Sample details: 2253d4bfe9383ae05d3c928dc83bb844 --

Hashes
MD5: 2253d4bfe9383ae05d3c928dc83bb844
SHA1: 31aea4741dcdeddcdceb24f81f44d996ef2f96ce
SHA256: ae3678d2185db1a1dc3158e1e38693ae85933abd1955cc92309b5b6f6548c174
SSDEEP: 3072:QH1MYj9OafSwE7dWDRL7EPou77xbGuGvZJZgUQ:QH1jMaf3udc7couhWZ
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation |
Parent Files
05f6ffd3503fc7b8499f9d394f1d17d8
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
HtNHt1H
v7<\t3
SPj1Sj	
SPSSSSSS
tTh DB
t8hh6B
HtCHt9Ht/Ht%Ht
SWSSjxh
t7VVh 
Ht#HHt
tWHHtO
t7HHt/
YYt	PW
Y_^][Y
PSSSSS
WPh`?B
PSSSSS
SVWh`FB
HHt0HHt,Hu%VhX
t$(j"V
PSSSSSSf
D$Df9D$4u
f9L$6t
~x9~0v
FH+N03
tcfHWf
T$(UPQRS
T$0UPQRS
D$<PRQ
G(QSRP
9LDICt
D$ PRQ
8LDICt
>LDICt
9QDICt
8QDICt
>QDICt
>MDICt
>MDICt
D$09D$
89|$(w
L$0	D$
09t$(w
09t$(w
09t$(w29t$ u
T$ )L$
D$(+D$ 
D$8;t$(
;l$Hv 
D$,A@+
L$!;l$0w
;t$8s+
L$<#D$
SQRVWU
]_^ZY[
]_^ZY[
D$(9D$8
l$8+l$
L$8;L$(
SQRUVW
_^]ZY[
RQSWVU
 ]^_[YZ
 ]^_[YZ
L$ UQSRP
9\$<tz
/;t$$u
+D$ _^][
HSUVWh
f9=j2B
j@h(2B
T$ RSUW
D$(PWSUQ
VPWSUQ
D$8QVRh 
D$ _^]
t.;t$$t(
VC20XC00U
PPPPPPPP
L$ RQP
UWUVh 
H_^][Y
D$$RPj
H_^][Y
UVWuNj
D$,WQVURP
D$<VPj
T$<VPQRj
D$4UQRP
D$TRVP
T$DQPR
L$ PQF
KK<5|1;
T$(SUVf
f9|$(w
9D$*u,9D$.
bsetup.lst
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
?IsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
GetStockObject
SetBkColor
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
GDI32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHELL32.dll
GetWindowLongA
MessageBoxA
CharNextA
DispatchMessageA
PeekMessageA
PostMessageA
PackDDElParam
DestroyWindow
SendMessageA
UnregisterClassA
CreateWindowExA
RegisterClassA
DefWindowProcA
UnpackDDElParam
wsprintfA
CharUpperA
ExitWindowsEx
InvalidateRect
LoadStringA
LoadIconA
LoadCursorA
wvsprintfA
SetFocus
BringWindowToTop
TranslateMessage
GetMessageA
ShowWindow
ReleaseDC
MoveWindow
GetSystemMetrics
ShowCursor
IsWindow
FindWindowA
PostQuitMessage
EndPaint
OffsetRect
DrawTextA
SetWindowTextA
GetClientRect
BeginPaint
CharPrevA
UpdateWindow
USER32.dll
GetOpenFileNameA
comdlg32.dll
SetFileSecurityA
GetFileSecurityA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegEnumKeyExA
ADVAPI32.dll
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance
ole32.dll
OLEAUT32.dll
VerInstallFileA
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
lstrcatA
lstrcpyA
lstrlenA
lstrcmpiA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
OpenFile
IsDBCSLeadByte
WriteFile
CloseHandle
SetFilePointer
CreateFileA
LocalFree
LocalAlloc
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
lstrcpynA
GlobalUnlock
GlobalLock
GlobalFindAtomA
GetShortPathNameA
MoveFileExA
MoveFileA
DeleteFileA
CompareStringA
ReadFile
GetTempFileNameA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTempPathA
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
LocalUnlock
LocalLock
GetPrivateProfileStringA
GetFileSize
_lclose
_lwrite
_lread
FindClose
FindFirstFileA
GetFullPathNameA
GetExitCodeProcess
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
GetDriveTypeA
GetModuleHandleA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetFileAttributesA
GetVersion
GetFileType
FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCurrentDirectoryA
GetStartupInfoA
GetCommandLineA
SetEndOfFile
SetHandleCount
GetStdHandle
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
HeapReAlloc
KERNEL32.dll
sfXXXXXX
ACTION: 
CONFIG: 
NOTE: 
VB.Mooo.Conv.Child
[CreateGroup(
[AddItem(
[ReplaceItem(
ProgMan
[DeleteItem(
PROGMAN
echo on
copy %s %s > nul
erase %s > nul
attrib -r %s > nul
@echo off
Couldn't create Temp Reboot File: %s
WININIT.INI
[rename]
_MSSETUP.BAT
~msftqws.pdw
Error ExitWindows Error #%d
AdjustTokenPrivileges Error #%d in fDoReboot
SeShutdownPrivilege
OpenProcessToken Error #%d in fDoReboot().
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RegisterTypeLib of %s failed : %lx
LoadTypeLib of %s failed : %lx
Cannot access file: %s in fRegisterTypeLib.
axdist.exe
wint351.exe
Insufficient memory available to initialize Setup
ST6UNST.
SharedFile
TempFile
SystemFile
PrivateFile
GVBSetupInit
SetupText
SetupTitle
BootStrap
CreateDir
RegValue
"HKEY_LOCAL_MACHINE\%s\SharedDlls", "%s"
RegKey
"HKEY_LOCAL_MACHINE\
SharedDLLs
%s  %s
SETUP.LST
$(TLBREGISTER)
$(EXESELFREGISTER)
$(DLLSELFREGISTER)
$(WINSYSPATHSYSFILE)
$(WINSYSPATH)
$(WINPATH)
CTL3D32.DLL
_MSRSTRT.EXE
CreateProcess()
0x%08lXH
%s%s "%s" "%s" "%s"
%s%s /q "%s" "%s" "%s" "%s"
%s%s /s "%s" "%s" "%s" "%s"
%s%s /s "%s" /q "%s" "%s" "%s" "%s"
REGEDIT /S 
TLBRegister
ExeSelfRegister
 /REGSERVER
DllSelfRegister
SyncShell
DLLSelfRegister
VB6STKIT.DLL
MSVBVM60.DLL
MSVBVM50.DLL
ST6UNST.EXE
Uninstal
 -e %d
ST6UNST Uninstaller
$(Programs)
All Files(*.*)
Browse for 
Setup1 Files
BootStrap Files
CabFile
TmpDir
Cannot locate the System folder.
Aborting Setup.
Cannot locate the Windows folder.
Aborting Setup.
Cannot find folder.
SERVICE PACK 2
SERVICE PACK 1
UninstallString
AppToUninstall
ST6UNST #
$(Programs)
$(Start Menu)
End Component
	End Group
			Type = String(256)
			ID = 2
			Name = "Description"
		End Attribute
"FAILED"
"SUCCESS"
			Value = 
			Type = String(16)
			ID = 1
			Name = "Status"
		Start Attribute
		Class = "MICROSOFT|JOBSTATUS|1.0"
		ID = 1
		Name = "InstallStatus"
	Start Group
	Name = "Workstation"
Start Component
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
wwpwwp
@wwwwwwxwpw
wwwwww
wwwwwwwp
wwxpww
80,!>)()^c~bfbb
gcymggw~as
zD~mgc
(#&=c2+(Da}}}yjzueZyce}y
esD);2/D: +9wsmP'
0W0f0D0~0Y0.
W0f0D0~0Y0)
uW0~0W0_0
0Y0y0f0B}
bW0f0O0`0U0D0
0g0W0_0
}g0M0~0[0
L0ckW0O0?ceQU0
0~0_0o0
L0ckW0O0
W0f0O0`0U0D0
g0M0~0[0
Og0M0~0[0
ybkg0Y0
0f0D0~0Y0
O(u-Nn0q
NW0f0O0`0U0D0
n0zzM0
W0f0D0~0Y0
uW0~0W0_0
-Nk0qQ	gU
uW0~0W0_0
0j0O0j0
0~0W0_0
bg0M0~0[0
g0M0~0[0
fg0M0~0[0
n0^\'`L0
0g0W0_0
ybkg0j0D0S0h0
W0f0O0`0U0D0
Nckj0L
0?ceQW0f0O0`0U0D0:
W0f0O0`0U0D0:
Rg0M0~0[0
W0~0W0_0
,gSOn0
0f0D0~0[0
Rg0M0~0[0
W0f0O0`0U0D0
_g0M0~0[0
}g0M0~0[0
o0ck8^k0B}
NW0~0W0_0
bg0M0~0[0
0g0W0_0
n0+g>\!
RW0f0D0~0Y0.
'`L0B0
k01YWeW0~0W0_0
0k01YWeW0~0W0_0
0W0O0o0 
k01YWeW0f0D0
Nckg0Y0
}g0M0~0[0
0S0h0o0g0M0~0[0
k01YWeW0~0W0_0
0n0)jP
n04X@bL0
uW0~0W0_0
}g0M0~0[0
L0ckW0O0B0
~0_0o0 
o0zzg0j0Q0
g0M0~0[0
YW0~0Y0
}g0M0~0[0
0g0W0_00
0f0D0f0i0
0j0D0n0g0
g0M0~0[0
0g0W0_0
0j0O0j0
0~0W0_0
bg0M0~0[0
eg0o0j0D0n0g0
g0M0~0[0
W0f0O0`0U0D0
0MRk0 
eW0j0D0g0~
W0f0O0`0U0D0
RW0~0Y0K0 
D0D0H0]
W0_04X
0B0h0g0|
0S0h0o0g0M0~0[0
0k0o0 
RW0~0Y0K0 
0~0g0 
o0ckW0O0
R\OW0j0D0
'`L0B0
0F0h0W0f0t
uW0~0W0_0
k0X[(WW0~0Y0
L0X[(WW0j0D0K0
0~0W0_0
0-Nn0t
bg0M0~0[0
0W0j0D0g0O0`0U0D0
`1XL0eQc0f0D0~0Y0
vk0JRd
0h0M0k0
gW0j0D0t
uW0~0W0_0
W0~0W0_0
_T{W0~0W0_0
0F0h0W0f01YWeW0~0W0_0
RW0~0Y0
g0M0~0[0
SgqW0~0Y0K0?
0-NbkW0~0Y0.
D0D0H0
0?ceQW0f0O0`0U0D0
0?ceQW0f0O0`0U0D0
tW0f0D0~0Y0 
uW0~0W0_0
gW0f0D0j0D0t
uW0~0W0_0
SL0g0M0~0[0
0g0W0_0
L01YWeW0~0W0_0
peL01YWeW0~0W0_0
0f0D0j0D0_0
uW0f0D0
'`L0B0
S0n04X
W0f0O0`0U0D0
j0n0g0z
W0~0[0
0g0W0_0
~0_0o0 
g0M0~0[0
0g0W0_0
j0n0g0z
W0~0[0
0g0W0_0
~0_0o0 
j0n0g0z
W0~0[0
0g0W0_0
j0n0g0z
W0~0[0
0g0W0_0
~0_0o0 
eg0M0~0[0
0S0n0z
cc0f0D0j0D0
'`L0B0
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD