Sample details: b7d04c88009be3d8813dac0f4f22c4e5 --

Hashes
MD5: b7d04c88009be3d8813dac0f4f22c4e5
SHA1: f99276b78adb1771108341af6f3c78ff0f83d472
SHA256: 05b8f819e5b95bf52d444f630663d88e2b98384be223f34066394aaf8f5e5472
SSDEEP: 3072:5Wcj4L9Zao0twtmZLrBYiyAn8NDFVKrsV/pQjQ4Vcb1iw:5WHitwtmVrBuq8NxUsdpQj5E1i
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation |
Source
http://animalmagazinchik.ru/poperclip/mstop.exe
http://ukr1.net/poperclip/mstop.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
SSSSSP
D$ 9D$
t$ jUh
F@9^8u
QQSVWd
.t|PVj@
uMh,#B
j,h(`B
t*=RCC
;7|G;p
tR99u2
t"SS9] u
HHtXHHt
?If90t
tWItHIt9It 
t hp%B
j@j ^V
uTVWhW
j hPaB
^SSSSS
t$<"u	3
< tK<	tG
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
PPPPPPPP
tKhPHB
t:hLHB
Wj@hxEB
u hTHB
PPPPPPPP
v	N+D$
	X 9} 
URPQQh
t VV9u
;t$,v-
UQPXY]Y[
v	N+D$
<+t"<-t
+t HHt
DbO{kc
kAb}~4
\8X'otA!
v.vzL@
G ,\\+<
<>gt[m w
rT8zD?
?=SPo1Y
*%]q8nZ
A%l/QX
o(pf>g]jV+
?!bRo$T
k%p{N,%
0[CYtx
LuB{yb
9Z?^L6
9;D9kH
s?7vdX0
RLB*Ay
q2?Ctc
IX2kCNb
O&fS7"
Ot{i daJg
6qFL}	
Q0e&&R
MfSz!~
Cr\<AK
S=C*(Fp
Z~ENA@
2Gs%'D
-V{eAQ*0*
7wjk-TW
'GhN'Z
:ut5odq
VQ9^KQ
Mb(vMT
:|V{<4X
]#1>9#
PRG G[P
W-!5Kw&
rzQ:U/
S--zrPa
`1f;YIW]y
'[H[$"g
vq61vg
OX-y|Jd
oeQ|kEM
2]Lt&1
\oQfzS
:(	yrU
po#`Js
Sj>HW?a"*
raA?T/
Gix2Af{
$Fi'tk
&i#:5_
JHRblY{
HA/={*P
8,|%bh
'jr98~3i
X$Su`.
%B4RNr$
abneJ{.
BkGPb:n
nNR0\J
Os/xCYv
#30/m-:\
xK<lYL
P4!@Ra
\16}Ai
loO9Fa
nq#!bk
=<m%+W(z
>^TM4b
KKtwgr
_I	1#0
9X~J9c
<G7B8p
^$"bEV
B3d`Bo
BidLBo
ual C++ CRT: Not enough memory to com}l)t
%C2TYM
%C%N4MeR0Ci
&C0M<N0T7Ry
!C>C9Y]EC
;C>C5L)AtEy
#C(A9Lc
i N"H$@&E(H*G,L.D0
2g4Z6E8P:V<X>[@$B+D$F/H&J)L,N7PqR9T:V?X8Z{\'^:`
!D#E%A'M)M+M-L/Y1Y3<5p7Y9Y;]=D?)a
yZ[(]+_
I!L#E%K'I)<+|-A/^1]3G5W7B9
;P=[?-A7C4EfG,I/K+M!O7Q;S8U7WGY
AbC2E)G>IjK$M+O6Q;S3U?W5Y/{
u(D81Xj
/oZlWc8sUa
9ol .a
yNlNn2si
oOlur+ee
tE #/  
=o	 Ma
=sOaRdIr
eXi.ee
!o such |r'c
 +M8MYd
,obe b
uDr,oXr
aiu6yu
lUsRl2a
n-l\x)m
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
2.wd3s}
9jzK:S
:E~V;}xs;
`=xit=
l'?7}<?
