Sample details: 29649c968550c8e97565e81dcce5b81a --

Hashes
MD5: 29649c968550c8e97565e81dcce5b81a
SHA1: a08c1bf3c9a73492ad27d793efa057f5582703ac
SHA256: 5b712f3ced695dd1510320494ecac67b277c0b386ee465303504c89431f87c78
SSDEEP: 6144:UD4w7ntS0ZnAK8ImLaY/83WQfNcH9/eXM4uvdY8+EJPbMDGLHOs+OYYu6VFEOW5R:U0w7YINY/RQ1HXM5yhGL9o6TEOdMv
Details
File Type: PE32
Yara Hits
CuckooSandbox/embedded_macho | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/antisb_threatExpert | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation |
Source
http://rosewinegl.info/2
http://folxdogerm.info/1
http://folxdogerm.info/1
Strings
		!This program cannot be run in DOS mode.
`.data
.data1
@.pdata
.idata
9|$Lw{
YCZ[^_
t|yCtNmMetrics
;luUCQh
j>hp-@
jJh8;@
t$rh8W@
jvQRh(Y@
WjNjoj|
QUhgA@
RNEL32.dll
u SPUQj
j	hPY@
w4r.;D$
F(@;F,vh
jHhXO@
>PUjvh
<lAPPShuL@
4$j	SUh
j!h([@
VVhd	@
T$$VPUj
t$2h05@
SjDj-h
jjUj[h
PWhXN@
j/h G@
t$	Pj4
_QjCVj
^_SWRVh(T@
XPj@Sj
QUhx8@
Pj-jbj
tI9s,tP9{
PVhxV@
jzj+hF
j*h`+@
QUh3k@
t$STj#R
RQQThw
DSUVWh
kernel32.dll@
:c:\Windows\Sy>
VUj]Tj
p Ft_QP
t$!h@5@
H ;O hM
j(jAPh
t$%QTh
PTSj2h
_^[Tj~j
tZWWW#
t$0QQt
VPUhP_@
VNTPorps
;l$$}_
jhhc8?
jbUh`2@
RSh[l?
Pj?hPU@
Pj(1H4
t$5hx>@
OjIQQQh4
w j^j?h
RVjUSh
Pj@jyVh
j=j2hD
GetPr/cess
indowSta
Sj^j?h
VQQj*hq
j\jeUh
VVUh2%?
jxSSjQ
j>Vh(]?
\@UTSSh
jRj#Vh
PjIjNhH
j)h2C?
TjUjjh
QTj[Th
@rocess
mscoree
Drver   
Virtua
elerators
GetLocalc
pBitmap
ARevision>0ain Handle
   pxform 
IGHT_INV
 0x%016IF_UF [in
tipleObjectBkColor
oadIconW
le to module
static 
on call
ORD,\(OvL
AppendMenuW
RegDeleteValu
etTimer
pidToParti
Sunday
tStrings
  Domain: 
lliWatts
AIN_TYPE_PROonsoleCtrlHandllFree
_uf\sources\e
BringWi
perator
o Keys F
lags>0x%08X<
ActionCrea
ipDispo
balAddA
Norwegi
WaitFor
HeapDe
GetCPIn
zeofResourc
CreateE
/cpcSignatureSen
eValueA
rientatioH
`virtua
gSetValueExA
rsionExA
timeKillE
@roximityTimeout
g1\work\3
ipant: %d
u=3+Pd
`C75<z
>sr@$,R
vAcX?Q
CEC){!c2
Y;39"/
@={gS=J
P^Zslm
i`q	 y
r28g1}
qm S:vf
1y1]lP
4x1[\b:
"T5={z<
$Ou:sh
k@vGPr}{
sXw/}#:
+L;S?w.
|&vw~x
$tWAV}$
A%Z<;`
 n@\?}
|mF)1W
1|,n5h
[|",r~}
g\r^ZRK
b\4=P4Cp
L#=]Yk
 )Zc0B
k|)u~C
WiU1jd
 "$Xz!=
9jTUum
x4.U?;
gpL{{%
~-WZj&J
!skG7*
!\o5Z-f	
Kc=C(:
pCS_st
|tf_qi
	x%!)|;s
\yq*z:
!D2PKs
"U$>uv
0l&B4<
Af$AoV
XY#r`Y
Iuyy<I
:$C8E2J
}	1(<@
{0Pk;f
FQH*Kw4
:^:-os
fGmZJQ
|U3$:p;N
?Qo}).
