Sample details: ece228848464e36410dbe259bb65880d --

Hashes
MD5: ece228848464e36410dbe259bb65880d
SHA1: cb729278596de47b80fbd71c6245477de867e7d3
SHA256: f3cf55ef2157a63fe876232a088b9578e21e5d8fb7af640e159da1b7f1e35c08
SSDEEP: 3072:I1bSHKgsIOhIXGawnnR28OBNxLgyaTik52ADLXBBGhGKixpdPbXwMx/CnT5PMmat:CSqTFmxeTZrjBBBztTDxiT5PM9t
Details
File Type: PE32
Added: 2018-03-01 00:48:05
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://acpzsolucoes.com.br/blog/w/1080cp.exe
http://acpzsolucoes.com.br/blog/w/1080cp.exe
Strings
		program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$(Pj@
t.hdTA
URPQQh
;t$,v-
UQPXY]Y[
< t1<	t-
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
j,h _A
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
QQSVWd
j8hp`A
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
UUUUUU
333333
?333333
?UUUUUU
?$rxxx
_hypot
_nextafter
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?ZEM-'^
?{yK+;
?765@Z
?e')lW
?log10
?5Wg4p
"B <1=
hohuhivirapuxiyesowufixe fucevuvayevusupedeyavufojomefe vewoyiyi
kernel32.dll
VirtualProtect
string too long
invalid string position
bad exception
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
GetCurrentProcess
GetSystemTimes
SetSystemTime
GetTempPathW
GetCommTimeouts
GetModuleHandleA
GetFileInformationByHandle
GetLastError
GetMailslotInfo
GlobalAlloc
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
GetProcessHandleCount
GetDriveTypeW
KERNEL32.dll
GetTextMetricsA
BeginPath
GDI32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
EncodePointer
DecodePointer
GetFileType
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
suvuzohapasikeheyowomuhagedejuwepigibiwolowerudoxuvukefuhigavizuyimufexiyarinepelajesefocarihoyateziwihanasegebovuvabihupumakiyenotacasoxihemasomedebubixaxubodebuzavutiyuxamaguhujomuxodagobarosowirobofehofubilogetibukolevobipakicosuseveteguxarucivucakuwuhavarezepahozahazedinefutiyaralisagewoxifunukotojovedohojujugiponopowizidiwimetuhalosopubebinosekilocevimefabilifowaxajayehiremehe
;	(]Q5
5du=0!
G9"DCg
tv*{35D>>
oC96Ag
{9C=6z
tGN[jCu(
CF|^N!
8=~)z(
@;>EFAx#
|9#'e$3
`^YDET
DE_{cg
Kv=h8f
7CnZC^n
sJCOaov
NOM`:)
)o(Ai_-
(7@S+s
MI{iY>
+*KxiE
=4z05T%bq
H->4UR
u(tsB~
X-4WjU
MU01ft,
2ajw)8|Yk
}=HI*C
|k-	AK
fLRUp`
\~=5EN
z/ilwC
r>W~x7	h}
&tXL|z	
Cq{Qj"
ibm(g~
DQJ}*:
G{zga:
i.V8*B
L-4_/s_
OkY=w/~
NV^Ro<+\
@1lxM?,Y
z^"/;=
(r0,;xyp
^`OJs|Nn
])U_";m\g
MIVI_iV
RGnlyp9
ze!b79J
kAu*R9J1
Yqu>9K
d%NE^-S'
 KfMuTLKy
~9Pf}4
1o9TXVA	
nz7	J-
:KG;)-k
]p `(O
q,l)J9
~0w7lk
?>bhve
#{\]R]
YymLAm=
\N6tOh;5$
4O}#jg1
b@wj#(
AHh!Y 
<xAC45
|c%v+=
*a6bo"
Pg{iJR
z!R@6`
\#D[?_
;kYRx^
N,E$>]
#~A{4R
rgO|}li
&Jor5I
SGd sd
R+_2}H!u
*u,uA!
tVe"P@- 
u5x={eX
Kz7rfH
sTU=%Ew
F<v3:p
=HDAe~
X3{AC\FF!fc4Od
} sW:U
5P56x<d.
yUWZ>DG
4rV;F`A
VME1}a!=
4$$`|T
wU_I$q
&+&mhh
GAU"2x
5%I]r2
M;fs_(Bm
1LCa@X
{_O6e/wI
ZX+my\>
9+~:hA
Nwg9;.<u
Wm=FcL
d3z_!n
T%'8Pr
FT,T1:
#'/?3@
I* B*U
&f@><c
03R1'Sr
&N:'Y6~
vzKJ%r0x
Z<^`p4
pl%g>0]D
=2wok-
0{?%j6
q/0'Y|
&GvyW'^XI 
U`/Jro%
1|8"I7<G
NRAKQ7<
IjK7Yy
A,<KSFr;cw`G
<Saa?4
^!A4961~q
8M&-4n%ft
m|EGGr>k
5I(&a'
wiqD;P
 0gZ2fUw
_[lzJ 
kcJKP)
5hxP['
m9oFpo
-KMJ<o
K!gaP)F
'a0zc C
KQ})89N
'fZ@!r
g"f=a9
s^b>O@X~
@qww(aR
yM74F~,
Y/nGX[
g\mx#@
r5[QTkC
Oh>aN(
?jrP_2
G'a^	}
?Y&nIA7N8
-FHR<\
F+ZwF_
6DTR,:
	T:C.y:d
^ly}^6
E.Kc~hgcD
P7?jmb
A:U'uO
uzOaSZ
*VnG*a
pWTys.Ue
9,AIyS
r&r]q/
anqI1}
VK$I4lE
Nd2Nd2Nd2Nd2Nd2Nd2NN
~dl~dl
Nd2Nd2Nd2Nd2Nd2Nd2l
~dl~dl
Nd2Nd2Nd2Nd2Nd2l
Nd2Nd2Nd2Nd2Nd2
Nd2Nd2Nd2Nd2Nd2l
Nd2Nd2Nd2Nd2Nd2Nd2t
Nd2Nd2Nd2Nd2Nd2l
Nd2Nd2Nd2Nd2Nd2Nd2t
B6Nd2Nd2Nd2
Nd2Nd2Nd2Nd2
Nd2Nd2Nd2Nd2Nd2Nd2t
B6Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2
Nd2Nd2Nd2Nd2Nd2Nd2
B6Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2.9
Nd2Nd2Nd2Nd2Nd2Nd2
Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2.9
Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd21
Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd2Nd21
Nd2Nd2Nd2Nd2Nd2Nd21
xc|wXt	i
DcNU8MMl
(kJeU ^Xw
=~95;k
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
0Q0F1Q1g1p1
4"4/4F5s5F6Z6p7}7
8C9[9a9q9
:0:O:g:
<9<J<O<T<u<z<
> >'>.>6>>>F>R>[>`>f>p>z>
0&060G0m0
1=1E1^1
23292`2
3-434{4
4@5N5i5t5
6T6c6j6
6$777U7c7
9H9O9T9X9\9`9
3*4U4E5X5
8)8Q8e8
9%9,929G9Z9n9z9
:+:::F:T:v:
;(;4;9;>;e;q;v;{;
<1<6<L<
<5=O=X=}=
>.>5>A>T>Y>e>j>{>
?%?/?8?I?[?v?
2.393K3
4B4K4S4G556?6L6
6X7_7y7
7'8[9q9
:,:j:t:z:
:-;8;-=`=e=
?%?A?J?
0]0j0u0
1'1S1\1d1
5I5N5[5g5}5
6#616:6?6L6Q6
6d7j7|7
9(909l9|9
:&:8:C:H:M:h:r:
;:;E;J;O;m;w;
<=<a<}<
=$=)=K=Y=h=
1-141i1z1
2$212;2]2n2
363B3N3a3
4 4,4?4c4
6-656X6s6$7<7P7`7l7u7
<[=\>l>}>
80S0i0
:&:2:D:T:`:B;r;
>->:>H>V>a>w>
6!62676L6
:(:?:o:
>+>Q>s>
040o0v0
0D1V1h1z1
2=2O2a2s2
:#;0;=;J;a;(<
181C1P1b1
1G2\2e2n2
:?;I;s;
>!>)>G>O>
>	?P?z?
3&3E3X3
6$7C7e7k7p7v7
81:N:"<><
80P0U0
@1H1T1X1\1`1d1x1|1
2D2H2L2P2h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
<$<(<,<0<4<8<<<@<L<T<X<\<`<d<h<l<p<t<x<|<
4$4,444<4D4L4T4\4d4l4t4|4
4 5$5(5,5054585<5@5D5H5L5P5T5X5\5X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:
*;.;2;6;
L4d4h4l4p4
5$5(5,505H5L5\5`5h5
6(6,6<6@6D6H6P6h6x6|6
7$7(7,70787P7`7d7t7x7|7
70;8;|;
< <(<0<8<<<@<H<\<d<l<t<x<|<
=0=8=<=X=x=
>8>X>t>x>
?8?X?x?
0 0<0@0`0h0l0
1D1H1P1X1`1d1l1
1@1P1`1p1
7 7$7074787<7@7D7H7L7