Sample details: 84063bd287827277ae2a22f4b3e9757a --

Hashes
MD5: 84063bd287827277ae2a22f4b3e9757a
SHA1: af0bb893ac22cc3703a02e205547fb98f860008b
SHA256: 8af6a0ad98f53063e6f730828a59621dac2aa575cd1a618723b0ad7823ef3ec4
SSDEEP: 6144:vv5jSIZCXtlloFeZZ0tv/6+DdaeXFcmzvRjw:5uuCX/5Z0tv/RXnrRjw
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
HtcHt.
PPPPPPPP
QQSVWd
jXh(oB
t*=RCC
;7|G;p
tR99u2
.t|PVj@
t"SS9] u
F\=xMB
>:u8FV
j@j ^V
uTVWh*
^SSSSS
t$<"u	3
< tK<	tG
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
tKh8YB
t:h4YB
Wj@h`VB
u h<YB
PPPPPPPP
j h`tB
v	N+D$
URPQQh@
v	N+D$
;t$,v-
UQPXY]Y[
HHtYHHt
u}h8aB
t VV9u
<+t"<-t
+t HHt
u-hpaB
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
bad cast
bad locale name
invalid string position
string too long
generic
iostream
system
iostream stream error
Unknown exception
bad allocation
Visual C++ CRT: Not enough memory to complete call to strerror.
bad exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
(null)
`h````
xpxxxx
CorExitProcess
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
1#QNAN
1#SNAN
CancelDeviceWakeupRequest
GetAtomNameA
KERNEL32.dll
OLEAUT32.dll
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
RtlUnwind
RaiseException
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
IsProcessorFeaturePresent
ExitProcess
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
WriteConsoleW
SetStdHandle
LoadLibraryW
CreateFileW
CompareStringW
SetEnvironmentVariableA
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVbad_cast@std@@
.?AVbad_alloc@std@@
^8Bj=>.
^%_a+78
9949831315$
^<Xw;:9
^<Xw;:9
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AFX_RIBBON>
    <HEADER>
        <VERSION>1</VERSION>
    </HEADER>
    <RIBBON_BAR>
        <CATEGORIES>
            <CATEGORY>
                <ELEMENT_NAME>Category</ELEMENT_NAME>
                <NAME>Category</NAME>
                <PANELS>
                    <PANEL>
                        <ELEMENT_NAME>Panel</ELEMENT_NAME>
                        <NAME>Panel</NAME>
                    </PANEL>
                </PANELS>
            </CATEGORY>
        </CATEGORIES>
    </RIBBON_BAR>
</AFX_RIBBON>
92G2T2z2
7H728X8
;C<a=i=
=5>>>G>
<(<6<\<x<>=
2F445H5A6I6
<h=x=[>a>
33494~4
>%?+?y?
='>->s>y>
1e1j1v1
12272C2M2S2
3b3g3s3}3
3.434?4I4O4
4>5C5O5Y5_5
6K7P7\7f7l7
7'8,888B8H8
9"9q9v9
:M:R:^:h:n:
:,;1;=;G;M;
<$<*<{<
1-2C2H2
4	4e4j4
5!5'5,5{5
6	6Y6_6d6p6v6{6
63797>7J7P7U7
8+81868
9`9f9k9w9}9
;$;);v;|;
<T<Z<_<k<q<v<
<1=7=<=H=N=S=
>)>/>4>~>
><?B?G?S?Y?^?
2.242u2~2
233;3F3M3S3
4"4'4o4t4
4)5.5x5}5
5$6+63696|6
6(7.7o7u7
9S9]9c9
:h:o:u:
?d?o?t?
0D1T1Z1
;[;c;i;
=>>E>K>
1+212s2y2
6*707}7
;*<0<v<|<
1"1m1s1
1'2-2m2w2
4F4N4S4
7L7Q7]7g7m7
<*<0<5<
?)?4?9?
H0N0S0_0e0j0
8G8T8h8
;,<9<M<
<,=F=M=f=
3k3s3}3
4%565n5y5
7C7Q7i7y7
7%828<8A8p8
9O;m;v;
>8?=?C?G?M?Q?W?[?a?e?j?p?t?z?~?
