Sample details: eea1196d6374e171d58ce730b7a948d5 --

Hashes
MD5: eea1196d6374e171d58ce730b7a948d5
SHA1: 9cb1fc87dc36590c8dcf297563e1d89bc0ddfc12
SHA256: bf97d05212c8d42e145d4fbf43a5ca78ae7cb3896bdcc6e4c78cab379a10d83f
SSDEEP: 6144:N/nliiitM4svUWA84AYES/wrDBaWcpsBvzF9WEean5L8jZ6ebnvsL:N/n/RbwAYjwfYMKET5L8kebnvs
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation |
Source
http://www.sabineclaire.com/girasoli/ri.php
http://www.sabineclaire.com/girasoli/ri.php
http://134.0.117.224/itexe/stat.php
http://134.0.117.224/itexe/1100.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
^WWWWW
^WWWWW
^WWWWW
^SSSSS
^SSSSS
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
>:u8FV
Pf95,hI
VVVVVQRSSj
^WWWWW
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
URPQQh
t"SS9]
PPPPPPPP
PPPPPPPP
;t$,v-
UQPXY]Y[
t+WWVPV
v	N+D$
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
MapVirtualKeyA
DeferWindowPos
GetWindowLongA
GetTitleBarInfo
GetWindowTextW
EnableWindow
GetDlgItem
ShowWindow
MessageBoxW
CharToOemBuffW
IsWindow
CopyRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
GetWindowLongW
SetWindowLongW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
OemToCharA
CharToOemA
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
GetClassNameW
GetDlgItemTextW
SendDlgItemMessageW
DestroyIcon
EndDialog
SetFocus
SetDlgItemTextW
SendMessageW
ReleaseDC
wvsprintfW
wvsprintfA
USER32.dll
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
COMDLG32.dll
SetBkMode
GetTextMetricsW
GetLogColorSpaceA
GetGlyphOutlineW
GetTextAlign
GDI32.dll
GetWriteWatch
DecodePointer
GetNumberFormatW
GetLastError
SetLastError
CloseHandle
GetCurrentProcess
SetFileTime
MoveFileW
SetFilePointer
SetEndOfFile
GetFileType
CreateFileA
GetCurrentDirectoryW
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
FreeLibrary
LoadLibraryW
SetCurrentDirectoryW
GetCPInfo
IsDBCSLeadByte
CompareStringW
GetSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetProcAddress
OpenFileMappingW
SetEnvironmentVariableW
CreateFileMappingW
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetTempPathW
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
DosDateTimeToFileTime
SetFileAttributesW
GetLocaleInfoW
ExitProcess
CompareStringA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleW
FindResourceW
GetModuleFileNameW
MultiByteToWideChar
GetFullPathNameW
GetFullPathNameA
GetVersionExW
GlobalAlloc
WideCharToMultiByte
GetTickCount
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryW
CreateDirectoryA
DeleteFileA
DeleteFileW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
KERNEL32.dll
Uvytuc oxiqid
Ufynir orib arojop ipapah = uruvyc
(6;Gh!^
i,eTz6o
z-u@8S
o9,x/k;
|~[.tr
$	G{=n
FHBxfV
rNH;U5u[
n"na>r)
(v{g/_
 +Y}x,Q
K~G4#F]
v]-.J"
86	4Dm
.*{o;H
rkL*Nc
52;J*B
}lAH*/
@3aNIb
MN\ZG\
&NFwI2
fN?!ZAsy{
)"LMv;z
BAt#i)
aG\'c8
mYohwqD
(M$L;-
e&C	,k
6=vM>>
}]zH=_
wg45ip
[A;n;|M
W2s ts{
H='-mR
 -W}V~
eH+LY<	K
l1)In0
sY>]"|
`$bd4U
=Sab:6
X=6YpE
JQyq#(
S`C!,T
nz*`yu
+np|g8
:)siNB
e05K>)
&&?fXe
	Xv]z#
Lo{e!t
3>en6k>V,#p
:OS5lU
4puaKM
nA}`t&
{%/ePk>|
@kh)#@
B1W+LG9
7$2aLnk4D
ioJh}pV&z
0}jRjY
!duRojj
e<m&4m
F/VHiEG
pmyRgID
jBA	<t
9].9	1E4
e*16Q;y
)FR=^I
?w]*r3D
K|klq.oy
'Dt>Rx
m"68;W
79BH)G
5^:(kD^@
\[Y]aZ
?<z9t 
-o'jA^
.*_<F7j`	
h4h?u	
S$	mEs
PJ0E#}}
3ZSE%	6K
D,dxwl
E+xyut
a)j_s{=
&l:cSF
BNP,pe
if#Q;rn
-uz~)G
 w;1T	
BPv.pK
/NIR> 
d!:](G
b,+\oq
uq&500
6#}+/fp
@ygTiG
\{F%Z+
5?eJ46d
	F"WQP
Ex@Rjw
`fe0L)*
f9U`cE
|B]c9b
R4Ey-B
(L7/-D
k"00<6
>6q>R 
n+nK	Q
e+Kegm
z?/H{nR
		w;](
:I$bp$Cx
Z	zhC#
g*l=^L
*D+k]~
!'Qd9E
f4\Qe!
m}NeB+
_i9Nl/
8-|*5+
IV6?t0
NoE?YGq
nm$&{}
f}U)PH
Z	E}#s
^4nWk1Ph
YbQ>cO 0
_S%IoS	+
TrvtI$+
$ENqt0
 I+w>E1
?a,2eh
-A5B:~
DqtT+b
f7'X#i
L.yqn.
	zXR`6
jA}\7f1
_crZr\t
*j>'KJ3j
l=,%4s
Ue1aq\w
6T&K3%
2wc>]Q
o*^1Ja&
Wuza#%bL
i,tj['WK
6cHSAA
Z|b&L*
B*szAW
Eo6+EP_0
C9~7-j
E~FLpA
"$E[/5
/7=&;p
8&h_Bq@8&
iLX	arH
q4dv~b
5+xG(V
TuN>"I
Ey'+u3J
`K,%S@
: /$pz
lk5 +[ 
kpe/[JM27]r
s(6YQ\
U9;W .
Y	)dRl
.O7%Bc
5CUxMlys
S[S02=@
9.,VcW
}i1IJ7)ob
7Sn V"
0VQpuY
FC	x9q
lR5tS:
S:<NsF
X#oeM.
	3Twhd
jj\iXa
6u?m:z\
xP.lQ"\sn
_BVlh{"
_IKWev
B07(;w
d/ihiH
5O|,Vc
!I.M28!
gdLDX&k
dT:1;u
.x]n0c
ty{!_a
K#BM>rF_
b@@U.%
EN%EN=
y[v~B	
? W(vX
2J:Uf;
x' 2,cn!
;SkbzL
^&<'*|
e)h@,>
ik]#@z
	`I(LO
MpC8	m
OB[gd`
tMapUhFy
<6C\*.
0/aDpB
>}>A5(
Cghm$O@D
eIfZ2"
4;|c8t
-*9LEJ"
[:Bl@+E;
W^tHL4s
i|7al]`&
Q?Ozxc
[yK;' 
:([sat
gW$7,m
OpU!m@
8k[E#u|
M'oVb2
[L?/g2
Rz-Tnk
J9hJ}Bn
Q9tBu~C
HR9%BT
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>