Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 44a2070513e908dc8c77b5565ed16c77 --

Hashes
MD5: 44a2070513e908dc8c77b5565ed16c77
SHA1: cde03ec19c7bbd227b585a06c785b0213d701a93
SHA256: 29570a308c44bf131fc29ebc51d99e834bb6af1c8f342c6383f541884499e8e2
SSDEEP: 6144:KJI4rMx2WyGIBWBmK+YJhw1B0WY0ngCJa:vwo2WyGIBwgYQ1B0W6Ck
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/disable_antivirus | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation |
Parent Files
6e1078156a9456706e5655dbe7cf9c1b
Strings
		!This program cannot be run in DOS mode.
U^Rich
`.rdata
@.data
D$D9D$
t"SSSj
8\u"hP#A
D$|j|P
D$|j|P
v/VVVj
_^][YY
9s,Yu;
9C,Yu+
t.Sh >B
Yt2WhG
,SUHHVW
D$0;D$,r
@tPh$0
j h,@B
D$$PSW
D$$PSW
D$$PSW
D$$PSW
tuh<.A
j4hP-A
SSSSSSS
SVWh<.A
QQSVWd
t.;t$$t(
VC20XC00U
^;5LRA
YYh` A
sO;>|C;~
0B= 2A
Y;5,2A
6;5HRA
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
"WWShD
HHtYHHtF
+ttHHtd
string too long
invalid string position
Unknown exception
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
PropertySheetA
CreatePropertySheetPageA
COMCTL32.dll
lstrlenA
GetTickCount
GetModuleHandleA
lstrcpynA
GlobalFree
lstrcpyA
lstrcatA
CreateDirectoryA
GetFileAttributesA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileSize
CreateFileA
LocalAlloc
GlobalLock
GlobalAlloc
LocalFree
ReadFile
SetFilePointer
GetModuleFileNameA
CloseHandle
DeleteFileA
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileAttributesA
GlobalUnlock
lstrcmpiA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
LocalFileTimeToFileTime
DosDateTimeToFileTime
RemoveDirectoryA
GlobalSize
WriteFile
LocalSize
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
ReleaseMutex
CreateMutexA
OpenMutexA
GlobalReAlloc
GetExitCodeProcess
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
SystemTimeToFileTime
CreateProcessA
KERNEL32.dll
SetWindowTextA
SetClassLongA
SetDlgItemTextA
wsprintfA
ShowWindow
MoveWindow
EndDialog
SetCursor
LoadCursorA
PtInRect
ScreenToClient
GetWindowRect
GetDlgItem
MessageBoxA
DrawTextA
SetRect
InvalidateRect
UpdateWindow
SetWindowLongA
EnableMenuItem
GetSystemMenu
GetSystemMetrics
AdjustWindowRect
CreateWindowExA
RegisterClassExA
LoadImageA
LoadIconA
PostQuitMessage
ReleaseDC
EndPaint
GetClientRect
BeginPaint
SendMessageA
DefWindowProcA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
DialogBoxParamA
DrawTextExA
CallWindowProcA
PostMessageA
SetPropA
SetWindowPos
GetWindowLongA
SendDlgItemMessageA
GetParent
GetWindowTextA
SetTimer
GetScrollInfo
IsDlgButtonChecked
EnableWindow
CheckDlgButton
SetFocus
FillRect
GetSysColor
SetRectEmpty
DrawEdge
LoadBitmapA
KillTimer
GetCursorPos
SystemParametersInfoA
OffsetRect
USER32.dll
CreateFontA
TextOutA
SetTextColor
SetBkMode
DeleteObject
Rectangle
CreateSolidBrush
SelectObject
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateDIBitmap
StretchBlt
SetStretchBltMode
SetBkColor
CreateFontIndirectA
GetStockObject
SelectClipRgn
SetTextAlign
CreateRectRgn
CreateBrushIndirect
GetTextFaceA
GDI32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
ADVAPI32.dll
ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitialize
ole32.dll
RtlUnwind
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
RaiseException
HeapFree
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
EXEpress
Professional Serial Code %010u
http://www.webtech.co.jp/exepress/
EXEpress 
Times New Roman
EXEpress_BackScreen_Class
%s%s.lnk
Windows
BWindows
eptemp.$$$
Program Files\
CommonGroup=0
CommonGroup=1
[Group]
[Registry_USERS]
[Registry_LOCAL_MACHINE]
[Registry_CURRENT_USER]
[Registry_CLASSES_ROOT]
[Files]
UninstallKey=%s
DeleteSubFolders=0
[Options]
[EXEpress Uninstaller]
epuninst.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall\
Self Extractable Archive by EXEpress Property
Self Extractable Archive by EXEpress ID
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
EXEpressCallback
EXEpress
EXEpress_Class
EXEpress for free software
UninstallString
DisplayName
System
Administrators
NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetWkstaUserGetInfo
NETAPI32.DLL
url.dll
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
0L0X[(WW0~0Y0
~0j0D0h0HQx02
NW0~0W0_0
W0~0Y0
0k0{v2
TBfk0w
RW0~0Y0
YW0~0Y0
0c0f0\O
0n0g0Y0
						
