Sample details: 1f885c881c00ae3271469cc6957c133b --

Hashes
MD5: 1f885c881c00ae3271469cc6957c133b
SHA1: d47e780bcfa30bab91e530f3bc36436afa017974
SHA256: f3ab7d7d715b6a71c7717d47cdcd1acd72551e3770ea9745f5e1ebadd0093d50
SSDEEP: 12288:kBPgIFtBx+s8u5v9+y/v6vqBwNz5C/DmLwixjVbv4le:kBPHd5vR/vcN1SYwS1v4le
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library |
Source
http://fartarta.co/nsound
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
T$*PQRh4
T$@PQRhX
RVSSPQh
T$PRWWWWWWWWj
9t$8uB9
L$<QRW
D$<PQV
D$<PQV
9t$tuZ
9D$Ls0
T$,RSP
D$$t	3
T$$;D$(u
;L$,th
D$ ;D$
uTVWh0
^SSSSS
tWItHIt9It 
t"SS9] u
HHt$HHt
?If90t
<at,<rt"<wt
URPQQh
t$<"u	3
< tK<	tG
j@j ^V
QQSVWd
	X 9} 
v	N+D$
PPPPPPPP
PPPPPPPP
tCHt(Ht 
;t$,v-
UQPXY]Y[
t*=RCC
;7|G;p
tR99u2
v	N+D$
<+t"<-t
+t HHt
eR>&!@
<MfSU2
! g%Ut!|
qT}L18
j]<vP{
{~ z;g
u#)Zh|
_VjyM!
B=v+ox
VC20XC00U
f-00f=
f-00f=
tRHtCHt4Ht%HtFHHt
Unknown exception
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
UTF-16LE
UNICODE
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
`h`hhh
xppwpp
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
bad exception
1#QNAN
1#SNAN
AboutBox
Text Files (*.txt)
All Files (*.*)
Strolls
No network detected.
memcpy
lifecicled
Version
DISPLAY
Test.bmp
invalid string position
string too long
deque<T> too long
?Dj0Q:W$=
5s3R6=
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
C:\codecs\CAPPS\boon\exte.pdb
FindResourceA
LoadResource
_lwrite
WaitForSingleObject
_lclose
_lcreat
TzSpecificLocalTimeToSystemTime
LoadLibraryW
CreateEventA
GetConsoleWindow
HeapCreate
GetModuleFileNameW
GetTimeZoneInformation
lstrlenW
GetStdHandle
GetLastError
SetLastError
GetProcAddress
GetComputerNameExW
GlobalFree
GetLocalTime
LocalAlloc
LockResource
GetModuleHandleA
LocalFree
lstrcpyW
KERNEL32.dll
IsRectEmpty
CopyRect
SetScrollInfo
DialogBoxParamA
GetDlgItemTextA
SetMenuItemInfoA
FindWindowA
DestroyMenu
UpdateWindow
SetWindowTextA
InsertMenuA
GetSystemMetrics
CreateWindowExW
GetMenuItemCount
DrawMenuBar
CreatePopupMenu
LoadAcceleratorsA
GetCursorPos
SetWindowPos
GetSysColor
EndDialog
ScrollWindow
GetDlgItem
InvalidateRect
UnionRect
GetScrollInfo
CheckMenuRadioItem
SetRect
TrackPopupMenuEx
GetMenu
WinHelpA
DlgDirListA
BeginPaint
GetClientRect
DrawIcon
CopyImage
DrawIconEx
DrawTextA
SetCapture
FillRect
InsertMenuItemA
GetWindowRect
ScreenToClient
HideCaret
SetTimer
GetMessageA
EndPaint
USER32.dll
TextOutA
CreateSolidBrush
GetStockObject
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
GetPaletteEntries
SelectObject
DeleteObject
SetBkMode
CreateDCA
EnumObjects
GetCurrentObject
GetDIBits
GetDeviceCaps
DeleteDC
SetTextColor
ExtEscape
BitBlt
GDI32.dll
GetSaveFileNameA
ChooseColorA
GetOpenFileNameA
CommDlgExtendedError
COMDLG32.dll
ConvertSidToStringSidA
GetUserNameW
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
AllocateAndInitializeSid
CryptGenKey
CryptDestroyKey
ADVAPI32.dll
SHParseDisplayName
SHBindToParent
SHELL32.dll
ODBC32.dll
WS2_32.dll
Icmp6ParseReplies
DeleteIpForwardEntry
Icmp6SendEcho2
SendARP
IcmpCloseHandle
IPHLPAPI.DLL
PathFindFileNameW
SHStrDupW
SHLWAPI.dll
ImageList_Create
COMCTL32.dll
RpcBindingSetObject
RpcStringBindingComposeA
RpcBindingFree
RpcBindingFromStringBindingA
RpcMgmtSetComTimeout
RPCRT4.dll
glMatrixMode
glViewport
glLoadIdentity
OPENGL32.dll
SetupDiGetClassDevsA
SETUPAPI.dll
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
USP10.dll
GetModuleHandleW
ExitProcess
DecodePointer
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
WriteFile
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RtlUnwind
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetStringTypeW
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapReAlloc
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleW
CreateFileW
VirtualQuery
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVbad_alloc@std@@
WYGu;m
a_	d]5
zTJgl,2
no3S	H
C"/bK}
`#8cRs
^WY%'&
bNbed26
	~Gfg:|
L itn{
rApC$'
mIL%p:HL
D;R{h2E
*!I ~&
SaH.f=/
$+391er
w$WB*E
5t-@pG
 8:Hs@
::^-Q0
#k>!od-
PAh]^{YY
k`(4ph
$eXsW/
lxu)^D
7Z"q:p2v
ff}7x&
T0(9aK!
WC\v)6
}4c('I
KjjN@V7#
SL`}-|
\"n b4
LDHF&q
XH)D%0
K\AHa.0
2AO%58W9
d6rpH24
;-3!*C/?
5ufaOp
8.eCd(
yEZ"&<5
gOYIF*
~C}wza
C1|DS9d
g&#b`B
n%5|\7
]kj(gP,
}b|;L.
>e,et/
T023,`
@`z#_4
:	kMHy
sFqcvB
s+[fOt
e@0JDN
\t@xt$
,]ig7f
"T!E50
I[:Y]$
n&:C]Y
NiLYqB
s@\lti+3
s-Z9Ko<
u1d $-
*>e_$*Htked
^O5=cB
)s'2|$
uu9g-7WP
]cpy_E
Xh%}cQF
cJroh:
j+;M`h!}
]HMKWuI
Go_XY3
 IR9)LU`
:HTN&I
k[	:HT
K};mQ=
4gQ|#n
If*Gx<SG@
{"7j`B
mNSls:ehb
L$h/3z
1K+gME
p3!yl!
QZh;cQK
IS%*q|)
:h]y}H
}hpQLX
Z@c>iz
W2a8ln
C<%QN4v
MpFp$\
=}5:Y~
$N~H4*
4;tp2^
gG	xNTR
m#2A5c
Ac*^X8y
k,lzk3fO
OwfND4VC
D0#set
Xk^Zwd
STHL3E.uC~)
my@n(f
^BO5*;
+I |?_
,^K \b@
A{T>'z
{#7eB.
9#[VC2`
pDK-|]
Jm~KV,
'.g-Yq
+/D,kO
#EUL[A
$$0\FfE
uC8/w|
]pqYJi
/n>&}\o
;6F8[^
OmgTDT
3N{."R
}t{|x^Yz
8:xh<5
rD`xV)
@lM<>B6_
W(	6l~;
m]jI7p
^EJc-z
!%1QEK
r05HAc=R
X5?6oo8
[?sgAGC
WSUy',
)%Yjy>AO
qTJ./6
}u/-A >
25)OO]W
JdL(.1&-:
mH[j#d
?6Iamq9
(hgD<-
z~$oyDo
O6\{(EH4
ur)Gp9
| Rea3a
[RK4gC
\kC]wv
{Uf	f0
>O@'9!x>
;FL*'o
4Nu-og.)
[(Q'`XIRy
,v"XF,
tT{xG%
E#sBi,
oi\<01
V2jRCbb
QC+dcH-
p\/`W6
wi<'f+;
-`z>ZT
l^QBHgS
m~s#(=}
:5N{Jb
}(&3 pK
lv1p)tI
fdDUCg
Q[wJMx
mV6PTJ
k&^FN-u6
 bev.K
p=^xQ8
8fY5eF
;wV;{4Z
@oqU=f
MK7PY3
Q-vK.F
mSYi9A
~ f2qckkQ
U^A#~(
b>jlx{
&n<gP-5
b[C{P%
I"C8&T
z	U}Bf
)0"V-76
@"~5Ms
2v6JM\
<S#_oJ
wDhp}	
VOBa=P
k-OO<D
fz9cRv
5JMhSK}
p~I 	/
Xl=<rd
Cn0wh%
?"J;9pp
N9a/&9
)Yv2U-7
~oOBPe
'~#jW-?G
,mK+<h
3}hikN
l0=k"`
;3HOU7
]_C;	%mE
Do9yr)
(t/z}]
:`vQ8'z
t+4>NZ^
,_E37X
{\weh,"t
5/FHqF
f)I!2g
[*Y7INR*
I*e5yZ
eXso_'T
^;xU('
&Xj~p!
mvJJw>~r6
v	FO'u
qJTj9h
U|#on3
pFCN BK
~AYBmw
@IkNf3y
WIAlF/eY
C.G	[J5D
WG95/B
!{w`Ki
njXbS:
tE{wk{
Tqhs}G!
Ac6> PCK`
)TA~?r
(dG@t$/
}]rgy|
^aTC6b>
ZycTG4Z
R6v\1i
elc`hs
]Pq)+u
-GR E|
H?!e,B
{YFMxv
ZB$EH^5?
Mzb	=S
oGxK([
pz\NZ1
K,>gB=R8
tWOGDNR
O!#0{{
xIzBA%
D-='8-
DET)!$
9fqCzM
xI,w%P
!~~^E(
{yYV4	q
6By(@0G
	hpdPQ0
C!],T;
:v[8	m
f.8x?wYt
lj0mc}
'|%zV 0
X`f6lw
m*}wdg*
$wfMX/
J]y;Ikk
Xs~@:X5
x{Gpc]\
u;a{fl#}i
=E&D	o%
H}yiYV
l85'r5
[:R$n1
Cc1T:{WdR
w%!251.
9^v(qV
4	k~c9
oA*7G(
0[tB+{
~ykjch_
^b`Qo-
bcyAQa
6jz=k`
jA? y^
D|DLQhl
M9+	:y
;t7)mXp
GwFr%Y
4X,ioA
K%c_jJ
y*a<F]Z
EZpfIe
:J,pp#
Sa&I^w
moA%9]j
FxO7p>
zp69ON
}s&SkeM
tS	w`=k
P+K$Y:LG
oqK	X9
1eFmE"
hc]$Hlx
%\9~=l
(H.CF%^
l+*|qS)w
$crwtp
Y:v,L}E
 ^$8l'
D52N:ce
=_LNg4
g\Xn]j
A.`}?J
@R~sk;
,icQquc
l=HaX	J
>sXZbbo
d~,r.l
L6p.kf
]ubU4j
y>f8[0Mr
%xh}iAl4xf
Col6`]
PF4Hwt
><(Yy>
+Qqo~f
,]p\=1v
^$^i.c
0[ro?T
W>yFp5
-jWHG]
=H"J"b
xa5ll'
3<oprg
gKRQ1H
ha[HE5
D,$jtp
'lhg"]
rYRDhm
?aqlz(
|yF7v*
E'5lS@
21;}ExU
#Y#08G
n^BHZAa
*x1%^. 
V7Ab1[o
3gp(Qd
M|m4pW
Kj1<'E
lT?T_W
I$pasR
~OM_@<y%
~0N\dT5U!$
<5d^mp
tji1PQ
.a$J=1
QJY~T"H
-=+m,f#
i;o72&
I(b^gpV
:xj0b4
bh?x a
}gYe1B
N-P~d`
hI-<R1
5gh%Ck*
<d;iq'
(5W\0N
m5C-b	
E	"+X` W"WZ M
IS?'a^
X;0`.Rz
p`#>3*
B;gZZ8
8*fl4A
`4%d>{vF#
d3Sj/l
Ckx>kO
O^Dz.c
gvSeA/
ywB..K+\
jI8}:n
}z"B0mE
gy./c%Xl(
<1B]jd
vF^KTjg1
[Ru+]:
wJ~sHc
GTpi,x
%t	?5|f_Lz
BG45wK
'^=F:&
:Gm^z4
~{$<C9
T|~+SS
+;qaN\
zx *2Y
e,8Uj(
kB/I$GEn)+
	V<T((z+,h
Wji)M/o
n+i_E7
9lLS*Ru
e_WnA@2
Xjk%%Cvf
Z#aHdq
iT\pNy
MuiR.1
x\JY~m
|YkVq=
V_Sf	c
+|2ao#
09\\)XA
9\(l_W
6qxHq+
S CX%z
tm\O#~
3(wJ?%]I
/sUe"N
aZNne\
;;t'jP
J*Pt0L
Z]$@i/oYB
K^ 5DC
iA^Dk-$
WKwl]y
	Y;1{.
[W(J3}H
Vjq~:,
FG5J8@
FAH~mI
98D)j`0
UW<Yb7
U76la%=:
+?tUS`
Gw|0g4
O5xF!>
ZwH-BJ
a	i8>1n>4}l
Qk&)nP
dMhnOmK
dO"H,O
;.]v7(GT
YVv	&2
#H("eIg
X(+GT-7
0"zE=EvU
r#}`b;
ap-2r s
k_[SrD
d}h%|F
PJW	UU
r95Wl`
h.1;zb
AS`EIl
6f&7S5
u u\G7
#vq,P$
{rqDy~{
o8xzb"$
V/Z\/Pt%
_zMd6{DR
lWj!.w
Tm;xtL
@B?)9.
:i,E\~
AYUbQ\
I*uV.9A
/\91XW
k{WXol
/pX>#WL
etbCEZ
I+z~XRD
XDP~7b
tQP(?!
w'pz7@
D-\+vi
EdvcCZ
\`aKX5g
29,CLW
U	j`5j
61$DL+9
zc\%%/
9u$rns
P4KB5+
3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333>W
3333333333333V
n33333333333
3333333331
33333333
33333339
c333333
333335
3333339
c3333333
333333331
333333333
33333333333V
n3333333333333>W
3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD