Sample details: 46e9060e801a58e9e67430bedda5eece --

Hashes
MD5: 46e9060e801a58e9e67430bedda5eece
SHA1: c833f584539ce15526cdf3d621386b84d5b93db2
SHA256: 3fdbd94bee4f15b651f0080c3eba0d7278c5083c97e0b2a43a0eaceeb28435bf
SSDEEP: 12288:ti2NYtacO56SI4TkXUYk5DcRYQBK51QBfTYaJF:02Gs5I44X+qY3GBrh
Details
File Type: PE32
Yara Hits
YRP/maldoc_getEIP_method_1 | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/antisb_threatExpert | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation |
Source
http://rosewinegl.info/2
http://folxdogerm.info/1
http://rosewinegl.info/2
http://folxdogerm.info/1
Strings
		!This program cannot be run in DOS mode.
`.data
.data1
@.pdata
.idata
ispatcher()...
T$dRSV
jEUVh	S@
6\i386\agrsmsgc.[
jth8"@
D$<QTj
$1<$Pj[j
SVWVhs
@<jBjSPht
Z_^j8PTh
Pjuh`&@
$WPjjj[hi
PP_^[Qh
SVh((@
QjeURhE
WjxjQj
l$0+o$
_N#4$j j
t$Oh T@
YPWj	P
(VWVUSh
9^0vjWVTj
t$+h8$@
jlhp`@
j+hjt@
jShH9@
~DVRSS
t$phHJ@
VVh(>@
t$LjWR
VVVVQU
j;VjXh
t$<j!jFj
Y_TQj*
UVha&@
jqjVhp @
jHThl[@
#4$jZh
TUj}Qh
QSPSjn
t$4jqP
jsh8'@
UVhcd?
tC9Q tb
SUhp]@
VSjthJ4@
uG9y8u
Pj?Uhh
TPj6Qh
t09p u
VRh( @
RRTh`?@
_^QhHN@
SSSPj_
^jaSUh
j^Uj?h
0_][^Yh
j<VVhr
PjrUPTh
j@Vht2J
NVh\2J
QjBRSPS
jTh\S?
udWWh`
D$DjPQjI
jKh(	@
jxSjQj
Sjvht2J
STj!Vh
SVVPRT
QPh%k?
UreExW
es for ress
List_GetIconSi
uleFile
pascal
Imperson
GetFileAttri
tupInfoA
-----------
alization
south kore
tionX64_1l
obalSize
COutlookCust
;Mp: %s
\products\esif
ot load
      F
etSystemT
_TRACEMODULE
tStartupIt
or const
hish - Moder
Invalid resHB
ogram name unk
>%s</eventNa
9[_cdecl
GetProc
rib[%d]. Statun\BtwRSu
es_Data_Siz
articipants 
tWindowRect
Mexico
`h````
CoTaskMem
act_wirelesnse buf
- pure viX
GetStdHan
DelSectio
The par
Section
tImageInfo
anish-costa
u!!BcE
dition8
Program
io initializat
ontrolsEx
ESIF_E
`string'
ulSecti
aVault a
GetClieQ
n an unus
CObject
DOMCreate
VThread
DwdateRect
      <pa
es_type %
eyboardState.dll
e-;QX2
t!39Mb
e[kD_5
YZTDxOM
P:@78_}
hX#'v1
=x'zp8
}Ws;h\M
AIH>1K
P&c6LVnAD
;`T/_)
DaB7t^
QSO^)?P
.+7;Tf>06
7PU/'x
=D=D0R
Q)](%}W
Kz{-6HG?/
q^;8cD
n-j1M<8o
!*b@&F
=f>KSx
-DP9`{
~]rp&v?