										
												
						
						
							
													
									
									
												
										
						
wwwtttGDDDD$$$"""""""""""""""""""""BBBDDDDD
ywwwwGttDDDDD$BB""""""""""""""""""""""BBDDDDD
wwwtwGDDDDBD$"B""""""""""""""""""""BBD$DDDDO
ywwwwttttDDDDBBBB"""""""""""""""""""$"BBD$DDGO
ywwwwwGGDtDDD$BBB"""""""""""""""""""B$$D$DDDGO
yywwwwGGGDDDDD$BB$"""""""""""""""""$"BD$DDDDt
wwwwtttGDDDD$$$"B""""""""""""""""B$$$DDDDDtO
wwwGtttDDDDD$BBB"""""""""""""""B$$$D$DDDGGO
yywwwwEGy
A""""""""$"BBD$DDDDGDt
T"B$$$$BDDDDDGGGO
D$BDDDDDGDtwO
TDDDDDtttw
DDDtGGGt
DtttwGw
GGGwww
wGttDDGDDD
WGGwtww
WwttDttDDDtA
twGtwww
GwtwGGGD
twwwwww
GGwwwwww
Wwtwwwwww
GGGwGwwwwwyyyy
uwtwwwwwwwwwwyw
wwwwwwwwtwwwwwwwwww
wwwwwwwwwwwwwwwwwww
wwwwwwwwwwwyw
wwwwWWZ
ywAGww
UUUUUUUUUUUUUU
UUUUUY
hhhhhhhhhhhhhhh
fhffffffffffffffhf
hfffffffffffffffffff
hffffffffffffffffffffffff
ffffffff6fcfcfcfcfffffffffhhh
ffffffff6cf6666666cf6ffffffhf
fffff6f666666666666666f6ffffff
fffffff6cccccc63c66666666cffffffhhh
fffff6ccc63c336336333c66666cfffffhhhh
ffffff6ccccc63333333333363cccf6ffffff
fffcf66663333333333333333c666cffffff
fffffccc6333333333333333333c6666fffffhhhh
ffff6cccc3333333333333333333c6666fffff
ffff66633333333333333333333363ccf6fffhf
ffff663c3333333333333333333333666cffffhhh
ffcf63c333333333333333333333363ccf6ffff
fcf66633333333333333333333333336666ffff
fff63c33333333333333333333333363ccfffffhhhh
ffcccc33333333333333333333333363ccf6ffff
fcf6633333333333333333333333333666cffff
ff663c333333333333333333333333363ccffffhhh
																																																																																								
																
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
	<assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="webtech.EXEpress.Sfx" type="win32" />
	<description>EXEpress</description>
	<dependency>
		<dependentAssembly>
			<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />
		</dependentAssembly>
	</dependency>
</assembly>
tJWord(
gJWord(
creadme.txt
dJWORD_panel.bmp
JWord_pino
hSoftware\PINO|JWord
eCnsMinSetup_pino.exe
CnsMin.dll
bJWORD_banner.bmp
http://www.jword.jp/intro/
8?:9h5
CnsMin.dll
wrgS(b
/uS)}EZ
|NUc~t
oj&m!J
$ tuzD
/rF9]L
PRJ*5 B,^
h**5"x,B
<vix|G
"dD.dZ
BIxDy6
<:I"mS
<huWr:D
Z.0	BV
3qt2[9_}b2t
I#o}&I
%txqIuj_
bZl{!O
SK_}B>
Z	spfF
2I$#?_o6
L#4)+~<
5!'C&`
&j<n=\)c>
\GUl9j?p
O:TA${5
H`u{Ps
19	u![(
d_@o[Fl{/A#Ra
S57<rF-
79"Y&0l'rf
:@zG0EF
mGBPT%
rX7avx
CrT79t)
e&'<mk
>Gh^>@
'^Cl^Q
;R'eGx
.rU{pmd
udr6:& j
&%84Sr!
GLP]aC/
gmmaf>
Y&="K<G
6'Qm'v0"
OnTzzX
$02nDV2d
i]I8MY	
	gnT>U
t8kn?C|
o#oc5X
L/Le*S
*NrecI
:~[>i4"uY
ry ._H
Ei|Ir_
?@K`PC:<
pV?	>{
svTA}1
<&'|y<
@-EdLIs
L?Gn9k
<b<Z1bU
ma\@"k
MeRoSc
/6Omj{'o
j0_==g
QBBI!2H
\*"crT`
ZaHL!\
GF~! G
lX; e8
zvon.6d
H!|LhJ
GG)uOc
,yJMUB
F_]%|W
^k90tE
CuGXb#s_
$CyECb f
 |P;@=
i--C9v
rx2}hh
{]%Sch:l5
MY>sl%,
3Uu/Rw
O&gIM[
abHB&~h
.{VX<j
_9A?/54
)b]+6T
cA;/A57?/F
Y/;5;4
]U2.YYW
4C";yE
{YD'U(
?IFcr)J/j
s33	2HH
.6AP_F
JFe"?!,
A?8IC&
/uK^Jsd}W
j&:ux7
CkJArb
&/wL^P
.'94l8
;Q^p>P
f&Q{QaM
!f(}q7
4L<<D49
E]]X{'[
SRhyDJ
GtF_r@9
(aNR1&?
&W\S`&
zm9PS~P<tn
g	tr$c
	i-ZCy
|* 8c{B
c)QR%uEP
:65L}F<
yWE7u8E1 
]qbWvW~V
XVyVmY
dVcVL,
_%_1_IZ
;'=W>qD
<AY1a'
REYUfU]WU
	h;(;X
-lh5-#C
CnsMinSetup_pino.exe
4c^3IL~{
,}IcX)
z4T3rU
[QNmJF
sVSA5e,
jX!sNf
aw+tqM2}T^]
$1BZa{
&@!JmD
sW?P( 
{$_vI)
+	Dh^X#_
5YYnu;rP
]hEse3
LNX%63*D
`xw7+r2
w-Di>(
:EWA7v	
M$W(2S(
]soQ*1
oR[oi<
C?+Mhg
12n-O	x0C
c5++%.
5D({M;
N*^8uW2
-n-jd{
h[C1<U4
y-N<3k
rgl{Mj@
readme.txt
-lh5-f	
JWORD_panel.bmp
EFTf+R
]Kz1l6
H!=MoN
JWORD_banner.bmp
jap5p\
PFh5N?+
h8bj}0