p!1,b-1#p
2yrK3FeY3!r
3pud4qzn4
9B{T:k`
A?N}	?A~B
a{h0op(1
pD2Vhc2
sc3l{x35s
7^w$83w
T_U/UY5fE
0]H|1}H
@gK?3k3
5BTJF,505GDJA<5@5
6(6LYG^86<6._
^2W5J L
kype@De
crilD[B
0C0(\#S1\YC
0J\Q_UV]U
N`Z`VE
_V1@xZ
t ,est@D
strTS%_)
H'O3IA;p;
Yz\nRR
&=,=RPYS^Z#YmK1^/R
I'ZkR}Kzd] c
os)re'+0
Q9\:STI
uct]BKS
FjEVS>T~1
c?e=1}1
Cl[hU-2nQ}Bo
y]pAV@SQ^]@
GoF5]kQ7U
QWExEaTXX5
is`maco]U^B
FmRf^O
Bs@_QD];
4GBWWN[8
5KE W!W
W{N`O@NAH
~XJXATTZ{Y
>mMgLtPX
of')010
1C2*2H2>2n
<Ac@H5
{oBD_S(\>0\0
2W3c3v3P}
2L|"2h|*2d|22p|:2||
7`sJ8JsP8
jxb1zx
XuVGE~FZF
}AS-G7T
O3m	TpTT;
>B?E?[?U?v?y?
X:zcaTbit
7oXxhsVQR\
hYuV/U
^se:jdo:bit
1lW{F=A
nsmbis7C
Z{TW\:
a@;\#X;	`k;
$2Th.2
!45H <5
8$8,848<8
7H7P7X
"7h7p7x7
8 8(808
,?0?t?8?
?D?H?L?P?T?X?
"?\k*?l?p?t?x?~?
cf0(0,0L
v0:0<0@0D0
d&0h0 2$2(2,202
2D2H2L2P2V2X2
f*2(j22t2x2
34fJ30fR3\oZ3
4 40444H
^5.50545<5
h5x5<5
6,63646
c*6Dc>6
b~7L7P7`7d7h7l7\
8$8(888>8D8ln.8Ln
9$9(989<9@9
: :x:H: l
:`:d:h:l:t:
<$<(<8<<<@<
"<pk6<|<
<D=P=t=|=
fZ>hbj>,>0>|
>W>\>d>h>
hf?(?H?h?t?
lgR04g
(1H1(1
c&4l4p4x4
6<6H6h
617D7lo
9 989D9l
@0$0$h>0
0,hN1,1
V74n^7(7,70747:7<7|n
7X7\78
&7i7l7p7t7
bJ8xbR8
bj8Xbr84888
8G8H8\8P8
\8`8$8h8
9h9L9 `
9`9d9`9l9p9
304080<0
ExitProcess
GetPrivateProfileSectionNamesW
lstrlenA
VirtualQuery
EnumCalendarInfoW
GetCurrentProcess
SetThreadExecutionState
CreateDirectoryExA
GetVolumePathNameW
GlobalAlloc
GetThreadSelectorEntry
GetSystemPowerStatus
FreeConsole
FindNextVolumeW
GetFileAttributesW
SetTimeZoneInformation
IsDBCSLeadByte
GetThreadPriorityBoost
lstrlenW
DisconnectNamedPipe
GetTapeStatus
CreateJobSet
MoveFileW
DisableThreadLibraryCalls
LocalAlloc
IsWow64Process
GetNumberFormatW
FoldStringW
EnumDateFormatsA
FreeEnvironmentStringsW
VirtualProtect
FatalAppExitA
GetShortPathNameW
SetCalendarInfoA
_lopen
GetDiskFreeSpaceExA
DeleteTimerQueueTimer
GetFileInformationByHandle
DebugBreak
FindNextVolumeA
LCMapStringW
KERNEL32.dll
GetBrushOrgEx
GetEnhMetaFileHeader
StartPage
GDI32.dll
OpenSCManagerW
RegSetValueExA
QueryServiceLockStatusA
EqualSid
AddAuditAccessAce
CreateProcessAsUserW
RegDeleteValueW
FreeSid
SetFileSecurityA
ADVAPI32.dll
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetFilePointer
CloseHandle
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetProcAddress
GetModuleHandleW
WriteFile
GetModuleFileNameW
GetModuleFileNameA
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
ReadFile
LoadLibraryW
WriteConsoleW
CreateFileW
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AVbad_cast@std@@
.?AVbad_alloc@std@@