0@+{jJ
H@NH_n
Y`lo(N
ZCs;1x
m*y;Ta
,AMS<)
)ut5YdFW
vFZuV&
IiT\DT
WU!`/c
|wfi^,&
$9{bDX[
47>g>B
\7ua> 
4gtL)Wxf
irbqi 
9x~{_v
~o!{1P
zGYsZd
]HEZ=m
:C`~L1
hZw;Rf_`
X%{.<b#
;2B[3Y
kctoC=p
_7:5Yc
jE})P2D
Mt3Al2
t6WS4X
xcRgFG
P"5h>x
hx9z,#
ui;d%e
jF	C!>
%wK :F
#Wq p^
afKmv{=#
v2WTz5
|{Y|`)
%R!!z+4
"%E`xFK
3=+tU6R
S{GB:2];
uxE.Ty
I6#?d*
X44,Ct
AxvZi-
mN>MSzs
)$1>H 
v16Zob
hZKRLM
'*M9iQ
=_\4.A
jg0JMm
k:H/fkU
[.ZQg5
<`76t B]
@[Kd!\
V;X :Z#
0eX4TL
&:^Ktn0
9nnA;#
]~>rtcEa2
"^E_.4
wRC_fm
b^&T)^
WR'm0^
.^'s3^
gVGO>4
1.>z1y
H	"^GH
_VE@26
"QHv#^
b^&Q!^
pb'i(^
!QK=&^
"^&3 ^
jRH-1y
yclI=s
GER_BUFFER
ESIF_E_NEED_BINARY_BUFFER
ESIF_E_REQ_SIZE_TYPE_MISTMATCH
jectFactory
esingroup <appname> <groupId> Get A List Of Modules For The Group
ui getmoduledata <ap
CoInstaller
CoInstaller
CoInstaller
RunServices
RunServices
RunServices
NewInstance
NewInstance
%x %x %x %s
NewInstance
\\.\mailslot\
\\.\mailslot\
3cv42.dll
DataEventHandle
3cv42.dll
DataEventHandle
\AdditionalDlls
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCException@@
llocator@U?$pair@$$CBKPAX@std@@@2@$0A@@std@@@std@@
.?AV?$_Tree_ptr@V?$_Tmap_traits@KPAXU?$less@K@std@@V?$allocator@U?$pair@$$CBKPAX@std@@@2@$0A@@std@@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
G%zE,.
:Y.[pUQ
C`QXW1
BK:cfT#
}<*2E&
9<KDLp
V+pKEj
ZL7Abm
LVnES<
t~9WoJMx
K.G6|]:
R~( [)
j\wg`5k;
Az%?4K
pW:6&XE
`a*wOPO
55{q@O
n%B{FZ
[n9`"u:
Ma		FK;
@Wm9mf
J=0;\m
X[uc%	
-J*(PY
wzR44n
=Q\Eue
8<%IFU@
p;0V&q
Cy~&IC
3"NOzA,n
/LQO B
l;%n F
}RY#gY
~0=g~S
Uji=9e
Df<'E$
W]`"u4 
*`R)PR
?%{\UO
hj^~	/nU
^^0w%R
48,`hUz=c
3KRUT$
.o{ {t7
oKfZCN
fkG-|c5
}&p&|r
I/d5L=
Pv(g*N
.K5C/*
lO{ktUr
?AV?$CFixedStrin
eDialogEvents@@
XBKBKX
.?AVCMFCToolBarBP
.?AVCSmar
riverDesc
VCCanspmg
.?AVCWnd@@
.?AUIA
CBitmap@@
.PAVCExcept
?$CList
\\.\Scsi%d:
.?AVCMemoryExc
teBinFile
.?AVCProbeD
SnapshotNotifyMs
.?AV?$CMap@II
ippiDecod
ippiSampleU
_ReqJobDelete@@
Audio Tuner
               
nal hardwar
ppiDecodeH
o Capture Pin...
.?AUIUnknown@@
Softwar
.PAVCNotSu
.?AVCM
.?AVCWinApp@@
PGenuine
.?AVCPri
AVCFileException@@
one lin
.?AVCOleCntrFrameWnd@@
IPPGenuine
?>7/6=<5
XBKBKX
I2ND__@@PAU1@@A
TUVWXYZ
_C4P4R
oftware Modem
.PAVCS
.?AVCComCtlWrappe
Lucent
HHHH@@
0L@@@@
Hiate filtergraph
ibleProxy@
.?AVCMFCRib
IPPGenuine
.PAVCInval
alUtils@@
Mann as an
Administrator,
 on ipp
ColorMenuButt
IPPGenuine
%,3:;4-&
!{bhbh
Are you s
.?AVCMFCRibbonBas
RRENT_USER%s
HKEY_CURR
AmA-Tb
.?AVXOl
ror %x: Cannot add vidc
.?AVXAccessible
IPPGenuine
Warilslot\
tification
Alloc_JPEG_8u
IPPGenuine
ntrolSi
_ReqJob@@
BKTbBK
ecodeHuffman8x8_JPEG_1u1
uffmanSta
AVCMFCImage
_MODULE_THREA
an8x8_AC
_P4C4R
IPPGenui
IPPGenuine
.?AVCMFCSpi
PwrScheme
GetAct
IPPGenuine
IPPGenu
IPPGenuin
COleException@@
eviceIds
\Filelist
TableInit_JPEG_8u16u
BKTbBK
ckSiteInfo@@
\recent
\options\in
.?AVexception@
.?AV_AF
@PGenuine
.?AVCMFCR
odeHuffman8x8_JPEG_1u16
IPPGenuine
IPPGen
1039&DEV_7
FGHIJKLMNOPQRSTUV
GHIJKLMNOPQRSTU
enuine
IPPGenuine
(6DR`PB
/PAVCObject@@
VCSimpleExce
>7/6=<5.'
