Sample details: fd155e930690920f86e9a8b37cb6a1cc --

Hashes
MD5: fd155e930690920f86e9a8b37cb6a1cc
SHA1: cad7a6be1c07401690ff82c4e198da13cba33f2c
SHA256: f93d887dc7c732792be4654b730a96f5857980d9c2f65fd354f98df3c20997a6
SSDEEP: 6144:cdgEdkBmgrYAMyc/s6uqgOREaZ4yUsKDdig:IHCmmyyGE84yUWg
Details
File Type: PE32
Yara Hits
YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/contentis_base64 | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/anti_dbg | YRP/win_files_operation | YRP/win_hook |
Source
http://fileiiiililliliillitte.xyz/ene
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
]+T$ B
T$ WWWWWWW
T$(QVR
D$h)D$ 
]9T$|u
L$lQHPh
f9D$<v?
@;D$<r
T$H;T$@
]9t$8t
]VRPVVSQ
]VPQVVSR
]PVVQR
]WPQWWSR
]WQRWWSP
f9T$8r
]WRPWWSQ
]QVVRP
]QVVRP
]RVVPQ
f9T$8r
]VRPVVSQ
]PSSQR
L$ +D$@
D$ RPWV
0WWWWW
0WWWWW
QQSVWd
0SSSSS
tNIt?It0It 
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
s[S;7|G;w
tR99u2
	X 9} 
URPQQh
0SSSSS
0SSSSS
0A@@Ju
;t$,v-
UQPXY]Y[
_VVVVV
^WWWWW
]wIVSP
PPPPPPPP
PPPPPPPP
]u8SS3
t"SS9]
v	N+D$
0SSSSS
v	N+D$
_VVVVV
t+WWVPV
<+t(<-t$:
+t HHt
!J|t:*z
9e7WsE
@0~48p
Juipoe
"4l0@p
r\KEV?
'w,MdV
tRHtCHt4Ht%HtFHHt
bad allocation
]string too long
invalid string position
]Unknown exception
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CONIN$
]bad exception
]_nextafter
_hypot
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
]e+000
GAIsProcessorFeaturePresent
KERNEL32
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
bad allocation
_Total
aboutread
ImmGetContext
ImmGetContext
recalculated charm estimates Seismgraph 
kernel32
NtQuerySystemInformation
MyClass
register
Application
Cannot create window
Tree View
SysTreeView32
Complicated
Times New Roman
list<T> too long
vector<T> too long
deque<T> too long
?Dj0Q:W$=
5s3R6=
<8bunz8
l,kg<i
<@En[vP
CreateFileA
lstrlenA
MapViewOfFile
HeapAlloc
GetCurrentProcess
GetLogicalDriveStringsW
GlobalLock
GetTimeFormatA
FreeEnvironmentStringsA
CreateProcessA
FileTimeToSystemTime
GlobalUnlock
SetCurrentDirectoryA
GetLastError
GetProcAddress
GetFileType
OpenEventA
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
FileTimeToLocalFileTime
OpenFileMappingA
LocalFree
KERNEL32.dll
RegisterClassA
CopyRect
GetDialogBaseUnits
LoadCursorA
FindWindowA
SendMessageW
GetSystemMetrics
DispatchMessageA
IsWindow
FrameRect
GetSysColorBrush
CreatePopupMenu
ShowWindow
GetCursorPos
GetSysColor
DefWindowProcA
CreateWindowExA
GetClipboardData
GetWindowLongA
InvalidateRect
MessageBoxA
SetWindowLongA
SetRect
TrackPopupMenuEx
GetMenuItemRect
OffsetRect
GetMenu
GetForegroundWindow
InflateRect
TranslateMessage
BeginPaint
SendMessageA
CreateMenu
GetClientRect
MenuItemFromPoint
CallNextHookEx
LoadIconA
GetParent
LoadBitmapA
GetSubMenu
KillTimer
SetCapture
GetMenuItemID
FillRect
PostQuitMessage
RegisterClassExA
SetActiveWindow
GetWindowRect
ScreenToClient
SetTimer
GetMessageA
DestroyWindow
EndPaint
USER32.dll
CreateSolidBrush
RestoreDC
GetStockObject
GetObjectA
RoundRect
GetTextMetricsA
CreatePen
SaveDC
ExtTextOutW
Rectangle
SetMapMode
DPtoLP
SelectObject
DeleteObject
GetTextCharsetInfo
SetBkColor
CreateFontIndirectA
Polygon
SetTextColor
MoveToEx
GDI32.dll
PageSetupDlgA
COMDLG32.dll
ShellExecuteA
SHELL32.dll
CreateStreamOnHGlobal
CoGetMarshalSizeMax
GetHGlobalFromStream
CoTaskMemAlloc
CoMarshalInterface
ole32.dll
ODBC32.dll
FtpGetFileA
FtpSetCurrentDirectoryA
FtpGetFileSize
WININET.dll
WS2_32.dll
EnumPageFilesA
GetModuleInformation
GetModuleBaseNameA
EnumProcessModules
PSAPI.DLL
AVIStreamGetFrameOpen
AVIFIL32.dll
acmDriverOpen
MSACM32.dll
PathFindExtensionA
SHLWAPI.dll
ImageList_Add
ImageList_Create
COMCTL32.dll
PdhMakeCounterPathA
PdhOpenQueryA
pdh.dll
UuidEqual
UuidFromStringW
RPCRT4.dll
AcceptSecurityContext
CompleteAuthToken
Secur32.dll
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
IMM32.dll
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
CloseHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
#BIZVG`
~P!rl>
='j9dF%.
;JqA0 
/I]%tF"cj5
`/PoQ|v
9-ByE<y
wOv|+)g
Cl8v<q}
YV1d]f
$uBvb4
5VocPhBbR
I3Q91!
.w-w8"
Q$W~K4
B7Qpmtw
]n	k,u_
][7T{b;
a@)Oc8#
k?	#cg
>XZ;(0fe
Q;Le/C
uN^U<#
QE4@8l
]UZI#,
`zONjF
*C!0B-
b~&*W@U
iI+Cs+d
jctM9mzWC
/l2yNJ
*_*i_j;"
D/Yk|`
wy<k?2
X<C2KX
=&.ni;
rw|+z1
	w>Y,A
.$!c&o_
	'v}2"
rg|;z1
xW82rU
m1(ptX
*D1pd;$y
k5jtQ9=
luqU?j
(+BYBy
Rhm< K$
b"D,zo
5a$cDI
,z"6+({SD4Z
;Z{nYn
i$jyXo
rw|+z1
~XQN^c
V9lu&'
P}:7T%
B3Qm\I
"9L5F'
Q$W~K4
8dfhzL
Mpg(5H
~? YB7
$"~&dbz
+Fs4En
7[)Q^9
s`P_	'S
hbvqKOi
;8w^-H
ebtQ=5P
 {/(T]W
Y[V9lu
YNRm}[
-dF(ds
}&>0=irG`
jXC2K{F
	P"QI>
H-I2$n
cf"[#*
Gs6z;8
*d*r%ES
#9L]'p
pf86N(]
&'G9	F
@xyHeD
^k@lF?
!y|nt@
v@vyqV
(,:$1%
%IbC@]
{%(WKjy
doi~l"
|O%=L%
VTKZ6L
mp5~Ds-1 
:DmeDA
B{o/0k
<E8_l~	
'/F.Qh
6.crG}
_wJVAv+
Kb+VN`
s_"#P_KfV8:e
Uf5jrZI
BXK}M>r
jwoxoU3H
9k-G@rC
h<u;#T
28q/J7
;GLM;u
@j}Bz6
xC	_G\g
hL.awKr
Lek`N=
Sh~]tG
qAWnCH1
Bk(`GYy
\~i9$>,
*]$UKG
+;<ia%
|*UL_5
|#Kmp3
z~	Tv**
l	sy|8
qfjri:xB
*=y*AJ|
\w*H'j
BDKh#[
&`kn]^
2;FTAs
qLLPHu
BDDk-o
nxC#9L
Wy8Eat
sH7	,7
>SJ{>p
-g>[J.
Scrpxk
@@]5_x
4EBi#;
TiFzHQFI
(HOzY%
CjiTt.
(sfH*c?
'84B(]
}nAV"t
{^V*{8
Cs*m$:
W`A;"4
S<1O "
dvx2-	&
g@(fLa
A'l=F~
&iNe S
/v3P!X
Y(,jT(Q
N8D/8zK
DE3Hr!xf
z+R?(V
\rWe1Y
S.&%}VP
OSL&(z
d*]{#B
P}:7T%
qxkF	(m
;X{nYl
"9L5F'
Enl|7Z
qZ	c{h
MDB`GxU//p
LI=`gfSh
Dp#-mC
zo)MUz
cLNEuT
B&<oB<
^{{|!%
Z*\h_(
>Sh^|yOOc
1UlL7R
=n?>Y:]yo1O?
qt\<:c
GT9}1H
}K.kx+M
36'o!$
PiS}q0
^^<cx:
0n>.)(w_
h]z	_S]|PC
FYN<3R
:~uVJV
Ey2(lmvB_
\PWj45
?hduyg(*
10Br2|0p%;
2c*sOT
+;";XM}
]imjg|,
t]R5U%
AV5&5o
,"N8 o
x8luvO
x:qb?h&
4(|x4qx
F\0F$l
$IbY	O
fqgZ#ml_/
TPXiq^[
6kP}:_b
6,U+lG
'jJpgfz%
y%/EJP#
V8}qi5
WCBT^9CE
$IzV2q;
F\0F%,
l	[H9\
\PB	"(3q
NX NNX 
NX ENX 
NX #NX 
NX _NX 
NX |MW
NX TNX 
NX 1MX
NX rNX 
T_$7NX 
[g)7Q["
p~;Cn{:
p};\o|:
p~;up};
o};Rn{:
o|;ln{:
o|;Hmz:
o|;cmz:
mz:}mz:
mz9Gly9
NX sNX 
NX JNX 
NX (NX 
NX hNX 
NX @NX 
NX  NX 
NX ]NX 
NX 7NX 
NX zNX 
NX SNX 
NX .NX 
p~;sn{:
o|:hn|:
n{:^n{:
m{:yn{:	
NX INX 
NX )MW
NX eNX 
NX 5NX 
o};Kn|:
o|;eo|;
o|:~o|;
n|:[n{:
n{:tn{:	
]i+gn{7
o|:Ujv8
n{:omz:
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD