kS<jqf"
F"R"	LD
)"^Zsn
1Q8xtE
+6? >s-
wzzIuE
;<'I#g
+]jxD$s
_P`mvmr	
OS}`h@
gU3%;?p
74_dZO
(Lb5Lk7
.	{uCn
2A7r:G
Xyo(~G
GT_DOA
$hygZsN
%*@!^	H
3$K@@l
?(u&C0
C :"wE>N
2P?n1N}
o]HKa 
33DDDDD3333
33333333333
333333?
333333
333333
################################################################
#########
#######
#######
#############################################################(
333333333
f""""""&e0
fwwwwwwve0
fwwwwwwve0
fwwwwwwve0
fwwwwwwve0
fwwwwwwve0
																																						
}}}}}}}}:+
}}}}}}}}}}}}}}}}}}}}
}}}}}}}}}}}}}}}}}}}}::+
}}}}}}2DD}}}}}}}}}}}
}}}}}WAY)D}}}}}}}}}}:G+
}}}}}L[
hD}}}}}}}}}}
}}}}W9gnYD}}}}}}}}}}:2&
}}}}LZqp.}}}}}}}}}}}
}}}W8WTdD}}}}}}}}}}& 
}}}LXqT?}}}}}}}}}}}+&
}}L5VIbD}}}}}}}}
lHF}}}}}}}}
+GG&1c
<UD}}}}}}}
G&:j]K
_<J}}}}}}}}
P +P{s
>H,}}}}}}}}
}}}}}}}}
}}}}}}}
,}}}}}}}
oD}}}}}}}
&Gj]Nu
ED}}}}}}}
6}}}}}}}}
^D}}}}}}}}}
D}}}}}}}}}}}
"3GG3'
+ywD}}}}}}}}}}}}}}
}}}}}}}}}}}}}(
wwwwww
wwwwww
wwwwwww
wwwwwww
wwwwwwx
wwwwww
UAPZ$&/4
I3332s333334
I33333333334
gI33333333334
I3339s333334
333334
"""""$
J""""""""""$
"""""|"""
J""""*DDDL
J"""""
UUUUUUUXlG
UUUUUUUUdD
"""#333333332
""""""""""""
DDDLwwwwwwwwww
DDDDDDDDDDDDDDDDDD
]1Pe]\
2?}:O\!
L^i!d~
l	g~b0R 
[/fS_MR
g~b1Y%
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    version="4.0.0.0"
    type="win32"
    processorArchitecture="*"
    name="Unto"
    publicKeyToken="2c8bcbd0a7fb77cc"/>
 <dependency>
  <dependentAssembly>
    <!-- Change the Windows User Account Control -->
  </dependentAssembly>
 </dependency>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application>
    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
  </application>
 </compatibility>
  <!-- Specifies the processor. The valid values are x86 and ia64. -->
  <description>Protected App</description>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD