Sample details: fc294e6ded1f498deea4938d772f9f55 --

Hashes
MD5: fc294e6ded1f498deea4938d772f9f55
SHA1: d45236b6f8c7dc50f490c026680a112d8f1117e1
SHA256: a58439fb1124610dc8bba54c88d4d9dfbaecf64e9633b12f49441670d7ea0931
SSDEEP: 6144:zk50r86GAeL/6T7IC8AHQOFNSPO8uaENifnddiqkrqyddjRbu5eC:zXwfh6T7zQOFNSjOCgn+yd7bFC
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation |
Source
http://134.0.117.224/1300/red.php
http://134.0.117.224/1300/1300.exe
http://www.kfzgutachten-berlin.eu/TempCont/r13.php
Strings
		!This program cannot be run in DOS mode.
8JN.8KN
8KNRich
`.rdata
@.data
j@j ^V
URPQQh
HHtXHHt
>If90t
t$<"u	3
>=Yt1j
< tK<	tG
t$h|FA
;t$,v-
UQPXY]Y[
0A@@Ju
^SSSSS
j"^SSSSS
v	N+D$
j h UA
0SSSSS
0SSSSS
0SSSSS
GWh4HA
t"SS9]
FVh4HA
PPPPPPPP
PPPPPPPP
t+WWVPV
Uleg azuxut ucylom: idoh
Yneb erokyc apox upoh
Axumyr %d atyg = edeh
Upuziz odikys oqiz
Iwasec asef ojygaj
Ifox ujowaq* ucuter
Usif; usiz %d ulicim oleq eloz
Obyb.dll ebaw* omup ypizex
Owimul ylutyf owirox atow
Acyjus uximib: asutyt = efil unubex
Iwox ihar uvup ecacaz* ixil
Ovipoc egah
Edyf ucis uzoh
Efudax efim = inel
Oqujis umajyt; esoxer.dll uvif
Ysyzih ufugyc ytiryh esabyf
Yxop yxuv idyhyh omuzyx
Ycesyh
Owimul ylutyf owirox atow
Uvag ucyr
Ujec %d acex. uxojyw %d eraweh ynotow
Uqib oqaj ynazix adulyh ipet
Azaweb egelut
Ywataf. yciduz elypur
Iwatek
Erojen = efum %s acywet
Ewyvig %s ypyf: imukac iduxut %d awep
Ywilij = ysifor ymisux
Udyran ohutil ihyb iziwad
Axox* osiwef
Yqoc ybyb.dll yxesyf: abucud. abegow
Iqyg adukat
Yrinuc ufihew
Ysob = yrin.dll iteh ubyc
Yjov aketef osaden
Uhidag; agos; enucih
Oqoq %d ymicog ytec: yteb; atuqab
Avazop %d opov %s ifaz eqyhyh
Uxyb %s evoheb ugod. yxaw
Abig acit
Uxyfux ipimup %d yfyc
Ynofup iqozoz ahup
Umeruf.dll elus
Ufalug* eqocyx
Ylyj okudag
Ewezis = apoj: uvatyg
Uqam. yxyk: aceg eheqep
Ohyxeq evyg
Amofar
Agylov azuv* alev
Uhomak odufos.dll egureb utaf avop
Owizox uxud imupek
Onym; okol omoh edek ewub
Efew ytyw.dll adol
Imimez asykum
Atilul
Utiruz isyx
Orydiv
Yhubyq ipyj upes: ypyril
Ejan eqaxow %d uhadoq.dll umyv = omur
Otuxeg %s iboqyb ozeg
Yxiheh ajol. usin
Yjyh %d ocibyf omydoh ebyr oqasyj
Ewer ovoded ibul.dll aziquj
Orefam. ipub uquqyp
Ujow ihoxiv
Ytuviw ipaj ebug
Ydesuj egybit ulines
Afyx ocevit.dll efac amukok
Udaj ikozab
Ywyluh ajyl ovokud: omyjup
Udifus ifud = osic ylub umum
Ogicax ores evyf
Eluxyg
Yheq. ykurag
Ymukiv igif
Ydap azew* adapub uvav
Oziz ukipiv ivurug
Unysaf utoq azusit
Uwomuh uquzaj %s ybibac otunat aqiron
Adejif umiqyq
Edypal ijyg
Uzonik
Ynex enyf
Avux %d ufysud
Ydap azew* adapub uvav
Yjuj. edij ityf = ukiwaj.dll uwog
Yhoz %s ebuhuh
Ikim* ugotyl ynicul* yxos
Awov: exag olanah anudum ucalyf
Yxiheh ajol. usin
Edefyt
Ypyhes edel
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
IsWindow
GetNextDlgGroupItem
GetWindowLongW
DrawIconEx
GetClassLongA
PrintWindow
SetWindowLongW
GetWindow
GetSystemMetrics
SetWindowTextW
GetWindowTextW
SetWindowPos
GetClientRect
GetWindowRect
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ReleaseDC
SendMessageW
wvsprintfW
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
GetClassNameW
SetFocus
DestroyIcon
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
OemToCharBuffA
OemToCharA
CharToOemA
CharUpperW
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
FindWindowExW
ShowWindow
MessageBoxW
GetDlgItem
EnableWindow
USER32.dll
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHChangeNotify
SHGetMalloc
SHBrowseForFolderW
SHELL32.dll
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromString
ole32.dll
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SetRectRgn
UpdateColors
GetGraphicsMode
GdiGetBatchLimit
GetCharABCWidthsFloatA
DeleteObject
DeleteDC
StretchBlt
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GDI32.dll
SetHandleCount
RequestWakeupLatency
SetLastError
GetWriteWatch
GetCommandLineA
GetTapeStatus
GetProcAddress
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
WriteConsoleA
CreateFileA
GetCurrentDirectoryW
GetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
CreateFileW
CloseHandle
WriteFile
FlushFileBuffers
GetStdHandle
SetFilePointer
SetEndOfFile
GetFileType
ReadFile
SetFileTime
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
SetCurrentDirectoryW
GlobalAlloc
GetCPInfo
IsDBCSLeadByte
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
OpenFileMappingW
SetEnvironmentVariableW
GetTickCount
CreateFileMappingW
GetCommandLineW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetTempPathW
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
ExpandEnvironmentStringsW
GetNumberFormatW
GetLocaleInfoW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetModuleHandleW
FindResourceW
GetModuleFileNameW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
DeleteFileW
MoveFileW
SetFileAttributesW
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
KERNEL32.dll
$v$74hj
`GalTy
f7b&:}
 j4:x=
r*SPPK
cU4^_Q
Q3aJDE
,x4>u|6R
]SM`1f[
j#=B_oE
^xdED#8
S.Joao
@B,X]9
lh=Y-%
%x`j&d
.U-5f=P+
P;UT*P73
])g|hxx
g;\iS>
0wwaq	#ZV
lD!G!=
f<^vwu
\$Rt#L
8](<gj
a.\|fhJ
^&L"{=
$kJlH&
6ONXhO
<X	d6FN'
nL,tZm
qT$UdM
NXE6$'
!H(F<@5
R}V 7p
?3wRqa
PcN,vo
r8XvGa
xXr3_'
7@,{uk
K*L`::
0Is<FyYS@
8)ycr&
Gv|k~?
M\B*d4t
O^b{^0
,qDCVn
Ie`f/yP
a_-Qw2
K}Xg3m
!tgn*h
o<! \F
e4`NF>
C`qo8$>
$\[z<C
kg?'aw
TjU-3b+
_5DZB~
$)v&sp
:=*z [
VCp<e%
g>RNWJ
i X[JD
>&=V/&_{
er"H>_
:+|Pnz
	yUH87g
jD ifc4
NPnKbG&
7eh&,3
T6a)^	
BG}:Ef
h;XQg<oG1:9M
$p#:"]
P5@\)2
eN0v6T
\<Pc>Hf
i x$NH
F~ZLbI
kde||IH+
\=*"`(
2-C>L&
hs_N1 .
xyAK<}
lCZW;`
RkG:0z
i/N|0N
e'8Ln%
0&|dn51"
2,D~t$
}KI7q2
JVljvO
!\NP2W
_&cNS~
(T4MZY/
^b2*38
	\?RE(q
tV:j(l
<~X5dS
iU8w,d
<i|3BY
J N9+fm
ig(U}R
5KEUYe
D|CKn;
_yD_d,
xo4<{e
	ndL:7&
7kNrH /
o$9 R6O}
@t {AjR
43J;;M
N|fe>}
GmZ^]=
M\!6:Q\gC
]m:8~V
2gFjS[
B`",(0j?
DOP^aE
\Xd7t(
PNZ5YT
BxOC?u
$Ef86$
xc-vg\
/=q1xV
\2B%Q$.
DBd%`d
%kz2k l
[pJR,<
m{A*{@
hrLw#+v
ET6R F
3VImdk
HTyy`j
$ty14Z^
N(zk38
iIMFDG
l3$*s(
$|.Q6*
,fR9t{
'F$DvI
hd<76}
6LC,}dz
7XuHs1
~~W@Rh
+'@HLh
}L!Ddx
1I5zW%
+^X9M`
yyvBbT
?187$6
k`pXRn
I#hW q
)\ON4 ;
iW:g8f{
^a/%:<"
0d^nb= 
*FxG"M
'CTFy4e$	
HON8c;{
?w;ISN
TrD8i/
U]IV[t$
OeIulk
<nJ\S?TG
D,-@2#@
v$JG~;
'[_?NXk
p5@95ed5^
9ced#@%
:SE'ff
z=8@b,-
j[S8O/
uttVbz
@HF>vDy9
F^*e@f3
a,4oM 
9{m.>?
,3UxAc
	q?4cDBi
}'Qx>_
2UxfB,
ImcaI`j
F<HCIB
#!2c3%gH
H~A6^!4
sm*P51
J.^6*@
&euVUA
97=Da*
Gp^qJn
mLFZw|
H~cxB(
j4G:]l
@RtN>/
Uw_.r{B
Bv$&8\y
Wq~8RP
L:c!~C
^>a$mX
z9-i~Fd1G
, dZ4a
y\pA@0R
P~\zz@L
	(a^<~
Ni;{`\
k6ABR*
*R&}> 
MT~P*da\
Q#i{z(
=kS>W	
+;qZ&4
}yo'HB?g
N	Nw>[
<pm$/b
$ptx2Z
\8"@<T
.a dG,
	*&|lz
f%)dL"
}<	du6
Q_f}@f
h1LmR.y
YZzK6v
)9y{c6
=|k?v$AI6
qKrA\|
z:'zx,]*[
Lr%k~zQ
nL|e4	
JcQNVo
HPL"u$Q*
&x/(.k
{G0Z'\#( 
CY0r1(>$s
E\*d\xt3
tW@qOvO
yo]QNy
\	JdUO
|R_U`M
,<F"F1
It%F/j
$	pPV(
MG{e\j
CME7<J
6j*PC@=
yv<x|uS
iH8i%0xb
H&]nVsH
WKdDO	
ZB50n1
z%N``lkg
d	w\`9
 8x~o9	J
~^wdFIT
T.{\'Q
a$RIiD
tt$h!L
Ea8;Jbd\=
ZsZ\D2
+Udu+H
"6ix\7
|,vmXq`
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>