Sample details: ecb456a4dd77bf97bd754c79dfe88fe4 --

Hashes
MD5: ecb456a4dd77bf97bd754c79dfe88fe4
SHA1: 74ccfeaa2faae51664de712f7a5c3193fee6b243
SHA256: f045c39e3156d56eb6dd4c66f94aae17cdbcb333621192d2f820f7344a9678d7
SSDEEP: 3072:49drj5jkV8JSEOUT40eAua3N9BnvxbLEipvxJ8SiSmsb2Jii7SrTSO:49drj5jkV8J1OUverad9BnvxbLEipvxD
Details
File Type: PE32
Yara Hits
YRP/Misc_Suspicious_Strings | YRP/contentis_base64 | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation |
Source
http://185.81.113.106/ital2.exe
http://200.7.105.4/ital1.exe
http://200.7.105.4/ital1.exe
http://185.81.113.106/ital2.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
DAISSSSSSS
PPjdjd
uTVWhi
^SSSSS
F\=@rA
t"SS9] u
j@j ^V
t$<"u	3
< tK<	tG
v	N+D$
tIj"[:
ukSSSSS
PPPPPPPP
PPPPPPPP
URPQQhP
;t$,v-
UQPXY]Y[
+Q;EPc
NM{<&m,
dzy(X[
	xX}U`J
5L;M,[
Ll[%PXpanO7
[=P0xG
x:pyA'
VC20XC00U
QQSVWd
t*=RCC
;7|G;p
tR99u2
f-00f=
v	N+D$
tWItHIt9It 
tRHtCHt4Ht%HtFHHt
<+t"<-t
+t HHt
	X 9} 
Unknown exception
cmd.exe
COMSPEC
bad allocation
(null)
`h````
xpxxxx
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
SystemRoot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
Computer Name: %s
User Name: %s
Domain Users
Domain Name: %s
Unable to get Domain name
&Lines
user32.dll
SetLayeredWindowAttributes
Notepad
Error SetWindowLong
Error GetProcAddress
Error load user32.dll
Error FreeLibrary
No Icons in this File
Icon [%d]
Icon [%s]
BUTTON
BUTTON
BUTTON
STATIC
vector<T> too long
bad exception
<8bunz8
l,kg<i
<@En[vP
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
1#QNAN
1#SNAN
_nextafter
_hypot
FindResourceA
lstrlenA
FreeLibrary
LoadResource
HeapAlloc
GetTickCount
GetWindowsDirectoryA
SizeofResource
HeapCreate
EnumResourceLanguagesA
MultiByteToWideChar
GetLastError
lstrcmpiA
GetProcAddress
LockResource
lstrcpyA
KERNEL32.dll
GetMessagePos
CopyRect
ValidateRect
LookupIconIdFromDirectory
FindWindowA
DestroyMenu
SetWindowTextA
GetSystemMetrics
AppendMenuA
CreatePopupMenu
SetMenu
GetLastInputInfo
LoadStringW
SetWindowPos
CreateIconFromResource
GetSysColor
DefWindowProcA
GetDlgItem
ReleaseDC
AppendMenuW
InvalidateRect
MessageBoxA
IntersectRect
SetWindowLongA
SetRect
TrackPopupMenuEx
InflateRect
BeginPaint
SendMessageA
GetMenuCheckMarkDimensions
ExitWindowsEx
CreateMenu
GetClientRect
wsprintfA
SetForegroundWindow
KillTimer
FillRect
SendDlgItemMessageA
GetWindowRect
SetTimer
EndPaint
USER32.dll
TextOutA
CreateSolidBrush
SetViewportExtEx
CreatePen
SetMapMode
CreateCompatibleDC
SelectObject
DeleteObject
Polygon
DeleteDC
SetWindowExtEx
LineTo
SetViewportOrgEx
MoveToEx
GDI32.dll
ConnectToPrinterDlg
WINSPOOL.DRV
LogonUserA
ADVAPI32.dll
OLEAUT32.dll
acmMetrics
acmDriverOpen
MSACM32.dll
StrToIntExA
SHLWAPI.dll
PdhVerifySQLDBA
pdh.dll
HitTestThemeBackground
IsThemeBackgroundPartiallyTransparent
UxTheme.dll
HeapFree
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetFileAttributesA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WideCharToMultiByte
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetStringTypeW
RtlUnwind
HeapSize
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
CreateFileW
ReadConsoleInputA
SetConsoleMode
VirtualQuery
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
#6%:^^
,0eIT)
y	U[LP
p*=cXE
q`u`%(
!IG#.2
I7?8<5
l.*[M}
DPz#St
>.Tu:Q
s"0miNf
Sp$JJzU
	_Vc>-$f
JwDs4K
V>u\8fP^
?38v' 
nc9o*c
l8ph`p
l8ph`p
~p)_[gx
Hda9g]
h/uhgD
<dwM`#
p_eigp
Q}L}i$^4
$G10L|\
!u-Y|#
D;pIu!
/3[t`I$
o-uhoq`0
71dQ}T{i
9$1~`?|
{q$]WQ
M=<KS!
l8qh`p
#4)`f;/n
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    type="win32"
    version="4.0.0.0"
    name="Coalitions"/>
  <!-- Specifies the processor. The valid values are x86 and ia64. -->
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
 <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application>
    <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
    <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
    <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
    <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
    <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
  </application>
 </compatibility>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD