Sample details: 0d0e51577bff5f4c573291c94863fc25 --

Hashes
MD5: 0d0e51577bff5f4c573291c94863fc25
SHA1: 05985c9e834366f86f45df8a0b6a675efb378638
SHA256: 62b90c13eea4be07d8d0f077b85fc2a5a73d7a66bb6e80bdbeb1c50c8267e64e
SSDEEP: 12288:2gkxfgN/3UysymZPDflDRbW3+T1td8JADO1:2gIgRbsnPDfl15mwO
Details
File Type: PE32
Yara Hits
YRP/maldoc_getEIP_method_1 | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation |
Source
http://rosewinegl.info/2
http://folxdogerm.info/1
http://rosewinegl.info/2
http://folxdogerm.info/1
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
@.pdata
@.idata
VuZ9l$0t#
@9~xu+;
9~ltc9
S,_^[]
3Ging.
baspD.cat
9} u!HPP1
$14$P1
QQSVWd
t$8h8\@
FDylQUTh
t$&h07@
T$$VRVV
	QUVhn
t$+h0B@
j{h8+@
t${VPjD
<$Rj	h
j@hh>@
VVPhxq@
;l$ }}
VPh`O@
t$&j=h
j\jeh:
jChP2@
9Axu%9A|u*9
irectoryqbject
VjGjth$
t$ePPQ
YY_^]h
SPVh ;@
t$)QSj
Xj\he	@
rAValu
D$ RTh
t$.Ph8
QPh(%@
common
t$wj&hxD@
<$hG	@
<$Sj[h
~ej?^;
<xtl<Xu
SRUhQa@
#<$STRhW4@
VPh@'@
<$hYZj
j"UhKM@
sWSj]h
tEPQSj_hn
PjlUh#
t$"h`$@
ill have a lo
^%3SSPh
@SVQjsh
RRhxD@
SThG{?
j1h@U@
SS^PTPh8
Wj!jFhhX@
j0hX<@
QRRRUj
Tj|Qh@
QVTht/?
VTj	hL
G ;C t
jKj(hA
Rj:Shl
QTh2^?
~=WPSh
p`Tj)h
Sjjj[j
URTPhT
u=9SLu
j\jePh
PQVjuhB
rman-lic
_remove_
SetScropCreate
l_cmd_d
	>lidateR
GetComD
CurrentTh    %s(%d)
SET_PAS
USER32.dlT
EqualSid
Imtable'
tor@G@2@@
NOT_PRESENT
Th`hhh
+ code in this
VirtualFree
SetupDi
EQUENCY
blities>     
         
thHPDrvRel.57\s
iceInfo
Setupsif_uf\sou
penStorageOnIL
runtime
esif_uf\so
perator
%d</%s>
 many pa
StdHandle
X`local vft%
WaitForMul^
DeleteCr
adStrin
. %u Dom. 0x%04
uesday
>%d</fpcS
OleRq~
\3a7a3a3f3b0f6a
CreatF
PeekMernel action %	I
Rilter
evice info. Er
e informatio
GetNextnabled
@s:         
CloseThemeData
Manager
s indic
tall\utilsJ
- not enoug
J~AlassObjec
F_DATA_INT8
ickCount
 Participant 
registerFromS0lZ
 Description
pci data
faultLCID
X@b8]o
?^g.uS+?
&FRIoSL6
Heb5p=
1Ku{ik
`7"J%u
^`	(5!gg
{pKCV~[
Dho[&I
A [yL/
3qX]`k
`Z4gBf
p:^TwJiBBQ&
%pzXA| 
7If%c	
1;ba'$
v&15t<
yd1D6z
G)Wfdn
|MbEKH
tGz7`N
A_$09u\$
-[jpn+Br
-L;tJgA
7J%}d/n
(CV7~_jy
Bxx$sM	|$
3,>\[S
M\ul#(
lE_eH'
 	%|Zp
R Y*ai
9FP&A2
%$zV2Y
lh4"gQ$
'O//W@
y)9xfQz
Ph?jT3t
wO21[8*
Q1U#/:
wU]DtlZ
\b5s'~~
s/hTc8
JOf;@g
V5t-ED
76'Q$v
TBvs'Y
PVr"m/u%
	mw3y[
,S-m% 
TXOagk(4
sv Ov;i
B~<RL#
7$|$8I
d$}m$@
8X@- Lx
+ETv(Ld
RbKrcN
b%{QI!
