Sample details: fbacb3167f911fc11948f6deb5fc1cea --

Hashes
MD5: fbacb3167f911fc11948f6deb5fc1cea
SHA1: f420a08c8d1b7dafee60cbc5d325c45ef3a3cd36
SHA256: 40035ab5d63ee9293644ad0c853e7f23a337733104cf0d7a91bff4f5b362c62a
SSDEEP: 12288:WGnm2wBjqHHoHX5Xynyoa+L929sS9MF1aAiW+dwOdS:Vnm2wFqHHopX8Z5L929b9MOAibd/dS
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/screenshot | YRP/win_mutex | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library |
Source
http://gudachu.ru/f.exe
Strings
		!This program cannot be run in DOS mode.
jRichA
`.data
.ldata
*mode != _T('\0')
mode != NULL
*file != _T('\0')
fopen.c
file != NULL
format != NULL
fprintf.c
str != NULL
_open.c
filename != NULL
stream.c
Assertion Failed
Warning
%s(%d) : %s
Assertion failed!
Assertion failed: 
_CrtDbgReport: String too long or IO Error
Second Chance Assertion Failed: File %s, Line %d
wsprintfA
user32.dll
Microsoft Visual C++ Debug Library
Debug %s!
Program: %s%s%s%s%s%s%s%s%s%s%s
(Press Retry to debug the application)
Module: 
File: 
Line: 
Expression: 
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
<program name unknown>
dbgrpt.c
szUserMessage != NULL
?IsProcessorFeaturePresent
KERNEL32
_sftbuf.c
flag == 0 || flag == 1
`h````
ppxxxx
(null)
output.c
ch != _T('\0')
stdenvp.c
stdargv.c
a_env.c
ioinit.c
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
_file.c
Client
Ignore
Normal
Error: memory allocation: bad memory block type.
Invalid allocation size: %u bytes.
Client hook allocation failure.
Client hook allocation failure at file %hs line %d.
dbgheap.c
_CrtCheckMemory()
_CrtIsValidHeapPointer(pUserData)
_pFirstBlock == pHead
_pLastBlock == pHead
pHead->nBlockUse == nBlockUse
pHead->nLine == IGNORE_LINE && pHead->lRequest == IGNORE_REQ
DAMAGE: after %hs block (#%d) at 0x%08X.
DAMAGE: before %hs block (#%d) at 0x%08X.
_BLOCK_TYPE_IS_VALID(pHead->nBlockUse)
Client hook free failure.
memory check error at 0x%08X = 0x%02X, should be 0x%02X.
%hs located at 0x%08X is %u bytes long.
%hs allocated at file %hs(%d).
DAMAGE: on top of Free block at 0x%08X.
DAMAGED
_heapchk fails with unknown return value!
_heapchk fails with _HEAPBADPTR.
_heapchk fails with _HEAPBADEND.
_heapchk fails with _HEAPBADNODE.
_heapchk fails with _HEAPBADBEGIN.
Bad memory block found at 0x%08X.
_CrtMemCheckPoint: NULL state pointer.
Object dump complete.
crt block at 0x%08X, subtype %x, %u bytes long.
normal block at 0x%08X, %u bytes long.
client block at 0x%08X, subtype %x, %u bytes long.
{%ld} 
%hs(%d) : 
#File Error#(%d) : 
Dumping objects ->
 Data: <%s> %s
Detected memory leaks!
