Sample details: 5c54d4e5c90b4ae8562f6b14601a5957 --

Hashes
MD5: 5c54d4e5c90b4ae8562f6b14601a5957
SHA1: 986263af3c0d4bb03b77436818053323e1224c45
SHA256: 68e01eb98b129a14c2f02f453ce204b28bed4f0419d9d7bd3d16cc6374664a5d
SSDEEP: 6144:PsCwu+mWhJifvtNP/7YXSLB80PetF5UhR3po:kxmIJQvPkitegR3po
Details
File Type: PE32
Added: 2019-10-09 06:45:17
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Source
http://116.206.177.144:93/down.exe
Strings
		!This program cannot be run in DOS mode.
`^Z@`_Z->Z[
`_Z->_[
`_Z->][
`_ZRich
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$(^VQP
tCSj\Yj_[f9
t,j.Xj\f
D$$EUj
u'SSSS
UVWj@_;
ulWj@X;
QQSUVW
un;t$$sh
;t$$sT
x_^][YY
uUf9.u
D$ j.Y
D$ f9_
t:j_[f9^
u*8O_t
jPXf9E
_^][YY
t)WPUS
j.[]f9
WVj\^f97uMf9w
v9Uj.]
Cj\Xf9
t=j ]f;
f9.t[S
u/j0]f
YY_^][
|$$;|$0
L$$;L$0
_^][YY
YY_^][
SVWj\_W
L$8+L$0
|$<A+|$4
t$$WSj
D$`VPW
jd^+L$8
|$0Pjd
E(3D$h
],3\$p
D$@3E$3u
3T$T3t$X3\$\3D$`
D$$3L$L
L$<3L$8
D$@3D$8
D$43D$
D$@3D$8
D$43D$
3D$<3D$8
|$Tj8[
?vUUj@^+
vzj@[+
t9Uj@]+
\$|AUV3
t	j-Xf
PSSSSSSh 
D$P,	C
D$T@	C
D$XX	C
D$\p	C
QQSUVW
_^][YY
D$ SUV
!N|+F|#
s2;V|t-
D$0;D$
9\$ v9
to9.uk
t$09KP
t$0;sP
L$09KPvG
s?;N|t:
F|9|$ sP
F|9|$ sP
9|$0sI
T$$;l$
;L$ |3;
s2;N|t-
F|9\$$sP
t`f9+tN
D$$PjC
ZuDf9V
,__f9~
v&j Yf;
tSf;L$
D$ j Zf
D$,+D$$PV
QD9] t
D$XXVVf
$SUVWj
t;VWj\_
j"Zj,2
t$,SWV
f98t=V
D$$PUV
.u&f9w
YYj"XP
YYj"[f9
tfj"]f9+u
f9(tSVWS
\SUVWjh
f9<Ft	@f9
,Ff9,F
 f9,Fu
v	N+D$
QQSVWd
URPQQh
;t$,v-
UQPXY]Y[
Tt1jhZ;
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
u0jAXf;
u0jAXf;
< t1<	t-
Wj0XPV
PPPPPWS
PP9E u:PPVWP
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
PPPPPPPP
v	N+D$
*messages***
CryptProtectMemory
CryptUnprotectMemory
xlistpos
SetDllDirectoryW
SetDefaultDllDirectories
Unknown exception
bad allocation
USER32.dll
GDI32.dll
COMDLG32.dll
ADVAPI32.dll
SHELL32.dll
ole32.dll
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SHLWAPI.dll
COMCTL32.dll
bad array new length
bad exception
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.didat$5
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
ShowWindow
GetDlgItem
EnableWindow
SetWindowTextW
GetParent
SetWindowPos
GetSystemMetrics
GetWindowTextW
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
SetProcessDefaultLayout
GetWindow
LoadStringW
OemToCharBuffA
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassExW
CreateWindowExW
IsWindow
DestroyWindow
UpdateWindow
MapWindowPoints
CopyRect
LoadCursorW
SendMessageW
ReleaseDC
MessageBoxW
FindWindowExW
GetClassNameW
wvsprintfW
PostMessageW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
SetFocus
SetForegroundWindow
GetSysColor
LoadBitmapW
LoadIconW
DestroyIcon
IsDialogMessageW
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
StretchBlt
CreateDIBSection
GetObjectW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
OpenProcessToken
AdjustTokenPrivileges
SetFileSecurityW
LookupPrivilegeValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetFileInfoW
SHGetFolderLocation
SHChangeNotify
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHAutoComplete
InitCommonControlsEx
sfxrar.exe
GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
KERNEL32.dll
