Sample details: c99e884959810d14b45bdb9eb421ca92 --

Hashes
MD5: c99e884959810d14b45bdb9eb421ca92
SHA1: d8f3b51f5b42c46c95a2022e757eaec7e6dc6ddc
SHA256: 0b1a4c5aa34ee58251c05e226a785f14d73498aa7feffcbdab9bf12831dcffa1
SSDEEP: 6144:nZEBtu6ZV8N/5mibR3gMYlj4PgIC5LPBmzj42HYdRW5vr:nZ4u6ugMYlj4Pg95LBmzjv4m5vr
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/win_hook | YRP/Str_Win32_Winsock2_Library |
Source
http://195.54.163.92/rlOoWOguD4.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
WATAUAVAWH
d$PL;y
4z(fu_.
.e4d3O
\rOgG,
HA$H $2
AHHMA@G
bw}$B,@
kManb%
yZa'o7dyw[f3
RqOr^N-.2
>(_6+(
?w0)p-H
5I6YYi
,H*{`^a
HEw{8s
AIH$PHH
kSa3	'
lBw;j}
QYm3;`
`XzIT{
IKC=|=h
y)"ys9#F
jf|PQW
U>Lr,'<Kf
<$zoBdd
hp<zr>
Mq{8"q7kp
idcl9F
4gFdCq>h
mMIK*k
;k"Rs$u
UN=LJ	
HLLI w
b2 W0+@
oi\W,Q
.I(?pPB
Tyw-4-
IQ	w"o
l`w$6k
xyM(a\w=
|/J)8>
H?fe[T
I"xiI>
/Cz\P[
[Z^`]SBY0*G
D$09|$Ds
T$,j@RQ
L$ _^3
+F(_^[;E
F(@@;F,v
F(;^ r
F(;F0u
^(_^[]
 ~	j Y
 ~	j [
S\_^[]
S\_^[]
t39w u&
_ 9w$u
9~Pu	P
t	9p(u
Ht;O u
u=j0^VP
SVWj(3
tj9~8u@j
9~8ucj
F4_^[]
0WWWWW
0WWWWW
^SSSSS
^SSSSS
QQSVWd
0WWWWW
@@BBf;
@@BBf;
0WWWWW
AAFFf;
^WWWWW
^WWWWW
>:u8FV
Pf95<i
VVVVVQRSSj
^WWWWW
0SSSSS
0A@@Ju
^SSSSS
j"^SSSSS
.;1s(N
HHt4HHt
Ht\Ht,
teHtFHt&Hu
ty<%tA
^SSSSS
s[S;7|G;w
tR99u2
>=Yt1j
QQSVWh
j@j ^V
URPQQh
v	N+D$
_VVVVV
^WWWWW
0SSSSS
t"SS9]
v$;50W
0SSSSS
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
0SSSSS
v	N+D$
_VVVVV
^SSSSS
j"^SSSSS
t+WWVPV
<+t(<-t$:
+t HHt
bad allocation
H9,;bRQu
wu23P9
!!X_Vs
b`(VI\
=][cc+
\aZc_Z@
b%Dm0g
cZ[Bn{
3r``aZ-^
^]a^d_C
]`[]`.u
Hw|gry<
%mc\)\
V9fWXaacc^c
w^]`[E
]wbc`[]^
$]bc_`
\__Z];
	Nb[_4]z
@[]^d^
ab^c[d
`a^\[Z
;3E*~I
`_\\^{
6\^_dc
*^^\^]]c>
T_dc^Z
1^aZMQ
_b]^`b
\``]^}@
Zc\H!i
,2*zZ]\c
f*1<1h
^_a^	[
_c[c_c
4da^_b
`[ZbZcY
loQ?HN
V^(Z]]_
SSWWSP
aZdcbb
]\_^dq
^]d`^8B)9,
k=d]]``
Z^d[|I,u
b^^_^af
(>9__^]^
nZ`b_Z94
a_Z\Mru
*R``ZZZauz
o^ZcaR
:|bZ`[
cZ\[Zd
[aZc^KK>
\caa[lB
^Z^^U-
^[_cb^
J]Zb`\
*]c^_]
x1kRY5}
d]b^Zdw
-^_bZ]
F[\c\d
0K^Z]Z
/Z^Z`n,
K85/kacZ
aZ^b^`E
 `ZZc]Q
Zd[Z`[3
dZcb\L
n"[[bbZ
mb]^`\c:-
lZ]\Z`%0SH
9:!Z^[3)
lc[]]\
-`^_]b_
1`d_^]
\b[\qE
0T]ddZ
O``ZcaZ
x`d\]H
6Za\c<+
]`caZ\a
-]_c\_Pu
UUUUUU
CObject
CInvalidArgException
CNotSupportedException
CMemoryException
CSimpleException
CException
COleException
CMapPtrToPtr
CArchiveException
CCmdTarget
GetMonitorInfoA
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
DISPLAY
InitCommonControls
InitCommonControlsEx
HtmlHelpW
hhctrl.ocx
CByteArray
CGdiObject
CUserException
CResourceException
CPtrArray
CObArray
bad allocation
Unknown exception
HeapQueryInformation
CorExitProcess
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
GAIsProcessorFeaturePresent
KERNEL32
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
(null)
`h````
xpxxxx
`h`hhh
xppwpp
1#QNAN
1#SNAN
CONOUT$
string too long
invalid string position
QueryPerformanceCounter
GetVolumeInformationW
GetSystemTime
OpenProcess
GetVersionExW
GetModuleHandleW
GetDateFormatW
FindResourceW
LoadResource
SetSystemPowerState
GetProcessHeap
GetLocalTime
CreateFileW
TlsSetValue
TlsAlloc
GetProcAddress
LoadLibraryW
MulDiv
FindFirstChangeNotificationW
KERNEL32.dll
OleUninitialize
OleSetContainedObject
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
ole32.dll
WSAWaitForMultipleEvents
WSAAddressToStringW
WSAConnect
WSACloseEvent
WS2_32.dll
OLEAUT32.dll
SetLastError
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
InitializeCriticalSection
LocalReAlloc
DeleteCriticalSection
GlobalFree
TlsFree
GetModuleFileNameW
InterlockedDecrement
SizeofResource
LockResource
FreeLibrary
GetCurrentProcessId
WideCharToMultiByte
lstrlenW
FormatMessageW
MultiByteToWideChar
CloseHandle
GetCurrentThreadId
InterlockedIncrement
CompareStringW
lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
GetModuleHandleA
CompareStringA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapReAlloc
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
GetTickCount
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
PeekMessageW
GetKeyState
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
PostMessageW
GetClientRect
SetForegroundWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
WinHelpW
LoadIconW
RegisterWindowMessageW
SetWindowTextW
ClientToScreen
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
USER32.dll
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
ExtTextOutW
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GDI32.dll
ClosePrinter
DocumentPropertiesW
OpenPrinterW
WINSPOOL.DRV
CreateStdAccessibleObject
LresultFromObject
OLEACC.dll
VRYTVXXRSSTWXQUYTSUSUUSXWWWSVVWQTWXYXQXQTXRZYUXWZVPWYQWVSTVYUTQVRQUSUYXSUUUZZSWTTUSQZRURUQSVRZVTU
ZXZVPRSX
UVXVYZ
ZRRVUS
QWQTQSVZYVSXWU
PUSYSRX
ZTVZVZ
YPQXPUV
VTWVQQ
TWQSXXPPVYPX
UYYTWW
RRYUUYQWV
SSWUXX
UWRXPW
ZWXQVSWXS
SRPXSWUSWP
VQPPVP
ZQZZRSPV
VYWRTX
TYQZUV
VirtualProtect
.?AVbad_alloc@std@@
.?AVexception@std@@
.PAVCException@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCObject@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCSimpleException@@
.?AVCException@@
.?AVCObject@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
.?AUCThreadData@@
.?AVCNoTrackObject@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVCDllIsolationWrapperBase@@
.?AVCComCtlWrapper@@
.?AVCCommDlgWrapper@@
.?AVCShellWrapper@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCOleException@@
.PAVCOleException@@
.?AVCMapPtrToPtr@@
.?AVCAfxStringMgr@@
.?AUIAtlStringMgr@ATL@@
.?AVCCmdTarget@@
.?AUIUnknown@@
.PAVCArchiveException@@
.?AVCArchiveException@@
.?AVCCmdUI@@
.?AVCHandleMap@@
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
.?AVCWnd@@
.?AVCTestCmdUI@@
.?AV_AFX_HTMLHELP_STATE@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AUIAccessible@@
.?AUIDispatch@@
.?AUIAccessibleProxy@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCAccessibleProxy@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AUIOleWindow@@
.?AVCByteArray@@
.?AVCGdiObject@@
.?AVCMenu@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCDC@@
.?AV?$CArray@W4LoadArrayObjType@CArchive@@ABW412@@@
.?AVCPtrArray@@
.?AVCObArray@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
YNE-),l
/223666
6//022666
//2//66
1JJJcyyy
.QQQvkkk
'''				'
kkk\eee
$000YDDD
777J444
QQPk###	
###	UUUl
RRRl(((	
$$$	UUUl
RRRl)((	
$$$	UUUl
RRQl)((	
$$$	UUUl
RRQl(((	
$$$	UUUl
QQQl(((	
$$$	UUUl
QQQl(((	
$$$	UUUl
QQQl(((	
$$$	UUUl
QQQl(((	
$$$	UUUl
QQPl(((	
$$$	UUUl
QPPl(((	
$$$	UUUl
PPPl(((	
$$$	UUUl
PPPl(((	
$$$	UUUl
PPPl(('	
$$$	UUUl
PPOl(('	
$$$	UUUl
PPOl'''	
$$$	UUUl
POOl'''	
$$$	UUUl
OOOl'''	
$$$	UUUl
OOOl'''	
$$$	UUUl
OONl(''	
$$$	UUUl
QQQl(((	
$$$	UUUl
UUUl)((	
$$$	UUUl
UUUl)))	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
$$$	UUUl
UUUl***	
%%%	UUUl
UUUl+++	
&&&	UUUl
UUUl,,,	
TTTg___
3jjj\UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]UUU]kkk\
LLLl!!!
(((;666
,,,#uuu
RRRdSSShSSShSSShSSShOOOhMMLhNMMhNNNhOONhPOOhOOOd"""
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false'/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
L'g84L