Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 3fe2c8cd50016c013c0c7c2c573af782 --

Hashes
MD5: 3fe2c8cd50016c013c0c7c2c573af782
SHA1: e7f5bd98ede01afc9e5926c6c57c190437e14d38
SHA256: d875a9028c9cede32444175ab26f60b46fc967c6f81cffa8bae15d1a2d3a2389
SSDEEP: 1536:ddRmZKi2QJd25O+hwkexg96fhbVYFG8Gw:dSb2QD25vkni7
Details
File Type: PE32
Yara Hits
YRP/Borland_Cpp_DLL | YRP/Borland_Cpp_for_Win32_1999 | YRP/Borland | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/win_files_operation |
Parent Files
07366aeaaf4cc541451e35c636f53fa4
Strings
		This program must be run under Win32
`.data
.idata
@.edata
@.rsrc
@.reloc
fb:C++HOOK
_^[YY]
_^[YY]
t?BCIu
**BCCxh1
_^[YY]
_^[YY]
_^[YY]
H_^[Y]
e@FBC;u
_^[YY]
QUVWRSPT
0_^[Y]
Borland C++ - Copyright 1999 Inprise Corporation
SIMULATE_TLS: A second thread was about to be created and the c0s32 startup code is in use
Nonshared DATA segment required
Cannot run multiple instances of a DLL under WIN32s
Windows
CABINET
cabinet.dll
extract.exe /Y "%s"
FDICreate
FDIIsCabinet
FDICopy
FDIDestroy
borlndmm
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
borlndmm
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysReallocMem$qqrpvi
<notype>
<notype>
___CPPdebugHook
Stack Overflow!
),(((((),(((
Error 0
Invalid function number
No such file or directory
Path not found
Too many open files
Permission denied
Bad file number
Memory arena trashed
Not enough memory
Invalid memory block address
Invalid environment
Invalid format
Invalid access code
Invalid data
Bad address
No such device
Attempted to remove current directory
Not same device
No more files
Invalid argument
Arg list too big
Exec format error
Cross-device link
Too many open files
No child processes
Inappropriate I/O control operation
Executable file in use
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Math argument
Result too large
File already exists
Possible deadlock
Operation not permitted
No such process
Interrupted function call
Input/output error
No such device or address
Resource temporarily unavailable
Block device required
Resource busy
Not a directory
Is a directory
Directory not empty
Unknown error
(null)
%H:%M:%S
%m/%d/%y
%A, %B %d, %Y
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
January
February
August
September
October
November
December
printf : floating point formats not linked
scanf : floating point formats not linked
printf : floating point formats not linked
scanf : floating point formats not linked
Error: system code page access failure; MBCS table not initialized
%02d/%02d/%04d %02d:%02d:%02d.%03d 
kernel32.dll
GetProcAddress
Borland32
Abnormal program termination
No space for copy of command line
No space for copy of command line
An exception (%08X) occurred during DllEntryPoint or DllMain in module:
___CPPdebugHook
**BCCxh1
KERNEL32.DLL
USER32.DLL
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
CreateProcessA
DeleteFileA
DosDateTimeToFileTime
ExitProcess
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
EnumThreadWindows
MessageBoxA
wsprintfA
cab.dll
Extract
GetListItem
GetNextName
Prepare
___CPPdebugHook
{<:y&q?	
?#?)?N?q?
:^:c:h:m:r:w:|:
<-<@<b<
<==C=I=O=Z=_=f=l={=
0$0+010:0G0S0g0m0
1%1B1U1^1
2(252;2O2
4@4F4Z4`4w4
727O7W7c7i7t7
8X8_8~8
:&;1;U;a;l;
;G<X<f<
=1=<=u=
0,0C0O0\0h0w1
1:212J2V2`2H3=3O3{3
4(424>4U4m4
4.5@5Q5V5n5w5
:%:.:2:?:L:R:`:
;];h;y;
<(=1=:=F=P=>=J=T=]=q=
>6>">=>Y>g>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?
9$9G9d9
; ;f;r;_;z;
3M7f7t7
202E2Z2o2D1f1
3%313E3[5
0$0-070F0O0Y0
5"5,5;5D5N5
>*?R?`?i?s?y?
0)050A0U0
8-969A9P9
9@:H:V:
7"7&7*7.760x0
5.5i7t768
Q0r0x0~0
1 1&1,12181>1D1J1P1V1\1b1h1n1t1z1
0 0&0,02080>0D0J0P0V0
2 3$3(3d3
:D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
\5`5d5h5
8h8l84:h:
P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3`3d3l3p3t3x3