Sample details: bbd2b38ac22f900c361f7cedee95d0ec --

Hashes
MD5: bbd2b38ac22f900c361f7cedee95d0ec
SHA1: 2db4501192669c88d95648a24be5c42c77155c0e
SHA256: 961d845eade069d4bc6acedb9dabe4bd2212360adc15747f83128c3bebd269f0
SSDEEP: 3072:64qXkdjN4TH/oPKOqjoLsik3+xJFIuCqq/3p:64KkZEoPkoLsiy+Ij
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/network_http | YRP/screenshot | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API |
Source
http://autowrd.net/xls/mstsw.exe
http://autowrd.net/xls/mstsw.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
WPWWjdjdWWh
PSWVQP
@uyPh@
t"SS9] u
^SSSSS
>:u8FV
VVVVVQRSSj
HHt$HHt
?If90t
HHt$HHt
t$<"u	3
< tK<	tG
j@j ^V
URPQQh
v	N+D$
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
QQSVWd
t*=RCC
;7|G;p
tR99u2
v	N+D$
<+t"<-t
+t HHt
Unknown exception
CorExitProcess
bad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
(null)
`h````
xpxxxx
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
Addr: %02X%02X%02X%02X:%02X%02X%02X%02X%02X%02X
\StringFileInfo\040904B0\FileVersion
ImmSetCompositionString returned: %d
ImmGetCompositionString returned: %d, %p
Shell IDList Array
All Files
Device
windows
DsDriver
HTTP/1.1
%.2d/%.2d/%.4d %.2d:%.2d
Dos drive names: 
%02d:%02d:%02d
DIALOG1
vector<T> too long
bad exception
1#QNAN
1#SNAN
C:\Easter\stocks\Pembroke.pdb
GetVolumeNameForVolumeMountPointA
FreeLibrary
HeapAlloc
GlobalAddAtomA
FindNextVolumeMountPointA
ExpandEnvironmentStringsA
LoadLibraryW
MulDiv
FileTimeToSystemTime
EnumSystemLanguageGroupsA
GetLogicalDriveStringsA
GetLastError
GetProcAddress
FindVolumeMountPointClose
LoadLibraryA
GetProfileStringA
GetModuleFileNameA
FindFirstVolumeMountPointA
GetModuleHandleA
FileTimeToLocalFileTime
lstrcpyA
KERNEL32.dll
IsRectEmpty
GetWindow
DestroyIcon
DialogBoxParamA
GetDlgCtrlID
LoadCursorA
LoadImageA
IsWindowVisible
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
LoadAcceleratorsA
GetMenuItemInfoA
SetWindowPos
DefWindowProcA
EndDialog
GetDlgItem
MonitorFromWindow
TranslateAcceleratorA
ReleaseDC
CreateWindowExA
GetWindowLongA
RegisterClipboardFormatA
SetPropA
GetMenu
GetForegroundWindow
TranslateMessage
GetMonitorInfoA
BeginPaint
SendMessageA
SetFocus
ExitWindowsEx
GetClientRect
CharNextA
wsprintfA
InvalidateRgn
LoadIconA
LoadStringA
SendDlgItemMessageA
PostQuitMessage
GetWindowRect
ScreenToClient
HideCaret
GetMessageA
EndPaint
USER32.dll
TextOutA
GetStockObject
CreatePen
EndPath
Rectangle
CreateCompatibleBitmap
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
ExcludeClipRect
CreateFontIndirectA
StretchBlt
GetDeviceCaps
DeleteDC
SetTextColor
CreateEnhMetaFileA
GetEnhMetaFileA
SetViewportOrgEx
BitBlt
SetWindowOrgEx
MoveToEx
StrokePath
BeginPath
GDI32.dll
GetPrinterDriverA
ClosePrinter
DeviceCapabilitiesA
OpenPrinterA
SetPrinterDataExA
WINSPOOL.DRV
GetOpenFileNameA
COMDLG32.dll
ShellExecuteA
ExtractAssociatedIconA
Shell_NotifyIconA
SHELL32.dll
CoInitialize
ole32.dll
ODBC32.dll
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
WININET.dll
WSALookupServiceNextA
WSALookupServiceEnd
WSALookupServiceBeginA
WS2_32.dll
NetApiBufferSize
NetAuditRead
NetApiBufferFree
NETAPI32.dll
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VERSION.dll
SendARP
IPHLPAPI.DLL
AssocCreate
SHLWAPI.dll
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
ImmGetContext
ImmCreateContext
ImmDestroyContext
ImmReleaseContext
ImmGetCompositionStringW
ImmSetConversionStatus
ImmSetCompositionStringW
ImmSetOpenStatus
ImmAssociateContext
ImmGetConversionStatus
IMM32.dll
ObtainUserAgentString
urlmon.dll
phoneGetVolume
TAPI32.dll
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapCreate
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
HeapSize
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
FlushFileBuffers
ReadFile
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
CloseHandle
CreateFileW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
~(3ahl
VVWQlheczr
$d,\05
rpt;|Gi
lmP&rr
s0`_["
dh03"a
XVVWQlheczr
^!.8=r
[P%89d;
J Hx]|o
^WVVWQlheczr
l}t&r^
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
}NP='vX
:VUH{+
NE,..b
CR	Qt{
CO\wmZ=
|F~~~~
VNmQql
%l63m$g3
gC+|j<p
|F~~~~
y0J6Um
MwbC.t0Hxx
_)90~p
aUktzkl
etp||p
Ckue:S
-*0ec-s
Xp6`=Z
4I7zX$
9d",.x0
oP/h:Nz
Y.-o2?#
:4>UnJO
LP-_c$
Z|k4bn
#UB6^`
>=-W|ZTw
F$V3rKJvW
x[J;PF
&NZaiM
!fox}HXY
iQ3/aZ
a<LOGo
|JW3-2$m
MVD`/k
C3^Edq
NJb!ZoE
1[R= _
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwU
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
EUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUS
ffffffffffffffffffffffffffffffffffffff%
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUP
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING