Sample details: d6691a65d2414ae04200d5fce7542e90 --

Hashes
MD5: d6691a65d2414ae04200d5fce7542e90
SHA1: 3dece68b9a9003faf7db2dbcc610f478410f4dba
SHA256: 91394b20b59d3db0e54315b9b4b288d80d60e48b34111af683a0bcd99045c6de
SSDEEP: 1536:L7WTMC9MGpjSWd1DiPzKrFjf0MPe4fo5AgPxIh4:L7OMC9JisIqo5AgPP
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/Visual_Cpp_2008_Release_Microsoft | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation |
Parent Files
0495481d035935c5e309333c6d7c9209
Strings
		!This program cannot be run in DOS mode.
Rich8V
`.rdata
@.data
L$$_^][3
D$4UVW
L$@_^]3
T$$RVVh
T$$RVVh
T$$QR3
T$$QR3
PQUSWVR
T$0RVP
PUUUUUUUUj
RUUUUUUh 
9l$(u 
u#h@;@
HHtXHHt
>If90t
0A@@Ju
>=Yt1j
< tK<	tG
j@j ^V
URPQQh
0SSSSS
0SSSSS
0SSSSS
^SSSSS
j"^SSSSS
v	N+D$
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
Version: -7.3.5-
\\.\%c:
SOFTWARE\Nalpeiron\
SERVICE_CONTROL_SESSIONCHANGE
SERVICE_CONTROL_POWEREVENT
SERVICE_CONTROL_HARDWAREPROFILECHANGE
SERVICE_CONTROL_DEVICEEVENT
SERVICE_CONTROL_NETBINDDISABLE
SERVICE_CONTROL_NETBINDENABLE
SERVICE_CONTROL_NETBINDREMOVE
SERVICE_CONTROL_NETBINDADD
SERVICE_CONTROL_PARAMCHANGE
SERVICE_CONTROL_SHUTDOWN
SERVICE_CONTROL_INTERROGATE
SERVICE_CONTROL_CONTINUE
SERVICE_CONTROL_PAUSE
SERVICE_CONTROL_STOP
SERVICE_PAUSED
SERVICE_PAUSE_PENDING
SERVICE_CONTINUE_PENDING
SERVICE_RUNNING
SERVICE_STOP_PENDING
SERVICE_START_PENDING
SERVICE_STOPPED
SYSTEM\CurrentControlSet\Services\nlsX86cc\Blessed
\\.\mailslot\nlsX86ccMailslot
%s error: %d
nlsX86cc
\\.\mailslot\nlsX86ccCtlSlot
Stop request seen
Wait failed
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
`h`hhh
xppwpp
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
RtlUnwind
ntdll.dll
DeviceIoControl
GetLastError
ReadFile
FlushFileBuffers
WriteFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
SetEvent
LocalAlloc
CreateMailslotA
CreateEventA
WaitForMultipleObjects
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
KERNEL32.dll
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
ReportEventA
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegisterEventSourceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ADVAPI32.dll
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGp
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
100510000000Z
150510235959Z0~1
Greater Manchester1
Salford1
COMODO CA Limited1$0"
COMODO Time Stamping Signer0
GS@(YC
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
110824000000Z
200530104838Z0{1
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
121005000000Z
151005235959Z0
943031
	Palo Alto1
	2nd Floor1)0'
 2225 E. Bayshore Road, Suite 2001
Nalpeiron Inc1
Nalpeiron Inc0
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 2
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
130924183405Z0#
N;#, Q
xpcx^v