Sample details: 289bd7053fe907bd5059aef4694d334c --

Hashes
MD5: 289bd7053fe907bd5059aef4694d334c
SHA1: ab4981c15cbf5b19f949c6d62285b3cd5223b9c7
SHA256: b9f128883bab854045d01c664ea105d977db3bf758797376b54074b8687821f3
SSDEEP: 3072:k1NzxNFC/5SC92g+7vnss18RbhZ7GjnKmf5hO:6rg8Cgn7/sY0ZQnKmf5hO
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 |
Parent Files
6c59ac63cdbf32748efae91ed3acdbd8
Source
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
d:\drvsrc\icondll\objfre_win7_x86\i386\JmCrIcon.pdb
_XcptFilter
malloc
_initterm
_amsg_exit
msvcrt.dll
_except_handler4_common
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
KERNEL32.dll
JmCrIcon.DLL
FFF	FFF
GGG)GGG7GGG?GGGFFFFIFFFMGGGGGGGDGGG;GGG3III)III$III
IHFmFFFlGGGlGGG_GGGUGGGKGGGHGGG:GGG1HHH-III$JJJ
FFF{FFFmFFFbFFF[FFFKGGGBGGG;GGG0HHH+III"JJJ
FFF{FFFpFFF`FFFUFFFJGGG@GGG9HHH,III&HHH
FFFvFFFmFFFbFFFSFFFJGGG:GGG5HHH(HHH$GGG
FFFvFFFdFFF[GGGMGGGFGGG:GGG/GGG&GGG
FFF	FFF	FFF
FFF{GGGqGGGdFFFXFFFJGGG<GGG3GGG'GGG!FFF
FFF	FFF
GGGuFFFjFFFZFFFJGGG=GGG/FFF$FFF
FFF}FFFlFFF\GGGFFFF4FFF"FFF
FFFtFFF^GGGHFFF3FFF!FFF
FFFrFFFYFFF<FFF&FFF
FFFbFFFDFFF-FFF
FFFiFFFEFFF.FFF
FFFiFFFIGGG/FFF
FFFdGGG@GGG*HHH
FFF{FFFVGGG<GGG"HHH
JJJ	MMM
GGGnFFFOGGG4III
FFF	FFF
GGGkGGGFGGG/III
FFFgGGGHGGG.HHH
tiL#VSH&
FFFsFFFSGGG:III#III
FFFgFFFOGGG6HHH$III
FFFkGGGTGGGAGGG1HHH#GGG
JJJ	FFF
FFFzGGGdFFFOGGG>GGG-GGG HHH
GGGuFFF_FFFIGGG6GGG$HHH
FFFkFFFPGGG8GGG"XTH
FFFkFFFLGGG/
FFF[GGG9
FFFbFFF<
FFFbFFF<
FFFZFFF5
FFFuFFFOFFF,FFF
FFFgFFF@FFF#FFF
FFF	FFF
FFFXFFF4FFF
FFF	FFF
FFFqFFFIFFF)FFF
FFFaFFF<FFF FFF
FFF	FFF	FFF
FFFzFFFRFFF1FFF
FFFjFFFDFFF&FFF
FFF[FFF8FFF
FFFsFFFMFFF,FFF
FFFdFFF?FFF"FFF
FFF|FFFTFFF3FFF
FFFiFFFEFFF'FFF
FFFyFFFUFFF4FFF
FFF`FFF@FFF&FFF
FFF_FFFEFFF,FFF
^XIeFFF@FFF,FFF
FFF	ROG
FFFEFFF6FFF&FFF
yN{FFF9FFF2FFF(FFF
vNxa[IwOMGyGGGpGGG[GGGFGGG1III%JJJ
FFFlFFFWGGGCGGG/III
FFFgFFFQGGG=HHH)HHH
JJJ	MMM
FFFyGGGcGGGEGGG6GGG#HHH
FFFnFFFWGGG>GGG)FFF
FFF|FFF`FFF;FFF
FFFcFFF0FFF
FFF{FFF:FFF
FFFyFFF6FFF
FFFjGGG-FFF
FFFMGGG MMM
GGGvGGG8III
FFFrGGG6JJJ
FFFUGGG/III
GGGgGGGDHHH*HHH
FFFbGGG?GGG#
FFFwGGGH
YTHwFFF0
FFFOFFF
GGF|FFF7FFF
FFF^FFF$FFF
FFFEFFF
FFFoFFF/FFF
FFFSFFF
KJG~FFF9FFF
FFFTFFF"FFF
d]JkFFF,FFF
FFF'FFF
zmLJFFF
IIFrGGGFIII%LLL
FFFfGGG;HHH
FFFPFFF
FFFRFFF
FFFQFFF
GGG.aaa
GGG2OOO
FFFUGGG 
JIF]FFF
FFF.FFF
ZUHdFFF
}qQkFFF
uG%gsE"
vI&isE"
}P-~sE"
zM*usE"
xK(psE"
R&	8k= 
uG%gsE"
vI&isE"
}P-~sE"
zM*usE"
xK(psE"
FFF	FFF
FFF	FFF
FFF*FFF0FFF/FFF-FFF)FFF
FFF$FFF0d]JOFFFJFFFSFFFTFFFNFFFKFFF>FFF1FFF%FFF
FFF	FFF
FFF)LKG:|oMn
FFF~FFFtFFFfFFFVFFFAFFF3FFF&FFF
FFF	FFF	FFF
FFF	FFF
FFF-^YII
FFF}FFFjFFFVFFFJFFF6FFF)FFF
FFF,ujL\
FFFmFFF^FFFGFFF9FFF)FFF
FFF	FFF
FFFpFFF_FFFMFFF<FFF.FFF!FFF
FFFvFFFbFFFMFFF<FFF1FFF!FFF
FFFxFFFdFFFQFFFCFFF1FFF'FFF
FFF~FFFgFFFUFFFGFFF3FFF*FFF
FFFjFFF[FFFHFFF6FFF,FFF FFF
FFFmFFF]FFFIFFF:FFF-FFF FFF
FFFrFFF_FFFIFFF9FFF(FFF
FFFmFFFSFFF:FFF!
FFFvFFFOFFF2
FFF`FFF=
FFFfFFF@FFF
FFFeFFF@FFF
FFF\FFF:FFF
FFFzFFFOFFF-
FFFiFFFAFFF!
FFFZFFF8FFF
FFFtFFFIFFF-FFF
FFFdFFF>FFF
FFFUFFF0FFF
FFFmFFFJFFF'FFF
FFF]FFF8FFF
FFF	}pM
FFF{FFFNFFF+FFF
FFFlFFFBFFF!FFF
FFF]FFF2FFF
FFF	FFF
FFFtFFFJFFF(FFF
FFFdFFF>FFF#FFF
FFF~FFFPFFF2FFF
FFFcFFFDFFF%FFF
FFFoFFFOFFF3FFF
FFF_FFFNFFF8FFF$FFF
FFF	FFF
ysQtFFF;FFF1FFF"FFF
ZwFFF#FFF
ujLD^YIIFFFFFFF@FFF3FFF FFF
FFFjFFFOFFF2FFF FFF
FFFoFFFUFFF6FFF#FFF
FFF	FFF
FFFuFFFWFFF;FFF'FFF
FFF{FFF^FFF?FFF,FFF
FFF	FFF
FFFcFFFGFFF/FFF
FFFfFFFMFFF1FFF
FFFlFFFNFFF2FFF
FFF_FFF.
KIGtFFF4
FFFZFFF!
FFFCFFF
FFFiFFF*FFF
FFFMFFF FFF
FFF8FFF
FFF_FFF(FFF
FFFFFFF
HGFoFFF4FFF
FFFVFFF$FFF	
YTH{FFF=FFF
FFFHFFF&FFF
rMVFFF!FFF
FFF	FFF
						
								
".3852,
K]ll\7*"
NYK+.[h
jL)""*0594/
tUEENj
U?''E)
ARAA``UA>
>ARRA~
>ARRRAAA>
>ARRRRRAAA
RRRRARRAA>
RRRRRRRRAA>
>ARRRRRARARA>
RRRRRRRRRARAA>
>RRURRRRARAAAA>
RRCCAARARA>>Vr
>>>>CRCCRr
5@=HWTE$
XkZB=1 
(,8(+:<531@G
(8,L`lf(
,88;A_vm3tuOYD
,88,,(\j[P@,
,8888,(
,88888,(
(88;8888,*
,;8888,8,((,;Ndi
J(,,88;KSei
++++++++++++++
 2778866/
-:2&$33
)C1	DD
(<>B@=;$
@hI0$ 
+ //O1~
)7(Iz&< 
{Y<;DB
Cd0pJ]6
GVvtt:
/("fjl
PYUA.!
