Sample details: 984e658a7494f8fb3839210cf969971a --

Hashes
MD5: 984e658a7494f8fb3839210cf969971a
SHA1: e129215dd97b1d1c7bbf6f0f8f0c547e876df7f2
SHA256: 13ff6956fcb194057d28f654274dc98a5fd91eef88837c4a1951d62f81119937
SSDEEP: 768:K5RHqhLKv7GJ3Q0ZHwkVK8l7+zO4O1XBMZt8JHtSvScNH+8iI2euebTO2oGt:wHqhLKmQ07Me7/1OZt8JHCQIXFoa
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/borland_delphi | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/disable_dep | YRP/escalate_priv | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/Delphi_Copy |
Source
http://down.xrpdf.com/softdownload/xrpdf5050.exe
Strings
		This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
string
InitInstance
CleanupInstance
	ClassType
	ClassName
ClassNameIs
ClassParent
	ClassInfo
InstanceSize
InheritsFrom
Dispatch
MethodAddress
MethodName
FieldAddress
DefaultHandler
NewInstance
FreeInstance
TObject
YZ]_^[
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
ZTUWVSPRTj
tVSVWU
Ht Ht.
0123456789ABCDEF3
kernel32.dll
SetDefaultDllDirectories
SetDllDirectoryW
uxtheme.dll
userenv.dll
setupapi.dll
apphelp.dll
propsys.dll
dwmapi.dll
cryptbase.dll
oleacc.dll
version.dll
profapi.dll
comres.dll
clbcatq.dll
SetSearchPathMode
SetProcessDEPPolicy
	Exception
EAbort
EOutOfMemory
EInOutError
	EIntError
EDivByZero
ERangeError
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
	EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
	EControlC
EVariantError
EExternalException
m/d/yy
mmmm d, yyyy
:mm:ss
_^[YY]
INFNANU
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)U
<'t$<"t 
<#t&<0t%<.t,<,t3<'t5<"t1<Et:<et6<;tF
<#t'<0t#<.t
<Et$<et <;tS
_^[YY]
YZ]_^[
_^[YY]
_^[YY]
USERPROFILE
GetUserDefaultUILanguage
kernel32.dll
.DEFAULT\Control Panel\International
Locale
Control Panel\Desktop\ResourceLocale
[ExceptObject=nil]
TCustomFile
EFileError
File I/O error %d
ECompressError
ECompressDataError
ECompressInternalError
TCustomDecompressor
TCompressedBlockReader
_^[YY]
Compressed block is corrupted
Compressed block is corrupted
$Z]_^[
Compressed block is corrupted
TLZMA1SmallDecompressorS
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
YZ]_^[
TSetupLanguageEntryA
The setup files are corrupted. Please obtain a new copy of the program.
_^[YY]
Wow64DisableWow64FsRedirection
kernel32.dll
Wow64RevertWow64FsRedirection
shell32.dll
QQQQQQQQSVW
SeShutdownPrivilege
_^[YY]
_^[YY]
/SPAWNWND=
/Lang=
The setup files are corrupted. Please obtain a new copy of the program.
The Setup program accepts optional command line parameters.
/HELP, /?
Shows this information.
Disables the This will install... Do you wish to continue? prompt at the beginning of Setup.
/SILENT, /VERYSILENT
Instructs Setup to be silent or very silent.
/SUPPRESSMSGBOXES
Instructs Setup to suppress message boxes.
Causes Setup to create a log file in the user's TEMP directory.
/LOG="filename"
Same as /LOG, except it allows you to specify a fixed path/filename to use for the log file.
/NOCANCEL
Prevents the user from cancelling during the installation process.
/NORESTART
Prevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.
/RESTARTEXITCODE=exit code
Specifies a custom exit code that Setup is to return when the system needs to be restarted.
/CLOSEAPPLICATIONS
Instructs Setup to close applications using files that need to be updated.
/NOCLOSEAPPLICATIONS
Prevents Setup from closing applications using files that need to be updated.
/RESTARTAPPLICATIONS
Instructs Setup to restart applications.
/NORESTARTAPPLICATIONS
Prevents Setup from restarting applications.
/LOADINF="filename"
Instructs Setup to load the settings from the specified file after having checked the command line.
/SAVEINF="filename"
Instructs Setup to save installation settings to the specified file.
/LANG=language
Specifies the internal name of the language to use.
/DIR="x:\dirname"
Overrides the default directory name.
/GROUP="folder name"
Overrides the default folder name.
/NOICONS
Instructs Setup to initially check the Don't create a Start Menu folder check box.
/TYPE=type name
Overrides the default setup type.
/COMPONENTS="comma separated list of component names"
Overrides the default component settings.
/TASKS="comma separated list of task names"
Specifies a list of tasks that should be initially selected.
/MERGETASKS="comma separated list of task names"
Like the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.
/PASSWORD=password
Specifies the password to use.
For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
InnoSetupLdrWindow
STATIC
/SL5="$%x,%d,%d,
Runtime error     at 00000000
                                                                
Inno Setup Setup Data (5.5.7)
Inno Setup Messages (5.5.3)
0123456789ABCDEFGHIJKLMNOPQRSTUV
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll
MessageBoxA
oleaut32.dll
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SetLastError
SetFilePointer
SetErrorMode
SetEndOfFile
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
IsDBCSLeadByte
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcess
GetCommandLineA
GetACP
InterlockedExchange
FormatMessageA
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CloseHandle
user32.dll
TranslateMessage
SetWindowLongA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
ExitWindowsEx
DispatchMessageA
DestroyWindow
CreateWindowExA
CallWindowProcA
CharPrevA
comctl32.dll
InitCommonControls
advapi32.dll
AdjustTokenPrivileges
555,"""@
F%%%4:::"ggg
"XXX4:::J(((d!!!z!!!