Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 37a98c6150d2317eb6e0df1516a5b3a4 --

Hashes
MD5: 37a98c6150d2317eb6e0df1516a5b3a4
SHA1: 59916cbc5cc7d8d5c167d13a5f4c50560bd92413
SHA256: c793e34d8aae0bd7227bcac3452d1aa27c5eddbaa91458132201c162b0fbe4cf
SSDEEP: 768:g+ZLXiVDwngxlXelyP14MTPSxsYs8Gath5s3kvhWwGkDUAhHNEDuoF4iNxXWN:X9XiVDOgxlt1vumat83EWUDUCEy
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_V80_Debug | YRP/Microsoft_Visual_Cpp_80_Debug_ | YRP/Microsoft_Visual_Cpp_80_Debug | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/network_dropper |
Strings
		!This program cannot be run in DOS mode.
.textbss
`.rdata
@.data
.idata
@.reloc
PRSVWj
YY_^[ZX
j@j ^V
< tK<	tG
f99u#f
VPPPPP
^SSSSS
URPQQh
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
t"SS9] u
t VV9u
;t$,v-
UQPXY]Y[
http://dns.alibuf.com:7723/dsc.exe
c:\dsc.exe
http://dns.alibuf.com:7723/dsc12.exe
c:\dsc12.exe
Unknown Runtime Check Error
Stack memory around _alloca was corrupted
A local variable was used before it was initialized
Stack memory was corrupted
A cast to a smaller data type has caused a loss of data.  If this was intentional, you should mask the source of the cast with the appropriate bitmask.  For example:  
	char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
The value of ESP was not properly saved across a function call.  This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
Run-Time Check Failure #%d - %s
Unknown Module Name
Unknown Filename
Stack corrupted near unknown variable
Stack area around _alloca memory reserved by this function is corrupted
%s%s%s%s
%s%s%p%s%ld%s%d%s
Stack area around _alloca memory reserved by this function is corrupted
Address: 0x
Size: 
Allocation number within this function: 
Data: <
wsprintfA
A variable is being used without being initialized.
Stack around _alloca corrupted
Local variable used before initialization
Stack memory corruption
Cast to smaller type causing loss of data
Stack pointer corruption
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
PDBOpenValidate5
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SystemFunction036
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
C:\Users\Administrator.HY-201705071353\Desktop\
\1\Debug\1.pdb
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
WinExec
KERNEL32.dll
URLDownloadToFileA
urlmon.dll
GetCurrentThreadId
DecodePointer
GetCommandLineA
RaiseException
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
WriteFile
RtlUnwind
LCMapStringW
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
<,<<<B<
>$?)?3?g?
8(858C8d8
:8:>:E:[:a:h:v:|:
;/;5;G;S;Y;a;g;s;y;
?/?5?=?C?Y?^?f?l?s?y?
0!0&0.030:0I0N0T0]0}0
0$1*1<1f1r1
2#2/2{2
2%3+343;3g3:4v4
5O5i5t5|5
6-646_6j7
8!8h8r8
8'999g9
96:V:{:
;U;`;j;{;
0(010N0
8%8+81878~869=9
;7;`;f;y;
010B0{0F1
5$5=5G5Z5
9/9H9d9m9s9|9
9F:W:v:
;"<Q<W<f<
>-?8?>?q?w?|?
0Q1\1s1
2B2H2V2[2c2i2w2|2
30454<4A4H4M4[4
6	6+626C6h6u6}6
;!<'<6<<<k<r<z<
=W=\=a=
=0U0_0z0
9#9)939<9G9S9X9h9m9s9y9
9*9<9N9`9
;';H<Z<l<~<
8<8T8[8c8h8l8p8
9J9P9T9X9\9
?%?/?:?u?
7"7(7.747:7@7F7L7R7X7^7d7j7p7v7|7
8$8*80868<8B8H8N8T8Z8`8f8l8r8
3d?h?l?p?t?x?
5$5,545<5D5L5T5\5d5l5|6
;8;D;h;
<$<(<H<h<
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3
4 404T4`4d4h4l4
= =$=(=D=H=