Sample details: 3cf0034f3c4359574e17e63f7533ab03 --

Hashes
MD5: 3cf0034f3c4359574e17e63f7533ab03
SHA1: b940be5e5335b93058eb8f5924ae4c38ed541f63
SHA256: e48b194e4a4c2cfe7b08773c5f5fa9b4f1b8edf34cfec084ae08b4527f8bf25e
SSDEEP: 3072:s4TxEuCHifwa9LHPA1B6Ci27vGlS5e1E1:s49TbBu6w7vGMB1
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://photoscape.ch/Setup.exe
Strings
		!This program cannot be run in DOS mode.
?;*X^UyX^UyX^Uy
y@^Uyc
VxI^Uyc
PxE^Uyc
QxI^UyQ&
y]^UyX^Ty>^Uy
PxY^Uy
WxY^UyRichX^Uy
`.rdata
@.data
.gfids
@.rsrc
@.reloc
URPQQh
;t$,v-
UQPXY]Y[
< t1<	t-
WWWPWS
u-PWWS
SSVWh 
f9:t!V
QQSWj0j@
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
v	N+D$
v	N+D$
dayujeti.txt
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
?5Wg4p
"B <1=
_hypot
_nextafter
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
GetProcAddress
LocalAlloc
GetProcessAffinityMask
GetProcessTimes
GetCurrentProcess
TerminateProcess
GetThreadTimes
ExitThread
TerminateThread
GetLastError
GetFileInformationByHandle
GetFileType
GetSystemTimes
GetNativeSystemInfo
GetTickCount
GetSystemTimeAdjustment
LoadLibraryW
GetProcessShutdownParameters
AddAtomW
GetCPInfoExA
KERNEL32.dll
GetScrollRange
ShowScrollBar
GetCaretPos
USER32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
h0ahC-
uEI`k7
H[NA>r
z`]dvHt
\\D>+'.
Q\Jp6;X!
&&AA"<
^*x"6C{Q]
lbR7%S(
zVgqz_
^-i;}P>
w{'k,$
85^M ]
K";D}s
3:iQ Lm
W==,._f
GU[z,BD
}tK[,u
4RG-#G
oC`#)B
i#VK{G{^
ItBN/fz
v3VkbsU
(Cq?v(
c}cBYM
z:BNqU
}Nw_ZK
OZC6I<uBg52
asLjubohexagerumexijoxodewofojujililigarecexowubebigijipanorizijibomivewatowedotawoyuterunekawekemapadokaderovomupasujamidejiviruyoduvefasipigewipinujizoguvajomazawasefebiduwutekayetihuwuxugujikuwifolilepuzigegadafevesadugicaxodetagewudanopivolofapahimuzifohanegepexututuzakuzufacitexisowozatonaveliyawediputagasujofowumexepewapucegeyomohedibuwoyarupumatigewokifetazomaxevifecavenuladacatotoluhohuyajerudeyinoxutujamodesimekowasimorefuramecicimotuwizigicapugevutenufisakibisemefefirugumuvibeverogifiyutubacodisubefi(
yh%yh%-A
yh%yh%-A
yh%yh%-A
yh%yh%
yh%yh%yh%yh%
yh%yh%yh%yh%|
yh%yh%yh%yh%|
yh%yh%
Kh7Kh7Kh7
Kh7Kh7Kh7
Kh7Kh7
,e ,e 
Kh7Kh7
,e ,e ,e ,e 
Kh7Kh7
,e ,e ,e ,e ,e 
,e ,e ,e ,e ,e 
,e ,e ,e ,e ,e 
RKh7Kh7
,e ,e ,e ,e ,e 
x(,x(,
,e ,e ,e ,e ,e 
x(,x(,x(,
,e ,e ,e ,e 
x(,x(,x(,
,e ,e ,e 
x(,x(,x(,
x(,x(,x(,
x(,x(,x(,
,e ,e ]=
x(,x(,x(,
Kh7,e ,e ]=
x(,x(,x(,
RKh7Kh7,e ,e ]=
x(,x(,x(,
RKh7,e ,e ,e ]=
x(,x(,x(,
RKh7,e ,e ,e ]=
Qx(,x(,
R,e ,e ,e ,e ]=
yh%yh%yh%
R,e ,e ,e ,e ]=
yh%yh%yh%
x(,x(,b
R,e ,e ,e ,e ,e ]=
yh%yh%yh%
R,e ,e ,e ,e ,e ,e ]=
yh%yh%yh%
R,e ,e ,e ,e ,e ,e ]=
@>uyh%yh%yh%
R,e ,e ,e ,e ,e ,e ]=
@>uyh%yh%yh%
R,e ,e ,e ,e ,e ,e ,e ]=
yh%yh%yh%
,e ,e ,e ,e ,e ,e ,e ]=
,e ,e ,e ,e ,e ,e ]=
,e ,e ,e ,e ,e ,e ]=
x(,x(,b
x(,x(,b
x(,x(,x(,b
