Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 0b783914a5bf8ce566c6f7be36e50759 --

Hashes
MD5: 0b783914a5bf8ce566c6f7be36e50759
SHA1: b72151196a33d73606d20b0265b2d039ef9d1cf2
SHA256: a01ea2839b8b9676631cc7d5a9e8d6d64c2cae5cfba8d7e74d6e9f4b0e122331
SSDEEP: 1536:M82ThwpbJDIQp4J0O0oRPcHPsw7e2EoFtV6tF3x6WyglF3CT:yTh0bJDIQp4J0O08cHp75kH6pgX3CT
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_files_operation |
Parent Files
0495481d035935c5e309333c6d7c9209
Source
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
t+<.t'
=NB09t
:u@9HTw;
f=MZuA
SVWu3hlc
G090v33
SVWhLe
~h_^[]
=NB08t
=NB09t
=NB10t
=NB11t
t7<@t3
<@t)<_t
<0|V<9
<0|M<9
$`<`tK3
tn<@tjj'
t7<@t3
td<Xu`A
tg<@tcj'
t.;t$$t(
VC20XC00U
D$ UVP
9|$,u	
L$0SVPj
vPVWh 
SVWUuL
L$ VPQj
SVWUul
Windows NT & Windows 95 Image Help DLL
vOrdinal
.idata
v.debug
\Symbols\
Symbols
v.reloc
vPDBOpenValidate
dbi.dll
mspdb40.dll
mspdb41.dll
mspdb50.dll
PDBOpenDBI
PDBClose
DBIOpenPublics
DBIClose
GSINextSym
GSINearestSym
LdrProcessRelocationBlock
vwindir
_NT_ALT_SYMBOL_PATH
_NT_SYMBOL_PATH
vRtlDestroyQueryDebugBuffer
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
ntdll.dll
CreateToolhelp32Snapshot
Module32First
Module32Next
kernel32.dll
v`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__segname("
__segment
__self
__saveregs
__interrupt
__fastcall
__thiscall
__stdcall
__based(
__huge*
__huge 
__huge
vfptr}
call, 
this, 
[thunk]:
public: 
protected: 
private: 
virtual 
static 
`local static destructor helper'
`adjustor{
`vtordisp{
NYI:<segment-address-of-variable>
volatile
 throw(
 volatile
signed 
wchar_t
__int128
__int64
__int32
__int16
__int8
double
unsigned 
class 
struct 
union 
`unknown ecsu'
short 
const 
volatile 
v__unDName
msvcrt40.dll
msvcrt.dll
CloseHandle
MapViewOfFileEx
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
GetFileSize
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetLastError
WideCharToMultiByte
MapViewOfFile
CreateFileA
SetLastError
DeleteFileA
SetEndOfFile
SetFilePointer
WriteFile
SetFileAttributesA
CopyFileA
ReadFile
GetEnvironmentVariableA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFileAttributesA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
SearchPathA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentProcessId
VirtualFree
VirtualProtect
VirtualAlloc
lstrlenA
ReadProcessMemory
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
KERNEL32.dll
IMAGEHLP.dll
BindImage
BindImageEx
CheckSumMappedFile
EnumerateLoadedModules
FindDebugInfoFile
FindExecutableImage
GetImageConfigInformation
GetImageUnusedHeaderBytes
GetTimestampForLoadedLibrary
ImageAddCertificate
ImageDirectoryEntryToData
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageLoad
ImageNtHeader
ImageRemoveCertificate
ImageRvaToSection
ImageRvaToVa
ImageUnload
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapAndLoad
MapDebugInformation
MapFileAndCheckSumA
MapFileAndCheckSumW
MarkImageAsRunFromSwap
ReBaseImage
RemovePrivateCvSymbolic
RemoveRelocations
SearchTreeForFile
SetImageConfigInformation
SplitSymbols
StackWalk
SymCleanup
SymEnumerateModules
SymEnumerateSymbols
SymFunctionTableAccess
SymGetModuleBase
SymGetModuleInfo
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromName
SymGetSymNext
SymGetSymPrev
SymInitialize
SymLoadModule
SymRegisterCallback
SymSetOptions
SymSetSearchPath
SymUnDName
SymUnloadModule
TouchFileTimes
UnDecorateSymbolName
UnMapAndLoad
UnmapDebugInformation
UpdateDebugInfoFile
UpdateDebugInfoFileEx
2D5Q5W5`5
:<:J:_:h:w:
0E4J4,5l5
8.8>8G8
2 2)222@2I2[2
5:>[>.?Q?m?
5+5?5F5
7,7^7<8S8{8
<*<3<:<e<l<u<
4!424=4U4[4j4p4
6U6Z6i7
80898a8
:O;X;c;
<%<.<5<><E<[<`<g<l<
=9=H=S=[=a=j=s=z=
>$>->4>J>O>V>[>r>
?%?-?3?<?E?L?U?\?e?l?
0#0(0/040O0
2!2B2|2
2K3V3\3e3l3q3w3
;1;8;M;T;i;p;
<+<2<=<D<O<V<
8>9U9 :d;k;s;
3K5p5u5
5Z6_6L7b7
7@8e8j8
2h3H4w4
0!0%0)0-0105090=0A0E0I0M0
3!3%3)3-31353
>(?,?0?4?8?<?@?D?H?L?P?q?u?y?}?
>->5>;>@>I>O>T>Z>b>g>n>s>y>
4 4$4(4,4
4V5p5y5O8u>
0B1Q1Z1y1
2!2`2z2
5'505D5V5^5{5
646J6r6~6
8%8,848H8
=$>1>c>t>
2T2X2d2h2t2x2
4 4,404<4@4L4P4\4`4
4d5h5t5x5
6 6,606T;X;
 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1
imagehlp.pdb