&-4;:3,%
.?AVCWn
PPGenuine
IPPGenuine
EG_8u_C1R
MFCBaseVisualManager@@
IPPGenuine
ippiCMYK
MODEMWAibCacheMap@
.?AVCPaintDC@
IPPGenuine
.?AV_AFX_THREJI
 s: %d%%
emwave
System\Cur
8086&DEV
.?AVCResourceExc
.?AVCPtrList@
CCmdLineInfo@@
;H;H;H;H;H;H;HM[M[M[M[M[M
CTempMenu
ABCDEFGHIJKLMN
$_Tree_val@V?
llbackForQStruct@@
e space
Set Capture
oxEdit@@
H;H;H;H;H;HM[M[M[M[
wBnuine
PEG_8u_C4P4R
.?AVCH
Software\Microsof
DR`PB4&
.PAVCArc
 CFile@@
EY_CURRENT_CONFIG
 Cannot set new fram
.?AV?$
Error %x: Ca
ijklmnopqrstuvwxyz
EFGHIJKLMNOPQRST
FCRibbonEdit@@
ded by the 3ware Stoer@@
rsion\Unimodem\DeviceS
IPPGenuine
IPPGen
e space
Set Ca<
SourcePath
N>LZhvtfXJ<.
,+mN<S
C[+5,e
|Wsi4kR
9m4(6c
XcpR3U
+UP"C.S
3	S:j)$l
2I$HS-
bNb2Wy
jm>T=59
w=z0(v
(ol1B]
[mMtk?
awD&	P
6f+cBw
qoVV -
40]A=tq.
n@SJVj
@rgK`N
[c\:k=
5|)3\2j
u	~F7_	
b 8G,L
*1U|$N
lO6emO
|&rz%e
J;ix1E
W+sklh
Q"J{|v
M*H!,K
_Ss[l->
YJq!N[
kT>9;qg
l,C|V%
E@v -(4
=6~\YA
Q<y%J+
|9M(D<s
O+|6&^)
@j{G+3o
"0929v5
m|'(xT
+yUoJ$
`pO:Tn
 0Cl'q
g:,+pyy
+Mtp`L
>?,EUl1Z1
Z96bR:
kpDne5[h
E -"9f6
N^{p#:
kW8g];
3D,GU	
LM}a)z
/^"2 uk
-{Pd8wU
8`IeF3
[_7C+n
ZAmp1O"
n/C/te
]J6='|[
E;g+QN6
3@Mv 9
_; rX>
M'6}|7wI
0l{aWx%
 cKgkwU
0?/ }B
PRjzGo
NqMV=ICn
KJ>iTH
>7J74d
/o>[jf
B0[!el
{}3|= 
iplU*<3o
UjTtMhN]
S[^+%A
\b*xt`
s>%iv_
/zk.%>
OE@,;X
O@UA_K
paP9dG
w%}Z/E&
V5/3A|
3yuuqW
+fr>VdG
^gYRSe
`%_Lo|
{]j+)c
<OsqWC
|A^?F,
pa(7{i
u+Q1T!2&
zE^j/b
z>p_'^
o1H`G{:
#Y3w_S
	:  lAH
>;)ed}
!um*;	
k}z*#{
R}+I*A
kZV}YQ
+?/Pp<
@.Od^m
}/Iq$f
_[J>;R
zy-a9<
po^yX^
~{nu;"S
r(\r2h
+=zE0uB?
@l=_p|JCE
D@k<J{=|U
N	<GCC
R0[xR+
+^)_HCG
>+N?[I
L@OPct
yP}kY&
umF3."
j~djRD]
0QTuGC
=_=[([
u8\*M}hn'
n])MCqo
@D.=Li
jrf]P-
2[4f$i
n!a5##
F{ KJ2?
`~E*R6
),PAM	
LS	KMG
1s>JIi[
}B^RUt
B3<:{T
jnkuXjQJ#
CertVerifyValidityNesting
CryptMemAlloc
CryptVerifyDetachedMessageHash
CRYPT32.dll
FindExecutableImageEx
SymGetSymPrev64
SymUnloadModule
dbghelp.dll
CloseServiceHandle
ControlService
DeleteService
EqualSid
OpenSCManagerA
OpenServiceA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
AuthzFreeResourceManager
authz.dll
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetDriveTypeA
GetEnvironmentStringsW
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapCreate
HeapDestroy
LCMapStringW
LoadLibraryA
MapViewOfFile
MoveFileExA
RemoveDirectoryA
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetHandleCount
UnmapViewOfFile
VirtualFree
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
KERNEL32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>