W$kXA,
3#V{6S
UXkX)1
RbjBJ(
mjo7yY7
!v01HN>\
`k!B`*
?P($C_\
]QNjrx
	_}>ZN
Gsiqu^
t*yhAlx1-i=
q^ov62
Yq|a/:
8N$B8f_8
\&}'P 
LCVljPf%
3~]p?u
Oel.${
Ec=Hoe
mS<~=<
Atec*s
Bo,KbC
,:%kng
ue,dn[d
SnW3)t
XsIg6xx
ygq%R7
0DljE	
5Ca&N(
,_;NCW
z;XgYs
!eJpp8
w,[T:p
q;GS\+
UfgDmo
]^<v4o$
MMMN;q#k
^aFul[
n9FeL'1t<
~k$7l>
>ayp,?,
`">zMW7R
_$F(BA?:
v7&[A!I
OH[YH/s
}.p18iX
K@r*Ks
H`QNTv
2!>>wM
Dq,!S@
1*HsxO
{VZs}h)
b.UPSN
^cg,M^J?
0g//UL
)~>"Pbi
4R0&$J
$fV<d$
GG1[K&
6!|?s!7U
or@>)8sX
[ko9k/
;nEA/	k
BeRx6{
s' dl%3
Ht|c[U
Sp;V3>-
?TzBG&
$_2m`-
7OQ"0an{
z-O\\ 
uBce{PJ
{|n[qO
L<K#s	
m7-'7\v}
'fY6dg
C,]^ =
ZZu	CsE6
693*0-
HUn,2_
Mq<M4uZ
SeX+F?
?qQt:N
BJ+4>7S
]N]~t8
&mZ2c1rO
~L?=|*p<!
QGigm+
rJZ&T1
wc2,w4
5%ee& 
'F-$Ya
@pIqkB
ugmXZ"~
	}+$mb`
AzN5Yy
Z,}5I,{0
!o>XZ-q
0.3F|O	E
$Vx97v>
6Z}FiK8
{GFW= 61D
f4<2Wz
)8yJM[
&+h+f\KZ=
c"l,P}f
6P.z*hQGM
?uUm~+=n
1},eMm-
I$C[tD#
;&Nv83
^n=pZb
]Vx{@xC3
9i8>"\
CiO47Y
W@	4mz
($IaxI
7qwx.6
OY\]&\
Apo-QL
rK<m\-
bA*^}d/
.X:DMV
=+?fq*
w]|`nFG
ht}=:$o
4*<}Nl
FrB*Rb
.la"=)
*+1uh1
>v+1hwqk~
]OtWQo
z&ILKQt4
!9<S,z
l2cA,a
I^1`lk
\Njsl&
<Y2=!P
a&9 q\
lC8F"x
m,m/xP?
[4R+k2x
|Kru;$)
4+Y'h?,
<wrT	/
008Y:	
'ga$V#
|O{\t+
5h%z\'
-f;/D%{Me
}6cpkg
J-I^-:t6
.pq'n=
sl.iu-
u$NNoM
v@ikj/
asRzR.H
rM*j)s
Pu';~3F
iS/>)k
{'/cQ#
kS#N-a
\?*{i2
sw-diY
J> Y*&
nhTfz 
I987uB
(nYfMt
IB&o"R
`<r;lp
'Wnco3
q;{TLn
*_)VVev
g/C{>&
tmVQxb
}JJw-k\
rDM&?>
>[!$8`
{;Ug~o
QxR\yNP
PDo>Y3
Wdq+*o
gQk_e!
c,QZ#P+
iD#`mh
.w,Ai#
p4kf>}
dKgj|49
&H^{NK>l
wB4V!>
)Z taH
g#@/G?
]V	+5S
%&s9?f
?CbVsu
W=Y>Up
g_RVi6
akwA[w
BPIWe,#
EQ0yMT
Ue&z`-:-
]8[3:v
9TC}L<
CY2yltY
m318S2
uPO%KC
tRB.'@
=PRWv6
%	'_T5q
GdW^(;
`Sz]*5O
Xnqa]m
%:WR|^
YQ7mX p
xKfpB\
5/A@uZ
DN|~\{
,ID<'P?
>4H&41
S) i@J+
'GP)E]oK
Y2E9wg
-}]H.0
:J<B=q
:6hrtu
vr11^@
HL"^`Y
_fGB?s
o	X!|dw
,ALV)T
qVY,q"I
gh space for locale information
- Attempt to initialize the CRT more than once.
This indicates a 
ESIF_EVENT_ACPI
ESIF_EVENT_COOLING_MODE_POWER_LIMIT_CHANGED
ESIF_EVENT_OS_LPM_MODE_CHANGED
ESIF_CAPABILITY_TYPE_CTDP_CONTROL
ESIF_CAPABILITY_TYPE_CORE_CONT
ImageList_GetIcon
CFormView
CSplitterWnd
Name:              %s
Desc:              %s
Driver Name:       %s
Device Name:       %s
Device Path
IPPGenuine
;H;H;H;H;H;H;H;HM[M[M[M[M[M[M[M[
tion@@
.?AVCException@@
.?AVCObject@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
ippiDCTQuantInv8x8LS_JPEG_16s8u_C1R
ippiDecodeHuffman8x8_JPEG_1u16s_C1
ippiDecodeHuffman8x8_DCRefine_JPEG_1u16s_C1
WikC?3
n&WukBL8V
@+~@#og
@j"j=%
X	CGC$
uz96|1
zoAcf1
|p1UXk
-?][NOh
Y5nUfJ
NXD1']
VrL	})
ykI(n${
6--=J.
9jwQBA
z~<l;i
q*_:`~V
f|nDBh
f/}9Fz
IW_8iL
rn:LM"Ox
qK"aDmq6y
 $wm>U
G.lg^T
aZL1*{
Gz2@{f
,}N0ag
m|,zWw}
_}6.MI
**;""iK
SN Vllv
G.97.>
a9s0Iv
mkiWMt
ULmuQD0
]/j3PK
;ef('zY
O9N^z\5
N2nu$+
>^2 E"
p0E+nI
Pg`q^w
$Pla C
U;y5XO
E9UyOL
\Ho.m$
2`Y>36\J
BvrQam
=fy8h-
JtUHEm
4,n1)4
PMyN)%R
w8y#"	
afaY|p
mf[!?wi
=	gYBp
/~CI=+
ubJO-gbD
KYD11fp
.?AVCMFCToolBa
VCMFCToolBarsLi
UCThreadData@@
.?AVCMFC
IPPGenuine
List@PAVCMDIChil
SnapshotNotif
IPPGenuine
.?AVAFX_
Video Tuner
System\CurrentCo
IPPGenuine
IPPGenuine
.?AVCMFCCaptionBar@tiate filtergraph
Erro\AGRSM_xface
REMOVE
ectRootE;tF
entProps
1\Programs\
ption@@
PPGenuine
ippiGetHuffmanS
.?AVCComCtlWra
.?AVCJob
N>LZhvtfXJ<.
MODULE_STATE@@
3cv42.dl
tringT@_WV?$St
ltsm*.*
.PAVCInvalidArgExce
mpleException@@
Excepti
AVDNameStatu
nableShutdowns
3ware Son_rtti
.?AVCMFCC
review graph!
Error %x:
Class\{4D36E96C-E32
16s1u_C1
PGenuine
5s\All Users\Start McrollView@@
raits@KPA
    %s s
SOFTWARE\INTE
cognized com
laceFrame@@
PropertyPage@@
PPGenuine
CAutoHideBar@@
3cmlinkCleanupW
.?AV_AFX_
8x8_DCFirst_JPEG_1u1
EncodeHuffman8x8_ACRefine
BINFO@@
ed by t
NOPQRSTU
setup.
Access Denied
.?AVCMenu@@
Software\Microsoft\Windo
.?AV_AFX_BASE
XBKBKX
/o continu
bh~X~X=
,:HVdrpbTF8*
.?AVCMapS
PAVCBit
ATL@@@@
ippiEn
(6DR`PB4&
IChildWn
odel@ATL@@@AT
ete service[ %s ]
UVWXYZ
.?AVCCh
VCControlBar@@
olSet\Serv@@
JPEG encod@
.?AVCMFCToo
abcdefghijkl
.?AVCWnd@
ct New Capture Device
IPPGenuine
its@KPAXU?$less@K@std@@V?B
rray@VCObArray@@PAVCBitm
.?AVCMFCCustomC
IPPGenuine
ble@CWnd@@
CDockCont
ForQStruct@@
    Commands:
PPGenuine
IPPGen;
?AV?$CArray@HABH@@
oft\Wind
Installing or rem
.?AUIDropTarget@
,:HVdrpbTF8*
CResourceExc
x %x %s
3cshtdwn.exe
.?AVexcep
_AFX_OLE_STATE@@
9aitMFC@_WV?$C
Matching
age@Gdiplus@@
lBarFontComboBox@@
iCtrl@@
ndowDC@@
ivePwrScheL
AudioDev
ning: service al@g
AVCRecentFileList@@
IPPGenuine
IPPGenu
IPPGenuine
rTraitMFC@_WV?$ChTraits
CThreadData@@
ne_JPEG_1u16s_C1
ataSource@@
CIPPGenuine
poolBar@
.PAVCSimpleExceptio
Genuine
VCVirtualASEDriveDlg@@
rray@@
Genuine
rlInfo
3cMdmMgr.dll
 Device Enumerat
BCDEFGHIJKLMNOPQRSbTb
leaning
bh~X~X=hijklmnopqrstuvwx
QRSTUVWXYZ
.?AVtype_i
_W@ATL@@@@@ATL@@$01
.?AVCEdit
ayName
Software\
.PAVCFile
Controller\Service
cessiblATL@@
apperBase@@
.?AVCDl
harFromMultiB
CoInstaller
IPPGen
E_THREAD_STATE@@
rosoft\Windows\C
.?AVCStatic@@
.?AV?$C
IPPGenuine
Ctrl@@
.?AVAFX_MODULE_THREAD_S
AFX_MODULE_
IPPGenuine
an8x8_DCRefine_JPEG_16s1
;H;H;H;H;H;H;H;H
CabinetWClass
Control 
1J!edH}
?'yZIk
lS'XmW
e$VbS&
4>O%p<
=VyO/4
uolTYnxZ
\t+hb{
po2zw:/
{n:`QC
m"0|Jo4
abRPFDv
{@YM>/
~J+2ub
^Ep9gD
Maq)ue
,!a7_f
{c(g!cq
r0M7l*
-NM\En|
hOh;It
65;vuC
C-|I+=
KQ$3Ly
y=[nS=|
.k)/k%
p-SvOu
OjRT8Ak
sbn+{n
{eqNg	
p~{gLY'v`
6b_`	n
!{%`":
no>Xtd 
>NV&e?
@#=f=k
H<R8x2
nk.}B4#
[6vY+M
x[Anklgsc3[
DKSQ>N
06'ubL
LT3#Mn-
a^a#${Ni
y?3=H,
j\2bTT
(lcSf4.
'<8z{9CT
kS>#3[G
lnz$)L
~^+S,Pvh
Nm8qkB
;>p8;B
yO"7Nt
^Oj.DE
~O{&&Vy
<Mz`dn>
qL3R	_
~wnuXh~
>hD}_\
vA-tLN
;so/{^qG
WK:,)(
Xp%jAaEg
?.Q2Ba
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetDriveTypeA
GetEnvironmentStringsW
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapCreate
HeapDestroy
LCMapStringW
LoadLibraryA
MapViewOfFile
MoveFileExA
RemoveDirectoryA
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetHandleCount
UnmapViewOfFile
VirtualFree
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
KERNEL32.dll
AuthzFreeContext
authz.dll
CloseServiceHandle
ControlService
DeleteService
EqualSid
OpenSCManagerA
OpenServiceA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
CertVerifyValidityNesting
CryptMemAlloc
CryptVerifyDetachedMessageHash
CRYPT32.dll
FindExecutableImageEx
SymGetSymPrev64
SymUnloadModule
dbghelp.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>