Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 33f33754bdce54f2e5c08308f8d06e5f --

Hashes
MD5: 33f33754bdce54f2e5c08308f8d06e5f
SHA1: 2068659d6b78e21b36e35746664a3e89b1ab500a
SHA256: ab814b886f34816dc563446f1203351ed9d5258a3fd764aa89bc7b02047770fa
SSDEEP: 6144:7W7hY28N0RfekhyDhX5S/pPgpxvFTfAZMw41muKU3QGPfxo1zavXWX63vzNvSS7c:+3oh0xP2KU3QGPfxoqXVgiGG
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation |
Parent Files
6f0c96f90c291731e428d50af0ebcb61
Source
Strings
		!This program cannot be run in DOS mode.
`.pdata
@.srdata
@.sdata
@.reloc
NoRemove
ForceRemove
```hhh
xppwpp
Invalid parameter passed to C runtime function.
DIFXAPI.pdb
0  	@ 
0 @	@,
0 `	@(
 @ EB@
!0Dx0(
Q" \@#
3?#@yXX@`B	A
@	`|xA
D00B 	a`
q0#@3g
0 @	@,
 cq @@3
0Ahv)@2
<B, 0	
<B, 0	
<D, 08$X@
@l4( 3
)`!Q y
< #R y
@`DQ y
(AA?#`
 AA?#P
 AA?#P
 AA?#P
 A@/#P
 A@/#P
 AA:#P
 AA:#P
	0A@;#
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 A@?#P
 A@?#P
 A@?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 AA?#P
 AA?#P
 AA?#P
 AA?#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA9#P
 AA?#P
 AA?#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 AA<#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 A@>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 AA>#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@9#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@?#P
 A@:#P
 A@:#P
 A@:#P
 A@:#P
 A@:#P
 A@:#P
 A@:#P
 AA?#P
Al4(@$
!@1(x)
`bAXJ@
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
malloc
_resetstkoflw
_vsnwprintf
??_U@YAPEAX_K@Z
_wcsicmp
??2@YAPEAX_K@Z
wcschr
wcsstr
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswalpha
_wcsnicmp
wcspbrk
wcsrchr
_vscwprintf
iswdigit
__CxxFrameHandler
__C_specific_handler
_errno
strlen
isleadbyte
mbtowc
__mb_cur_max
_snprintf
__badioinfo
_lseeki64
__pioinfo
_write
_isatty
_fileno
_XcptFilter
_initterm
_amsg_exit
msvcrt.dll
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_wcsupr
_wcslwr
_unlock
__dllonexit
_onexit
VerSetConditionMask
RtlCaptureContext
ntdll.dll
HeapReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
lstrcmpiW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrlenW
SetLastError
GetLastError
GetVersionExW
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
SetFileAttributesW
DeleteFileW
FreeLibrary
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
MoveFileExW
CreateFileW
CloseHandle
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile
CopyFileW
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
WideCharToMultiByte
CompareStringW
LocalFree
LocalAlloc
LocalReAlloc
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetSystemDirectoryW
DeviceIoControl
GetSystemTimeAsFileTime
GetProcessHeap
VirtualProtect
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
HeapSize
RaiseException
GetVersionExA
DisableThreadLibraryCalls
KERNEL32.dll
CharLowerW
UnregisterClassA
USER32.dll
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupFindNextLine
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount
SetupOpenFileQueue
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupQueueCopyW
SetupCommitFileQueueW
SetupDefaultQueueCallbackW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupGetTargetPathW
SetupDiOpenClassRegKey
CM_Enumerate_Classes
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
SetupDiSetDeviceRegistryPropertyW
CM_Get_Device_IDW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiSetSelectedDevice
SetupDiClassNameFromGuidW
SETUPAPI.dll
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ControlService
CloseServiceHandle
DeleteService
StartServiceW
ADVAPI32.dll
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
ole32.dll
pSetupGetGlobalFlags
pSetupSetGlobalFlags
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WINTRUST.dll
CryptQueryObject
CertGetCTLContextProperty
CertFreeCTLContext
CertFreeCertificateContext
CRYPT32.dll
RtlNtStatusToDosError
SetEvent
CreateEventW
SetFilePointer
SetEndOfFile
GetThreadLocale
WaitForMultipleObjects
CharPrevW
_CxxThrowException
DIFXAPI.dll
DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
Delete
(null)
SetupUninstallOEMInfW
SetupGetInfDriverStoreLocationW
DriverStoreFindDriverPackageW
DriverStoreAddDriverPackageW
DriverStoreDeleteDriverPackageW
NtOpenDirectoryObject
RtlInitUnicodeString
RtlCompareUnicodeString
NtQueryObject
NtQueryDirectoryObject
NtClose
InstallSelectedDriver
DiInstallDevice
UpdateDriverForPlugAndPlayDevicesW
.?AVCAtlException@ATL@@
.?AVSEHexception@@
.?AVCDfxException@@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    type="win32"
    name="Microsoft.Windows.DIFxAPI"
    version="5.1.0.0"
    processorArchitecture="ia64"
<description>DIFxAppA</description>
<dependency>
    <dependentAssembly>
        <assemblyIdentity
            type="win32"
            name="Microsoft.Windows.Common-Controls"
            version="6.0.0.0"
            processorArchitecture="ia64"
            publicKeyToken="6595b64144ccf1df"
            language="*"
        />
    </dependentAssembly>
</dependency>
</assembly>