Sample details: 491bf48093ce883bc2caf2e7d37f91a5 --

Hashes
MD5: 491bf48093ce883bc2caf2e7d37f91a5
SHA1: 388f82016f77a1809e73162c447d1d3d34288b29
SHA256: 41552ff80f1fa54ced4bcd15edf0f10c498a5b4ab699451322970c2d230d6ce9
SSDEEP: 3072:+y1FYDD4mrr1v4H23RESEv0kpEFI9F6VCO+UxPd5q9z8AbPn/Yd61I+x:nHUcmrr1v4HopyFx69Mfzwd61I+x
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/DebuggerException__SetConsoleCtrl | YRP/anti_dbg | YRP/win_files_operation | YRP/TEAN |
Source
http://photoscape.ch/Setup.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
QQSVWd
~pjCXf
j@j _W
QQSVWh
j"_f9y
,SVWj0X
Wj0XPV
URPQQh
t WW9}
jA[jZZ+
tK<_t<<$t8<<t4<>t0<-t,<a|
<z~$<A|
0t-HHt
<0|L<9
tE<A|2<P
t9<_u5
t.<_u*
Tt^HtTHtJHt
<A|,<P
AtOHt5Hu
Ft,Ot	OtFOt#OuV
KKt*KKt
<0| <9
PP9E u
;t$,v-
UQPXY]Y[
PWWWWV
PSSSSV
v	N+D$
Ht+Ht$Ht
v	N+D$
<0|m<9
G Pj*S
G$Pj+S
G(Pj,S
G,Pj-S
G0Pj.S
G4Pj/S
G8PjDS
G<PjES
G@PjFS
GDPjGS
GHPjHS
GLPjIS
GPPjJS
GTPjKS
GXPjLS
G\PjMS
G`PjNS
GdPjOS
GhPj8S
GlPj9S
GpPj:S
GtPj;S
GxPj<S
G|Pj=S
tyPVj@W
_tcPVj@
u#j,Xf;
>Cu/f9F
+t"HHt
~';_t|%3
j	PjYV
Yu2Vj@h
SVWjA_jZ+
uBjAYjZ+
SVjA[jZ^+
jAZjZ^
PVVVVQ
uHjAXf;
uWjAXf;
WPPPPj
PVVVVQ
-t*j0X;
+t"HHt
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
xdigit
bad allocation
bad function call
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_parse)
regex_error(error_syntax)
regex_error
CorExitProcess
Unknown exception
_hypot
_nextafter
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
SystemFunction036
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static 
virtual 
private: 
protected: 
public: 
[thunk]:
extern "C" 
short 
unsigned 
volatile
std::nullptr_t
<ellipsis>
,<ellipsis>
 throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
wchar_t
__w64 
UNKNOWN
signed 
 volatile
`unknown ecsu'
union 
struct 
class 
coclass 
cointerface 
volatile 
const 
cli::array<
cli::pin_ptr<
{flat}
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#SNAN
1#QNAN
generic
unknown error
iostream
iostream stream error
system
kernel32.dll
string too long
invalid string position
ExitProcess
SetProcessAffinityMask
GetProcessIoCounters
GetCurrentProcess
GetTickCount
GetSystemTimes
GlobalAlloc
TerminateThread
GetProcessHandleCount
GetExitCodeProcess
TerminateProcess
ExitThread
LoadLibraryA
GetProcessId
GetProcessWorkingSetSize
GetFileType
GetProcessAffinityMask
FatalExit
VirtualProtect
SetProcessShutdownParameters
KERNEL32.dll
GetPropW
ShowScrollBar
EnableScrollBar
GetCaretPos
GetScrollRange
SetPropW
GetMonitorInfoA
BeginPaint
GetMessageExtraInfo
USER32.dll
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WINHTTP.dll
EncodePointer
DecodePointer
GetLastError
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
RaiseException
RtlUnwind
IsProcessorFeaturePresent
HeapSize
HeapFree
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetStdHandle
WriteFile
GetModuleFileNameW
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVinvalid_argument@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVbad_function_call@std@@
.?AVregex_error@std@@
.?AVtype_info@@
.?AVbad_cast@std@@
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AVbad_exception@std@@
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
xowirujapaxiruxikegefuhaxomabezuhameyeyiciwuhudoyoliyutisepojobehoyowapideyojocevamedehalusuzegimozeyuhifitayewiyatimolofipuhekohomomokupipakuxuzowelofowetulogofexuvikunegifulanizojihifehopuyimabusuzuhudijehaluseziwojagifuyicavonuwewebomowudekelehufuboyoze
Ott5oh
WSe[U;
H+Xl\f
k`{_~-C
\}f1<\C	uY
Xs:S{}=
Q z_=p
awg_?\%
bz=dW4
\k_jf+W.
ujj"b3
i7MC./
9h@Bj`
&qFoA-5
A;jqEDe=y
`PrP_r
BoJ(&5
-%. aRh
+dtB}>d
FM\]ay
q	Er)8
IB{LIM
po:ne&
*Pp,T`
o-#>7S~+&
43g1eL
	1_G	SN
waIQx! k
iSd O	
=Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"Mo"?	
Mo"Mo"Mo"Mo"Mo"Mo"?	
BDMo"Mo"Mo"Mo"Mo"Mo"?	
BDMo"Mo"Mo"Mo"Mo"Mo"?	
BDMo"Mo"Mo"Mo"Mo"Mo"?	
BDMo"Mo"Mo"Mo"Mo"Mo"?	
BDMo"Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"Mo"?	
=Mo"Mo"Mo"Mo"Mo"Mo"?	
Mo"Mo"Mo"Mo"Mo"Mo"?	
Mo"Mo"Mo"Mo"Mo"Mo"?	
Mo"Mo"Mo"Mo"Mo"Mo"?	
Mo"Mo"Mo"Mo"Mo"
Mo"Mo"Mo"Mo"Mo"
=?~0?~0?	
=?~0?~0?~0?~0?~0JQ
=?~0?~0?~0?~0?~0?~0JQ
=?~0?~0?~0?~0?~0?~0JQ
=?~0?~0?~0?~0_
4?~0?~0_
?~0?~0JQ
?~0?~0?~0?~0?~0
?~0?~0?~0?~0?~0?~0
;?~0?~0?~0
NvtbVP
NvtbVP
LLLLLL
??y?yyyy
G????yyyyyyy
LLLLLLLL
??????yyyyy
G??????y?yyyyy
LLLLLLLL
??????y?yyyyy
LLLLLL
?????????yyyyyg
LLLLLLLLL
??????y?yyyy
LLLLLLL?G
????????yyyyg
*yL!LL
LLLLLyG
???????y?
yyLyLLLLLLL?G
?????y?yy?g
*y!!yLyLLLL?G
??????y?
y!!LyLyLLL?G
?????y??
*yy!L!LyLL?G
yy!yLyLyL?G
yy!y!L!L!?G
yyyy!y!yL
l4444444444gyyyy!yLyL
???????y?yyyyy!yLy?G
ttttttttttttttttQQtjQ
@@@@@@@
;;;222222222222
@@@@@@
2222222
@@@@@@$h
2222222
@@@@@@@@h
2222222
@@@@@@@@h
2222222
@@@@@@@@h
2222222
@@@@@@@@h
2222222
55\222
DDDDDDDDDDDDDDDD
????????????????????????????????????????????????????????????????????
???????J
hhhhhhhhhhhhhhhhhhhhh,
???????J
???????J
,,???????2
???????J
???????J
ohhhhh
???????J
hohhhhh
???????J
ooohhhhhhh
h,,???????J
hooohhhh
???????J
ooooohhhhhhP?+
???????J
oooooo
???????J
oooooo,
??????
???????J
oooooo4
???????
.......T.
???????
5U???????
???????
???????
???????
???????
???????
???????
w?????????
???????????
???????????PQ
?????????????P
AP???????????P
?????????????
P???????????
?????????????
???????????P}2J??????????????
?????????????
???????????????????????????????????????
DDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDD
RRRRR~
DDDDDX
DDDDDQ
DDDDD$
DDDDDDD
DDDDDDD
J[6DDDDDDDDDDF
DDDDDDDDD
DDDDDDDDDDDu
DDDDDDDDD
JDDDDDDDDDDD
DDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDD
uuuupuuuuuus
B9999us
D?pWW''Q?p
PQ~iED
86i_0A
=042aqa_p
55]~.9k}42`t61W
52`~^Sj
0%010=0I0U0a0
282@2T2
4(454;4B4W4
5T5]5d5,6`7
8i9b:h:n:t:z:
;%;+;O;U;
<1<S<n<
=!=Y=s=
>$>+>2>9>@>G>N>U>\>c>j>r>v>z>~>
?&?J?T?x?
