Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 1170b8f2ded33f64c4af5747ef762e10 --

Hashes
MD5: 1170b8f2ded33f64c4af5747ef762e10
SHA1: ebe3ef260ed00412802c1a6755d3bf5aef9946c8
SHA256: 5fb6329120801cfe464f9c8f93fea8138493a4471955a154590c02f71ad8b863
SSDEEP: 3072:WvAPQJ0usSc6FVrzwAH13jHmSxyA3Y1hrDRpuktFojxrcpdpJCvXH8TfLWhjHK:WvdKuG6HnwAHhDzxVXktGuzSHmYK
Details
File Type: PE32+
Yara Hits
YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry |
Parent Files
6f0c96f90c291731e428d50af0ebcb61
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.pdata
@.srdata
@.sdata
0 `	@(
'A2/ A
<B, 0	
<B, 0	
<D, 08$X@
x  `B	A
"@28p"!
	 !g?#
@	xv4@
	@!]?#
i,"0c|
|0  rb
@l4( 3
)`!Q y
< #R y
@`DQ y
!@C 0(
(AA?#`
	0A@?#
	(AA?#`
 AA?#P
 AA?#P
Al4(@$
!@1(x)
`bAXJ@
`1i @C@
string too long
invalid string position
Unknown exception
EncodePointer
KERNEL32.DLL
DecodePointer
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
mscoree.dll
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vbtable'
`vftable'
operator
__unaligned
__restrict
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__based(
InitializeCriticalSectionAndSpinCount
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
September
February
Saturday
Thursday
Wednesday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
bad allocation
c:\CCView\jgonz2_INST_Main\ASE_Installers\IIF2\Difx64\Itanium\Release\Difx64.pdb
DriverPackageGetPathA
DriverPackageInstallA
DriverPackagePreinstallA
DriverPackageUninstallA
DIFXAPI.dll
MultiByteToWideChar
KERNEL32.dll
RegSetValueExA
RegCreateKeyExA
RegCloseKey
ADVAPI32.dll
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind2
GetLastError
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RtlVirtualUnwind
HeapSize
ExitProcess
GetVersion
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
.mixcrt
FlsFree
 new[]
`vcall'
 delete
__ptr64
__cdecl
October
August
January
Friday
Tuesday
Monday
Sunday
-DriverInf %1 -Flags %1 -KeyPath %1 -Uninstall %1
Uninstall
driverinf
keypath
Difx64Return
Reboot
DriverPath
map/set<T> too long
C:\sTokenlog.txt
INVALIDTOKEN
invalid map/set<T> iterator
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVout_of_range@std@@
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
040716000000Z
140715235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
https://www.verisign.com/rpa01
 http://crl.verisign.com/pca3.crl0
Class3CA2048-1-430
==d6|h
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA0
080321000000Z
110423235959Z0
California1
Folsom1
Intel Corporation1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
ISWQL1
Intel Corporation0
/http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer0
==d6|h
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)041.0,
%VeriSign Class 3 Code Signing 2004 CA
.+!=438
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
090818224052Z0#