Sample details: dba0c0b3c262eb6e38de89d3c40158d5 --

Hashes
MD5: dba0c0b3c262eb6e38de89d3c40158d5
SHA1: 8dee410f468b70fa2f19f2e55de653e99b7f06c5
SHA256: 07ed2724dc05322e7f158a8c8daf537f21c162af3653f0e611bba448a60c483d
SSDEEP: 6144:lzrMIHLxgVr/fIAYftP2kZ+7CWH4BCQ9RMNwI9:xMIrxgVr/frY1ukZ+m/BCQ9RIwI9
Details
File Type: PE32
Yara Hits
YRP/Str_Win32_Wininet_Library | YRP/contentis_base64 | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation | YRP/win_hook |
Source
http://elementale.xyz/wios
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
f;D$8u
D$h;D$
L$,;L$@}/+L$@+D$
|$D9D$
+t$@+D$<;
\$4+D$
fSSSSS
fu19D$,u+
D$09D$4
D$(PSSSSSSSj
D$HPSSSSSSh 
D$ PSSSSSSSS3
L$@Qj2Pj
SSSSjdjdSSh
L$0;L$
t$$Sh0
t$8SSW
t$hSSP
9\$\vm3
D$(;D$$|
\$ 9\$
D$lPSS
,9\$,u&
^SSSSS
HHt$HHt
?If90t
t$<"u	3
< tK<	tG
fj@j ^V
t"SS9] u
PPPPPPPP
PPPPPPPP
v	N+D$
URPQQh
;t$,v-
UQPXY]Y[
fUnknown exception
fbad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
Device not created. Choose settings and click 'Create Device' then type to see results
kernel32
static
ToolbarWindow32
%d.%d.%d.%d
SysTabControl32
WTSEnumerateSessions failed (0x%08X)
WTSQuerySessionInformation failed (0x%08X)
%d: %s
ImmGetContext
deque<T> too long
:M><h0
-"^([n
IzEe0;?
*maN8 
p~k7>%
&U~`X%%p
'c1el?
!0Zfl}
f&M3#?H3
dV\!w	
n!S!D	
;m!346
)dFK{!
FindResourceExW
LoadResource
HeapAlloc
SystemTimeToFileTime
CreateDirectoryW
GetTickCount
GetSystemTimeAsFileTime
EnumTimeFormatsA
GetUserDefaultLangID
GlobalAlloc
WriteConsoleW
MultiByteToWideChar
lstrlenW
GetStdHandle
GetLastError
SetLastError
GetProcAddress
GlobalFree
LoadLibraryA
LocalAlloc
DeviceIoControl
CloseHandle
LocalFree
KERNEL32.dll
SetDlgItemTextA
LoadCursorA
UpdateWindow
MapWindowPoints
InsertMenuA
GetSystemMetrics
DispatchMessageA
GetSysColorBrush
CreatePopupMenu
ShowWindow
SetWindowPos
GetSysColor
DefWindowProcA
GetDlgItem
ReleaseDC
PeekMessageA
CreateWindowExA
GetWindowTextW
InvalidateRect
MessageBoxA
SetRect
TrackPopupMenuEx
OffsetRect
SetDlgItemInt
InflateRect
GetIconInfo
BeginPaint
SendMessageA
GetClientRect
IsWindowEnabled
CallNextHookEx
GetFocus
LoadStringA
FillRect
GetWindowDC
PostQuitMessage
InsertMenuItemA
GetWindowRect
ScreenToClient
HideCaret
GetDlgItemInt
SetCursor
DestroyWindow
EndPaint
USER32.dll
CreateSolidBrush
GetStockObject
GetObjectA
SetTextAlign
CreatePen
Polyline
CreateRectRgn
GetObjectW
CreateCompatibleBitmap
CombineRgn
CreateRectRgnIndirect
CreateCompatibleDC
SelectObject
DeleteObject
GetTextCharsetInfo
ExcludeClipRect
SetBkColor
CreateFontIndirectA
CreateDIBSection
DeleteDC
SetTextColor
LineTo
PatBlt
BitBlt
ExtCreatePen
GDI32.dll
GetUserNameW
GetTokenInformation
RegQueryValueExW
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAce
GetSecurityDescriptorLength
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
SetEntriesInAclW
FreeSid
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetLengthSid
CheckTokenMembership
RegCloseKey
ADVAPI32.dll
SHGetFileInfoW
SHELL32.dll
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoInitialize
OleDraw
ole32.dll
RetrieveUrlCacheEntryStreamA
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
WININET.dll
NetUserGetInfo
NetApiBufferFree
NETAPI32.dll
SendDriverMessage
WINMM.dll
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VERSION.dll
ImageList_Create
COMCTL32.dll
PdhBrowseCountersA
pdh.dll
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
ImmSetOpenStatus
ImmGetOpenStatus
IMM32.dll
WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA
WTSAPI32.dll
GetWindowTheme
GetThemeInt
UxTheme.dll
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
RtlUnwind
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
!E!u94
^[DBU)b
't4Y{,p
wmurSuP
w0#I(&
:?	M4Q9
5+8OJ3
kCeU5I
Se$n5\h]M
yF!A<r|
&LB!!G
Hj5h=T
=hp Ld
=MwTNY
fTv~#v
AG	o\|R
cPJq/L
v2s,Sa7
3BhNW:
zBq.>/
T8= ]7
dLE	AC
3" :}h
txED9{
WP<+Vb"
=er,L+
h~2GkAa
iCoTY#(
%eo-f]5
id^0[G 
#ak}Pd)
67)g	C
Zw}u*c
aoV2>l
'<,woJ
[UWe(!
