Sample details: 35ac4323f2ba28cc314cc9cd8be87326 --

Hashes
MD5: 35ac4323f2ba28cc314cc9cd8be87326
SHA1: 23177683c38774505bbfaaeba9060659d1086d85
SHA256: da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e
SSDEEP: 6144:fwzp8No7Perof3AZjbfo7R9G6H8dlVGLM5XW695HpsJJxKryfpdHRTu5Ov6VxuNo:fjNo7P1QaR9jHWGsq3RdHR5nhFy
Details
File Type: PE32
Yara Hits
YRP/maldoc_getEIP_method_1 | YRP/Dropper_Strings | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/win_registry | YRP/win_files_operation |
Source
http://paulcruse.com/njhgftrf3
http://m-tensou.net/njhgftrf3
http://monstermx.com/njhgftrf3
http://mh-service.ru/njhgftrf3
http://logica-info.com/njhgftrf3
http://hellonwheelsthemovie.com/njhgftrf3
http://handhi.com/njhgftrf3
http://estudiperceptiva.com/njhgftrf3
http://bjp.co.id/njhgftrf3
http://alucmuhendislik.com/njhgftrf3
http://paulcruse.com/njhgftrf3
http://hellonwheelsthemovie.com/njhgftrf3
http://estudiperceptiva.com/njhgftrf3
http://monstermx.com/njhgftrf3
http://alucmuhendislik.com/njhgftrf3
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
@.pdata
@.idata
QQSVW3
Cx+Cp+
 and res\ar_ you7 comp7t
r-befor& the new
t^ings will take effect.
90uY[_^
FP= DB
?~ej?Y;M
|8_^[]
uB_^[]
t$Oj9j~P
SShHG@
t$2jZj
|w_^[]
RPj	h%
^[Shh0@
_^VUShwq@
PYHSQh
VRQh0>@
ileNameW
PSh@#@
D$(QRS
4$VTTh
WRh@I@
t$hj6h@.@
RHTSSQhJ
PQjsRR
t$VhP%@
VirtualFr
RPh	v@
jjh _@
t$dh`0@
^KPVQh
VTh`Y@
SPh`;@
Failed to r
RTh@[@
#4$Sjz
j_hf^@
<$Pjnj
Uj9h.Z@
t$NQRj
johZ[@
$j&jgSh
jjj[Uj
WPhp0@
$jKj(Th)	@
t$	VSjr
t(9A<Uj
QPh#U@
6EZj2j
jcVj`h
_^[]jH
PPjvjw
^PRUj?h
t$fSjU
RVhX(@
YVRjyh
_^[PVh
4$SjeQhW
Rj1h9"@
QPhhX@
t$ehX!@
jdj'Qj
0jpTRh
j~Rh_,?
$SjqhV
j6j7h<
@_]jXh
jKTPPQh
Qjzj+h
jPjIUhm
_TUjrhz
Fjlj5h}
oducts\esif_
rror = %d
,-./012345
T	HtThreadPriority
FPC Vers
r gettinf
,-./01234
Handle
    <nam
tTokenInformatf
GET_PROC
essageA
event.
 enough s
eapReAlloc
MessageA
G()*+,-./01234
CSharedFile
on has ma
@etPaletteE
SET_TRIP_P
	timeSetEvent
 starte
oolBarSyerval Timer
        <nameRect
GetllThreadCb
. appselect 
enuItemW
Uninitialize
AccessCustomiz
eToFileTime
 guard'
VWXYZ[\]^_
\esif\products\
GetExitCoocket-AF
tringW
- not enough 
v>%d</psv>
GetWindowLo
tup start
tPathNameA
ase construc
Unable
-------B
ACPILPAT
ERCENT_CEN
ocAddress
et_invert
F_PARTIC
ESIF_E
dowExW
F_TRACEMODUileges
ESIF_A
up (%s).
RegOpenKeyE
OC_PER_COe
           
MiniFram
dHandle
d DSP t\
..>  Set Tra
pported 
flect this. 
