Sample details: 93ef908505eeebde9f3e9605004060a2 --

Hashes
MD5: 93ef908505eeebde9f3e9605004060a2
SHA1: 192c0f87f0f0e63a897b0aac6f250aea63dd05cf
SHA256: 15d70b36c04f0d47394b235a5d1f4f6b81acc4f3ce7761809611b2110b3e4725
SSDEEP: 6144:XVjyOyUTQRDyapfIuAlLjNFHPl+E9z9iJPcPCXt5l0PnyVp2OjeKjl:XFyOpTeJ4tFBpiJEPq5Kvy+We
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/VC8_Random |
Source
http://134.0.117.224/itexe/1100.exe
http://www.foxydance.cz/repository/ri.php
http://www.sabineclaire.com/girasoli/ri.php
http://134.0.117.224/itexe/stat.php
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
_VVVVV
_VVVVV
^WWWWW
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
0A@@Ju
0SSSSS
0SSSSS
v	N+D$
0SSSSS
0SSSSS
URPQQh
t"SS9]
PPPPPPPP
PPPPPPPP
<+t(<-t$:
+t HHt
u;h<*A
u,h4*A
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
Upyvyf eguseh yjaf
Ysipap ixok* ajahis ipofyc eces
Ibik ahozev = ofym urad ynocec
Yzohoj
Inep ogat
Upim ixohuv
Oxibyc
Isineh
Oxutev itof %d ujamek
Ytol %d okytad umodys
Izukis: arozal
Ubul yxitan; ohysul ijav; upyxum
Ohaq idaq uxap
Ilyviz exaw
Ibogec upuqan akifyr
Usiryw uryq osig; oran = obup
Uxah yhytic %d yvux osikez; izom
Exiw umol ikyx emod. ovuvad
Ozanaj ebyhix uxesib uvaz %d aryjex
Ymih oxuwix ufiwur alyj eluzuc
Izyh ynid; ytocid otyxyn
Amufoq anataz
Yxukyb idoq ityxuv
Uhasax %s yxyq omepyp ytytut ekobah
Ajijaw %d ysan oxyvis.dll akiras alakaz
Onym; okol omoh edek ewub
Ydeh ynef
Agexoj efapud %s ovytyd
Agomab idytit
Usof ysyxam
Agol; ycemal %d ovunyf* ypiseh
Axyw ivej* yhyf ytadiv
Ujucis uxiv ynimob
Azik %s ytyhuh aworuc yverad ahel
Ydewur
Otiguh
Ekaf arelic uqomun
Ikez unurit apan ybudeh
Otuzac uririx eqyjyq ypygid
Ubam izab afun
Asupyl ahoqim ofeheg
Ejoh iqafax* izuheb
Ijar ojej = uhywup
Ujuviv ovabok
Yrow ajepyt
Icym adypum
Yluzyn* uvemok eqonew. afiraq yhis
Ipepan; ygavox; yrum ujigil %s utifom
Ijar ojej = uhywup
Odim izivul ehosob ixig uruzyk
Avovof egopun
Oxar. ifyrib %s abufeh unur evec
Yqatez. ifeput apejov %d ycesyh ofis
Yded usul idic oped ucog
Owah upat evak
Axyw ivej* yhyf ytadiv
Ajofyf ifip akarip.dll uhoc. ywik
Ukaf ogaran ejuqeh.dll orysac
Yxaj izicin ufiz ibuw yqal
GAIsProcessorFeaturePresent
KERNEL32
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetWindowLongW
SetWindowLongW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
OemToCharA
CharToOemA
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
GetClassNameW
GetDlgItemTextW
SendDlgItemMessageW
DestroyIcon
EndDialog
SetFocus
SetDlgItemTextW
SendMessageW
ReleaseDC
wvsprintfW
wvsprintfA
USER32.dll
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
COMDLG32.dll
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW
SHChangeNotify
SHELL32.dll
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
OleInitialize
OleUninitialize
ole32.dll
AdjustTokenPrivileges
OpenProcessToken
SetFileSecurityA
SetFileSecurityW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
LookupPrivilegeValueW
RegOpenKeyExW
ADVAPI32.dll
DeleteDC
DeleteObject
CreateCompatibleDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
GetDeviceCaps
GDI32.dll
InitCommonControlsEx
COMCTL32.dll
GetProcAddress
GetNumberFormatW
GetLastError
SetLastError
CloseHandle
GetCurrentProcess
SetFileTime
MoveFileW
SetFilePointer
SetEndOfFile
GetFileType
CreateFileA
GetCurrentDirectoryW
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
FreeLibrary
LoadLibraryW
SetCurrentDirectoryW
GetCPInfo
IsDBCSLeadByte
CompareStringW
GetSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
OpenFileMappingW
SetEnvironmentVariableW
CreateFileMappingW
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetTempPathW
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
DosDateTimeToFileTime
SetFileAttributesW
GetLocaleInfoW
ExitProcess
CompareStringA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleW
FindResourceW
GetModuleFileNameW
MultiByteToWideChar
GetFullPathNameW
GetFullPathNameA
GetVersionExW
GlobalAlloc
WideCharToMultiByte
GetTickCount
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryW
CreateDirectoryA
DeleteFileA
DeleteFileW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
KERNEL32.dll
Ebef yreqav* arolas %d ecoz
Aryj omyg uzag. axok amobix
WEJae>
UEqH	>
U/2>ho_
M	)Hr 
A)$n5-
 v6WE&L
iSy72)
vge1F<(
RSJt3~1
/JVtrG
@3[e|&~rF
iLkT(r
81y$1K
I8.61d
rdKdj_
3-*IkO
QNhj<F
	dzanCoNa
\<,C"LM
a#YRq.
w1PIyS
O\FO0P
Z1_-!&
,A?~%$
s?^BTw
'$B+vVC
w`0jNI+
4d>Q&t
gw .Y9
k6?S:/F
} 8);+O
j:fr@&
T(}|Ar
8H9&c.
8	S3dE9
'i1]>$X
g!SX?T
S<a|sj
W(o<nUL
nz{Q_<
Q^1}Ug
^YO~.Hl
M=8<*2
L-/%Kj
g]81/A
+If7+1w
	3pr.A$
VuiXTq
mu F`)
^)S\ILE\z
xJbE(/
e*	 qi`
SX23Cdm
hiH8iQ
o1Z?*lS"*
zm}D(U
KS@zhRpv;
u[stST_g
 eq0@	
cPTU3s
~wI4w(sK5
4fTwQu
U@'cXn
}k`YPi
,\`!NS
M\$K}{
~\Drq'0
UNNCGqW
rHL{KV"ryz
9/+*g~
WEvyTS
dhzx<*
gJbNlA7
j^=	?W
;:>B+y}
*R#C:c
:y``5'
Oj)|ZH
)-@/x$W8[
F!sWw01
58~fdK
X)1-bqK
0$$+75
6^Ej1L
T2XXQ)
8C/nYEg
,]yTv~
H,X^7!',
GR%q"4
=K>7q^
600CDi
UIi!-M
%t%ayln
1[a#UN
<mJqSl
oN?8>u	
VkAO3b2`
F'p`|X
d8K7GS
`eLGPH
1Mb#`!
3B\l84
aeUY\u
"52b3D
6JQL~T
q[?Eg1
j18a5Sg
qqOWd~
#HPd5'
uD!d[Y/
Ue/_?c
tlT9c8#
qO b*8
)I|G65
D~]Wx&
!zY5m?z
mvq57!
1?S]D{`
[,\(KF
L3i$5L
Xq9u2z
OuTKVHk4
zCH>hW
4|0Q'y
:{aA-f1
-y8e~P
y$?&	t/
an1.{t
2~T*jw
I~6Am]T
yy8S C
a#!&aAF.
m$TgO6 
a3-E|-
}7{a-w|
q`)6DO
D=eA) 
l3=&Do
\{T&Th!
Bfqqf,{
Slfx:]
,|dvfs/?
5b1|mJ
9+Y7S3
N]6zbr
K1Sd%F
6-jJ3$
yae#u(#
5{0F8AB
1>bdsO
q\x	Rxw
3dd~tl
2cYn d
au-C9n
	10V5v
M1*4yGgS1X
1W|9S`
|ax?%~AGMS
.w1p	e
"2Ea&!
MKoR~^
-eUmmsR
NKEoEDT]_
|o&kl?
Zohnu_b
aX~8oi
w|Q@kK
?vYPAT
<MT9CYS
?{??`$Y
ZWs.K4)<
JBqO1qL
qq9M6-~T
Yv	h\e
{[B	<^^
m+[I a,k
Wwjvp{
HP"xky
7Dk&U.
vOf^C4
J|EWq}
t2,&)]
ta4.\x
j]vt~l
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<html>
</html>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>