Sample details: cd75d9c1597ae52d808235c392d42d70 --

Hashes
MD5: cd75d9c1597ae52d808235c392d42d70
SHA1: e08b092d3bc121fbc7c39edad35141ff476a4f2d
SHA256: 9eedac49e4e430d251b907a93d887023d47b9c59179ef969bea650a9c4c0258a
SSDEEP: 6144:hAOXjAKla8/AyDDJIs4wjAqiosd+gk0d6qlEb:hphZ/h2wjAqW5Eb
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerHiding__Active | YRP/anti_dbg | YRP/win_files_operation |
Source
http://ukr1.net/poperclip/mstop.exe
Strings
		bad array new length
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
`h````
xpxxxx
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
EnumSystemLocalesEx
GetUserDefaultLocaleName
IsValidLocaleName
LCIDToLocaleName
LocaleNameToLCID
_hypot
_nextafter
1#QNAN
1#SNAN
]vQ<)8
|)P!?Ua0
Eb2]A=
u?^p?o4
y1~?|"
?|I7Z#
>,'1D=
?g)([|X>=
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
<8bunz8
?#%X.y
F||<##
<@En[vP
?5Wg4p
"B <1=
?Unknown exception
bad cast
bad locale name
iostream
iostream stream error
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
VirtualProtect
kernel32.dll
tekedulefukaranicayupalibu
zotayemepasesiyokihatini %f
VirtualProtect
string too long
invalid string position
8:6' 5
;?#	#.1
?9&"&7
4=,;:,
*?(7?"
%2,#3*
;=0&%1"
866(&,/
./2$ 4,
 "<>!"83
*-*+8($
&342#	
86'*"33
=)7	<2
5*)),16
./=0&<
-9*;;*
  '/(2.
'#22'*49
<4=21/7&
00=2$(
 ?4+(%
   711
::	>/6#!>
-*#'!&#3
!235(	
50"!	,
6;)* %
 67+/4%
*5$3'<*
/345')
*.)$(#
(6&.?224&.
?!5,.76"+
65'2!0
2?%&%*9
(?03$	
"("/).17##?
9,816#%
=*:7$?
10-)7*$;
%:'!94
=%1;	1,"#
4*3" :
51:4	!
<69%2(
,+5=	'
,&+'$;
18&#/0-
,3751!#"
 (987#
3&'2>.
1?1''6
	/	/%$
%;"	73:#;
8<)=4%;9
283,>9<+
?,!;*%
8*)*(;"
-$,';.
,	**8)
?)7'(:
:$),?;?'-
9>3,&%
8-))(>
""5686
 6-$>4' "423):
<2?1//
'.?:5!+
:+(%66
3/"#)+:=	
43%*# "9+
+1	.078
2&;-6*#
7&	7"&-8"
>;,='#
;?-&*#:
	2<,75/#
6/	6%4;?!/!
',,-+	8
=-*;,<!<8
)/06-<8
15,,&*#+
<-:+?)
9+437.56$
4!+"-)%7>;
'(	<>(
"	!, /5
,!#1;6!
63"	 $
+?6/+<>'  ?*
74+5)+	
*)';2))
,00047
-$8<:0
22)(3+
!=-3:<
((/?%?
1,+//2
%	:(?$
:#,5#&3
37=;)&
3->22;$4
.:#*(%<1.
:,59#3
525<7'*
*)+ -7=
>!33379
0?	)$5
+&943&
%4=&1!%#
73*1.?
"3:6?59
	,7!80'*
.0%&13
3$<75'>(
2- 64	
>.#0	0
8""*#8
,<!7((
'603$02"
="7>/6
=,19(=
7,)051(+
%&	#&*
%$8"&7$
-3, /0
,8.#+/)
#	:3<0
<;<+$8<
1 &=2)?
&=> ()
3&:5/39
=62>91
05*42?,
66%;870) 4.
	9?,91
!!15!"
7:(5(?
/ %8!'
6>/>3('
44>;(-#
(/,%7+
(>$'8,&	.&
	 26*(
<+"28=#$
3('(6%
5&.674"
	!<=84-.
(9?!<:
#<%6$1
>	:/',
	%'"=:
#93#7"
=?$7+>
&754:=;
'"#3%*
	:)%12
;$#+-=
	<;#!?5
,+66	 &6
?&,3,/
&*3,:9<
-$57/7!<2#-
'13,/)
	<"%8%>:2
2 :4;(
:0>#4&
?3&(<0)
!%+*7.!
;'>$ *%
431)!6=
)7 6%<
(	5 *&
);)!!4
.802!>$=$
).4(0.57
6*1%(559* =
3	8	&0.
?*,5+<
$*109*,
".? 	,<;;
539,>82 ?9,
'7'' !*
96;%,7(.
?*2#""
;/426,3
==7%,,%
-385-;1)!
+=(-; $
=-"0!2
?90.95
(0)':'#
-6)>27%  
"6"0.9
+=&'("
$)$3?<
7(71.0
+'8#= 
$3<<2=
>+7'<*
09=**40
>	1%91	
'!1.%:
$3$?-:
0')69(:
4,.%-::!
9& 4>?
8<8<+)2+
7=(,:-
=/>5	'"
',"9'478
7!2284+7
"+!:>#
94,9;0
)-+:$7!1
20&3:7
	9	(+(0
  *078= 3
)7:>'6*
1>8%.2?
+";8.(4
;"%#3<
%/#1<8/>$6
9$837'$
0	!?**
>63:"<
>).&)+=
76< .	
!)'1!;7
(4,7: *5
=/=98$
*9##42
?.4>2?'%
0.	%#<3
(:#/=*
($../5?
43-381
/;&<00'4
'):+.99"
*$0:*7
.//-++!"
$!':3:
)<;.;87
7	99+?
2.=7$1
(56(2.#%
.**(?<
'.&08<4*$-
#*#!56 ?
>?	 :,'(
>% ??.&
3'	0;?.
?0)6!&
)*	7=6
4	,$"54
6&:(, 
("(1.7
%6	6>7#
7$	76&
;:#9.?
*3$9:/
-:)36+328'
)>&0#'
%;;<1+
	!-/92#
+7 /)&
-7$5<-
7/6*!;>
<4$ !=;4=
51=(:+
	 8($ 
0)*';8
!	+(*:!8(
44$?"5:;*<:5/<
!,;96>
#9$"''
,.,.1%<4
! #0$(>
#;&$,87>
1*,2*/$.
6>!>"0?
93:> "
32*+55
>6	&7&6
/</++;
8<7	/=
>'+$?89=$
,#5(;7
<'4/7(
/$37/),?)43
$$>);--!57
:5-&:&
'46(;.!
+9	55,/
:>. #, 
*%(9$?
$,$&1493
5(%6,")
*(*=2&
)680,45
77*77$
8==$$/:!
&1,2*(4
(<7!02
8">':2
4)+<+81
"2"4/:
0*? '7
46$- '.'6#0--##27-7>
-= ,12
(1.3	1/	
(5,,>'0
-	 780
&4-24!
63-+#87*
:'#=<>(27
$=3->?3
00827:
>/920'
'1.'.9
)(79"9
<%.%	#4#
=,4'(#;
?+('>;<
,+ 45:47
 0%9<1
-/5#(>&;/
(>7:,/
1)06/7
0+<0	*
:(<*+/
*7!691
8"!*-4!
$')3$?2 
 ='5=+:;	<,>!444
?;3!9 
/"<(41;-
(%-%	?
36%=6+3
&32-83#
&?4' &
'>..'%
+8)2	&
87=*$'
$7+""%
9.(-1'"
	$3$%2;:)
?$)62#
3,"/>84
+)16$'
8/9%'4
%.=8)<8$
2;9:?-%(8
97-+"<?<>=+
<(2%-)
 0?$32
-6./$&=.
3$*?36
)>5#& ?/.<
/549%=
3*#%+/$;
,6&4!"
/)?()=
6.	?2"3
90'/%+
,-21";
:28907>
<*/$./85.
='(4356=
7*1<")
.*16(<
1/$0'496
/;>	+%
 8.4.-955
'0%&9!
2(<5!(*?:;3
9";%;4
):/,+3
: &:;%>7+
#0"*.+"',=
8)$-75
8(3:9(
-</8-0(&
/+/(1)#
8<(&03
>?26 +
4"'=,79
(8!<15<)74
'-1.&'
#*,-: 
'37>#'
7?27/$
(:.>:,<
205$3:*
 88?6<*?8
'';3;7:9&">#!
*:+'">	!2
/,5%;+
)=$<,:<
%86!&3
%;/-'<
$"&>=3
6'3$&5
61&+"%96302(
//=.%$(=
=>5?3+
	?00'#&8"8
152542
22 +/4#+
,25?)*30
? 0>&"-
6&&4<0:*7
14/(8:
"7>;1!
;8/(. 
/!46:0:16
'(%18('
>?4+>%>	3
 	/ '5
 #"2!'
11,(*.>*
=7+4,7
=%?*-4.6
5, )8!
6+:2+'
3<"2$6
'&<0	'7
3,'"55	
>'93&4	
0 247>)
!	'./&96
&).,)/4
"60=&&
+%!$2**731*;
'?,/72
:	>''.4=
9)(8=:,"
2&)92+
7/*!=/8
$?#?>'<6
 38)>7
,>*$3-
 / 	:)#;
*1$;;0#;;-
"4&6,,
!-23%7
/:091<
0-3-6 &:
(!7&>9
($%4=''
 $.05:)
	"-<!'%
#!>34!
	*2#4	
%.,8(-
444.?72
?%?=#;,3""!-
9! 9/*
'	0!05>
2;5>5*-,:
)-7<20"
:$=:"-
):261<<
 "?+-0(
,*52#>=5*
<,-7++
&9>-,4
</9;35:
#:"'*94<=
=%	>:!62
*.,5&>
>4=#+&
 6.6.5
&9&+#*
69=	20
4	.=+(1(	
>?1 45.*
=6"2#5
7#50->
<8%;	&*
4(/*4<
"2.3?4#
%9(:=(
/?-!1%$
	,1/#(
%-,$3/
4=5	26
.*)"&$%	2
! 5+8/0"31$<7
>"/>=';
92<8$;9
0*,3"<
*&$.8*&
429-/4
.70" !	
'"7(;<4
.?");>
+:4&/=
%+ 994-
.4(6?86
5>5>7-
-<:46#.
.,%=-8
++ ;$/#
-5:,2#>+'5
5%2,,&
6'177://83
)=0!"2,
 -17." 
	27.?.7
$'80(31- 51
0"109+<		
79?(1-:2	5,
'83<"*
&:,9;1
,:/17)
 ;3?$$6
 37;!='
5(%%3+
;'&??9
:#	/3%9(7
>-<&"7*!#
54=<	0"
=<=*?1.5
8,503>
258)443
98$$<1
7=*%0	
 9(7+!)
)=4&8,
7$=;&<$
><98&769
	*->#:
!/2"&*&..
%	/	$'
(/'!		
&).8:,
%5.*2>)
1&9		4
<846+16:
:9/0?;
	#0"	 5
07;6"3%
%-/&%<(
%&,3	80"
	?":=4	
"!#$6*
$7*77% 0
*,"/;&30
< ,&0)&
4;1171&5
)0,(+9<',6.*
'1&2(82
+80&?,%
<=	'4>5
)(3=$<
>/0&,/7
(,49+5
6027&"
4> ?8)
:$'.<:$
462*"6(
!,,(,+/
8?$9 :0
<;?2 '*
?07%++)
,!%+,6
%1</:6
!-48+;1
"1:;+;
+$> $64"
'3;,7	
>#/4#1
/	%+?*
74:*8.
.)1"	,
-!0.,)'$0"	/
8725>%
43?7-*"45
3;1%&'
!(3$;"
++	1*9
(/0<%?	
<!$710
.17$<)8-"
4:,,+/>#
$	%4$<
<?=!!,
30'::!
$,7')"
.5;2%	
 0!%#4
'05/#<7!/
*58'18/
>6,8.4
34%6#) 
(*+<81?
<57,.5'
?2;5<&
53#6:-*
2">? =9$,
&:(0-5*'
*+:+	%6,
67#?!1
>(2(00
1"6*1<-3
?!6-	$- ,(;9'
;4?>"8<
:.)697?
855,1 
9$2 )9
/)0&56
+*>%'9
"'99.)
&-+7/8.
#(%1 )
$	)#*.-.
>:'1+9
&";*6+
$&+=<+
	-' -&
$ 3=+02$!=/)
>-		)#9
/-.&00%
0>/%*2";'$
!	7-0=?<	
:6=?'!"
 /82">&
	//!8?
/54&),=.#68
&7)	49
+	260+%
(	-"363)
';?"%#
;15/43?(
(96&!?
-%64)?'
?1-6$ +
&(?07'
95;"	0% 
$:</$ 
	$%4"*
-9.7	9;
0>#? (
;;)36!
*!8;6-4
.<,.	>
C:\sokudamicatexi woralapexotono.pdb
t\tmp_2011053709\bin\marugilu.pdb
.CRT$XCA
.CRT$XCAA
.CRT$XCC
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.text$di
.text$mn
.text$x
.text$yd
.xdata$x
.data$r
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.gfids$x
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
D$ QPj
	;DzoT
b/@d|]
n)~Y]`
Ls(3NO
NOT%#h0
LY8s'3
jA[j<U|91
{mOLo/
z~4Sk&
1A@Vc1}
2 RZZb^
t7rpF-
8D"><"'P
%w<xT&
{h:5gB
w`fes/
}"3w=t
->KVb2
K6z6ztR
7q.#7<I}
NnEFj1
Bj5qst
u5z@i9
7i_V[]
#0CD=4
233'CG
[D*j6SCzG
?>aj;U}
})~c	|
7vnwszg:
f	Y11J
[ulQq1
E$!Jgt
^5]H43
t	EyOt
_4Y4e\
U{,\z?
2iz?*U
jep=0u
0eT>S?
abMQ]1
x|=|MI
8mKy0!
J-1)0!
u!1{<"'<X
0Xl8cs
{>r	z)
ot,|c":
02333i
T)x6![d
'o4.r'
G333G)
'y>,C~*jJJ
u11C2Vt
j {.[*
83on$;:u
UPhD`@
PBf97t
r9@uSB
QSSS{?
J2hqP0\
,A<%6H
 3A@f;
@,A@f;
u0jAXf;
fF`;rI
tL`;85
!qlAXf;
,D2FlM6
U](	m};
q0kj,;
\\JKK?Q
\MJKK?Q
PO,yCr
|7+g7G
TVh<j@
;	5<!(
xY58+zO
7z0p31^
Yw(eSO
Fheh%y
<0<<K]
t0<,14
}.<:@>0
l/N,h'N
#ZT??z
]J8e}*8
S:!1xQ
:	8#P4
g=n=u=}=
?%?1?A?R?x?
0!0H0P0i0
4/5N5X5i5
6#6)6=6P6^6y6
7d7s7z7
9+9Q9Z9`9h9m9
=!>9>>>
1'1c1s1
2#23282=2d2m2r2w2
3#3(3X3`3e3u3
6F6g6u6{6
7%818H9|9
1d3R4\4i4
6,6Y6`6k6y6
;P>Z>d>
=	>->H>S>
050D0Z0p0
0>1E1W1`1
2S2e2k2
5$7<7i7
<4<C<H<Y<_<j<r<}<
=#=+=C=h=o=x=
0C0N0X0g0o0w0
9$:i:y:G<
040=0E0b0
<(=O=Z=j=
>7>M>W>v>
?,?U?s?
5:5U5b5p5~5
6:7D7_7
6&6S6Z6
7'7A7J7W7a7
0"0)0G0
2'232;2O2i2
3+32373<3Y3a3
4'454W4j4u4z4
5,575<5A5\5f5
616<6A6F6j6
787H7d7o7t7y7
818<8A8F8y8
9&939H9S9g9l9q9
: <;<Q<g<o<
5K5a5w5
6)757M7U7
=1=I=Q=r=
3[4\5l5}5
?,?H?f?p?
0#0-0=0
2'3H3M3X3l3w3
6&7J7~7
9.:=:K:h:p:
<"<4<F<X<j<|<
5 6)6t6
3=3L3k3~3
5y5L=T=
4@8G8N8U8
090E0Q0d0
1#1/1B1f1
9l;r;w;};
=$=T=x=
>9?A?I?Q?Y?w?
3-3K3_3e3
; ;);1;{;
<Y<`<g<
=9=>=C=I=
>&>0>S>X>]>
?.?;?A?H?N?[?g?q?
0%0+030>0c0q0w0
:%:H:k:
; ;(;0;8;@;H;P;
<,<4<@<`<l<
=<=H=h=p=x=
=(><>L>\>h>
?$?,?0?8?L?T?h?p?x?
0 0(00080<0@0H0\0x0
1(101\1`1h1p1x1|1
2 2@2`2
3(3D3H3h3
4(4H4h4
5(5H5h5
6$6,6@6H6\6d6h6p6x6
1 1$1(1,1014181@1
1(282H2X2h2
2P3T3x8(:L:h:
;(;L;p;
< <@<l<