5otAYq
Pt.//v
[n{J-O:V
`Xqf0d
O{?2>w 
1y	2^H
2ko_BM
,}aY06
(Vb]@Y
87GGSR
sQNs|(
v6t@Kk
nW\y;<
mMJbhvgv
^%)LtU
N;m6\y
]B/@i9
U/7@{G
GN-RRJ9
R]42EAB
65@mM	Y
H?/b4A=
l`?<[0
]c,j]'E}
$X[k3={[
kgB~a!1?
H*.)Q*@
O*HZl3
aFG@@0
a(pG{{
;-^j	(
o0~~[N
?//Nbg~~
7\Wz!d
W7rzOO/
?5776M1
	bz$S:
={MI5]Q
}U7'tr
@SxOC{
###+   \   
!!! !!!c###
###&###R$$$
&&&+&&&]&&&
((( (((a(((
DDD@)))
UUU}'''
BBBg@@@E===2;;;#:::
>>>o>>>H===&;;;
CCCq>>>];;;H;;;.:::
CCCk???G<<<3:::#999
!!!	   1
!!!	"""1!!!i!!!
###	###1###i$$$
'''	%%%1$$$i&&&
(((	)))1)))i+++
aaa0...
^^^H222
>>>l>>>O>>>5<<<
@@@c>>>G===.<<<
sssZ@@@
CCCx???Z===><<<&;;;
,,,{!!!
FFF	FFF
FFF$FFF.FFF-FFF.FFF.FFF1FFF*FFF'FFF(FFF#FFF
FFF$FFF3FFFCFFFNFFFPFFFWFFFSFFFPFFFQFFFHFFFEFFFBFFF:FFF7FFF.FFF%FFF
FFF	FFF
FFFyFFFnFFFhFFFaFFFYFFFSFFFEFFF=FFF3FFF)FFF
FFF}FFFtFFFbFFFZFFFIFFFAFFF1FFF%FFF
FFFyFFFiFFFWFFFHFFF6FFF(FFF
FFFnFFF^FFFJFFF<FFF+FFF
FFF	FFF
FFFsFFF]FFFLFFF8FFF'FFF
FFFsFFF[FFFGFFF4FFF$FFF
FFFnFFFPFFF;FFF+FFF
FFF|FFF_FFFDFFF0FFF
FFF	FFF
FFFfFFFOFFF7FFF FFF
FFFpFFFSFFF8FFF"FFF
FFFtFFFWFFF:FFF&
FFF|FFF[FFF;
FFFwFFFO
FFF	FFF
FFFwFFFIFFF
FFFeFFF@FFF
FFFTFFF5FFF
FFFuFFFJFFF'shL
FFFeFFF>FFF 
FFFRFFF1FFF
FFFnFFFFFFF(FFF
FFF`FFF8FFF
FFF{FFFSFFF0FFF
FFFjFFFFFFF"FFF
FFF[FFF8FFF
FFFvFFFOFFF*FFF
FFFgFFFBFFF#FFF
FFF]FFF7FFF
FFFwFFFHFFF)FFF
FFFfFFF;FFF FFF
FFFVFFF4FFF
FFF	FFF
FFFrFFFJFFF*FFF
FFF	FFF
FFF\FFF9FFF
FFFgFFFIFFF*FFF
FFFfFFFPFFF2FFF!FFF
a[IYFFFBFFF0FFF!FFF
FFF)FFF(FFF
~O9FFF
rM;[VILFFFPFFFLFFFFFFF?FFF5FFF/FFF&FFF
FFF	FFF
FFFlFFFPFFF9FFF FFF
FFFQFFF2FFF
FFFgFFF4FFF
FFFbFFF,FFF
FFFGFFF
FFF\FFF FFF
FFFsFFF*FFF
FFF}FFF-
FFF}FFF
FFFSFFF
FFF.FFF
FFFnFFF
FFFGFFF
FFFgFFF
FFFDFFF
FFF(FFF
FFFaFFF
FFF>FFF
FFFLFFF
h`JMFFF
2*2B2W2\2b2z2
3"3)343>3T3m3w3
8*8?8E8K8Q8W8]8d8k8r8y8
90989<9D9H9P9T9\9`9h9l9t9x9
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
100720000000Z
120725235959Z0
Taiwan1
Hsinchu1!0
JMicron Technology Corp.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21!0
JMicron Technology Corp.0
w398v'
3http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0?
3http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
090521000000Z
190520235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA0
'tag'Mj
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
http://ocsp.verisign.com01
 http://crl.verisign.com/pca3.crl0)
Class3CA2048-1-550
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)09100.
'VeriSign Class 3 Code Signing 2009-2 CA
^evr9D{
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
100727020834Z0#