030[0i0
232L2S2[2`2d2h2
2B3H3L3P3T3
4?4q4x4|4
4e6j6o6
6N7S7\7h7m7
;(<D<Q<~<
= =-=5=Q=]=c=n=|=
=>>F>Y>d>i>y>
0"0(090X0n0x0~0
0P1^1h1v1
3E5c5|5
6 6$6(6r6x6|6
7 7$7E7o7
;@;v;n<
0!0%0:0U0p0
262A2p2
343>3W3a3n3x3
4'4f4{4
?&?<?R?Z?
;<<B<M<R<^<c<~<
=1=:=F=Q=x=
>.>4>?>I>k>q>
?+?7?=?X?^?y?
0$03090S0_0e0y0
1-13191@1I1N1T1\1a1g1o1t1z1
2%2-22282@2E2K2S2X2]2f2k2q2y2~2
3$3)3/373<3B3J3O3U3]3b3h3p3u3{3
4 4&4A4O4]4d4q4z4
5@5X5b5~5
8-8K8_8e8
9#9.949[9
:(:9:?:T:Y:^:c:l:
;3<=<X<b<
>%>+>5>D>w>}>
>a?o?u?
#010@0o0
0@1G1N1U1m1|1
4!4/484
5D5^5f5q5
929G9f9}9
=+=_=e=
?-?6?i?~?
0'0\0w0
202@2T2_2f2l2r2
5*545C5N5l5
6<6D6U6
7O7U7[7a7g7m7t7{7
8#8V8\8b8h8n8t8{8
8&9,92989>9D9K9R9Y9`9g9n9u9}9
;3;@;Q;q;7=u?
:U:a:l;<<
?$?*?E?J?P?V?a?g?
0&090?0Z0d0j0
848D8{8
;';4;9;D;R;|;
1C1\1t1
=(>C>M>|>
?8?=?I?P?t?
1"2;2^2
4!4Y4v4
6!666L6n6
9<:\:h:
=(=@=K=
2(2/262
3-3q3u3y3}3
4E4\4y4
70757_7
;,;U;k;
<(=g=|=
>=>G>{>
0;0N0X0u0
2<2K2n2
3+3;3K3i3
5,585B5`5
6Y6q6z6
>C>P>U>o>
0P1U1u1
1%262L2
3,3K3T3^3d3o3u3
4'424;4A4
5-5E5f5
:3:8:t:
:2;@;L;
;)<6<M<V<
=2=K={=
>M>&?2?=?I?P?U?[?`?f?k?p?v?{?
0'1/151;1A1j1
4+4;4A4P4W4g4m4s4{4
6A7t7(8n8
=+=:=A=R=`=k=s=
727=7]7h7
888C8c8n8
1W2a4s4
5'595v5B8
9/9A9{9,;3;;;C;K;a?l?
7%82878E8s8
k0t0`1
=E=P=]=h=s={=
>$>5>x>
4'5I6Q6
8%9-999H9
5=9A9E9I9M9Q9U9Y9]9a9e9i9w95:N:]:~:
;&<2<N<
=?=r=x=
>+>M>T>
0'0L0S0
4*424b4I5
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
8H9`9a;
58;D;r;|;
5m9q9u9y9}9
:$:*:0:6:<:B:H:N:T:Z:`:f:l:r:x:~:
; ;&;,;2;8;>;d;
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
4 4,484D4P4h4l4p4
?$?,?4?<?D?
$9(9,909
: :D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
6 6$6(6,6064686<6@6D6
(2024282<2@2D2H2L2P2T2X2\2`2d2h2l2
4$404<4H4T4`4l4x4
5 5,585D5P5\5h5t5
6(646@6L6X6d6p6|6
?(?4?@?L?X?d?p?
2\2`2h2
303@3D3T3X3\3`3h3
4 40444D4H4L4T4l4|4
5,5054585@5X5h5l5|5
6$6(6,646L6\6`6p6t6x6|6
707@7D7T7X7\7d7|7
8$8(888<8@8H8`8p8t8
9(9,9D9T9X9h9l9p9x9
9(:0:t:
;$;8;@;T;\;d;l;p;t;|;
<$<,<4<<<@<H<P<X<\<d<x<
=,=0=P=p=
>,>0>P>p>
?$?@?`?h?l?
0D0H0P0X0`0d0l0
1 1,1H1h1
202P2p2|2
T0\0d0l0t0|0
1$1,141
: :$:(:,:0:4:8:<:@:D:H:L:P:\:`:d:h:l:p:t:x:|:
;4;D;T;d;t;
;p>x>|>
2,2P2p2
383P3l3
444T4l4