Sample details: b1a0391c63de19293ff28a3824dc4de5 --

Hashes
MD5: b1a0391c63de19293ff28a3824dc4de5
SHA1: 09c721a5dea73fc2c078f107af0b5daf516c55d0
SHA256: de0dab5b37e81b10e63c0dd807d04e91ed79d50e01f0d14923c62cc03d8ef05d
SSDEEP: 3072:AH0KSNdZHiyJaGfCzdKU+PdD89il6JYI0TXsxa7phHsyyOkrh:OIdZHieaGEkU8G2IrMhMb
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation |
Source
http://peopleiknow.org/JKHhgdf72
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
j6h|1B
j7h|1B
j8h|1B
j9h|1B
																								
													
													
										
j]h42B
uBh$3B
u%hx4B
t.;t$$t(
VC20XC00U
u!hL:B
u!hL:B
u!h ;B
t!hl:B
u!hL:B
u%h8=B
u!h ;B
t!h|<B
t!h\<B
t!hD<B
t!h,<B
u!hL:B
u!h ;B
u%h(?B
 Rht?B
t1hd@B
jZhTAB
jDh(DB
j0hPDB
jqhPDB
jfhDEB
J ;H t
P$;Q$t
PPPPPPPP
PPPPPPPP
u0j~h(NB
GetModuleFileNameA
*mode != _T('\0')
mode != NULL
*file != _T('\0')
f:\vs70builds\3077\vc\crtbld\crt\src\fopen.c
file != NULL
_file.c
str != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\_open.c
filename != NULL
stream.c
Assertion Failed
Warning
dbgrpt.c
%s(%d) : %s
Assertion failed!
Assertion failed: 
_CrtDbgReport: String too long or IO Error
Second Chance Assertion Failed: File %s, Line %d
wsprintfA
user32.dll
Microsoft Visual C++ Debug Library
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module: 
File: 
Line: 
Expression: 
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
<program name unknown>
szUserMessage != NULL
CorExitProcess
mscoree.dll
stdenvp.c
stdargv.c
a_env.c
ioinit.c
tidtable.c
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
Client
Ignore
Normal
Error: memory allocation: bad memory block type.
Invalid allocation size: %Iu bytes.
Client hook allocation failure.
Client hook allocation failure at file %hs line %d.
dbgheap.c
_CrtCheckMemory()
_pFirstBlock == pOldBlock
_pLastBlock == pOldBlock
fRealloc || (!fRealloc && pNewBlock == pOldBlock)
pOldBlock->nLine == IGNORE_LINE && pOldBlock->lRequest == IGNORE_REQ
_CrtIsValidHeapPointer(pUserData)
The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()
Allocation too large or negative: %Iu bytes.
Client hook re-allocation failure.
Client hook re-allocation failure at file %hs line %d.
_pFirstBlock == pHead
_pLastBlock == pHead
pHead->nBlockUse == nBlockUse
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
DAMAGE: after %hs block (#%d) at 0x%p.
DAMAGE: before %hs block (#%d) at 0x%p.
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
Client hook free failure.
The Block at 0x%p was allocated by aligned routines, use _aligned_free()
%hs located at 0x%p is %Iu bytes long.
%hs allocated at file %hs(%d).
DAMAGE: on top of Free block at 0x%p.
DAMAGED
_heapchk fails with unknown return value!
_heapchk fails with _HEAPBADPTR.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADBEGIN.
Bad memory block found at 0x%p.
_CrtMemCheckPoint: NULL state pointer.
Object dump complete.
crt block at 0x%p, subtype %x, %Iu bytes long.
normal block at 0x%p, %Iu bytes long.
client block at 0x%p, subtype %x, %Iu bytes long.
{%ld} 
%hs(%d) : 
#File Error#(%d) : 
Dumping objects ->
 Data: <%s> %s
Detected memory leaks!
mlock.c
InitializeCriticalSectionAndSpinCount
string != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\sprintf.c
format != NULL
f:\vs70builds\3077\vc\crtbld\crt\src\vsprintf.c
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
onexit.c
mbctype.c
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
sprintf.c
isctype.c
(unsigned)(c + 1) <= 256
fclose.c
stream != NULL
osfinfo.c
chsize.c
size >= 0
("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
_flsbuf.c
`h````
ppxxxx
(null)
output.c
ch != _T('\0')
Program: 
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
a_map.c
a_str.c
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
_freebuf.c
_getbuf.c
convrtcp.c
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
GetLastError
KERNEL32.dll
CreateWindowExA
USER32.dll
CoFileTimeNow
ole32.dll
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
RtlUnwind
TerminateProcess
GetCurrentProcess
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
IsBadWritePtr
IsBadReadPtr
HeapValidate
CloseHandle
CreateFileW
InitializeCriticalSection
VirtualQuery
InterlockedExchange
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetStdHandle
SetEndOfFile
ReadFile
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
0%151N1}1
7)8X8^8
919a9g9
919a9g9
:4:d:j:
:&;U;[;
<(=.=y=
2;2k2q2
9C9s9y9
:4:c:i:
;#<)<t<
111`1f1
8-9]9c9
;";9;n;
?A?p?v?
0*101x1
5)6X6^6
<;<k<q<
=&>,>u>
2*3Z3`3
9<9l9r9
:(;.;E;z;
*0Y0_0
656d6j6
=2=a=g=
3=3l3r3
4&5,5t5
:1:a:g:
;3;9;u;
373f3l3
8(9W9]9
9,:2:r:
>G>w>}>
 0&0f0
3C3s3y3
3#4S4Y4
:.;^;d;
<2<8<x<
*0Z0`0
0.141t1
2	2I2y2
5G5w5}5
5%6T6Z6
=C=s=y=
2?2o2u2
7;7k7q7
<6<f<l<
121b1h1
6A6q6w6
9	:8:h:
;=;m;s;
1>1n1t1
1&2U2[2
8E8t8z8
=A=p=v=
? ?:?r?
5A5p5v5
8	999h9
:=:l:r:
5?5o5u5
8#9)9q9
72787r7
;8>P>W>_>d>h>l>
>F?L?P?T?X?
0C0u0|0
0F1K1j1s1
3+30393>3
6"6+696?6H6V6`6n6t6
7+7F7O7Y7w7
8'8C8L8g8p8
:0;4;8;<;@;D;H;L;P;T;
<"=;=Q=o=
>U?[?i?q?w?
2H2O2Y2k2u2
2.3<3H3w3
4(444S4m4y4
5"525>5
6&838;8@8[8h8m8
919>9E9K9X9d9m9v9{9
:7:=:K:U:o:I;
=?=M=W=^=
?F?U?h?
4%4/4B4
4!5/585K5
646:6O6
70767?7T7
;%;.;2;8;>;D;J;O;T;Y;_;d;j;
<)<H<P<W<j<
0-060Z0
2$2;2q2
2_3g3p3
4)4.4^4
5o5w5}5
8'8J8d8
9:9l9x9
9X:a:p:y:
<'<-<6<G<O<d<v<{<
=)=5=>=V=v=
=H>T>j>z>
?K?W?x?
0+0F0c0m0y0
1&161B1X1d1m1
23383=3]3b3
3[4g4n4
6&6+6U6l6
9)959v9{9
;*</<g<
=2>@>O>e>
2T2a2n2{2
4@4G4Y4`4v4{4|5
9&:+:H:Q:Z:^:e:k:y:
<c=l=">6>;>
0 131v1
2&2E2d2
5-535E5O5p5
7/7M7b7s7
9$9/989y9
<%</<=<G<U<^<w<
=^=h=s=
=$>0>6>
0!0H0j0z0
0B1I1o1
2+2D2f2u2
363E3Z3h3
7-7K7{7
=&=1=8=A=J=S=d=s=
>(>9>?>G>P>h>q>
?8?j?v?
K3V3^3
3#4A4H4n4v475Z<d<k<}<
6%6p6w6
6T7[7h7o7
8Q9Z9F:K:q:z:
;6<S<]<
>H>X?b?
031D1\1
2 2A2o2
2I3e3q3
3	4%4I4U4|4
5 5V5[5
6&6U6`6~6
9E9O9Y9
>6>;>X>p>
465=5L6S6g7n7,8
0 0$0(0,0004080<0@0D0H0L0a0e0i0m0q0
3 303\3v3{3
4)4W4`4
6'606X6f6
7&8K8r8
#141O1c1~1
2"262R2f2
6 6$6(6,6v6|6
7 7$7(7I7s7
8 8$8z8
:3:X:x:
>F>K>a>
+0>0w0F1
324@4S4m4
0$0(0@0H0P0L4P4T4$5,545<5D5L5T5\5d5l5t5|5
5H8X8\8d8
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:t:x:|:
5T#1Ro^jX
,_FyacW
Fp^T%3
xZvXQW
8O$&	/{h8
s"Q,2$
+,$KBlb
%qYDV8|5
!'lj/^TM
y1]b(7Y
'-Y9*UWM
n%Q=2;a2m
z=+MEo
2hD'K'D
n0W#1 
%w?{	j
8	3FAv
,EyHxT
+)P2#B@
/9Fu%uN
tD(Kh8
M}Y#lp
z)G:m+Lr
t+;?=?
Uw-Ha!-G"
w-%xM+
:+YN(-
	)U2T;
O}"hx+,Qk
@L96Wf
a=N&O|R
Q*w6Q@c
G9 4)$
.L`?4<
^V<;sEn
ky 	C;
bq?>vi
=JTX0(>
RaxFjtV
wHQ-2F
2iA/E@v
]yZCYp
?Pv<B?
l($T[?
KuimfV
,\i{cS
g`_Bg_
-OHd~a
ay;SeN
YP}/^4n
&p&w5k
HeDtn~q
qzAnl2
dV?LM3T
7aV,K9
I9$nh}0Cf
4U-;hbB*
4vem;,
h,[jpqC0
K<aPNN
$Y=L0)!$
 SQzN.
nHQfEL 
8BOC\5
p:"&H3\
NdJF<Z
NZN!,R
h.|Re9
3`71_>
liv9:J
F+50>A
YX7tbP
$wp+x\
r)Ek_x
UOy7jx
>{X;^L
ZE+?6]
n~X:cy"
ajP5#rR?
+tH1U9t
<Bxv!]
!# &dp
u5%Enf
Y/F4(BM6