4(555O5m5
6!6D6J6\6
7)7O7m7t7x7|7
7R8]8x8
9 9$9(9,9v9|9
:<:T:[:c:h:l:p:
;J;P;T;X;\;
0'040@0L0R0d0l0w0
6=6O6]6r6|6
<3=:=B=
0#1-2v2
;6<`<l<
576n6v6
8%9T9Z9i9
2'2^2g2s2
3<3e3w3j4|4\5f5s5
6!828l8y8
9#9G9~9
<+<G<P<V<_<d<s<
0#0/050A0G0P0V0_0k0q0y0
31363>3D3K3Q3X3^3f3m3r3z3
4!4&4,454U4[4s4
9@:I:O:T:l:
;#;2;9;F;f;p;
8n8=9T9I:
>*>X>{>
7f9l9r9
:	:.:4:9:
<)<5<C=H=b>
M0U0h0s0x0
1#141m1w1
3 3;3C3I3W3
8W9]9y9
:.:3:Y:|:
;#;*;1;8;?;F;N;V;^;j;s;x;~;
;=<^<g<
=%=+=N=U=n=
5:6@6R6
667H7Z7l7~7
:.;?;]<n<
1A2J2c2
=8A8E8I8M8Q8U8Y8]8a8e8i8m8q8u8y8}8
;e<k<w<
<N=S=X=]=m=
=0>5><>A>H>M>[>
2+3X3c3
9L:Y:.;8;
<H<p</=G=
<	>L>x>
3"3'383@3F3P3V3`3f3p3y3
9#<*<A=P=
1Y2_2m2	3 3Z3
<N?R?V?Z?^?b?f?j?n?r?v?z?
2:2F2U2a2
8!818A8Q8w8
:6:B:L:a:v:z:
;";,;8;D;N;X;b;m;q;x;|;
P1T1X1\1`1d1h1l1p1t1x1|1
1,2024282<2@2D2H2L2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3h3l3p3t3x3|3
4 4$4(4,484<4@4D4H4L4P4`4d4h4l4p4t4x4
5054585<5@5X5\5`5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6
<$<,<4<<<D<L<T<\<d<l<t<|<
`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0
2 2$2(202H2X2\2l2p2x2
303@3D3L3d3t3x3
4,404H4X4\4l4p4
5 5$5(5,50585P5`5d5t5x5
6,606@6D6H6L6T6l6|6
7$7(7,747L7\7`7p7t7x7|7
848D8H8X8\8`8d8l8
9,909@9D9T9X9\9d9|9
:$:<:D:L:P:T:X:`:t:|:
;(;0;8;<;D;X;`;h;p;t;
<$<8<H<l<x<
=(=H=T=t=
>$>,>8>X>l>t>|>
? ?<?@?`?
0(0H0h0
0(10141L1P1l1p1x1
2(2H2h2
34383T3X3x3
484X4x4
0$0D0d0
3 4@4d4
5 5$5(5L5l5
5(6H6L6P6T6X6\6`6d6h6l6x6|6
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1
2$2024282<2@2D2H2
2P3T3X3\3`3d3h3l3p3t3
5 5$5(5,5054585<5@5D5H5L5P5T5
hEYhWb
nj-u-L	
	hVLI[@
J"+~R?
\*~S^-kM
3bA)6}s
R?}V/{7\
C'M{kw
	>F|G	
Mkmo-};M
nV"s(3
67@mr<Dj.k
A8{o< 
 ,O"Oj~
Y*[nt[
jgnr%A
Mp]3hD
qDuG7u
v2!G29-
l_(8h*
7_6lAl
^v>1	i(
'M| SC
zT*>]@
 Z?QKc
Yc4/M~
Aphi*$d
,_3W,x
>9~umN
E=!);2
Z{4LXc
{B5B93
&!:c>M
t	yJuz
dZ4=z=j
mVY49H
j"WY!4
7'(zD'
%Y|-zn
GuQZ..
Q?'Z	#
/=xX}{
,7VkRJx
0w. `?`:
y0&<yv; k
#e#0:6
\Y\DM$T
[/Xwp\
KQ/L1@
=v]-'loh@
;/=l~q
Ir^{k<x
E+K"O#
X79t;C
a}32&\
w1s-_W
OlMnBY
s$>Mv?
&5pM |
v8{_P#
T/ETL<
]x\1?@3
?~=5<i
@VT5om
\(&jeO
K|E7$RCL
~-48EK
o5DF86t
BMVw?/L
*6\MEG
,y?hTe
`5>IqP
74,8"\
j9Y>@>
fOTlof
lx[sDi
'c5"'8
h3}&tz
?up@jnb
	%Jf`G
C(Xh)'
{ uSO/
pf<qat[
6l+%P:
"eCS}A
cPv8Uy
PZH\-N
nm*^w-
7c}J<EP
Zp	W8&r\h7
uoj``S?~
o |5-G
U6Ai^ 
;mS`m)
:PLUhx#
B&XG:5
],-X7B
#kq*	o
F*>q()
0&`LaW
%#^MFi
ID]8D)
/	>txYHK
D69DeL
sWSqy:
w<OQAC
~d6n-v^oN
Nx&+ro	
g)kU<"[d^R
naoU*~
J}{DG;
[|rcW`
&|<y1=
FMI`a)
wEEwk;!
r3BW[pn/
,2341368794674552435yjhty
\x}x=B
(AB`4I
V|6ZEs
>eb}Aq
W\lGl	1
"7z+-b
'*t'wL
:}|pJ5
!2	\Zt
"yx|K4
+S~Mhm
MkF\Lv
"wrEIs
vFIJ5C
dPDljm
.P~Jea
:``{Kx
(,kEkt<
VG}][b
X'PrMAlQZ
}@;<KG
&K6jSpw
^GU>^5v
:s?-%A