Sample details: b0ee9dae7de7781ea809278c48c310a5 --

Hashes
MD5: b0ee9dae7de7781ea809278c48c310a5
SHA1: 28be65219441d78399027aa42c9cc7456ee67130
SHA256: c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8
SSDEEP: 3072:cPgObYtVfyWSBNSXxPB5fXGWgP548gbl9GNPz+DPGfK:ygJ7Gw57WWg6l9iSl
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation |
Source
http://nwfpakistan.com/kjdfhg874
http://mikeylinehan.com/kjdfhg874
http://loquiereslotienesya.com/kjdfhg874
http://lasercutlawncare.com/kjdfhg874
http://jcvitalis.com/kjdfhg874
http://icilarache.com/kjdfhg874
http://icilarache.com/kjdfhg874
Strings
          	            !This program cannot be run in DOS mode.
Richg*\
`.rdata
@.data
@.reloc
0WWWWW
0WWWWW
QQSVWd
0SSSSS
tNIt?It0It 
t h\eA
j@j ^V
HHtXHHt
>If90t
t$<"u	3
>=Yt1j
< tK<	tG
s[S;7|G;w
YYhleA
tR99u2
	X 9} 
URPQQh
0SSSSS
0SSSSS
0A@@Ju
^SSSSS
j"^SSSSS
v	N+D$
_VVVVV
^WWWWW
tRHtCHt4Ht%HtFHHt
;t$,v-
UQPXY]Y[
t"SS9]
PPPPPPPP
PPPPPPPP
0SSSSS
v	N+D$
_VVVVV
t+WWVPV
<+t(<-t$:
+t HHt
bad allocation
string too long
invalid string position
Unknown exception
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
(null)
`h````
xpxxxx
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
?ZEM-'^
?{yK+;
?765@Z
?e')lW
UUUUUU
333333
?333333
?UUUUUU
?$rxxx
RUUUUU
bad exception
_nextafter
_hypot
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GAIsProcessorFeaturePresent
KERNEL32
i^^?(>
Y:/(A6>
< Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
bad allocation
yazebenamesonewecipuluva tucabacepe yujaxijizadoruxicaloyemawe
wasozu %d zewocoditasuhiwike %d
hesesurojofukematuxewenahuba wubojahujagemazejuyemeleciciguhe cehizazeha
kixuxefotizukuxucuda besozazuhezelevohihahejaci
VirtualProtect
vector<T> too long
ExitProcess
GetCPInfo
GetTickCount
GlobalAlloc
LoadLibraryW
GetThreadSelectorEntry
TerminateProcess
ExitThread
GetLastError
GetProcAddress
AddAtomA
FatalExit
GetFileInformationByHandle
KERNEL32.dll
LookupIconIdFromDirectory
GetDlgCtrlID
GetCaretPos
LoadStringW
GetRawInputDeviceInfoW
LoadCursorFromFileW
PeekMessageA
GetAltTabInfoA
LoadMenuW
LoadIconW
LoadAcceleratorsW
TranslateMessage
GetUpdateRect
BeginPaint
LoadCursorW
LoadIconA
LoadBitmapA
DefDlgProcW
LoadImageW
GetMessageExtraInfo
GetRawInputData
LoadMenuIndirectA
TranslateAcceleratorW
CloseClipboard
EndPaint
USER32.dll
FillPath
CopyEnhMetaFileW
CombineRgn
ColorCorrectPalette
BitBlt
GDI32.dll
AddAccessAllowedAceEx
AdjustTokenGroups
AddAccessAllowedAce
ADVAPI32.dll
FindExecutableA
ShellAboutA
DragFinish
SHELL32.dll
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetFilePointer
SetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
fakayijahavewakifoledutewitutosolesuburomegesefekelegoceholoticeyemuciyovahuvunitiwapocomigovacuyitekenirayikeca
_m;^*8
jOz{X&O
@%golf
Ur4_19 ]
z7tL?Z
h1+D1	\
YS83v~!
=LBVxS
i+XPA\a0
2$&"9-
3;Q)LGm
DVuqp%>V+
%b|Nawo
-vG)XoM}
 5/J]6
f|[)h]
dJmG"g
yu4%p)d
#) B1`
LcPM]H
g#0	.+
j)#lG+
3dcfhak
"yhty0Q
?j?./Z
)-s8M=K
4e(/M	
rsB<t%
/%Bg0S
qe>Xjd
xw5@Se
=f6msB
5Ml`XN
QLyI/e
aSnize
2{9<ty
0e&ZQO
1Rk=`uw
r\;g4'\
|7CFc*
xx)Ffp
$43[LS>k
lH1T?A^LX
h36Me%|m
d-g"hc
{c1'<g
~?+D}O,
 #eegy
yL39rh
WjLnV)
*+G)wE
M>7X@D
hY_J=P
jKc6h`X
Q)m8T?5
W;:n.z=fZ
~	n"yL
BlWS	4.
kCJJ#Kz
(Bx|f*
?2L"yJ
'lna[EI(T
+*uOzt
G*w	WO
deP'Gk
Z^} *6
#cVl^K
P_oGz_
;4g	Ti
1.181U1f1p1
3'4<4E4N4`4r4
7H8O8q8x8
?1?:?B?b?
0%0G0]0o0\2
223?3o3u3}3
; ;$;(;,;0;4;~;
<#<(<,<0<Q<{<
= =$=(=,=~=
=b>l>y>
1D1M1V1c1
2A2E2I2M2Q2U2Y2]2a2e2i2m2q2w2
4'4;4A4J4]4
565D5I5
8%8+80898V8\8g8l8t8z8
9%=1=d=
0"0r0L1T1l1
3!3N3i3o3x3
4&4+4;4E4L4W4`4v4
5!5K5P5[5`5~5/6<6Y6
60757]7
8/8<8^8d8~8
9)9>9H9n9
:@;T;u;{;
<L<V<~<
2"3(333?3T3[3o3v3
424A4H4U4x4
4#5)5E5]5
5 6*6b6j6
7(74797>7D7H7N7S7Y7^7m7
8#8b8j8v8
:0:@:L:U:
;4=<=a=i=
>L?k?p?v?z?
3.3:3F3R3~3
3$4.464W4k4
5#5+515H5N5_5v5}5
6(6/676<6@6D6m6
7$7(7,707
8M8T8X8\8`8d8h8l8p8
2;3^3i3
4>4C4#5.5
6;7A7Z7`7
8%8h8w8
<%=H=U=a=i=q=}=
204H7o7|7z9n:
:X;^;d;j;p;v;};
<#<)</<E<L<
2-2C2Y2a2
4)5:7L7^7
9+9Y9e9q:8;=;O;m;
<!<&<6<e<s<
=)>8>T>b>h>x>}>
1?1K1r1
1G2T2m2
5#5Q5_5p6
8#909:9H9Q9[9
95:j:}:
;R<^<q<
=&=M=v=
-0D0U0
0;0E0N0Y0n0u0{0
3(434V4
5)6C6L6n6
8"8.8u8
9*:<:I:U:_:g:r:
>5><>F>N>[>b>
2)2;2M2_2B5I5
=0L0?152=2
9W:]:m:
2#2'2+2/23272;2?2L2'3?3N3z3
3&3.3<3J3T3^3h3r3z3
4+4;4M4_4u4
=&>5>Q>
>+?1?9?U?b?l?q?
0-0=0M0]0m0
171C1z1
2024282<2@2D2H2L2P2T2X2\2
034383\5`5d5h5|5
H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
$2(2024282<2T2X2h2l2p2t2|2
3$3<3L3P3`3d3h3l3t3
4$44484@4X4
505P5p5
686T6X6x6
707P7p7x7|7
84888T8X8`8h8p8t8|8
9,909L9P9p9
:0:P:p:
;$;,;0;4;<;D;L;`;h;l;t;|;
0$0H0L0d0
3$3,343<3D3L3T3\3d3l3t3|3
8L8T8\8d8l8t8|8
9$9,9t9x9|9
>(?8?H?X?h?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
585X5x5