Sample details: 8ca5c1b82cc580acd593d058156246d8 --

Hashes
MD5: 8ca5c1b82cc580acd593d058156246d8
SHA1: 40ee07b26217991b594fd9070d66293ae393e4fd
SHA256: 4952fb65995536093c9dc613ed661321d6ec0af61cc527e20a01441a575c4a8b
SSDEEP: 768:4rArBEXJJKRVl+xw44dsV8e0ese0e8e0eMe0e3eQ2s5GV42VuHC:4mBWJKPP4n3/3v3f3OQ2U2VuHC
Details
File Type: PE32
Added: 2018-02-25 21:51:40
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/dUP2xPatcherwwwdiablo2oo2cjbnet | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants |
Parent Files
724af9c30f5b664c7bce5d2875308d33
Strings
		!This program cannot be run in DOS mode.
c	Rich
.rdata
@.data
Qkkbal
Bmp_Button_Class
8*.t=f
dUP2u#h
@_^ZY[
;E wsQVWR
Z_^YGA;M u
CreateThread
</u7SWSVj
KERNEL32.DLL
advapi32.dll
comdlg32.dll
gdi32.dll
shell32.dll
user32.dll
FindFirstFileA
GetStdHandle
WriteFile
FlushFileBuffers
CompareStringA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
FindClose
lstrlenW
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WideCharToMultiByte
WaitForSingleObject
VirtualFree
VirtualAlloc
UnmapViewOfFile
SizeofResource
AttachConsole
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetFileAttributesA
GetFileSize
GetFileTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
RtlMoveMemory
RtlZeroMemory
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetOpenFileNameA
GetSaveFileNameA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectA
CreateSolidBrush
ExtCreateRegion
GetStockObject
GetTextExtentPointA
RemoveFontResourceA
TextOutA
SetTextColor
SetBkMode
SetBkColor
SelectObject
RoundRect
AddFontResourceA
ShellExecuteA
TrackPopupMenu
ShowWindow
SetWindowTextA
SetWindowRgn
SetWindowPos
UpdateWindow
SetTimer
SetFocus
SetDlgItemTextA
SetClassLongA
SetCapture
SendMessageA
SetWindowLongA
ReleaseCapture
RegisterClassExA
RedrawWindow
PtInRect
OffsetRect
MessageBoxA
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
IsDlgButtonChecked
InvalidateRect
IntersectRect
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetParent
GetKeyState
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
GetClientRect
MoveWindow
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetCursorPos
GetCapture
GetActiveWindow
EndDialog
EnableWindow
DrawTextA
DialogBoxParamA
DefWindowProcA
CreateWindowExA
CreatePopupMenu
CheckDlgButton
CallWindowProcA
AppendMenuA
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_DYN_DATA
STATIC
user32.dll
SetLayeredWindowAttributes
BASSMOD_Init
BASSMOD_MusicFree
BASSMOD_MusicLoad
BASSMOD_MusicPlay
BASSMOD_Free
\bassmod.dll
Removing readonly file attribute
 [*.exe] 
 [*.*] 
dup2_last_file
dup2_last_path
File not loaded
PE CheckSum Fix : OK
PE CheckSum Fix : Failed
Restore original file time : OK
Imagehlp.dll
CheckSumMappedFile
\bassmod.dll
Courier New
BTN_PATCH_UP
BTN_PATCH_DOWN
BTN_PATCH_OVER
BTN_ABOUT_UP
BTN_ABOUT_DOWN
BTN_ABOUT_OVER
BTN_EXIT_UP
BTN_EXIT_DOWN
BTN_EXIT_OVER
BTN_ABOUT_OK_UP
BTN_ABOUT_OK_DOWN
BTN_ABOUT_OK_OVER
MS SANS SERIF
user32.dll
SetLayeredWindowAttributes
user32.dll
SetLayeredWindowAttributes
WOW64 File System Redirection : disabled
kernel32.dll
Wow64DisableWow64FsRedirection
WOW64 File System Redirection : enabled
kernel32.dll
Wow64RevertWow64FsRedirection
--------------------------------------------------------------------
 diablo2oo2's universal patcher - console help
 /help                 : this help menu
 /silent               : no window gui, no input
 /overwrite            : overwrite existing files
                         during file attachment export
 /backup               : make backup of every file which is patched
 /startupworkdir <dir> : set working directory for the patcher
 /setvar <content>     : set content of %dup2_cmd_var%
 /help                 : show help menu
silent
backup
overwrite
startupworkdir
setvar
dup2_cmd_var
 <>[]|$^!%&/\(){}=?`*+-'#.:;,@~"
\regpatch.reg
regedit.exe
Can not use placeholders in console mode.
BTN_REGP_OK_UP
BTN_REGP_OK_DOWN
BTN_REGP_OK_OVER
dup2_last_file
dup2_last_path
BTN_PATCH_DISABLED
(uHr,g]
`SMO&{
O9e1Y%
Y6R0RjR4
>e0R9h
*g~b0R
NMRHQsQ
*g~b0RP
\cknx!
*g~b0RW[
~X[(W,
ck(WgbL
ck(W Rd
KUGOU 7.0.X
2011-09-15
KuGou7.exe
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="2.0.0.0"
    processorArchitecture="X86"
    name="diablo2oo2's.Universal.Patcher"
    type="win32"
  <description>diablo2oo2's.Universal.Patcher</description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*"
      />
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="requireAdministrator"
          uiAccess="false"
        />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>