Sample details: c40064a288b5c6ca75902f9545391f47 --

Hashes
MD5: c40064a288b5c6ca75902f9545391f47
SHA1: 4bbfc2f89d39b8ddac37ff58704ffb202e655864
SHA256: c278ce2b4b7935a592f0400040d2c9feaa361240758d1f1cf339eadcd47ed75d
SSDEEP: 12288:kYelQy+kO1pYDN9WfBZL1TZaX1e4rLJHmp:kHlQfU5sfL9ZaXDJc
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation |
Source
http://134.0.117.224/1300/1300.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
HHtXHHt
>If90t
0SSSSS
0A@@Ju
t$hx[A
_VVVVV
^WWWWW
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
^SSSSS
j"^SSSSS
v	N+D$
URPQQh\
t"SS9]
v$;5,EG
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
<+t(<-t$:
+t HHt
0SSSSS
v	N+D$
_VVVVV
;t$,v-
UQPXY]Y[
t+WWVPV
Omukig
Ekokew ukez iluvyz
Aqerap acib ebybiw uvuw
Ofyf ifip akarip
Urapal izojan
Ofetit ymoq ulyt utigoc
Yzyzag amamov odiq
Enutad; okutob icuk ywaf
Ubahev
Yqac ebowud; ixum
Uvukut egixaj utonoq icosow orupas
Owelok ebem %d ogyc uqym ixydyc
Igoxet %s ajej
Apek akoryd
Ivigop %d anit otyh; agyp ujidap
Ujatam. oweh.dll yfux: azexif aziqil
Oveh* imovak ifox ujowaq* ucuter
Ocevun ajer unowom elyc afazed
Olitat ohin ymolok = eqipil yfytyq
Ybelet osem: unatoh agunam
Ipil asub. aqen %s uhir
Abyq uxyk ykehyh efoz
Oxym ekog egygaf.dll acow
Elihut = ywokov ycys azafeq uragec
Inet ymogoz
Abyt ykenaf* emif amybog ogan
Igat: esar* axysiq ymud
Onivem %d elaxaz axamol: uqem
Axak oqet.dll icul
Utanup %s ulyq: uqeb ahylix ariluz
Ijih.dll yhokoz
Ypod yluz. ajoqon igepav
Oqyram yseq azines yperow
Ixyr ykod aneh
Yqiw. ivuc esih aruciw* esyz
Ypod yluz. ajoqon igepav
Esavix
Igob esaris
Ycineq
Iqices* omocul %s atox
Agod azoteh ijodyt olil
Ametaq. usuliw uqiz uryt
Ajav oxeh ysinyb imow ivow
Icuk ywaf
Ovatol ovud ysev itigip
Abon eridyp
Ikek ydodol
Ebuv ihyl
Oqumyb
Amazak ahaq ywex owux.dll azim
Ydisad ucehin akopup uhev anyh
Uhenah
Eqic apax
Acuc ypux
Efib uwyq eteqem ojafid %s ywap
Awafap
Adylih %d uhexip
Olafon inyv: asug %d awubom
Uhomoh iban yzobar ined* urejyn
Iciv.dll yduz = eciriw
Ohonif = ecuquc* ylavyk ykyj. ijif
Ohed yxefym ubocyn yzahes ipitut
Acopaj ojahoh ilybij itosos ytobup
Otofoj
Anib uqik asezud ynonow* iraf
Elepic ywozan: arebyh
Yqamet.dll opus
Afyvor ijef iforuz isux
Amisel
Ydap azew* adapub uvav
Ebagez egyg
Ilyk yhyrah axum yraf. uqowax
Idan* osij yrymet
Uvin; enidad. ufyx
Acuc ypux
Efib uwyq eteqem ojafid %s ywap
Yradys udyv usal. uquryf %d afyt
Ixodod apewac yledum epafur
Oqekas umyn adet %s ijugug
Ubasut. usuzul. etaw ejuxod uzew
Atecuw idyf asev = urikys edetix
Ykukej %d opum
Ynodag %d acazir okusim
Asec; ygilup %s ezukaz eper
Ypaled omesik %s uhed ybex
(null)
`h````
xpxxxx
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
CONOUT$
NotifyWinEvent
USER32.dll
CommandLineToArgvW
SHELL32.dll
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
ADVAPI32.dll
PlgBlt
BitBlt
ExtSelectClipRgn
EnumICMProfilesA
SelectClipPath
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetDeviceCaps
DeleteObject
CreateFontIndirectA
CreateBrushIndirect
GDI32.dll
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
COMCTL32.dll
WTSGetActiveConsoleSessionId
PrepareTape
GetCurrentProcessId
GetFileType
GetProcAddress
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
LCMapStringW
ExitProcess
HeapSize
SetStdHandle
LCMapStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetProcessHeap
ReadFile
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
RemoveDirectoryW
FindNextFileW
SetLastError
GetExitCodeProcess
ResumeThread
CreateProcessW
LocalFree
GetTickCount
CreateDirectoryW
GetTempPathW
GetFileAttributesW
GetCurrentProcess
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetModuleHandleW
DeleteCriticalSection
HeapAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetLastError
GetModuleHandleA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
FlushFileBuffers
CloseHandle
CreateFileA
KERNEL32.dll
V^{bh e_1
2`V&S:
%n<_1P
6pmVek
= ld,.
"H5SLPs
fE!B'0"
fcQqmq
k.k8DT{n
fIvpyu
d'\!a;i
r8Zk?qr
j,lF*4"
q8Pu	-
&t>(-mc
'w_[&)
z1<uN?!
RhF6Wl3
Uc0#NFT
O[QrB,
Ojb;(>
V1e*B*jp
]HS0xr
Me@[@(
+	r?4	
cSSNk*
[*/\f.
B4G(Ui
Iexl<Z
6$"JrV
BLn_2^
T&_uu}
udG^iauc)?
=f5W2"t
wlAM*,8
kbo[=p'
=lck'S
 su\?NF]
!Aq$g5
,!r`%[onI2@
;m_	RT
C=:Pb"
~S(aI.
3,+mIj
5OT}fe
B}e<&,Z&h
U[Ae9k
/blRuF
AhIS>!
_a<;QP
4;#8/G 
Aw&kez
hD,SE&,W
 r'4Cs
\P>d!S
hpz=u>
fG8/%%
MJxu_u'
Fo!mSk
{~TT>CU
.\&>5h'
=lJT5t#
@xupBy
(DsZf},m
WOxeS@
nRuZxsV
{$:aGyd
=V,fbb
!/JF2po
IF~8SG
,i.B,&
KPFUl{TQ7
\(?R(nD
3y:4K4
fLXpVlc2
CboRgk
69"#!Z
8@Rdvp
pDfL%e
<K-#90
4)13fv
vWHt&j
G!T~4j!!g
Sy1TWk
K:vso1
Sw$8U,C
7m3O@\z
Kz_7nD3
~Ax1A9
6N8	&h
-(IUS`]-
#FI<%Ql
wFE%]w"
A:f*4=&2
|0_+Y".
W/&X?0ye
"1^u{5
V6Z!mD,\
T	=.q:
7t'f>tqrm
ko90z+
&tO:U{N	
c >N_bV
vIej."
0<Gb$_
fTk>-l
=~?ORM
T%UB~.
8f@NGW@
m2z]*[Z
Q?j!H.
[65BS)
XDv2	L
M3NW{E7
K$Id*Q
3;H,7u
4;B9M-n
Wc$eZ9
lCKO#M
n\xn7X_UB
 Zyp*I
LnXUnwm
$5[[FC
Kg]DQbSz)
KAe6bI
1_vzLM+
AUp5n=
a%5P"x
7@`eaW
#OQcM]
 $u1DVD}
yG)n_w
e'!<p\
i>o?N~2
t+^|]"R
mM<KtQ
X%g}HF
H<9nje
5I&g7^A
^O]C#rSn
4ceW@>
X	0/Pe
}8	?:<
_xuy@z
=A\)W^
/sUc*n6\)W
jsCy8u
@yBr4P
^"FJ0ikt
#;;Ef:
Zag]<|
HLc_S}
^T.m!v
'"y,&o
c+xIV=
!=zvg:
_1!ZxV|
I5/7O].
qBK Piu
WcRgPW)
.Qr7m(UI
My	ak=
Acr(%c
B:k/~w
I//c.)
@odHV9R
WW C]7
{/lRn_
+wpm`0?:
yQgt)[
9VLB d
t	C%/79
aGn@:k0
S{\0AT
tJBxxl
8QLf+,
'zlI4:
/d@xz	:
&QcRP_.k
-mJ,)1
p-1Lt:
86!#`|
pny g-
A?<sgP
{?apAn?
p4@\3)
mzY9m|
!t6qbL
RVoc6/
h4e!l~
8<DQ}WY=
\	XIjj
77$:(&
Vgp*tz
Xdk$ta
:MF"=N
~x#cfi,
kDUT);O
g+83MMM
6!!PJ@r
d!eF%a
	~Egfr
LXJ?3V|
Wx+myT
tAUTj%
tJaJjs
AbITJbP
j)+25'
h,}R4g
Dz	jhT`
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
bG(R<#E)
wY7xR(
wQ>"WA"YB"YC"YC"YC"YC"L-
yI	xH	vE
wH	uG	kB
|Q2	`;
uT,bK.XB%ZF-XC&YD)YD)YD)YE*L0
~T#}U#
~U$|S!wM
[2wP qH
tO"tQ'nI
zR sE	tI
zQ {Q sI
z||^6kD
uO"xP {R!tI
rM!xP"|S#rE
sO%xR%}U'sH
uQ&yZ2{^7y\7x[7wZ7tY7rW6xaB
oL!xP%|T'rG
oK wP#|T'qE
qN$yS)
rN%zT)
ml|_9hC
tP'{W.
wT+~[3
k@	vT(
mM"oO'fH!gL(mU4mU5mU5nU5pW6tY7rT.lH
kO*u^?mU7]B!X=
qQwR&nI
csN#jE
uT(vW5
nUkT5lT5qY9
yY0qQ+}\8
rP%vV1
kK"w]<u]>pY:vaDxbFpY9rY8{aAtU.sT2uT/}]9
a<sN!lC
mN*xX4
c@~\6qJ
tWuS.c@
hMjJ&sS.
`?|Z2iA
pS1oN)|]9
nTuV5yW4
sW5tU3{[8
v^qQ-tU1zZ5
cDz]<sS/{Z8~^;
mT{cGw]@jJ%nN)qR.rS.yZ7}\:
rQ(|];
lJ"uV2xY7xV1}]:
jKqP&sQ*wW1wW1uT,yW4|]9
rO%rO%sO'
w\}]:~];uT-sR(wW0uS,zY4
pM$pK!
w[wX1~];wW1uS,xX2
rQ(tR+qN%
v[wX2~_=tR+vU/wW1
pyX5|];~`?
dDtS,zZ6z[7z[7
vnJ kG
qN%vV0
fE}^<wX2xX4}^<~`?
qN'oJ!vX2
kLxW4yZ7
oL$sS-rQ+rQ+vV1{];
y_{\:zZ7z[9
oL$qO(oJ#rQ+uU0pN'
lJ nJ!pM%pN'qO(vW4rS-
nJ#pQ)qQ+sT/rR-
mJ#pQ)pN(vW4sT0pM'xZ9|_@y\:
kI nK$oM'rR-qQ,uW4sT0sT0xZ9|^?z]<
llI!nK%oM(pQ+pO)pQ,rS/sU1uW5wY7y[;{^?
}fkI!mL%nM'nM'oN(qQ-qS/tU2vW5uW5wY9z^=~aB
~gjI!lJ#mK%nM'oN)pO+rT0tV2tV4wX7y\;z^?|^@
}fjI!kJ#nM(nN(oQ+pQ,qR/qS0tU2vX7x[;{^?|`B
zajH!kJ$lK%nM(mM(pQ-qR/qS0sU2uW6vY9y[<}aC
x_lJ$kI#kK%mL(oN+pQ-pR/qS0qT1sW5vZ:y\<|`B
t[hH!jI#kI$nM)nM)nN+pQ/pS0qT1sW5vZ:x\=z^@
qWhH!jI$kK%kK'lK'nN+oO,pQ/qS1sW5tW7vZ;z^@|aD
lQhH!iI#kJ%mM)nN+oQ-oQ-nQ-pR0tW7tW7tW7y^@z^A
kOiH#hI#iI#kL(kJ%kK(mN+pQ/pR1pS1rV5rU5uZ;w\=y^A
hM|`D~fImN,nQ-oQ/rW6lM)lL)mN+oQ/pT2pS1qT4tX9sW7uZ;uY;~dHvZ<~cHx^@{aDhH#gH#hH#kL)nO-mN+kL)lM+nQ-pR1qU5qU4sW7rW7v\=v[<uZ<w]@x]@y^AgH#hI$fG!jI%nO/oQ0nQ/lN,mO-oQ0oR1oR1qW6qT4w\?rW6tY;rW7uZ<uY;fG!fE fG!iI%fH#lM+nO/lO-jK(lN-oQ0oQ1oO0oQ0sX:qW7qT5rW7rW7qV6dD
gH$hH$kM+oO0nO0mO/pR2qU5pT5oS2oR2qV6oR1oS2pU5oS2oS2bC
fG!dG!fG#fH#gH%hI'iL)kL+kL+pU5oS2qU6lO-mO/mO0oR2nQ0`@
cD cD cE dG#fH$gH%fH$jK)jK)kL+lM,lN-kN-kN-kM,kM,lN-`A
cD dE!dE!dG#fH$dH$hI'iK)jL+jL+kM,iK)hI(hJ(iK)^@
dD!bC dG#cE#gI'hH'gI'gI'dH$fH%fH%cE#^?
bD cE!cG#fH%fH%dG$cD!cE!bD bC \=
aD bE!bD!cD!aC `B
T5	T5	T4
S4	S4	T5
T5	T4	T4
S4	S4	T4
 #""**)(2+*)?
%$##3@?<^mli
!  -UTRr
%$#2XVTy
.-,%WUT
IGE`sqm
CBANB@@%KII
[YXsCBA1HFF
GEDEFED!IGG
]ZYlDCB 
RPN<igdo
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>