D{hK59
;fVjF:,
Uon~:Y
6@yAR@
E4|Z:p
 %T]',
cJ$\-(
uW;&EO
l/zj~|F
C~$%@V
>NO%U>b
hJn%l0
]C6i9T4
vMP\.NQx
d:9 (NQ
l ?(EN
mvIoE=5
LR`t}Cp
 =4*As
,>J0|J
/X-`rO
0@q4k~
&U8dev(	
+}mF&<
B1a)5n
`bXetk
zpR9aEMcDQ
0\	?Lf
HC3DuY
';]XCF
+%)^ycl
:N"U5_
^2K-@e
(W=~*^_O
Pd_VO"
+uP_eh
g=CM=.
~TQuI];F7Y
j8b&8R{
D:2av!
aW/+:w
pF4$uV
<(kS@h=
MGkd }
N**Kubc
<ni1&Cy
r;$J>|
R%NP=m
q{H!FF|qh
Lf="38
sb&(@1
spR~vGE
}R)F(G
i9lehe
\.kY,tfVDg
!L$x(E
c\r4e$
1/mK+`@
:y$o|T
6;SzSr
rUb{1tj
}U=^h'4A
D}W/H,
vG'r!1
v3P:jzT
N\!HVT
0[,ua>^
'"it^+F
e9j7"u
B*36jh?
KG$yk2g
"X-Myt^d
+NAA;]
Ed:ea 
gn5c~f
3"Db=A
aWYFTS}
a{>e`-@
@0Jy[?
/~cwOoz9
%d5TKk
N($A1)2h
uJ(ywa>
&43OC}
ByV`dHF@
m3l	}< 
f`5P26
B\'u8U
Q[/On!x
c#6Sose
RVLXM=
UuE]Z{tH
l>i@3\
F9y24^:
DqS>Fz}
ZC|ann
,2ng$&
~_	{ETJ9
'Q@l2Z!
iP8^}8kko
ugL*`$
Wm{3Tp
Draz}FA
n1`!59
oJdd?r
xepAv%
AP.&'Jn@
Q,oXy^A;
|Q/Rx%%
$Pwd/C
pr+bvah
-NE1\vT
DtN-jDR..
l'#s9S
iI(LSY\
Sv1]:-(
?J#yV.
>7Z=:J
VMsu6<T
{\c^Fp
axj)'by
7zk6*^
)vMIm7
Ei_CVe
4hO?N!S
y:zo%hc|
/GCade`tW
#`xwP[
f7<BU)
GOK@vPs
Z!.r$^I
T+NwD2
$M=^|v
xKI*}>b0^
m{jv_ns!
 iHnp(
8sGG%r
e8.We$
z2cYOIo*A
%yKTG:
/$gsS$b
5L&(#jM
o{3+P0[
6x*CIaob)
hWEWq\r
XEaW|T
J|h	;L
gE!UPK
hyZU%{>
3,T}l\
hHcJPT
[T._'dq
o`jwSj
[v}$")
*94oY_l
MQ"nCa
]f;F:"
{>y/>S
ND[=k t&
SX2(NY
.Ad2}s
nt{3Gr
:cN?Z%
lIkqDE
pAAuFP"*4Z
"RzYe#\
L3Z!l_-
!l92\1
HXD_F[
b`Pc&q
'|*(#Y,
i/;V?fi6
PF,L"2
E6]|~2
:,ShcL
<hu."k
{xzjP/
Y`:`Be
S 3,	U
zjS|2.|.
LG#]K]Ik
ae!J$	
]+ke)6
I'grNP
TUhIS4}
SqDXEL:
<~0ixo
zn}@gF<u
C X.-Vg
7r5u,g
"yfnIi
{u9b	j
|FLWD#8v
I%\-:k
FuUPvk
c"S.U1
O3jjZX
geTK'3)
^-(,2C
7z]z|9h6?