sprintf.c
string != NULL
vsprintf.c
GetLastActivePopup
GetActiveWindow
MessageBoxA
@("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)
_flsbuf.c
chsize.c
size >= 0
osfinfo.c
_hypot
1#QNAN
1#SNAN
_getbuf.c
fclose.c
_freebuf.c
stream != NULL
j5h,j@
j6h,j@
j7h,j@
j8h,j@
j8hTj@
j9hTj@
jGh|j@
jHh|j@
jIh|j@
																								
													
													
										
uBhpk@
t hdk@
jAhhm@
uZj^hhm@
t!htm@
jmhPn@
=tGjyhPn@
jdhhn@
t.;t$$t(
VC20XC00U
u!h<r@
t&hxq@
u!h<r@
u!hPr@
t!h\s@
t!htr@
 Qh(t@
u+h<u@
 Qh|u@
t7h`v@
j]hxv@
j^hxv@
u]hpk@
}!h0w@
|jyh<w@
j]hxv@
j^hxv@
u'hHx@
u$h@x@
u$h8x@
j.hPx@
j;hPx@
jwh\x@
j0hhx@
WS2_32.dll
ShowWindow
GetLastActivePopup
IsChild
PostMessageA
GetTopWindow
LoadCursorA
IsWindowUnicode
SetWindowPos
LoadImageA
DestroyWindow
USER32.dll
CreatePen
GDI32.dll
InterlockedIncrement
GetWindowsDirectoryA
ReleaseMutex
GetFileSize
ResumeThread
GetThreadPriority
GetCommandLineA
LocalAlloc
VirtualAlloc
GetCurrentThreadId
GetModuleHandleA
GetSystemTime
SetThreadPriority
VirtualFree
GetLastError
CreateEventA
CreateMutexA
GetCurrentProcessId
CreateEventW
InterlockedExchange
GetCurrentThread
GlobalLock
ReleaseSemaphore
FindResourceW
GetStartupInfoA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
RtlUnwind
CloseHandle
CreateFileA
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
SetEndOfFile
ReadFile
SetFilePointer
SetStdHandle
RaiseException
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
KERNEL32.dll
+@>:/=73IANAGD
%&&''''
&&&''''
G&&&''''
&&&''''
%&&''''
%&&''''
%&&''''
%&&''''
'&&&''''
%&&''''
%&&''''
%&&''''
+&&&''''
%&&''g'
%&&+'7
\'''w&|
C&&&*xc
G&&&''''
'''''''
'''w&|
%&&''g'
%&&''''
G&&&'6
&&&''''
&&&w9''
%&&''g'
%&&''''
%&&''''
%&&&6''
l#''''
t/x&|#
l#''''
l#('''
l#O'''
t/x&|#
l#''''
l#''''
kq/L&6'
|/*8*|
t3*o7*t
|;y&|C
'7''`t
13(''w
1+(''w
l#*'''
l#''''
l#('''
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
	<dependency>
					<dependentAssembly>
<assemblyIdentity 						type="win32"				 name="Microsoft.Windows.Common-Controls"
			 version="6.0.0.0" 
				language="*" processorArchitecture="*"
	 publicKeyToken="6595b64144ccf1df">						</assemblyIdentity>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
	<security><requestedPrivileges>
<requestedExecutionLevel level="highestAvailable"
				 uiAccess="false">
</requestedExecutionLevel>
				</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
				<application>
				<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}">
</supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}">
						</supportedOS><supportedOS 			
		Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
		<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}">
				</supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}">
</supportedOS></application>
</compatibility></assembly>
!iCCPICC Profile
c``2ptqre
> v^~^*
tEXtAuthor
Jose Fuste Raga
9tEXtCopyright
 Jose Fuste Raga/Corbis.  All Rights Reserved.
IDATx^
gNOO/~
c0<ec2
Y0<ec2
 nK[j0%
c09e]=
odLrc3
]PUC<\
Lcsofhra
otK?pf
n[7h0.
o\DnK7j09
uC^PUO=\@
q\0n{W
PUO=\<
hnKCj2
>Le;od@rc?
qT8nK_j
r&<in~
^L[soVd8I
\[o]pv
|NWoqRt
LSko^p8
uCNKm>
N];o\,rKK
NUSq\H|SW
6KU>qTX
olPtS3
]7o\$tK3
o\BtK;
a0<e]=
fw`(CS
hiZJy\
W8B~D\
oT,r{[
"LU7oT$
UAsd@t[
<tkBBx[
01gitS[
SnKOj2
Kj^g30
u?^P]#
r6h;;J
'hnKOjX
fknK;j2
nK7j0<gA
zJo4[H
nK;j0<g30
6q\(n^
mOhLm#o\$
rvh-nV
BLe?ndP
g]sTP9K
u'^P]'
PU?odDr{
]L]?s\@
rN]Go\@tK?gX
39^PU?od
-~F(=Js
n{;=Jq
?UV+(p
od08KO+u
j*g-^R
nK_j2{
n\DnK;rW
nS_i0.
]L]/s\(
Ws\89K
o\Dr{3
nK_j2K
j>g-Fj
HrS7|.
r^WitS7
0<ZhnS_
^P]'<\
31_PU#
nK3j0<
WsT89K
!Zkn{W
!Zkn{W
j"opiK
j"odiK
rcG|.{
WslHnS
u'^PU?
j,n-vJ
^P]?<\
!Zkn{_
31_PU'
r>oHxH
nK;lWsT8n
0.84^H
g39^P.
j0<g-fb
j-~>	]
kj0<g0_
w'X>+7
uc^P];
gfnKCj2
<gfnKCj2
q`C>X^
L]Ks\ r{+
nSClVq
q\PtS7W
odXrK_|.
mgZJy\
?h8K;Z
Ws\ 9K
g-~:	]
g-~:	]
Ws\ 9K
g-~:	]
g04hhtJ
mgZJy\
j:g-nv
anSOi2
sY,tTK
sYLtT+
ce9m>w"
+IRW&X*Waa=
=IoDS!
cfUD'K
l. b$^&"d&XZ,&>J\>PR4.6RT6HJ<6N:LN@BD>FBDF
l. b$^&"d&XZ,&>J\>PR4.6RT6HJ<6N:LN@BD>FBDF
l. b$^&"d&XZ,&>J\>PR4.6RT6HJ<6N:LN@BD>FBDF
l. b$^&"d&XZ,&>J\>PR4.6RT6HJ<6N:LN@BD>FBDF
_FpcWr
_YBp&w
#kLX]<uG
w"LV^Z
Ajg,b.L
tDxe f
|I*gWW
QK?417
EX|@nl
0+M$>$
y4FwBuOE
^U|r}wwQ
Q:Kj<P
~\:#+8
U$bH=j^
<*y|OEV
"5L=~{
;!atz&
BI?Z{2L
j3QlS(:
8Ru?!9
#<v7$[[
IbK}H]
-8Em$E7}
8xuYH9
"6p(a@
])v6GH1K89D
5S6+j%
+-&iYL
rx}j~n
kovj~|
vul2%Z
JmBA=SD
6@|FDK@>:F
6PPn6y
??>]Sm
DFWRNo
:KRCa 
yy[(Il
![6e}o
+j^$:f
@p8	U%
DMfl(V
*|FF#Ym
D7z~~Z
ze<4K81Q
Rw,aZ!K
jHZ=yxm
8tTE*"k`
f,D&,<
3OY=Z(
[!1oQx
s/DPzU
lK&nX<A
zz/%wb}^Au
T&+pQ@
Pr#MC1
HpRdUk
^[x+1Y
!(xT,9+g
(QX4[VB
uD`-^O
~RJKyZ
W3->?i2
sQ<m\*|
CpQf}Z
/+'#`b2L3
>suVc@
4<+ $4
!IDATu|
m7wdmC
U-9cI:G
}~l$A9
5<+`:s
$'f*-SY+
b9o(n>
b)QJI\
?*g!JH
(JI4pl
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
180323000000Z
181206235959Z0
650051
Odeskaya1
Odesa1'0%
Bud. 120-A, Vulytsya Balkivska1
"LLC" Pro-Sto1
"LLC" Pro-Sto0
}^+.G%jn
https://secure.comodo.net/CPS0C
2http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
2http://crt.comodoca.com/COMODORSACodeSigningCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
130509000000Z
280508235959Z0}1
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA0
;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
http://ocsp.comodoca.com0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
Greater Manchester1
Salford1
COMODO CA Limited1#0!
COMODO RSA Code Signing CA
180525080137Z0