Sample details: 1fc692d311282cd78271b2388c79c318 --

Hashes
MD5: 1fc692d311282cd78271b2388c79c318
SHA1: 6be2498e5b37a35df02857c782625656b4d3cf73
SHA256: 2a7d2e2207e0807c863b360145ef5c50f68ec282e4589f6f91f62498254ee90e
SSDEEP: 6144:EwOh7YRphs8DaZzarovkRiv7gpjtyDKdBPsm69ls:EwEcRph3aharovkAvMlty4PzUls
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://photoscape.ch/Setup.exe
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
@.gfids
@.rsrc
@.reloc
tusoko
kernel32.dll
yatufolutaxucuracaliximobina
string too long
invalid string position
Unknown exception
bad allocation
bad function call
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_parse)
regex_error(error_syntax)
regex_error
bad array new length
bad exception
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`template-type-parameter-
`generic-class-parameter-
`generic-method-parameter-
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static 
virtual 
private: 
protected: 
public: 
[thunk]:
extern "C" 
short 
unsigned 
volatile
std::nullptr_t 
std::nullptr_t
<ellipsis>
,<ellipsis>
 throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
char16_t
char32_t
wchar_t
__w64 
UNKNOWN
signed 
 volatile
`unknown ecsu'
union 
struct 
class 
coclass 
cointerface 
volatile 
const 
cli::array<
cli::pin_ptr<
{flat}
CorExitProcess
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetActiveWindow
GetCurrentPackageId
GetDateFormatEx
GetEnabledXStateFeatures
GetFileInformationByHandleEx
GetLastActivePopup
GetLocaleInfoEx
GetProcessWindowStation
GetSystemTimePreciseAsFileTime
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
GetXStateFeaturesMask
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
LocateXStateFeature
MessageBoxA
MessageBoxW
RoInitialize
RoUninitialize
SetThreadStackGuarantee
SystemFunction036
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.text$mn
.text$x
.xdata$x
.data$r
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.gfids$x
.gfids$y
.rsrc$01
QQSVWd
URPQQh
tK<_t<<$t8<<t4<>t0<-t,<a|
<z~$<A|
E<$uMR
<0|L<9
tE<A|2<P
t9<_u5
t.<_u*
<A|,<P
<$u"8F
<0| <9
<0|^<8
;t$,v-
UQPXY]Y[
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
^$+^8+
^$+^8+
^$+^8+
^$+^8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
F2jgYf;
F(jgYjGZ
F2jgYf;
<0|H<9
x(j$Xf9
< t1<	t-
j"^f91j\^u8
j"^f9q
t/j=[f;
QSSSSj
tyPVj@W
_tcPVj@
u#j,Xf;
u0jAXf;
u0jAXf;
<xt"<Xt
u/jAXj
uFVWhd
Wj0XPV
taj*Xf
WWWPWS
u-PWWS
VWj\^j:
WWWPWS
SSVWh 
f9:t!V
|VWj=S
}VWj=S
QQSWj0j@
xi;50d
xg;50d
<0|o<9
u	!FX@
u^9^\t/
VX9^`tT
;N\u\W
j	PjYV
u2Vj@h
9C`u99C\t4
9C`u5Wj
jA[jZZ+
x7;50d
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
mSjA[jZ^+
8jZZf;
SVWjA_jZ+
uBjAYjZ+
SVjA[jZ^+
jAZjZ^
x7;50d
Wj5_f;
v	N+D$
v	N+D$
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVinvalid_argument@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVbad_function_call@std@@
.?AVregex_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
GetProcAddress
GlobalAlloc
SetProcessAffinityMask
GetProcessHandleCount
GetProcessIoCounters
SetProcessWorkingSetSize
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
TerminateThread
GetLastError
GetSystemTimes
GetTickCount
lstrcpyA
LoadLibraryA
GetCPInfo
KERNEL32.dll
SetScrollRange
GetScrollRange
GetPropW
USER32.dll
StretchBlt
GDI32.dll
GradientFill
MSIMG32.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
DecodePointer
Y	@tvYdz
Ld,|t 
n|~X77
?NS"hV%'=O(
dRp.LZ
/6U>DS
"Kv)G&X
FV bIJ
=?M'@y
<nq}K&N
Cu <9d
`s;_VN
&|!k(h
^p\?\Rv
\T.C\tU
*3v3r|
$%B.+v
zR]S%y
#R;Nrn
{*6kf<
;'u(%n#9
)`~WiYW
"Mw4gS
NIsEDh
#eK)-eG
SBDWX)z
0I3	]j
yK26pH
@>fcINp)}?6
0 0,00040
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1t1x1|1
7,7074787
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:
4 4$4(4,4044484<4@4D4H4L4P4`4l4|4
7 7$7(7,70747`8h8p8t8x8|8
9 9$9(9,9094989<9@9D9
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6t6x6|6
7 7$7(7,707
9(949@9L9X9d9p9|9
:$:0:<:H:T:`:l:x:
; ;,;8;D;P;\;h;t;
< <,<8<D<P<\<h<t<
<4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5
Z9^9b9f9
d3l3t3|3
4$4,444<4D4<5@5H5h5l5|5
6 686H6L6\6`6d6h6p6
7(787<7L7P7T7\7t7
8 8$84888<8@8H8`8p8t8
9 9$9,9D9T9X9h9l9t9
:$:4:8:H:L:P:X:p:
1'1,2 3
4-5K5U5_5k5y5
9*:8:_:s:
;%;N;T;Z;`;f;l;r;x;~;
<$<4<o<
=%=B=a=~=
=.>J>i>{>
?%?,?3?:?A?H?O?V?]?e?i?m?q?u?y?}?
0-0M0m0
2>3T3e3
6.6?6e6z6
757=7V7p7x7
8<8D8U8[8a8
:#:k:t:y:
:0;>;Y;d;
;D<S<Z<
=6=<=B=H=N=T=[=b=i=p=w=~=
>=>C>I>O>U>[>b>i>p>w>~>
?%?+?2?9?@?G?N?U?\?d?l?t?
D0W0u0
012h2o2t2x2|2
3 3$3(3,3
7$:7:U:c:
<H<O<T<X<\<`<
1G2O2a2
5;5T5q5
636O6Y6c6q6
6%919H:q:
;$;);9;>;C;S;X;];m;r;w;
>:>?>D>t>y>~>
?%?1?6?;?_?k?p?u?
	0.0@0L0Y0l0s0
4H4]4p4
6E6L6V6[6
4,5%6H6
8 8.8<8J8X8e8s8~8
9!909A9O9Z9
:7:N:t:
;(;/;8;=;T;
>=>D>I>[>b>i>p>
?$???F?M?T?
0*0B0Y0x0
0N1`1t1
5*6J6V6r6
9L9V9l9
9	:#:4:K:T:
;,<@<F<t<
=	>5><>T>v>}>
?-?2?9?@?G?T?]?
1?1V1\1i1o1v1
=)=F=Q=g=
=	>+>l>
?#?F?[?
090I0Y0~0
172R2^2h2
5:6L6o6
:&:::M:
<$<D<g<
=+=T=a=z=
1"1(13191G1
2C2a2x2
63686t6
627@7L7
7)868M8V8
:2:c:d;p;{;
<)=N=V=\=b=h=
?(?U?h?
1$1W1c1k1
1T2[2i2u2
343C3Y3o3
3=4D4V4b4
5F5k5v5
676F6T6`6l6z6
5"575#8U9
:F;J;N;R;V;Z;^;b;
;b<f<j<n<r<v<z<~<
02161:1>1B1F1J1N1
5B6F6J6N6R6V6Z6^6
6b7f7j7n7r7v7z7~7
6=6a6s7
,0>0S0e0
2,3B3P3
4 4&4;4\4c4l4
5+5=5I5Q5i5
;";e;k;
<;<A<K<j<q<
1-1H1k1
2+212?2Y2b2
2)3P3j3
8i9t9~9
;";*;2;8;d;m;u;
>(?:?p?u?
0 0(03090D0J0X0
0I1\1u1
3$3b3h3
1:1C1x1
2)2@2G2|2
3.373D3N3p3
4(4/4N4Z4b4v4
4W5h5z5
6"6'676<6A6Q6V6[6k6p6u6
7!7&7+7;7@7E7U7Z7_7o7t7y7
8%8*8/8?8D8I8Y8^8c8s8x8}8
:(:6:X:
;#;W;{;
<4<><Z<e<j<o<
=9=C=_=j=o=t=
>0>;>@>E>i>u>
?-?7?S?^?c?h?
0*050:0?0]0
1*1F1Q1V1[1
282C2H2M2k2
2#3H3l3w3|3
4:4^4i4n4s4
5!5&5C5Z5e5r5
6-686L6Q6V6x6
7R7e7	8*818G8]8j8o8}8
1"171Q1f1
2&2@2S2m2
5$5G5Q5D:
=N=U=e=t={=
2+363E3S3b3
7H8Z8u8
252L2c2,323
465E5W5i5
6 6:6I6S6`6j6z6
7%779d9
:':T:Z:
/0L0_0
1%202=2N2\2d2
4a4o4w4
:,:I:Q:z:
:1;8;A;k;~;
;#</<a<w<
3,3>3P3b3t3
8-8i8.:5:=:E:M:
3,4B4c4
:*;=;s<
7J7i758<8F8U8y8
8!9?9J9
:D;Q;^;k;
1,2A2R2
425Y5d5t5
5"6A6W6a6
767_7}7
7$8M8i8
8 9Q9m9
9A<6=>=u=|=
J2?3G3~3
9P=W=">)>
4+515=5c5
7%8d8o8
9J9T9o9
=">H>x>
=)>f>y>
0:0B0_0o0{0
282U2i2t2
5#5k5l6|6
7'72787A7
989D9I9O9
;"<A<r<
	0$0:0P0X0
4$9^9Q:
1$1*10161<1B1H1N1T1Z1`1f1l1r1x1~1
2 2&2,22282>2D2J2P2V2\2b2h2n2t2z2
2F3K3]3{3
1"1&1*1.12161:1>1B1F1J1N1R1V1Z1^1
;1<L<d<t<
= =4=<=D=L=P=T=\=p=x=
> >$>,>@>H>\>d>l>t>x>
? ?$?(?0?D?\?`?
0$00080d0h0p0x0
1(1H1h1
2(2H2T2p2
303L3P3p3
404P4\4x4
585X5x5
686X6t6x6
081h1x1
7 7074787<7@7D7H7L7P7T7`7d7h7l7p7t7x7|7
8<8\8|8
9D9d9|9