x(,x(,x(,
yh%yh%
x(,x(,x(,
:XKh7|
:XKh7Kh7|
:XKh7Kh7|
x(,x(,x(,
6E,"E,"E,"E,"E,"E,"b
6E,"E,"E,"E,"E,"E,"E,"b
]E,"E,"b
6E,"E,"E,"E,"E,"
6,e ,e E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"
6,e ,e ,e E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"
6,e ,e ,e E,"E,"E,"E,"E,"E,"E,"E,"
,e ,e ,e ,e E,"E,"E,"E,"E,"
,e ,e ,e ,e ,e E,"E,"E,"
E>Kh7Kh7
,e ,e ,e ,e ,e 
,e ,e ,e ,e ,e ,e 
x(,,e ,e ,e ,e ,e ,e 
x(,,e ,e ,e ,e ,e ,e ,e ,e 
x(,,e ,e ,e ,e ,e ,e ,e ,e 
x(,,e ,e ,e ,e ,e ,e ,e 
x(,,e ,e ,e ,e ,e ,e ,e 
E,"E,"E,"E,"b
x(,x(,,e ,e ,e ,e ,e 
RE,"E,"E,"E,"E,"E,"b
x(,x(,
:XE,"E,"E,"E,"E,"E,"E,"E,"E,"b
x(,x(,
:XE,"E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"|
x(,x(,
E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"E,"|
E,"E,"E,"E,"E,"E,"E,"E,"E,"|
E,"E,"E,"E,"E,"E,"E,"|
E,"E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"E,"O
E,"E,"E,"E,"E,"E,"O
9E,"E,"E,"E,"E,"|
>2z>2z
>2z>2z>2z`0
>2z>2z
[^R[^R[^R
[^R[^R[^R[^R[^R[^R[^Rf
>2z[^R[^R[^R[^R[^R[^R[^R[^R
>2z>2z>2z
[^R[^R[^R[^R[^R[^R[^R[^R[^R
>2z>2z
[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R
[^R[^R[^R[^R
ZS7ZS7
ZS7ZS7ZS7
ZS7ZS7
[^R[^R[^R[^R[^R
ZS7ZS7ZS7
[^R[^R
~[^R[^R[^R[^R[^R[^R[^R
ZS7ZS7ZS7ZS7ZS7
[^R[^R
~[^R[^R[^R[^R[^R[^R[^R[^R
ZS7ZS7ZS7ZS7ZS7ZS7
[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R
ZS7ZS7ZS7ZS7ZS7
[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R
ZS7ZS7ZS7ZS7ZS7ZS7
~[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R
ZS7ZS7ZS7ZS7
[^R[^R[^R[^R[^R[^R[^R[^R[^R[^R
[^R[^R[^R[^R[^R[^R[^R[^R[^R
[^R[^R[^R[^R[^R[^R[^R[^R[^R
[^R[^R[^R[^R[^R[^R[^R[^R
y!A&	A&	n
y!A&	A&	n
5$/5$/
*;5$/5$/5$/5$/
*;5$/5$/5$/
*;5$/5$/
<A&	A&	
<A&	A&	A&	
A&	A&	A&	A&	
A&	A&	A&	A&	A&	
A&	A&	A&	
A&	A&	\
=Vhhht|
pggg(=
1dL5^qZ_
=hGt:^
Hj@@YH
ZI><>$>>
0#0G0W0c0o0}0
%7-7o7
738A8h8}8
<8<=<J<
<D=M=X=_=
>*>:>J>S>
>3?F?Y?e?u?
H0U0|0
1#1R1Z1r1x1
323s3y3
4L5U5]5
9K9P9T9X9\9
1%1,121G1Z1n1z1
2+2:2F2T2v2
3+373<3A3q3y3~3
5(5S5A6K6X6
6G7N7n7
9"9.969N9s9
92:;:t:
>2>s>x>
>	?=?d?~?
0#0:0A0M0`0e0q0v0
1)111;1D1U1g1
1=2J2U2_2e2y2
333<3D3
394L4[4|4
7H7M7Z7f7
8%838<8A8N8S8
9$9b9h9
=C>J>w>~>
?:?K?e?n?{?
6L6S6Z6a6{6
7K7f7x9
:<:Q:_:h:
<U<y=~=
>=>O>h>
?<?L?c?k?
080B0^0i0n0s0
1=1G1c1n1s1x1
212M2X2]2b2
3)383\3n3z3
5#595t5{5
7#7Y7|7
778I8[8m8
909B9T9f9x9
;,<y<Q=
141O1Z1
1,232:2A2N2
424D4q4
99:C:f:p:
;/;F;i;
8Q9r9y9
1=1Z1|1
5(535@5R5
576L6U6^6
9@:j:r:
>	?&?6?
0<1G1R1X1a1
6$656s6
:$>'?8?
1&2+2=2[2o2u2
9(:/:4:8:<:@:
L1T1`1d1h1l1p1|1
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
48;@;H;L;P;T;X;\;`;d;l;p;t;x;|;
= =$=X=\=`=d=h=l=p=t=x=|=
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<
= =$=(=,=0=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5z?~?
9$9,949<9D9L9T9\9d9l9t9|9
>(>H>d>h>
?(?H?h?
0,000P0p0
6 6$6@6D6X6\6`6d6h6l6p6t6x6|6