Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4437b4e1efc79c331070b9f481e3e97a --

Hashes
MD5: 4437b4e1efc79c331070b9f481e3e97a
SHA1: 793b1d0839912679cb43e50b63c186205b8b7d44
SHA256: 4d8ff1f53c3babf9bfd11b2ebcd44e2698cfe3bc80c6f0cbc64c0d191ea1fc1b
SSDEEP: 3072:10EvBHYN6cpZbdPYxDhjnYnMq182s8Vvh0VCPL2zHoytG5dHJZE5d8wfI:1LHYwcLdy9Ir6v8tS8ytG5dHL+pI
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/win_registry |
Parent Files
0495481d035935c5e309333c6d7c9209
Source
Strings
		!This program cannot be run in DOS mode.
`.data
Shared
P.rsrc
P.reloc
KERNEL32.dll
NTDLL.DLL
USER32.dll
GDI32.dll
ADVAPI32.dll
GetCharABCWidthsI
gdi32.dll
NumShape
Control Panel\International
GdiRealizationInfo
 !"#$%&'()*+,-./0123456789:;<=>?@[\]^_`{|}~
 !"%()*+,-./:;=?[]
FontIsLinked
Arabic UDF
FONT%d
GetTextExtentExPointWPri
f	g	h	i	j	k	l	m	n	o	
Tff pgf
Tff pgf
Tff pgf
Tff pgfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
Tff pgf
Tff pgf
Tff pgf
Tff pgf
Tff pgf
Tff pgf
Tff pgf
gf^*gf
Tff pgf
ffgYff
Sffe[ff
\ffgYff
Sffe[ff
\ffgYff
Sffe[ff
WgfVNgf
NgfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
gfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
Tff pgfgYff
Sffe[ff
\ff5pgf
pgf pgf
Tff pgfArial
Mangal
Microsoft Sans Serif
initmedifinaisolligamset
isolisolinitmedimed2finafin2fin3isol
ccmpisolinitmedifinaligadligsaltcswh
cursmarkmkmk
ccmpinitmedimed2finafin2fin3ligadligsaltcswh
markmkmkarabdflt	
efsyridflt
SIAMDICTSPECIAL
SIAMDICTMAIN
()*)**+,**-*.******/0*0*+123*22*+%
763210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
3210/.-,+*)(%!
""""""
###""""""###$###$%###%###$%&###
)###*)###*+)###+)###%)###*+)&###,-)...//,/-//)/...,-0)...,-01)...,-1)...,-2)...,-01)3...
444555666
'																		(
)777888999:::;
<<<>=?@A444CBDEF555CCCF555G666
!IIIJJJ
 LLLMMM
FNNN$H(!
egfafgf
fgfafgf
hgf-hgf
fgf&dgf
mgfvngf
   ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E 
nuktakhnrphfblwfhalfvatupresabvsblwspstshaln
abvmblwmdist
akhnhalfpresabvsblwspstshaln
abvmblwmdist
nuktakhnrphfblwfhalfpstfvatupresabvsblwspstshalnabvmblwmdist
nuktakhnrphfblwfhalfvatupresabvsblwspstshaln
abvmblwmdist
akhnrphfblwfhalfpstfabvsblwspstshaln
abvmblwmdist
akhnblwfhalfpstfpresabvsblwspstshaln
abvmblwmdist
nuktakhnrphfblwfhalfpstfvatupresabvsblwspstshalnabvmblwmdist
nuktakhnblwfhalfvatupresabvsblwspstshalnabvmblwmdist
akhnblwfhalfpstfabvsblwspstshalnabvmblwmdist
devadflt
tamldflt
bengdflt
gujrdflt
knaddflt`
mlymdflt
oryadfltp
gurudflt
tlgudflt
efGetLayout
5 }hfu
R=(}hfu
4pf9>tKFFJu
BAA;T$
tIIt&It
u	G@@f
x9^D~q
JSTFSW
HtqHtRHt@
tPHtEHt6Ht'
Pj>hOS/2
SSShcmap
VSjah8
F,_^[]
Ht6Hu=
D$<QRP
T$<PQR
C@@II;]
6SSPQV
6SSPQV
AAJJ;E
|	+>+;
FAA@;t$
SIVIt3It
G@@F;|$
J`f91t
jjX_^]
jjX_^]
GSUBSV
M$f;<Nt
It`It?IIt 
HtQHt7HHt
HtQHt7HHt
HtNHt5HHt
HtQHt7HHt
trHt=H
SVWj@3
t^ItQItDIt7It$IIt
=GSUBu
 =GPOSu
=GDEFu
WWWhGSUB
WWWhGDEF
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
uTf9](t
u,;U$t
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
u(;]$t
u*;]$t
u(;]$t
u*;]$t
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
uTf9](t
u,;U$t
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
9]$th9]
uSf9](t
u*;U$t
u(;]$t
u*;]$t
u(;]$t
u*;]$t
u(;]$t
u*;]$t
f+8OJf
9AAJHH9U(r
t?9M t:9M$t5
H(;H t*f
6~Wf;u,
E$N9u$r
u$;u,r
E4@;E(
8Af9\x
ItAIt 
HHf+0NIf
8@@NNf
0gfD0gfD0gfm0gfm0gf10gf10gf
3gf|3gf
3gfA3gfh3gf
2gf'4gf=4gf
5gfm5gf
5gf55gfY5gf
6gf,6gf
;gfa;gfa;gf7;gf7;gf
<gfR<gf
=gf+=gfG>gfG>gfG>gf
=gfz>gf
?gf`?gf`?gf"?gf
Agf@AgfYAgf
Agf,Agf
CgfDCgfkCgf(Cgf(Cgf
Bgf'Dgf=DgfVGgf
Ggf,Ggf
FgfgFgf
HgfUHgf$Igf:Igf
JgfPJgfPJgfuJgfuJgf<Jgf<Jgf
f;4Ku	
|	+>+;
8iRC.uv
8iRC.u3
FBBA;t$
9wgf-wgf
ygfKwgfKwgf
xgfKxgf
xgf;ygff
F,f;F.s"f
F(f;F*s f
F,f;F.s8
f9~$v@
Gf;~$r
abvst~
blwstv
nuktt@
H(;H t*f
:@;E(|
M,@;E(
efSSShGSUB
SSShGPOS
SSShGDEF
PShGSUB
PShGPOS
PShGDEF
JJOOHf
t89H@t39
D$$+D$
ef9= }hf
tUJJt6
efVVVW
ef95 }hf
ef95 }hf
efPVVV
QRhGSUBf
L$ PQhGSUB
PQhGPOS
D$ RPhGPOS
D$,_^][
D$$RPQWUhGSUB
D$0u<3
D$0_^][
L$$VSUR
T$0PQR
T$4f9B
T$$QRPWUhGPOS
dfltWu#
V=GSUBuV
_=GPOS
=GSUBu
=GPOSu
l$8VWQf
D$@@f;D$8
hGSUBP
hGPOSP
hGDEFP
hBASEP
G4_^][
\$,UVW
@f9\$8f
Cf;\$8
T$0QR3
D$dUWR
D$dQVRP
GSUBuM
D$,WPV
GPOSu4
D$4WVQ
L$\RPQ
D$(RPSQ
Cf;\$8
D$ _^][
=GSUBSUVW
T$TRUS
T$TRQf
T$TRPSU
T$TRQf
L$HSUR
T$PQRf
L$PPQRhGSUB
L$HSUR
T$PQRf
L$PPQRhGSUB
T$4PSUQR
T$HQSf
L$HPQR
T$HQSf
L$HPQR
D$8SUQ
L$@RPQ
D$8SUQ
L$@RPQ
T$HQSf
L$HPQR
L$HSUR
T$PQRf
L$PPQRhGPOS
L$HSUR
T$PQRf
L$PPQRhGPOS
D$@f9t$0
T$$f9t$0
T$ f)^
\$@UVW
L$8hGDEF
T$PPQR
D$LQRP
L$LF_3
L$DVRPQS
T$<F_3
L$8hGDEF
D$\UQRPW
T$XQRUSPVW
L$|hGDEF
L$DRPf
L$|hGDEF
D$,RWUP
f;L$|t(
L$LC_^f
f9\$ f
Cf;\$ 
Cf;\$(
f9\$,f
Cf;\$,
@f;D$L
hGDEFf
\$,Cf;
f9l$(f
Ef;l$(r
@f;D$D
|$@dSUVWv
L$(PQRU
L$`@RP
T$\PUQR
t$,@f;
\$|UVW
L$lhGDEF
L$(UQRW
T$hQRf
L$lhGDEF
D$(SPQW
D$ @f;D$0
T$(SRPW
L$lhGDEFf
L$ PQRW
\$$Bf;
L$ Af;L$0
T$$RPW
L$DhGDEF
L$(PQRS
Af;L$(
L$HRPSQ
L$$SUVWhGDEF
D$8SRU
T$<QRUP
T$0QUR
L$0SUQ
HeapCreate
GetVersionExA
GetACP
GetUserDefaultLCID
InitializeCriticalSection
GetProcAddress
LoadLibraryA
HeapDestroy
DeleteCriticalSection
DisableThreadLibraryCalls
HeapAlloc
InterlockedExchange
GetLastError
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoW
IsValidLocale
ConvertDefaultLocale
InterlockedIncrement
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetProfileStringA
lstrcmpiA
GetProfileIntA
CloseHandle
ReadFile
CreateFileA
IsDBCSLeadByte
LockResource
LoadResource
FindResourceA
KERNEL32.dll
GetSystemMetrics
GetSysColor
SetRect
wsprintfA
USER32.dll
DeleteObject
SetTextColor
SetBkColor
GetCharABCWidthsA
DPtoLP
GetGlyphOutlineA
