Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4844c4134e4a5d55d6e267fd778bedd0 --

Hashes
MD5: 4844c4134e4a5d55d6e267fd778bedd0
SHA1: ce7ec8da8f70702bf079ced718b7c77e059956c9
SHA256: 4d8e826234134583231e8adac68c66164824dd7ea3faae4d85094b0be9108b75
SSDEEP: 3072:1cs7Jh2qWfSACsHv2jz2TvFDUVQ8UkVg3:1csn2N6/sHv2j6TtDUHUag3
Details
File Type: PE32
Yara Hits
YRP/Borland_Cpp_DLL | YRP/Borland_Cpp_for_Win32_1999 | YRP/Borland | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/screenshot | YRP/win_registry | YRP/win_files_operation | YRP/CRC32_poly_Constant |
Parent Files
07366aeaaf4cc541451e35c636f53fa4
Strings
		This program must be run under Win32
`.data
.idata
@.edata
@.rsrc
@.reloc
fb:C++HOOK
StringList *
Array<char> *
Array<wchar_t> *
Array<int> *
_^[YY]
C,;C$s2
Array<int>
Array<wchar_t>
Array<char>
StringList
Archive
RAROptions
FileHeader
BlockHeader
Array<unsigned char>
Array<__int64>
BaseBlock
ExtResource
LanguageResources
ArchiveModules *
RarFormat *
RarCommand *
ZipFormat *
ZipCommand *
ModuleFormat *
ModuleCommand *
ModuleFormat *[2]
ArcFormat *[2]
Archive *[2]
Archive *
File *[2]
File *
ArchiveShell *
_^[YY]
3^[YY]
ArchiveShell
ArcFormat *
ModuleCommand
ModuleFormat
ZipCommand
ZipFormat
RarCommand
RarFormat
ArchiveModules
ArcFormat
ArcCommand
ListItemsArray
Array<SmallItem>
ListItemsArray *
Array<SmallItem> *
SaveFilePos
Array<unsigned char> *
RawRead
SaveFilePos *
RAROptions *
Array<__int64> *
RawRead *
t Kt<Kt[
_^[YY]
ExtResource *
LanguageResources *
_^[YY]
CClassFactory *
_^[YY]
CShellExtension *
CShellExtension
CClassFactory
FIClassFactory
IShellPropSheetExt
IContextMenu
IShellExtInit
FIPersistFile
FIDropTarget
FIUnknown
FIPersist
std::bad_alloc
bad_alloc *
std::exception
_^[YY]
std::bad_cast
std::bad_typeid
_RWSTDMutex
**BCCxh1
_^[YY]
std::type_info
type_info_hash
_^[YY]
_^[YY]
A<ru	3
9+u <tt
_^[YY]
H_^[Y]
e@FBC;u
_^[YY]
QUVWRSPT
0_^[Y]
Borland C++ - Copyright 1999 Inprise Corporation
SIMULATE_TLS: A second thread was about to be created and the c0s32 startup code is in use
Nonshared DATA segment required
Cannot run multiple instances of a DLL under WIN32s
WinRAR
Software\WinRAR\Paths
AppData
?*<>|"
Formats\*.fmt
Formats\%s
Prepare
GetNextName
GetListItem
Extract
GetComment
Windows
rar|r##
VAX/VMS
VM/CMS
Atari ST
Mac-OS
Z-System
TOPS-20
SMS/QDOS
Acorn RISC OS
Windows VFAT
Tandem
zip|jar
FileList
AllVolumes
CustomExt
Software\WinRAR%s%s
%s.tmp
RichEdit20W
DllGetVersion
TempFolder
\rartemp
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
kernel32.dll
GetDiskFreeSpaceExA
rarlng.dll
*messages***
COMBOBOX
shell32.dll
ShellExecuteExW
rarcxtXXXXXX
cw -y "%s" "%s"
rarext.lng
Interface\Themes
ShellExtBMP
AddArc
Profiles\%d
AddToMenu
Profile
EmailOpt
EmailArc
ExtrTo
ExtrHere
ExtrSep
OpenSFX
Convert
MenuIcons
Setup\MenuItems
CascadedMenu
WinRAR
ImmExec
ArcName
Rar$MLXXXXXX
x -iext -ow -ver
t -iext
cv -iext
"-anf=%s" 
-scul 
"-an=%s" 
"?%s\"
ExtractTo
Extract
ExtractHere
ExtractSeparate
EmailArcTo
Profile%d
SHGetPathFromIDListW
UseRAR
EXTARCINFODLG
EXTCMTARCINFODLG
Software\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe
winrar.exe
PathsAbs
PathsNone
"-cp%s" 
%c %s%s%s%s%s-r0 -iext -- 
-ieml. 
