Sample details: b40ba4471bdd7e47ba91a6629083da11 --

Hashes
MD5: b40ba4471bdd7e47ba91a6629083da11
SHA1: 844b926ab6ed1a95ce37ac50135a871661b86f0e
SHA256: 46fc16422626ffe05a6bbf4640cf14012900d4f63adb7cdffc456888bb93a1dc
SSDEEP: 6144:DiwI+paGMHKFa+TWz/TCWcwPfW+ncL9cWEm6fNX7gWo975JYCLh9H/vlTcOCfzWW:OLsMq0z/+pecLWWEm6f95aLYChtw7HI
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook |
Source
http://www.momarch.it/imgvarie/php.scr
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
0A@@Ju
PPPPPPPP
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t h0}I
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
0SSSSS
PPPPPPPP
URPQQh,
t+WWVPV
;t$,v-
UQPXY]Y[
v	N+D$
0tvBy-
9B=AL[w^
lcmrz>
"#kVmX
FN%=L[
]XDK'l?
W_`EIX
w))LpU
{]:VLM
S"S#Kp
"2(}&[
92`t^m
7IfA_5	;
"UkGWs
BBuZy6
*Qvgj<
U}6#C.
K.(s$O\J
nCz#nP
 /B:	?
uh-5M?
iu]zxm
[+Tb4sk
?@##.wqo
Aag0m2
\eYZ+d
n3{,P2
)bz$ne
9lcP SjS
mI#2v,
]~	+%U
rx=Lm\
T"6dw-5
i^Wr_f
>Foq0:X
&]2pw0
N(%O<m
_/(zW6=^
)Joo:Yd
zte!"NL=
d#WJ=O
;ce>9Q
dY]=pK
*<`"W=u
FwHRos
g(gTgK}
[J8qw%
M%E>(r
um7p@3
1fm}pa
f&U7":
m75}e=
e-O,+G
(H*sOp
5#,>A+
:n]}u:
1Ns0cB
W6)41"+
ZUnqlB1
(]3-,3
~Tnfe)
>IaGlN
l%K)P3
``r0.t
a^*r#\
df|/M	
t-AU9b
D!9+R&
c`UV]<
c	$"y+
MC88}1
dK%T#n
3V*`O&
(b`[k2
gSl}/}"
m30%%t
E;$}B2!
dx-zzT
H"EDX|}Ih
!LVk:m
%r755`
Npg(7?9
2!\eD^#e
%'5EQ9B
tYy8Bp
"83*5]
LF"c2J<
kGlQ/Q
S5}e{5
!MCufuL$
N4Y4b}
p&=ySg
hyLB61}G;
-[^{RT
m2%ZM)7
m^Ec*PT6<
Qe74Ha
LRo.A!zG/
d~1d{4
2\mu&x
yG)':Z
pU@p$0P
_4BB`C
eM|f-5G
8CEcM.$
)<b-t}
S$)J%_a
{7[|`Lu3
Ze<5Vl
] `]tN
D*'cZs[E#
>B WX8
Cxb-:b
_}K%~f
svS5=/`
Cc 95lN
j*9\5C
`?_j2$
?X^V6t
(bi^LM
b?RwbU
;eg_E)mK
ps0O :
#, [B:
$e&pK)
M?{em3d
p6eiD*
K3Xz>t
CVl6DG#
sES%Tj*
RE%ra5
2|ar$#v
Z"xE-3rz5
$b/:7_
H/dC#L
b(9]|E
\?x%JB
x`o1DSp
eyPG$[
&]l2opUu
c9+36V|*
|,uo=Q
!%Tec6x30
)^&F	_47b$
_n"!WJ
%#}3He
jO5E?cA
>(1MfX
.A\7	(t
+y/USu
nVe(#4
BW\g7}
(E4k0'
Y{h><rI=M1
-&:G0]$f
N&s5+<YnN
%p0jYI
2h/\6@
fSgbCC
=p*/]tB
I=R >a[
BsE9)P
sbWD)PY}%
:kg=.g
$ew_FYt
^<B{8h
4Yd5Vn
IA%&JQ
umJiHM
}L31UQ
PI7fp/o
A|[4&B
c\eY3.7
j#3@p>
,8,pZD
%Edpb9
S%nAwi5
doC%`F
D%VF+;
C0FJweee
PaCz2Q
:5ywAV
~mGfG/
@]>\C0
HT,##x
#&8x1t
%"!;r6
*u+Oz=
3=7wCT
|:()Jfi7
GlV3eD{f
0cI]lc
/[y:pX
\OW4{z4
]kO>KW
OK?Ow;
DHjbHQEsr+%
:,U+y\xC
Xb]5T]
m=#mgZ
cabbage
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
SetWindowTextW
LoadBitmapW
ExitWindowsEx
BringWindowToTop
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
EnableWindow
IsWindowEnabled
GetLastActivePopup
SendMessageW
GetWindowThreadProcessId
MapDialogRect
SetWindowContextHelpId
GetWindow
PostQuitMessage
TabbedTextOutW
DrawTextExW
GrayStringW
SetWindowLongW
PeekMessageW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetWindowLongW
DefWindowProcW
ValidateRect
IsWindowVisible
SetWindowPos
EqualRect
UnregisterClassA