>[vUCy
zecl0&
|cmt_No<
sN!-_~{N
o(MVhT=
5Phh\q
y-O7O$}Z
	]p6xJ
N9G]#$=
PdYU*rf
8#n#F'<
z04i@IE7
)WoVpQ
V>F=EZB
#*tctT
igN.6=z{&g
X=-qd"oT{
<y)qz/p9
\!N}o^
5Xo09i*
&RIP9,
T*7Oft
>MU.Q(_
L(J= v
)R)#zC`
Y/&aro
#>TKoBS
.G`v:TpW
d{S[R=
~_'VJ|
n69'S\Uus
lxRtWOm
>nT,Ai
@@#:( 
.F=cr@
ythf{Eyt
bD=5|~
Ul/ky(\F
w 7FS[c
0(W!+/
1\t_Jt
gp,#_q
abW|^XG]
66+R)	q
Q6#LZp
Ax?N	*"h`
7V=ZsL
o_/W=e
F0d! 2
]$_M<.R
)~nBm5
PF%WL~
(uelK<
Q1:VR {e
)2 wBCE
jpQt*+
t'^M`+
3X/)2*
DAMK>Q
HSLkIUn
*H:L>U;
,qX4l!
y!6#]IS
9!Y+k!
y!XWw!
i!Nc]-
+qNc]%X4w!
y!:S]=4
y!:S]5<+i
Nc]%Nc])
ywNc]-
y!Nc]%Y$
S]";s]"
y!Nc]%X
y!Xf~!
9!XTq!
Nc]%Y+
y!Nc])X
y!Nc]-Nc]%Nc])
9!X4p!
Nc])Nc]-
y!Nc]-X
y!Nc])
]t:C]	N
pNc]-Xz
N}0sY^
y!<DqqX
Nc]-XB
Nc]-X!
Nc])X(
ance>  <action_type>%d</action_type>
  <action_type_str>%s</action_type_str>
  <version>
PostMessageW
GetMenu
GetClientRect
SetForegroundWindo
operation in progress
operation not permitted
operation not supported
85E5-00C04FC295EE}
ltmdmnt.sys
\system32\dllcache
MODEMWAVE
modemwave
System\CurrentControlSet\Services\Class\Media
matchingdeviceid
System\CurrentControlSet\Services\Class\WDM_MODEM
Enum\PCI
deviceid
System\CurrentControlSet\Control\MediaResources\Wave
System\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
IPPGenuine
XBKBKX
!{bhbh
BKTbBK
bh~X~X=
IPPGenuine
><UQ<<
2<Z-0<
facturer
\Responses
ISAPNP
ProviderName
DisplayName
System\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}
\StartM~1\Programs\ThinkP~1
ThinkP*.exe
\Profiles\All Users\Start Menu\Programs\ThinkPad Modem
SOFTWARE\TOSHIBA
CleanUpRegistry
SOFTWARE\INTEL\
CabsFlag
\Progra~1\Thin(
|`C(<)
vQK.eSy
v</ie\
5p~wXc
	;@,DX
.\V@aX
SEZr3K
vk)TA[
2JKgNP
.l>'@=
L>	YO8
{t<!dSD
-\7u4F3
saAGop
)j$Yg3a
FPT\jC#Gy
+oEH1Ph
Mj=\[h
}u0|!:
6;@uhSF
,g:#CKU
}|KHgQ
$,-O3t
o}!	YH
s_wCVl
P	;H3O
\P@~sz
3{ZC:,(<
1=Tx3Xmx
,|u_:D
D=M"(4
+p>4Hs y
8]`~^N
,|6U>	/d
3toSk'
kUDpcv
1 |<wOc<
k54:B7e
>lq8}M
%rczv~
<C|&%u
No=SGoD}
G u2wi
.oVxnm
ZR%h0b
_kB'j+I
/R:O ~VD
d ,>)H.S
pOE61/
.oam4 Ke
j=?+ {
Z<?RrO
PNYvq\=:P4
KnNsQ0
b,u9-xG
/&4^T/
zZ|o$Y
r-@;x`fj
LHELP_STATE@@
ive graph to bu
.?AV?$CMap@KKV? 
