Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 412245f3a0b0edcb678b28b817dd0196 --

Hashes
MD5: 412245f3a0b0edcb678b28b817dd0196
SHA1: 1d77179c92a3c2f2cd4674a772ec0b53399c9888
SHA256: ed9be9250fc062c93e601981b336787934852e5f1f99f385bcc10a5aa14bfab7
SSDEEP: 3072:uvAPQJ0usSc6FVrzwAH13jHmSxyA3Y1hrDRpuktFojxrcpdpJCvXH8TfLWhjHd:uvdKuG6HnwAHhDzxVXktGuzSHmYd
Details
File Type: PE32+
Yara Hits
YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_registry |
Parent Files
6d934829c09feb5ef430d5f8e275cba4
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.pdata
@.srdata
@.sdata
0 `	@(
'A2/ A
<B, 0	
<B, 0	
<D, 08$X@
x  `B	A
"@28p"!
	 !g?#
@	xv4@
	@!]?#
i,"0c|
|0  rb
@l4( 3
)`!Q y
< #R y
@`DQ y
!@C 0(
(AA?#`
	0A@?#
	(AA?#`
 AA?#P
 AA?#P
Al4(@$
!@1(x)
`bAXJ@
`1i @C@
string too long
invalid string position
Unknown exception
EncodePointer
KERNEL32.DLL
DecodePointer
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
mscoree.dll
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vbtable'
`vftable'
operator
__unaligned
__restrict
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__based(
InitializeCriticalSectionAndSpinCount
kernel32.dll
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
September
February
Saturday
Thursday
Wednesday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
bad allocation
c:\CCView\jgonz2_INST_Main\ASE_Installers\IIF2\Difx64\Itanium\Release\Difx64.pdb
DriverPackageGetPathA
DriverPackageInstallA
DriverPackagePreinstallA
DriverPackageUninstallA
DIFXAPI.dll
MultiByteToWideChar
KERNEL32.dll
RegSetValueExA
RegCreateKeyExA
RegCloseKey
ADVAPI32.dll
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind2
GetLastError
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RtlVirtualUnwind
HeapSize
ExitProcess
GetVersion
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
.mixcrt
FlsFree
 new[]
`vcall'
 delete
__ptr64
__cdecl
October
August
January
Friday
Tuesday
Monday
Sunday
-DriverInf %1 -Flags %1 -KeyPath %1 -Uninstall %1
Uninstall
driverinf
keypath
Difx64Return
Reboot
DriverPath
map/set<T> too long
C:\sTokenlog.txt
INVALIDTOKEN
invalid map/set<T> iterator
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVout_of_range@std@@
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
070615000000Z
120614235959Z0\1
VeriSign, Inc.1402
+VeriSign Time Stamping Services Signer - G20
6^bMRQ4q
JcEG.k
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA1-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
100930000000Z
140101235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
VeriSignMPKI-2-80
 http://crl.verisign.com/pca3.crl0
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170129Z
160523171129Z0_1
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
g.Q{49
uN1+gc
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
110308000000Z
140422235959Z0
California1
Folsom1
Intel Corporation1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
ISWQL1
Intel Corporation0
Sb@AB>
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hD,Z?u2JL}
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
.+!=438
-dmN`z
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
120123064052Z0#