SelectObject
CreateFontIndirectA
GetTextCharset
GetTextFaceA
GetObjectA
GetCurrentObject
GetCharWidthA
EnumFontFamiliesExW
GetOutlineTextMetricsA
GetTextFaceW
GetOutlineTextMetricsW
GetTextMetricsA
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
TranslateCharsetInfo
GetFontData
GetTextExtentExPointA
GetTextExtentExPointW
ExtTextOutA
ExtTextOutW
Ellipse
LineTo
MoveToEx
CreatePen
CreateSolidBrush
GetTextColor
SetBkMode
GetBkMode
SetTextAlign
GetCurrentPositionEx
GetTextAlign
CreateFontA
GetStockObject
DeleteDC
SetGraphicsMode
GetGraphicsMode
CreateCompatibleDC
GDI32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
USP10.dll
LpkPresent
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspDllControl
UspFreeMem
%ff:Nff
9 : E F } ~ 
"<"="B"C"R"S"T"U"d"e"f"g"h"i"j"k"n"o"p"q"r"s"t"u"v"w"x"y"z"{"|"}"~"
# #!#)#*#
O;PpQJS
^:`P`la
4=597j8
D,E1FbH
_N`fbhbpd}d
iHjqj{j
x0xcxAz
8e<"=n=
`!(#H%
Q3V=X$^
SfXla+c
A%C1O\O
a?c*k4kql
D2D<5F
1PLI\#`
@#"'X<$=
YydDoA
c/e8h_k$p.p
%[*igv|
#\3RIYN,`
b	kK}y
=5<]@w
S,5T	k
<4B%C`F
%!TN0SD^
.9IQI0b
6@9$BdUx^{
)K*r>pL
 8"a"S'L(
4b4j4I5
d T!:%
kYzs~3
+[,rAk
#\3$5YN
G0R|a#
.6@)N8rD
/CG,` e~h;m
@	5 l.(4
U6X8gFo<
Yrg)|t
 $=,I:
AxNRXxh2s.
8-:c=&LXO
e#8Mzh
lXo#wPy
j.%5cR
A	msjw
OfQ*k8l
iQth}|
\c@jNs\
%	8T8(T
. ;lNlV
*Q+[0\001
S*T0U(V
XtZj[N\
\;bTcSdqj
8l9*:(=
98@@@qCOEgH
O&Sj\R]
=nAfQPW
@+DiSke
U2$7d[@{
 /0\$c
"l)C5^zf
$i.w=qK
KnNmR Yl\rj
K;XDaqqF
\3p3]K
G_@xW|
T,PE,i
xNxhFt7
`8`+vlz
%S'>0fCDH
)}2w7dn
Sa\:cMp
W6]HjPx
RM]pp`
@^H,[\
j0|F}P
.8/:3$7
N QmR<U
-<HLnN
H+},h[	k
3e9(Q8u
q R):1
\3p3,>
"$Y%H(`1
o5o8d@
ELNoUX\
(h+*1_4H=
;.>Gm7olo
A&U)A:
(k)LKIT
d8jHj l
+g/=3@6
"[&4B%C
7#G&d'H+
10B%FqL
!L$<0L1n2
UFZ,];_
;`<BY)
GrIUS{[
^&h+mtn,pquu{
<^HqWx
3,{h1wA
Xx[	\De
%z3|@)T"i
]"ijq@w
z;UNUS"ijq
$4"ijq
LUS:]"i
,l:0F/N
[?];^@h
31A4JUZ
!$IT5n
o3t="A
l9H<TG
e,_Jw]
p)25#6
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
< <0<8<@<P<X<`<p<x<
=;=A=H=Z=a=g=l=q=x=
>'>/>5>;>H>T>b>g>n>v>|>
>1?7?A?O?U?
8Y9-:}>
8;9H9^9
92:=:c:
;%;0;?;
5U5s5}5
8-9O;r<
<:=G=M=
5#5)50575<5W5
<.=c=j=
=*>=>L>W?i?
070>0[0
0<1V1i1s1<2C2N2U2
>7?A?_?
1V2c2z3q4,5054585<5@5D5H5
<N=Z=h=
>?>G>N>T>Z>a>h>m>
20R0L1T1
1,242j2
6G7#:M:V:
7?8r9r>
4V8s9|9
1%174=4
;g<m<:=@=
0f3l3;4A4
3o4u4B5H5
<r=x=E>K>[?
6M9d9x9
=Y=`=m=y=
5a6Z<v<
4M6c6;8Q8
<"<&<*<.<2<6<:<><B<F<J<N<R<V<Z<^<b<f<j<n<r<v<z<~<
="=&=*=.=2=6=:=>=B=F=J=N=R=V=Z=^=b=f=j=n=r=v=z=~=
1L3_4l4
4|6F8N8U8[8c8u8|8
9f:m:r:}:
4O4/5]5i5
6>6F6b6i6
7/8<8C8
:";(;;;B;I;P;];c;q;z;
;4<;<[<b<o<
=C=J=W=k=r=y=
=*>1>>>R>Y>`>g>w>
414[4h4z4
0O1a7i7
=&=;=B=Z=o=$>
6%757i9n9y9g<
=?=N=Z=
9,:~=m>s>y>
2$2*2=2R2
3*303>3R3|3
9(:A:O:U:l:
="=3=<=
0!0(040E0O0U0q0}0
121>1D1T1a1k1|1
20272?2D2H2L2u2
2"3(3,30343
4M4T4X4\4`4d4h4l4p4
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
usp10.pdb