`*7XC[cx7a	
t4>ddM
S_lbZa'
uT6tdn
9Y65~K
t=F18#
9.B/Ab
41/3BNhw'
fGahe~TdQV=@X
]d7LR,Y1zh
(LA,T}
y*Sk\o
m+$n*u
!9je=f
,[#u_y
 !2c2Um
[zlRpI
cc1Vp]
uAFNcY
%-[Kv.' 
ue%S*R
%/oxo\`
H7xW[,
g{v6'HM
!O@CTa
aCSmx%c
C #>eO
W'-,8H$
8_|=;)j
&ZjxV.
oN{iDY
HZDI$3=
Ttr}qfgPO
6XG>'z}}
Zb,]SNj
5UmmPY&=
:D-Q@?
&Qa|/^
btI^5 
}xu$TRh
AlZi0)O
vu=`0B
:B~(B$w
O[}VhV
Oo5y9{c
nDXN@b8 
nWmxn/59
,<2[m"
)Z!?W	
.cDuR$-
zzc}D6C
@tM>@T
@^qc{O
6Z8Mt.[
-i}Ee4a
^WVwg+
)PqL"e
qZDI~	
|f2J"#
'n9.U5dOp3
Y"6}#wP
yHxvur_1
};7/$&
5svC.Y
BrPJR'
C>$$2$
fPTn_;^
go};(,p
Ld]9>)
WGTHWq6wg;
4f12L1+
srU"y;
^rl/{=$
sx7FLK
E$f\o%
g0^q:l
18Wz-`
%\JYJN
St~*HH0
rTd <a
-4?pGf
91<	@b*
Cc<IK(
GhL|m]Cc
y>$.TbX
15[d#W<
=6bS2W
|NEKKQ
L=gYmD
jkVQ`#
Kt.I)[;!
`_D3s6/
H3Lb{z+
wr%e]o
S<@4iB
][ -a3E
LKvL~/
\1x.i2d
teq@1@:
f5P+==@
(>8I0g{
OUz]B~ 
pqO,'Q
w1-^20H|VQ
HC</^2y
!mSi53
JEP=MId
xw^8jTH
%{L |#
Q1j}s}
#o:/JU
f~."rx
3Z o=Q
!f3}.	
^n35r.8
ZKJm0)
L}S/V:,
.e#`KB
l=f: kh
2U^m$8\gE}
`euR09
:;^A_/
WtvZuW
}4m1}c|
;#k,:*
k171~:8\*
Y p\qIK%Ws
ns8^h\
k]MY]n;
oO!Z"!
UZ;PVJ
|xmlrqI
eb`k.T
f9dw]J
[wirmCJ
HnN7SXz^
e3	-u;
>!+V,c
Sg[B,S
fE)HO	'v%tw
#5 >`>n
SXT0<rCjHB
@rHk23
[(h8''
p1FfE9_
tg(}R=![
c!d/[<
-bZ#Ku
J!?R6L
u[zgL%5P
x5MY\Z
c(%`0N
_2t0	fu
y(Yc/h
#:&s#XgL
{~k@~cM.b
TGA S	
j3,N=S.
