Sample details: fa6d16ef1d63330b771bb01d29390281 --

Hashes
MD5: fa6d16ef1d63330b771bb01d29390281
SHA1: a09dde95a3172f8bca7b9601a2b411e2b78349ed
SHA256: e2494fc7eda73ac116a9a07aced0bab23efc6d494dd3f024e45f048b339f7860
SSDEEP: 3072:WFbOtbm3l4ixrbHojVjE1gCUancSM7U7V3owv5R0zhK6/K9OcbrPLau/QpUhXASO:Wkid4E1gC/Go3ZL6K6/0ZbrPoV
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Source
http://middleearthstudios.com/fsmonoy.exe
http://tischlerkueche.at/frmiwkb.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
j8h8MA
QQSVWd
URPQQh0J@
;t$,v-
UQPXY]Y[
< t1<	t-
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
v	N+D$
v	N+D$
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
"B <1=
_hypot
_nextafter
atlTraceGeneral
atlTraceCOM
atlTraceQI
atlTraceRegistrar
atlTraceRefcount
atlTraceWindowing
atlTraceControls
atlTraceHosting
atlTraceDBClient
atlTraceDBProvider
atlTraceSnapin
atlTraceNotImpl
atlTraceAllocation
atlTraceException
atlTraceTime
atlTraceCache
atlTraceStencil
atlTraceString
atlTraceMap
atlTraceUtil
atlTraceSecurity
atlTraceSync
atlTraceISAPI
ForceRemove
NoRemove
Delete
Component Categories
FileType
Interface
Hardware
SECURITY
SYSTEM
Software
TypeLib
atlTraceGeneral
atlTraceCOM
atlTraceQI
atlTraceRegistrar
atlTraceRefcount
atlTraceWindowing
atlTraceControls
atlTraceHosting
atlTraceDBClient
atlTraceDBProvider
atlTraceSnapin
atlTraceNotImpl
atlTraceAllocation
atlTraceException
atlTraceTime
atlTraceCache
atlTraceStencil
atlTraceString
atlTraceMap
atlTraceUtil
atlTraceSecurity
atlTraceSync
atlTraceISAPI
ForceRemove
NoRemove
Delete
Component Categories
FileType
Interface
Hardware
SECURITY
SYSTEM
Software
TypeLib
atlTraceGeneral
atlTraceCOM
atlTraceQI
atlTraceRegistrar
atlTraceRefcount
atlTraceWindowing
atlTraceControls
atlTraceHosting
atlTraceDBClient
atlTraceDBProvider
atlTraceSnapin
atlTraceNotImpl
atlTraceAllocation
atlTraceException
atlTraceTime
atlTraceCache
atlTraceStencil
atlTraceString
atlTraceMap
atlTraceUtil
atlTraceSecurity
atlTraceSync
atlTraceISAPI
ForceRemove
NoRemove
Delete
Component Categories
FileType
Interface
Hardware
SECURITY
SYSTEM
Software
TypeLib
JScript
atlTraceGeneral
atlTraceCOM
atlTraceQI
atlTraceRegistrar
atlTraceRefcount
atlTraceWindowing
atlTraceControls
atlTraceHosting
atlTraceDBClient
atlTraceDBProvider
atlTraceSnapin
atlTraceNotImpl
atlTraceAllocation
atlTraceException
atlTraceTime
atlTraceCache
atlTraceStencil
atlTraceString
atlTraceMap
atlTraceUtil
atlTraceSecurity
atlTraceSync
atlTraceISAPI
ForceRemove
NoRemove
Delete
Component Categories
FileType
Interface
Hardware
SECURITY
SYSTEM
Software
TypeLib
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.tls$ZZZ
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
KERNEL32.dll
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
ole32.dll
OLEAUT32.dll
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AUIActiveScriptSite@@
.?AUIUnknown@@
.?AVJSEngine@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
87:M:_:q:
<#</<><C<L<e<k<p<{<
>1>8>>>P>Z>
30a0r0w0|0
2%2,232;2C2K2W2`2e2k2u2
4b4j4~4
5 5=5S5]5k5
6"6*6q6
8>8d8m8s8{8
:3:9:I:n:*<
4D7W7u7
719h9o9t9x9|9
: :$:(:,:
=	=3=O=^=j=x=
>#>(>L>X>]>b>
4"4=4e4y4
55687I7
929R9`9g9m9
<Z<c<k<W=e=
>>>G>n>\?f?s?
0b0i0|0
121V1q1|1
393i3x3
9(:@:m:
?$?W?f?k?|?
080@0Y0k0w0
969G9b9n9
<+<:<H<T<`<n<~<
=2=F=Z=
?%?H?P?
0$0F0X0c0h0m0
141>1Z1e1j1o1
2 2%2*2]2
3 3+3?3D3I3k3y3
3 4'424@4G4M4h4o4
:(:-:B:u:|:
>5>e>z>
2D2f2u2|2
4)4j4w4
6L6z6E7_7
8-848K8a8
:%:7:I:j:|:
8%8;8Q8^8c8q8S9r9w9
444X4c4p4
8$8C8a8
091A1I1Q1Y1w1
6I7f7v7
:3:?:K:^:}:
;);<;`;
;K<Z<y<
133N3d3z3
:F;K;];{;
2$2(2,202
4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
(10141@1D1H1L1P1T1h1l1p1 2$2(2,2024282P2T2X2l2p2t2$3(3,303D3H3L3P3
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
> >(>,>0>4>8><>@>D>L>P>T>X>\>`>d>h>t>|>
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3X3\3`3d3h3l3p3t3x3|3
3p8t8x8|8
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
;$;,;4;<;D;L;T;\;
6 686H6L6\6`6d6l6
7 7074787<7D7L7d7t7
<8<T<X<t<x<
=(=0=4=P=X=\=t=x=
> >(>,>4>H>h>
?0?P?p?
000P0p0
181X1t1x1
7 7$7074787<7@7D7H7L7
3$3D3\3