CreateDialogIndirectParamW
EndDialog
DestroyMenu
SetForegroundWindow
BeginPaint
DrawTextW
ReleaseDC
EndPaint
SystemParametersInfoW
InvalidateRect
PostThreadMessageW
DrawStateW
RedrawWindow
LoadStringW
MessageBoxW
InvalidateRgn
RegisterClipboardFormatW
ClientToScreen
GetWindowDC
GetSysColor
CopyRect
IntersectRect
UnhookWindowsHookEx
GetSysColorBrush
GetWindowTextW
GetCursorPos
GetKeyState
GetActiveWindow
CallNextHookEx
SetWindowsHookExW
CharUpperW
SendDlgItemMessageW
IsDialogMessageW
IsWindow
GetDlgCtrlID
MoveWindow
SetFocus
GetFocus
CharNextW
PtInRect
OffsetRect
CopyAcceleratorTableW
IsRectEmpty
SetRect
SetCursor
GetWindowRect
SetCapture
GetDesktopWindow
ReleaseCapture
GetNextDlgGroupItem
GetNextDlgTabItem
GetTopWindow
IsChild
MessageBeep
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcW
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
UpdateWindow
MapWindowPoints
GetMessagePos
GetMessageTime
SetActiveWindow
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
WinHelpW
SendDlgItemMessageA
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
USER32.dll
GetFileTitleW
COMDLG32.dll
SHGetFolderPathW
ShellExecuteW
SHELL32.dll
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
OleInitialize
ole32.dll
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegQueryValueExW
OpenProcessToken
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
LookupPrivilegeValueW
ADVAPI32.dll
SelectObject
SetTextColor
DeleteObject
GetStockObject
SetBkMode
GetObjectW
GetDeviceCaps
SaveDC
RestoreDC
SetBkColor
SetMapMode
GetClipBox
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
ScaleViewportExtEx
DPtoLP
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectW
GDI32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION.dll
GetProcAddress
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetThreadLocale
FormatMessageA
ResetEvent
GetLogicalDriveStringsW
DeleteFileA
MoveFileA
CreateProcessA
GetFileAttributesA
CreatePipe
GetExitCodeProcess
SetFilePointer
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
SetEnvironmentVariableW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
FlushFileBuffers
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
GetFileType
SetStdHandle
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetLocaleInfoA
GetACP
GetTickCount
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetFileTime
GetVolumeInformationW
DuplicateHandle
GetFileSize
UnlockFile
LockFile
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
TlsGetValue
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentProcess
WriteFile
WideCharToMultiByte
GetCurrentProcessId
MultiByteToWideChar
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
KERNEL32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>