KTGN=j
y2-v|v
ql!o~4
{|"_ip
7x~o55|h
RPUv5z
[	p$/}m
I)7;z8"
*nR'y$
hA%^;{
=M~t&%
Or0+IT
5mgly	V
wa,H+~
04TqK0
\74T:,4
44Tsq8
$4[{.4T
!4Tsa$
a<[}&1T
AQr2rF*
DllGetVersion
ries exceeded, changing the wait time (2s->10s)
pxcCameraStatus = <%s><%d>
PercChe
;H;H;H;H;H;H;H;HM[M[M[M[M[M[M[M[
QAV?$CMap@IIPAXPAX@@
.?AV?$CMap@IIPAUHBITMAP__@@PAU1@@@
.?AV?$CMap@IIPAUHACCEL__@@PAU1@@@
F&F&F&F&#K#K#K#K
;H;H;H;HM[M[M[M[#
tmap@@@@
.?AV?$CArray@PAUHWND__@@PAU1@@@
.?AVCMapStringToPtr@@
.?AVCStringList@@
.?AVCFullScreenImpl@@
.?AVCMFCShadowWnd@@
.?AV?$CList@PAVCFrameWnd@@PAV1@@@
.?AVCFraVDNameStatusNode@@
.?AVpcharNode@@
6:`}A<
KbPPo:
.}7-x]
Jwm'(v
H*zN~.A
:G[XSI>
p36Fa>
;W}<sA
}2;	JpI
x@~?~|
\}}r]2
k0!_VZ
N3Y|JO
V6qdx5
.g}Gf	
ELeF*v
\:669~
UY rsy
4,pu38
l.h>#RD
\9NdGe
-gD>=(
uFT%fO
;kzP\{
oO{:+o
kbah}f
]g(-+G
cVDF]}
.zu:M2ZV
m{*D5I
j/.U'X
qzZ|37
:;y&Or
 %d[BuW
fX~#&f
SJ]4\j 
C,ODT:
~^l1$C
M&W!z\
Bn:I42
U|m6Tu}
6F @ c
S7]w~z
B_BPVq@
&d-2i+
i<h3f?WXL
aSJtDb
?1<$"*
1C"k.&
CIPPGenuine
lContaine
GRSMhom.ini
ntrolEvents@@
$CMap@IIPAUH
IPPGenuine
IPPGenuine
.?AV?$CLi
ecInitAlloc
rList@@
IPPGenuin
.?AVXOleI{bhbh
;ageFilter@COleMess
.?AUIUnknowpC
anspmgrAp
IPPGenuine
Exception@@
.PAVCResourceE
XBKBKX
0CComObject@VCAccessiblePr
.?AVCAccessible
iles (*.bmp)
UIDropTarge
VXAccessible@CWnd
tils@@
otEx@VCComSingleTGenuine
IPPGxj\N>LZhvtfX
et frame rate for 
iDCTQuantInv8x8LS_JP
FCBaseToolBar@@
3cmlinkCleanupW
e ERROR
IPPGenuine
IPPGontrolset\servicGenuine
IAccessibleB
un.exe
CObject@@
.?AU_AFX
xButton@@
.?AVCM
.?AVCBitmap@@
.?AVCMFCListCtrl@@
DEFGHIJKLMNOPQRSTUVWXYZ
VCArchiveSt
anStateFree_J
.?AVCMFCShowAllButton@<
IPPGenuine
.?AVCToolTi
jklmnopqrstu
.PAVCOb
.?AVCSmart
.?AV?$CM
PPGenuine
equentialStream@@
IPPGe;
CDeviceOperation@@
erBase@@
.?AV?$CList
ippiDe0
PGenuine
nuButtonsButton@@
IPPGenuine
IPPGen
aResources\Wave
System
sPropertyPage@
IPPGenui
SourcePath
ComponentCfgIterat
yImpl@VCAccessibl
utlookBarPane@@
\Software\3
_1B17&PID_6101
 to set serv
System\CurrentCont
.?AVCListBox@@
ception@@
info@@
.?AVCDC@@
HKEY_LOCAL_MACHI
gEvents@CFileDialog@
IPPGenuin
ver@CWnd@@
^lzxj\N>LZ
ChildDevNode
.?AVCNotSupported
Decoder
ippiSamp
ception@@
Genuine
chException@@
ellObj@@
IPPGenuine
@(#)SRV 1.03.00.0