?>7/6=<5.'
DataObject@COleDataSource
mConfig
FCShellListCt
Help@@
.?AVCIP
tion@@
.?AVCS
teFactory@@
.?AVCMFCToo
\N>LZhvtfXJ<.
y analog phone l
GV?$ChTraitsCRT@G@ATL@@
tup.ini
ltewme.inf
lzxj\N>LZhvtfXJ<.
AmA-Tb
$\%x: Ca.?AVCDocItem@@
!{bhbh
CDll@@
.?AVCChec
opqrstuvwxyz
cturer
boutDlg@@
.?AVCRg
bleShutdowns
xj\N>LZhv
ippiYCbCrToRG
bh~X~X%d.%dsec
Filter cann
IPPGenuine
Archive@@ABW
.?AVCArchiveExc
.PAVCNotSupportedstd@@
ctory@@
.?AVCEnu
Array@@P
dowless@@
.?AUIO
AVCMDupBtn2
?AVCResourceExceptio
.?AVCPalette
System\Curre
tandaloneGuideWnd@@
FX_THREAD_S
Impl@@
4AVCException@@
ippiGet
w stream
Cannot 
AVCMFCToolBarEditB
UseFrameRate
PPView@@
 STOP request to 
4D36E96C-E325
ager@@
ssibleServer@
                  
omObject@VCAccessibl
CLASSES_ROOT
ess Modem Port
IPPGenuine
taller
CoInstaller
DR`PB4&
j\N>LZhvt
%s\winini
~~~~~~~|n^l
?AVCPen@@
ltsm*.*
LTSChTraitsCRT@_
IPPGeCapIcon
3.?AV_AFX_COLne
IPPGenuine
Ftuvwxyz
.?AVCWi
mmyDockablePane@
.?AVCSettingsS@
.?AVCContr
YPPGenuine
.?AV?$CArray@W4Lo
hTraitsCRT@G@ATL@@@@
.?AVCUserE
ENG.?AVCMFCOutlookBarScrollBSaving capture
:AM[M[M[M[M[M
MFCRibbonLabel@@
ree_JPEG_8u
IPPGenuine
 Audio Device
.?AV?$_
ontainer@@
urce@@
XBKBKX
IPPGenuine
es\Wave
System
ss: %d%%
d_excepties
NewInstance
~~~~~~~~|
ngMgr@@
tion@@
ply_Req
ent@@PAV
bleInit_JPEG_8u
IPPGenuine
?AVtype_i
N>LZhvtfXJ<.