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer
 (08@P`p
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AW4RAR_EXIT@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
33!D	3
WwS7'u
gwS37%w`	
gwS3	3
WwR"'P
Wwgu"'P
g33WwQ
/'[,\\0]^_\\\Q
RSTU0VWXYZH
IJKL=MNOPQ
'A,4;BC
:(,4;<=>;?@
3,45657879
 !"#$%&
{{{{{{{{{
wwwwwwww
8888888888{x7
8888888888887
ddddddd
dddddddd
rrrrrrr
rrrrrrr
rrrrrrr
~vrrrrr
rrrrrrr
~vrrrrs
rrrrrrr
~vrrrrs
rrrrrmm
mmrrrrs
rrrrrr
rrrrrrr
yrrrps
rrrrrrrr
yrrrpps
rrrrrrrrrrrrrppps
kkkkkkkkkkkjhjjjo
tqmxzz
aaaaaaaaaaaaaaaaaaaaf~leQmux
JJJJJJJJJJJJJJJJJJJaieQRamu
''''''''''''''''''DaJKHPam
"(GLOa
\\`Ve}b
YVXc~c
ceQ&^	gdk
`O/f&Tnx
~b0R_cOW
4Y_cOW	
]_cOWPA
vpenc!h
N4Y_cOWPA
@b	gck(W
*NW[&{
tXTCgP
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
  version="1.0.0.0"
  processorArchitecture="*"
  name="WinRAR SFX"
  type="win32"/>
<description>WinRAR SFX module</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
  <security>
    <requestedPrivileges>
      <requestedExecutionLevel level="asInvoker"            
      uiAccess="false"/>
    </requestedPrivileges>
  </security>
</trustInfo>
<dependency>
  <dependentAssembly>
    <assemblyIdentity
      type="win32"
      name="Microsoft.Windows.Common-Controls"
      version="6.0.0.0"
      processorArchitecture="*"
      publicKeyToken="6595b64144ccf1df"
      language="*"/>
  </dependentAssembly>
</dependency>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application>
    <!--The ID below indicates application support for Windows Vista -->
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
    <!--The ID below indicates application support for Windows 7 -->
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
    <!--The ID below indicates application support for Windows 8 -->
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
    <!--The ID below indicates application support for Windows 8.1 -->
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
    <!--The ID below indicates application support for Windows 10 -->
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
  </application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
    <dpiAware>true</dpiAware>
  </asmv3:windowsSettings>
</asmv3:application>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0+0<0B0H0M0Y0c0m0y0
1/2D2s2z2
3G3a3<5
6^7m7B8}8
]0=1E2
:P;S<p<
0:1g1I2
=U=c=h=
>??O?Z?
2&2-2F2q2
>4?]?|?
2+3C3u3
7)858u8
8+9X9{9
6"6'6-646:6
:6;l;N=
<(<G<n<v<
?$?+?R?^?j?s?
0-040;0B0I0P0W0^0}0
3$303G3R3d3p3
4%434H4O4h4r4
415N5l5
6)666@6
;!;,;~;
?;?]?w?
0'0/070?0G0O0W0_0g0o0w0
1"1-181C1N1Y1d1o1z1
2*252@2
2	3=3d3y3
666O6[6g6
7%7,727=7m7r7
8&838R8Y8_8m8y8
=2>9>L>Q>0?
0"0&0*0.02060:0>0B0F0J0N0R0V0Z0^0b0f0j0n0r0v0z0~0
;$;7;?;D;_;
b0B2w2
6Q6e6l6s6z6
94:?:J:m:
<7=N=i=
=B>T>l>u>
1)1F1M1}1
2 2<2E2S2d2
3@4H4N4b4
4.5:5I5Q5W5]5q5}5
8$8M8w8
919A9R9f9w9
:R;];x;
<.<K<X<`<f<j<
<z=9>V>f>z>
2 2*2H2
3(393I3_3p3
3*454<4D4T4_4l4y4
5(555C5I5T5e5{5
6Z6h6n6
8O8c8w8
9$979E9T9c9k9y9
:\:e:k:}:
;);5;L;_;e;t;
< <C<T<b<
>3>a>w>
0"0?0p0v0
304K4b4
5"5E5V5
596D6d6m6v6
6/7T7d7l7
8#8)8N8S8^8j8
9Q9e9L:S:Z:i:r:|:
;,;7=G=
>W>[>_>c>g>k>o>s>w>{>
?!?'?6?>?L?\?g?
0;0o0|0
1$1;1N1u1{1
373F3X3k3r3|3
4&4/4E4M4h4m4y4~4
545D5X5b5r5
5'6-6F6_6j6
7)707g7m7
9/9=9O9W9d9y9
:+:4:?:E:K:S:X:^:g:r:
;$;1;=;J;T;Z;k;q;w;|;
<&<0<:<D<N<X<b<l<v<
= =*=4=>=H=R=\=f=p=z=
>$>2><>I>W>a>k>u>
?&?0?=?K?U?_?i?t?
0'0<0C0I0S0\0
1&1/1l1
2!262=2C2N2m2
3)3?3Q3k3
4N4Z4`4u4
9&9L9a9h9n9
?$?*?:?k?
0$131:1p1y1
4+4Q4Z4`4h4m4
5"5)50575>5E5L5T5\5d5p5y5~5
:K:P:T:X:\:
<%===B=
829c:4;G;e;s;!=X=_=d=h=l=p=
1J2u253V3d3j3
405H5N5X5g5#7Z;
2!283a3}3
4<4L4c4k4
5=5F5K5P5t5
61696>6N6X6}6
151@1l1
2.3^3m3
5!5<5|5
:5:b:}:
?L?[?`?q?w?
-050N0`0l0t0
5"585&606=6p6
6,737w7
:i:e;y;
=/=J=V=g=p=
>#>8>B>e>o>
b3-6l6s6
9.9C9Z9}9
0<0W0p0
1D1T1k1s1
2 2%2@2J2f2q2v2{2
3"3'3E3O3k3v3{3
494U4`4e4j4
5#515@5d5v5
;%;/;@;E;Z;
?+?6?M?}?
192>2D2I2
3'4I4p4
5$5+585y5
9 9<9C9Z9p9
:Z:l:~:
; ;2;S;e;w;
=/>|>T?
0d132g4J<
8-9499<}?
=7=D=t=
50\0g0w0
0%1D1Z1d1
2'3P3l3
3#4T4p4
8)9>9O9
091A1I1Q1Y1w1
6I7f7v7
:3:?:K:^:}:
;);<;`;
;K<Z<y<
;H=Z=t=
=1>;>P>k>
?1?F?l?
1*1?1T1i1
2$2(2,2024282<2@2D2H2L2X2\2`2d2h2l2x2|2
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
90949X9\9`9d9x9|9
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
(30383<3@3D3H3L3P3T3\3`3d3h3l3p3t3x3
9 9$9(9,9094989<9@9D9H9L9P9T9X9d9h9l9p9t9x9|9
 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l287<7@7D7
l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
3,=4=<=D=L=T=\=d=l=t=|=
?0?@?D?T?X?\?d?|?
545<5D5L5T5\5d5l5x5
6$606P6\6
787@7L7l7t7
848<8H8h8t8
9 9(90989@9L9l9t9
:(:H:T:x:
; ;(;<;P;`;p;x;
<,<8<X<d<
= =(=0=4=8=@=T=p=x=|=
> >(>T>X>`>h>p>t>|>
?8?X?x?
080X0x0
1 1@1`1
0L1\1h1l1p1t1x1|1
303<3@3D3`3d3l3
8 989T9p9
: :$:(:,:0:4:8:<:D:H:L:P:T:X:\:`:h:p:t:x:|:
; ;$;(;,;0;4;8;<;D;H;L;P;T;
Path=C:\Windows\debug\SYSTEM
Setup=start.bat
Silent=1
Overwrite=1
skycmd.bat
	start.bat
@dD#5O6
5U5w7d
!D+'0M
start2.bat
down.bat
#4FuDR,
Y70`JlX
@T34/T
install3.bat
open.bat
7t3C/V
#t-K|F4
6DD!`2
qc.bat