 "@%s"
Rar$LSXXXXXX
Default
borlndmm
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
borlndmm
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysReallocMem$qqrpvi
creating heap lock
no named exception thrown
bad exception thrown
bad alloc exception thrown
rwstderr
<notype>
<notype>
___CPPdebugHook
Stack Overflow!
allocating handle lock table
creating handle lock
creating global handle lock
),(((((),(((
XXXXXX
Error 0
Invalid function number
No such file or directory
Path not found
Too many open files
Permission denied
Bad file number
Memory arena trashed
Not enough memory
Invalid memory block address
Invalid environment
Invalid format
Invalid access code
Invalid data
Bad address
No such device
Attempted to remove current directory
Not same device
No more files
Invalid argument
Arg list too big
Exec format error
Cross-device link
Too many open files
No child processes
Inappropriate I/O control operation
Executable file in use
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Math argument
Result too large
File already exists
Possible deadlock
Operation not permitted
No such process
Interrupted function call
Input/output error
No such device or address
Resource temporarily unavailable
Block device required
Resource busy
Not a directory
Is a directory
Directory not empty
Unknown error
creating global stream lock
allocating stream lock table
creating stream lock
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
%H:%M:%S
%m/%d/%y
%A, %B %d, %Y
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
January
February
August
September
October
November
December
printf : floating point formats not linked
scanf : floating point formats not linked
printf : floating point formats not linked
scanf : floating point formats not linked
Error: system code page access failure; MBCS table not initialized
%02d/%02d/%04d %02d:%02d:%02d.%03d 
kernel32.dll
GetProcAddress
Borland32
Pure virtual function called
Abnormal program termination
No space for copy of command line
No space for copy of command line
creating atexit lock
An exception (%08X) occurred during DllEntryPoint or DllMain in module:
creating thread data lock
Semaphore error 
___CPPdebugHook
**BCCxh1
OLE32.DLL
ADVAPI32.DLL
KERNEL32.DLL
COMCTL32.DLL
GDI32.DLL
SHELL32.DLL
USER32.DLL
ReleaseStgMedium
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByte
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LocalFileTimeToFileTime
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrcpynW
CreatePropertySheetPageA
DestroyPropertySheetPage
CreateCompatibleDC
CreateFontA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectA
GetPixel
GetTextFaceA
GetTextMetricsA
Polygon
Polyline
SelectObject
SetBkColor
SetPixel
SetTextColor
TextOutA
DragQueryFileA
DragQueryFileW
ShellExecuteExA
SHGetPathFromIDListA
BeginPaint
CharLowerA
CharLowerW
CharToOemA
CharUpperA
CharUpperW
CreatePopupMenu
EndPaint
EnumThreadWindows
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
InsertMenuItemA
InsertMenuItemW
InvalidateRect
LoadImageA
LoadStringA
MessageBoxA
OemToCharA
ReleaseDC
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
wsprintfA
wsprintfW
rarext.dll
DllCanUnloadNow
DllGetClassObject
ExtAddNames
ExtGetCommandString
ExtInvokeCommand
ExtProcessDrop
ExtQueryContextMenu
ExtSetDestFolder
___CPPdebugHook
										
S!jWW'Y
W[xQ'Y
S0RS_MR
N0RS_MR
S@b	g	
{<:y&q?	
HrCg@b	g 
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
0$0+010:0G0S0g0m0
1%1B1U1^1
2(252;2O2
0n0v0h1x1
3P3d3x3
:J:V:P:^:s:
:":.:j:
0B0\1e1
2 2<2T2p2
4'5=5m5s6z6
1191b1v1
8x8|=i>q>
6(606D6
?B>^>d?
8f:$;*;/;
313!4l4
8/9T9i9o9
;*=2?7?
&0:0A0H0
:':F:R:W:|:4;D;T;
6'8e8m8
=(>2>;>H>N>
>4?L?b?v?
<!=#>6>Q>s>x>
2#2*202\2
6D6M6Z6
3(4N4{4)5a5'6h6y6
8 8&858h8r8
<	=]=m=
0d0u0|0
0"1V1d1}1
7$707<7H7T7v7
Z?b?m?s?~?
;!;];m;
<*<6<?<N<]<m<I<
=2=;=K=
=%>C>W>p>
?'?-?8?D?I0]0"0q0
141P1r1`2D2f2
7B7K7^7l7u7~7
839s9D9Q9
0#0B0J0V0\0l0x0
3*353d3j3r3z3
4-4;4x4
5X5b5}5
8!9'9/9=9O9U9^9b9o9
7$8u8m8
8W<"={=
=-=E=Z=r=
=(>I>v>
D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
?50D0_0k0w0%0~0
7f8,9,7=8M8u8
; ;$;(;,;0;4;8;<;@;
?0?E?Z?o?D>f>
J0n0t0z0
02595r5y5F7P7J7T7>8E8g8n8z:
>%>/>>>G>Q>
>D?r?|?v?
3$333<3F3
384f4p4j4t4q:
;&;1;F;
;7;P;Y;i;
=>>f>t>}>
?1?=?I?U?l?
?N?[?g?
9V749Q9
;m<M<]<r<
<,=4=B=
<Q=Z=c=
0.0?0y1
1)181?1E1
5^=b=f=j=n=r=v=
88>8D8J8P8V8\8b8h8n8t8z8
9$9*92989>9D9J9P9V9\9b9h9n9t9z9
7$7*70767<7B7H7N7T7Z7`7f7l7r7x7~7
8 8&8,828
,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
? ?0?P?\?`?l?
949$9D9T9p9
:4:<:\:`:
;,;<;H;T;`;l;x;
< <$<(<
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4t4x4|4
6$646D6T6d6
7 7$7P7T7t7x7
8H8`8d8
0 0&0,02080>0D0J0P0V0\0b0h0n0t0z0
1 14181<1@1D1H1L1
2!282X2\2|2
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:
;,;0;<;@;D;P;T;|;X;
989@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
0(0,0<0\0h0l0|0
1$101<1\1
7 7<7L7X7\7l7
7$8(8H8T8
? ?$?(?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
7 7$7(7,7074787
1L2P2T2X2