Sample details: a6a0e7c6c6b1c80fbf6c9042795c75bd --

Hashes
MD5: a6a0e7c6c6b1c80fbf6c9042795c75bd
SHA1: c5de0e446e65cf47be73a28ec9ba39d3a6fd2277
SHA256: e4057eb24a03fa883cab199ce3589a15c5035dcce9b9c9602147a4a9ba106d87
SSDEEP: 6144:ooE/w0gszj0wBlojncOlQur7bDW6zGueKZYwUPlyq5S:4xVjfBlaDQgHCYBS
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_token | YRP/win_files_operation |
Source
http://www.sabineclaire.com/girasoli/ri.php
http://134.0.117.224/itexe/stat.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
_VVVVV
^WWWWW
0A@@Ju
teh`CA
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t h$TJ
0SSSSS
0SSSSS
v	N+D$
_VVVVV
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
<+t(<-t$:
+t HHt
URPQQh
t+WWVPV
;t$,v-
UQPXY]Y[
v	N+D$
GAIsProcessorFeaturePresent
KERNEL32
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
GlobalAlloc
CloseHandle
CreateFileA
ExitProcess
GetFileType
GetSystemTime
GetFileSize
GetStdHandle
RaiseException
ReadFile
RtlUnwind
SetEndOfFile
SetFilePointer
WriteFile
GetCommandLineA
GetLastError
GetModuleHandleA
MultiByteToWideChar
TlsGetValue
TlsSetValue
WideCharToMultiByte
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStartupInfoA
GetProcAddress
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsAlloc
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
HeapSize
KERNEL32.dll
)8HItO
YT3tth
.RKU-z
Crwig`
 7wa9R
kcc:Q8
E0p)6w
j,r[yZ
38C8*A
rt,.N-
j"zO5^
kIQ4)l
r+jOc.
~9^%4^
b8291V@5c7
	Z]!Z'
'V:L`-
rUm>MP
mXc>?*
n%\t~e
N=aD&p
*nGNqN
dx<`9i
#"Fu-U
tEnQ;+
BN#F>K
J:HU>6
|yt2cB
A>8*bu
dB(:Sa
dU-/:P
@J-j"W
_*>Nn_
,tDr[n
X[9bTr
Tr;YA4
pS2iG"
D?{?*L
ht3Xr{
D2psPz
<jlk47
$Jg8RA
A8~Md8
O)Gy]y
Yr90BL
Z(XHQP
g?<wf"
.\T{G?
)U@W1 
`7iL_%
M3i81{
hyY	LG
jM uqS
j"$m[`
m*-r}#
=_0`AA
VBAwxx
TA unO
/({ YA
x39ytD
#F'/.m
<Cp""`
cdX0|V
>\s/^Z
\LS'Rm
opPzBw
/x5!{k
kl-/AR
:#]SJ)
kD_cdh
~luR[$
9,YUIb
>4`:H 
4w1}G}
8|OA2&
y6z*p7
V'e#](
q'QDHc
CQv?)N
ZQU57i
 g	A.E
:KggyS
(h c~P
X;im-[
SMs)vN
P!d-Zg
DA6R_u
H1]Ks+
*)Zvwm
q&XOE-
8c19o 
t-W#t"
u|C:]P
X'jQBE
)j-TH|
%@P m%
Cvc/~~
S.|2oU
Ljw#u!
S;c9NR
JkkU~?
+*}gP]
8r1I-0
P@>#wR
-=sz_t
D7xu%&
!w$eht
,gZTSR
{dn5J	
XJa%@/
|?7M;f
zRLqg&
sEs\-)
1q	XHf
8%wr,P
Rh.K1n
V=-TVL
	:m:<&
ntYQ<G
1B7C9c
C0&dc5
9c-0@e
9E,@=9
83ZAFA
^~e_%e
D2#E94
#!8bf=
B=he3_
*2d0@$
@cyA)9
5_605*
5c9=Aa
Da?~^d
f( dcC
fBohVu
d}j%gc
\*k)|0
Q!	J@/
OT7-p0U
F~#f$~62c
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>