eqJobList@@
.?AVCWinAp<k
IPPGenu
XAAPAX@
8VCMenu@@
nd_InfoJobStar
2<Z-0<
K.<>u,<
ception@@
IPPGenuinen ippJP [%d.%d.%dF&
IPPGen
UVWXYZ
.?AVCDC@@
      s
.?AVCRecentFi
xception@
rray@@
PGenuine
.?AVCMFCRibbonLabel@
s: %d%%
IPPGenuine
IPPGenuine
INF\%s
~~~~~|n^l
d_exception@s
ap to filtergraphB
VCToolBar@@
IPPGenuine
.?AVCE
ageEditorDialog@@ss: %d%%
><UQ<<
.?AUIDropS
UIAccessible@@
.?AUIAtlStringMgr@AT
AmA-Tb
lUtils@@
AVCBrush@@
ippiRGBToY_JPEG_8u_C
.?AVCMFC
.PAVCFileException@@
VCGetInfoDlg@
IPPGen
vtfXJ<.
AVCTestCmd
IPPGenuine
IUnknown@@
iveException@@
AVCFrameImpl@@
IPPGen
CNotSupportedException@@
;H;H;H;H;H;
VCPtrList@
PGenuine
ICOleControlContainer
.PAVCO
eTabCtr
NFO@@AAU1@@@
teWindowless@@
enuine
IPPGenui
@std@@
.?AVCO
~~~~~~~~~|n^lzxj\N>LZh
Button@@
pleUpH2V1_JPEG_8u_C1R
PPGenuine
eHuffman
PPGenuine
RE\Agere\SoftM
pDiSetClas
cannot preview properly
.?AVCMemDC@@
olSiteFactoryMgr@@
@AAU1@@@
.?AV?$CSimpleStr
OwnerDrawMenu@@
CList@P
PPGenuine
.PAVCInvalidArgEx
on@std@@
VCMessageAbout
PGenuine
PPGenuine
CGuidanceDialog@@
mW$O{[
MA2N^=)
gCLW1W
lP50QD
GJ$	fb
dN[e<7
DzNB9naR
1^Eim5
PVURYVT
LG/&3KJ
/}Y$k?
/J>,0#
Tp@xj6
yN"oQ,h2	
ldp	,C
`N6I(h
.bc9`^Gl
7O]/ct<0
W03]8%<
y7`v8d
}m #[d
't QXq
ul|dM@d
Z:Q*OcM
h]E2In@y
;w0C~n
Si\! 6
u=W,?3f6
b$zS1%
pC[K":
8oTv)S
rmI?Er
%kRcMt
q<3-;-
pha1A	
+C|#7/
`0}?Tw
B:c!9r
Y[sT&21:
!KThm5
@#JD{:
`):h'_
uxn.T#=
j`]'Cs
:cXA&Re
.:(<N qL
<]]VN@
NZC8!6K
]'t=j2K
5JDo's
k}u[*I
/gNk`)
|'<L%k
V{ {&"o
~nyz?0
`Cam`B
~fU!<m
9M8N\<
r^i9tx
kv$}c`
a<=Y+<y
cQFo>k
Yz2Abh
+,G9v~
*Mia?2
}'Z\yE
7ZU	,=
oHG$J^
*c!t'v
9.jVU!
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentStringsW
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
LCMapStringW
LoadLibraryA
MapViewOfFile
MoveFileExA
RemoveDirectoryA
RtlUnwind
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetHandleCount
UnmapViewOfFile
VirtualFree
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
KERNEL32.dll
CloseServiceHandle
ControlService
DeleteService
EqualSid
OpenSCManagerA
OpenServiceA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameA
SetupDiDeleteDeviceInfo
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SETUPAPI.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>