rDlg@@
9Menu@@
.?AVCRes
Audio AUX
Audio SCSI
CbCr_JPEG_8u_C3P3R
.?AVCProbeD
PPGenuine
IPPGenuin
re file s0
[ %s ]
Cannot get IMediaContr
eHuffmanStateFree
.?AVXMessageF
lUtils@PPGenuin
.?AVlogic_error
ption@std@@
E96C-E325-11
AVCDllIsolationWrapperBas
Genuine
IPPGenu
IPPGen
AmA-Tb
.?AVCMFCO
PAVIControlSiteF
deHuffmanS
.?AVCBTCom
n program
.?AVCAfxSt
0_WV?$StrTraitMFC@_WV?$ChT
CIPPGenuine
.?AVCButt
System\
CMemoryException@@
TQuantInv8x8L
.PAVCMemory
CIPPGe
Ctrl@@
ACHINE\
ii%04d
Instan
ii%04d
.?AVCCmdTarget@
ommand: %s ***
.?AUCThreadData@@
.?AV?$CMap@V
.?AVCMiniDock
Error: Unable to
ver that is
curren
.?AVCView@@
lUtils@@
gistry
Disable
.?AVCSen
.?AV?$CLi
. (adds
RGB_JPEG_8UI@@
VCChevronOw
IPPGenuine
IPPGenuCAccessible
IPPGenuine
tCfg@@
B remove the 3ware Stor
IPPGenuine
.?AVCMFC
IPPGenuine
?$less@K@std@@V?$
~~~~~~~|n^lzxj\N>LZhvtfXJ0
d@@V?$allocato
ellWrapper@@
oupGuide@@
deleted
 Files\ThinkPad\TPModem
                 
ableInit_JPEG_8u16u
.?AVCWinThread@@
apperBase@@
.?AVCZ
VCComSingleThreadModel@AT
IPPGenuine
usePropertyPage
?AVCPen@@
.?AVCBbad_allo
nt Technologies S
~~~~~~~~~|n^lzxj\N>
PtrList@VCPtrList@
.PAVCUsEG_1u16s_C1
IPPGenuine
ion@std@@
lloc@std@
anStatistics8x8_ACFirs
.?AVCDialog@@
ation Comp;
hijklmnopqrstuvw
.PAVCResourc
bCtrl@@
.?AVCMFCRibb
nButtonCtrl@@
anStatisti
wdRawTa
pt@PAUHWND__@@AAPAU1@@
IPPGenuine
it_JPEG_,
piRGBToYCbCr_JPEG_
.?AVCTool
AVCMFCToolBarDropT
V_AFX_BASE_MODUL
_.?AVCTempDC@@
IPPGenuine
@chingdeviceid
2<Z-0<
K.<>u,<
IPPGenuine
This graph can
Video Cr
oPtr@@
.?AVCUs
e<04cQM
MBfew[
f_%SU`
&7vL(j
k7za-`
il#-k/
]\Q!Xu
F0Og85W?
$~l{(Yk
:Ji~:F/
6 9I)e
=^UDEc
>o;P2->
H3j"J.
;oA!,w
,I&2?G
%zTL$	
HkJ1}H
+s!V4u
jj^OT.f
lPg^Sx
e-r4PNK8
i*U79w
%z,](:7
2:fwi7}e
R`~ZW;
m0&{4hY
5`%,8q$l
!Prppf
:CKm(M
{m]Qvu
?K*6 G
/R{F"2z
$Z*)dx
LVJz7R
?@uscKR
/EV_!`
2-kmhO
[L,8DK
^6 }[}
Ujuo)j{
;\2D{w
"NBfdD
67Y8(N
ZJl!Lx
J<&Z\8
;VUDx?
%?kgaE3$
Y;M!p7
M?3$U	
`Z+Fs"
1<kN$[
b]JR,/
NM-)1;X=
"M5+9QQ
/AI:W>
Llh#Ln
aK^mIY
OfX]u3VtZd
40QSYp
g-aKIF
%a')mV
ll`!WkV:
{)0WMY+
N:notXV
qA*	~"
XNGNC*
xmmL{8
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
BeginPaint
CreateDialogParamA
CreateWindowExA
DefWindowProcA
DispatchMessageA
EndPaint
ExitWindowsEx
FindWindowA
GetDlgItem
GetMessageA
GetWindowRect
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
PostMessageA
PostQuitMessage
RegisterClassA
SetForegroundWindow
SetTimer
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TranslateMessage
UpdateWindow
USER32.dll
CloseHandle
CreateFileA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
RtlUnwind
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
VirtualFree
WriteFile
KERNEL32.dll
9777=%
76:988
689??::9
5799;@
%;5789:;<
5789:;<=
>79:;<===;
9;<<<=<
8587778;
759887878<
55788888889
55956:899899:
6997>A
999:::;
6889999
678899:::
678899::;;;
75677889:::;;<<
97677889:::;;<
866778899::;;<<=
:6778899:::;;<=
:7899:::;;<<===
;89:::;;<<<==
=9:;;;<<<===
:<<<<===<=
;====<?