Sample details: cac2eaa37b36f498f29843590fca272e --

Hashes
MD5: cac2eaa37b36f498f29843590fca272e
SHA1: 8d2259cdfc35ac1fe8a0e6e723b2fdcc2dd1d805
SHA256: 4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
SSDEEP: 12288:QwCdAwhZ3TYLlBrIxCo2DlTXS9GZg/Eo9:Qdd/hZs/G2D9XkGfG
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/win_hook | YRP/VC8_Random |
Source
http://www.foxydance.cz/repository/ri.php
http://www.sabineclaire.com/girasoli/ri.php
http://134.0.117.224/itexe/stat.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
0SSSSS
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
t h,gI
0A@@Ju
0SSSSS
0SSSSS
URPQQh
PPPPPPPP
PPPPPPPP
t"SS9]
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
AA BB CC
AA BB CC
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetParent
MessageBoxA
CharUpperW
wvsprintfW
GetSystemMenu
EnableMenuItem
PtInRect
CallNextHookEx
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
DrawTextW
SystemParametersInfoW
GetSystemMetrics
SetFocus
UnhookWindowsHookEx
SetWindowLongW
CreateWindowExW
SetWindowTextW
wsprintfA
GetSysColor
GetWindowTextLengthW
GetWindowTextW
GetClassNameA
wsprintfW
SendMessageW
EndDialog
DestroyWindow
KillTimer
DispatchMessageW
GetMessageW
SetTimer
GetWindowLongW
ScreenToClient
GetWindowRect
GetKeyState
CopyImage
ReleaseDC
GetWindowDC
SetWindowPos
GetMenu
USER32.dll
ShellExecuteExW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
ADVAPI32.dll
GetObjectW
SetStretchBltMode
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
StretchBlt
GetCurrentObject
DeleteDC
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
GDI32.dll
GetProcAddress
GetStartupInfoA
GetModuleHandleW
VirtualFree
GetStdHandle
WriteFile
CreateDirectoryW
GetFileAttributesW
GetLocalTime
SystemTimeToFileTime
GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
lstrcatW
ExitProcess
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceExA
MulDiv
GlobalFree
GlobalAlloc
lstrcmpiA
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
MultiByteToWideChar
GetLocaleInfoW
lstrlenA
lstrcmpiW
GetEnvironmentVariableW
lstrcmpW
GlobalMemoryStatusEx
VirtualAlloc
WideCharToMultiByte
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
SetThreadLocale
CompareFileTime
lstrlenW
GetSystemTimeAsFileTime
GetTempPathW
SetEnvironmentVariableW
CloseHandle
GetExitCodeProcess
GetQueuedCompletionStatus
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
CreateProcessW
GetStartupInfoW
GetCommandLineW
CreateFileW
GetDriveTypeW
SetCurrentDirectoryW
SetProcessWorkingSetSize
GetCurrentProcess
GetModuleFileNameW
GetVersionExW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
TerminateThread
SuspendThread
GetCurrentThreadId
GetSystemDirectoryW
IsBadReadPtr
LocalFree
lstrcpyW
FormatMessageW
GetFileSize
SetFilePointer
ReadFile
WaitForMultipleObjects
LeaveCriticalSection
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
SetEndOfFile
SetFileTime
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
KERNEL32.dll
Isiteh imixix ufaz %d onylom uqunix
Ocyvyl
.,@M!>
>GhTg,
0y:FCn 
FlAlz 
>nb}tC
rs?Qb1
rKePvq
[	0cV?
e 9?50
D~l/E(
\^<>=r
%tA'VG
*)]ulkb
MH7Td.
1ft"%m
X=zT-`
*4:1>Y
]'5G~@
3%4=>jaq
e5:t~;
FuXu4n_
EtQvs8abx$Cq
+Lk:p0
":9ZG].b1
2~E]v6R
)0nKYZ?
vbE%7aNB
pVV7%I@
D0	@gs
.R}o@x2
NDfu/<
/<HM:k
l/edLa
F-&GEq1
RK11 $;
~`/9#2 v
0Ld61ZU
#"{<.F<
X&:x`t
"ra~	UX
L7vOJ2
~x3o-A
grS|;N'
y.u-EL
[	"29\
89e&S{ ^d;
jF4?Z3
VW7}|vn
&B9PW:
6`I:od
vcJ14&
.ULoI+
8M~,{M
u`/l^[J
92Q9\:'(
xY	F5)
cn\p|!+
n\ZNk}
QL -}\
Z1'o>^4
bob`HgB
uI(67w
)>vKx.
Xk~3y=
:}?2\z
mN72&a;H
GV>FA +{
/gRI^Pi
Tg1yz*
S8{kTl
pmjL	UXGGV-
F%]xDb
y#Xpi`
c`>zPb
VENH&JE
pp`fR*E
Ya^~F?"
NL%O|n
+b}3%zj4
m1Wk}g
Qy5c0V
452pan
se2I"	
{O+6+u4
C.<E%#^
c_.${&
="{TS}
C0 .Ul
~i-q'@~
/E)<$M
MkIUg~
-pUeVO
v?('anz
4]hHZ.
1?^;'a
/	>R^ZJ
pSI[q7DnW
@Fzj7[<
[cLBgU
RYEtr^
~K3u+/B
1qEd|b
YHEi~ 
R``O-.H8u
}6zUnR
IjpvKpgs
,+!Dtp
$37>9 
5sS9pp
Ud# s~
@P,O|u
]aVgL]
(A&dAr
eS,qVb%
*@cKkx
7-^8ejN
Q1f5Rb
.9)M\>@
s)eQf~N
H	EI6}(+
kU"	}7
wG.fnw
}5Zy!V
>KZmn1
xS)	'D
IWZu5&(
Xv/7q>
gH`}5'd
h!M+<.%
f?r<}*
P8^)m~
6Fh%U+
ytV1FY
4EJHng
Ce#}l[A
P4Ihw_
}t?~l4
/|ufP%h
}dhB!-?
 xiTy\
1fw$hm
Gev)yF
1IliCR
^qu)du
@@.,oY
"j,neZ
9;h/Ri
A*@@`%
2j?~d7
N"U+Tr
!.b3?>
doGBO	
mrvkn'9
 JB]sr)P
u='OI2
[D2V}/
qZ"zVj
$vQ2g&A
(,lxb5
7M}qqC
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
g8fq Th
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
170108000000Z
180108235959Z0
SE1 8XD1
City of London1
London1)0'
 207 Waterloo Road Waterloo House1
Tubatton Ltd1
Administration1
Tubatton Ltd0
p//LHH
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
admin@tubatton.co.uk0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
0e |7/
pxM`!>r
20171108094455Z
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1,0*
#COMODO SHA-256 Time Stamping Signer0
fO\r6{
'1Oqtn
lZGfD{
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
171108094455Z0+