Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 3f94a848b71fcfe172da507e5031e977 --

Hashes
MD5: 3f94a848b71fcfe172da507e5031e977
SHA1: 2e8b35284509c7acf374edc9742d381abdba8001
SHA256: be11c68198b22e31c21254aeea8dc62c7666a96e45738c23a6590eea72827d6e
SSDEEP: 1536:x5yumBzYETBYaJvpMBE/LvkLIxfcUJ7gU:x5yumBzrTBYidKIxfcUJ7gU
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_V80_Debug | YRP/Microsoft_Visual_Cpp_80_Debug_ | YRP/Microsoft_Visual_Cpp_80_Debug | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/network_dropper |
Strings
		!This program cannot be run in DOS mode.
!RichC
.textbss
`.rdata
@.data
.idata
.reloc
dwError
PRSVWj
YY_^[ZX
j@j ^V
< tK<	tG
f99u#f
VPPPPP
^SSSSS
URPQQh
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
t"SS9] u
t VV9u
;t$,v-
UQPXY]Y[
C:\Windows\updates.exe
C:\Windows\aaaa.exe
C:\Windows\info.exe
Unknown Runtime Check Error
Stack memory around _alloca was corrupted
A local variable was used before it was initialized
Stack memory was corrupted
A cast to a smaller data type has caused a loss of data.  If this was intentional, you should mask the source of the cast with the appropriate bitmask.  For example:  
	char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
The value of ESP was not properly saved across a function call.  This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
Run-Time Check Failure #%d - %s
Unknown Module Name
Unknown Filename
Stack corrupted near unknown variable
Stack area around _alloca memory reserved by this function is corrupted
%s%s%s%s
%s%s%p%s%ld%s%d%s
Stack area around _alloca memory reserved by this function is corrupted
Address: 0x
Size: 
Allocation number within this function: 
Data: <
wsprintfA
A variable is being used without being initialized.
Stack around _alloca corrupted
Local variable used before initialization
Stack memory corruption
Cast to smaller type causing loss of data
Stack pointer corruption
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
PDBOpenValidate5
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SystemFunction036
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
BengalOK\
\x86.pdb
x86.dll
urldown
urldown1
urldown2
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
WinExec
KERNEL32.dll
URLDownloadToFileA
urlmon.dll
NetUserAdd
NetLocalGroupAddMembers
NETAPI32.dll
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetCurrentThread
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
WriteFile
RtlUnwind
LCMapStringW
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
;I<a<q<w<
>,>\>h>
2(2-2C2H2d2
4$5)535g5
8"8(8.858<8C8J8Q8X8_8g8o8w8
?$?-?2?=?]?f?o?|?
2#2-232?2E2N2T2v2|2
6*60666E6S6v6|6
7#7(777M7S7[7`7h7m7u7z7
9a9j9v9
9':0:<:l:r:{:
<%<*<F<P<f<
<#=-=S=Z=t={=
?L?S?h?
2$3<5M5U5[5`5f5
7;7G7W7]7c7o7
<1<><J<R<Z<f<
='=,=B=X=y=
>a?i?u?
262<2_2f2
;';1;?;H;R;
;W<b<l<
0#050P0X0`0w0
3=3C3j3
3P4V4`4
7-73797
809:9@9M9\9
:9;>;x;};
=K=Q=s=z=
0_1i1v1
2>2E2{2
3(3.393@3i3o3~3
32474@4O4
485>5D5
6/6M6a6g6
8,8]8z8
8_9E>Q>\?
?#?5?G?Y?
0 1A2S2e2w2
><>T>[>c>h>l>p>
?J?P?T?X?\?
5%505k5
5j8q8w8
="=(=.=4=:=@=F=L=R=X=^=d=j=p=v=|=
>$>*>0>6><>B>H>N>T>Z>`>f>l>r>
(4,4044484
5$5,545<5D5L5T5\5d5l5t5|5
; ;,;P;\;
< <<<@<`<
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3
4(4L4X4\4`4d4