H C$vP
>"LNta5
Sy7dH4>
FQ5OK,Kl
pzAaulL
2@@kJ,
Pab2WNMF/
di8LP	b
VL<c4p
wl^h8"
#Xkfq{
<e(-Brf;
_Lr42S
G++BXJ\
n%ot/#
w?"q_,
*.ja?B
uK.Fue
KpMLqYgi
sML{;g
He>3Eg
`	)i<|
imeL+L
*fL[}z
*g"SfB
1+lJhx&
Nm}lKMR
AcT1L6
DMulGMQ
J"S]@%
VPLE*6&
-^bB@v:
DSv9I`l
wH;fXui3
L.8't_,
p,-S(4
;hb@.$
.@?38{L
wj>)_Ih
	fH+M-Rz
f2W"~>
Ikh}qTY
447L\=
 K>b\<
0-why	
|~M2_U#
w$,C9{
8@;N2"#
5xM	G<
9h`/IHQ
H{d9A|
dowkF}
O)x|0b?)
]@N7xiEE
S(/DmC
>3t4J<
rgJd~q?1h.8
t1$6	+
0wbYFr
,tsbzj
&'zDL3U
_ukN<b
b4hVVw1
t2H!"8'
tk#rzQ'
:C*7N^
`6(9`$S)
LJmL0Z
vs6pz1
qn629l
//&^VNWvLthMa
@r@@ht
8'tBY`
m"y~5JdI
*d+=g=
r>j/|t
n]Z5R3
7O'(O<$^*
tdQ b>T
8Ut^,i
PX#rzQ
)w	9:R
>4h'1%U]
+e{k E
GPZo5b
~~D ;(
*RZ"Z](
l(g?5+
EJt0B$B
}O#}FV
HUt@/dV
{<kD(D|
/0al/G
AJ*@rk 
w.x'{<&i
8sT7a`
ZwZo7)
0Zt'V$]
rs"^`zQ
W)&OVV
vU(!n?
YK5[@p
tk#rzQ'
6Iv-wM
^[DBU)b
L{;4Xw
EHG<Nq/>/
<^=:Iy$F
.Kiyx&
D^:oI"-,`
1Ty*VZ
=kYJ:	
/Ccqp.
+=Kb\\
rf[VVQ
/*]	Iuj
O#3;T<
X_a.X_5
+32\N@
M}VPYe
^m.s=a
9av9]S
@THG'R
dp__jDYy;RH,
IR`5^/
9JU[ms
ks#r,/
Nll:	EV
C$?4MFE[
/wvdv"a
TR|ex;
Y%,{'*
T@@{{{
?TVUR]
_cC8)p
EDXXD1
ua@R"v
7d6D*j%
f'ADSwx%
e5/DVj
[NTZ4bq
9D	9(p6
&#h7&[h
8J6#~$
#	rFULIt
4BxiZlW
?qm}^z&
WBto+}U
AUSsG#]
sk*Z+\
	y8< #
hor3HP
BOwpWw
333333333333333333
333333333333
334C33333338
33B$3333333
34""C33333833
3B""$33333
4"*""C3338
"C3338
:*3:"$3338
3333:"$3333338
"C333333
33333:"$3333338
333333
"C333333
333333:"C3333338
3333333
#3333333
3333333:3333333383
333333333333333333
33333333
pppppw
#################################################################################
#################################################################################(
""""""
""""""
""""""
						
!						
""""""
""""""
"""""""
"""""""(
4Rcn,ES
$9DB7Tc
ffffffffg
DDDDDDDDJ
DDDDDDDDJ
CDDDDDDDJ
3DDDDDDDJ
33CDCC34:
33333333:
33333333:
33333333:
3333337
""""""""'
""""""""'
""""""""'
"""""""
wwwwwwwwq
 (W '0WHcqWLixWLhwWLixWLixWLhwWLhwWLhwWMixWMixWMixWMixWMixW;Ve)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    processorArchitecture="*"
    name="SFF"
    version="1.0.0.0"
    publicKeyToken="558ded28dd3823c8"
    type="win32"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
	<application> 
		<!--The ID below indicates app support for Windows Vista -->
		<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> 
		<!--The ID below indicates app support for Windows 7 -->
		<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
		<!--The ID below indicates app support for Windows 8 -->
		<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
	</application> 
 </compatibility>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX