Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 552f387180800cdea023dc65e2f62416 --

Hashes
MD5: 552f387180800cdea023dc65e2f62416
SHA1: e0e76e9d224157fa9d1b83a1533b049103eeebbe
SHA256: 55aa0917fd64607fedc6ad71dee75e333c23dc283342205880f8f66deda269e6
SSDEEP: 1536:R+XuzhVtdQKdeHAonHjKN7TtKIn+UT+eSIdzw2ah6lLd0O:R+XuzhVtdQKd9GOd/+eSm6h67F
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Parent Files
0495481d035935c5e309333c6d7c9209
Source
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
msvcrt.dll
ntdll.dll
KERNEL32.dll
3333333333333333""""""""""""""""
hlLNFw
[%-20hs] 
[%-4hs]
GShimExceptionHandler
Shim Exception %#x in module "%hs", line %d, at address %#p. flags:%#x. !exr %#p !cxr %#p
GetProcessHistory
Unable to allocate %d bytes for process history.
Unable to allocate memory for strings.
Unable to allocate memory for local DB path
SdbpCreateSearchDBContext
Unable to parse executable path for "%s".
Unable to allocate memory for szModule.
GUsing Process History: "%s"
Failed to retrieve process history
SdbpInitializeSearchDBContext
Failed to allocate buffer %d bytes
All attributes match, but LOGIC="NOT" was used which negates the match.
Failed to allocate %d bytes for FILEINFOITEM
Matching file "%s" not found.
SdbExpandEnvironmentStrings failed to expand strings for %s.
Failed to allocate %d bytes for FullPath.
Failed to initialize SEARCHDBCONTEXT.
SdbpCheckForMatch
Failed to get the string from the database.
G++++ Successful match for App: '%s', Exe: '%s', Mode: %s
!!!! Multiple matches! App: '%s', Exe: '%s',  Mode: %s
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Index entry found for App: "%s" Exe: "%s"
---------
SdbpCheckExe
+ Final match is App: "%s", exe: "%s".
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
No DATABASE tag found.
SdbFindFirstStringIndexedTag failed to locate exe (MODNAME): "%s".
Searching database with no index.
SdbpSearchDB
SdbFindFirstStringIndexedTag failed to locate exe: "%s".
SdbOpenNthLocalDatabase
Attempting to open local database %d: %S.
d:\xpclient\windows\appcompat\sdbapi\sdbapi.c
GSdbTagIDToTagRef
Bad PDB.
GSdbTagRefToTagID
Bad PDB designator in TAGREF.
GNULL pguidDB passed in.
SdbGetDatabaseGUID
NULL pdb passed in.
Invalid parameter.
Cannot get tag ref from tag id.
SdbpGetNamedLayerFromExe
Cannot read the name of the layer tag.
Layer tag w/o a name.
Invoking compatibility layer "%s".
SdbParseLayerString
Local database is corrupted!
Hit max layer limit at %d. Perhaps we need to bump it.
Failed to convert tiExe 0x%x to trExe.
Retrieved flags for this app 0x%x.
No flags for tiExe 0x%lx
Failed to read the GUID for tiExe 0x%x !
Failed to read TAG_EXE_ID for tiExe 0x%x !
Using Sysmain.sdb
Found in local database %S.
Using SysTest.sdb
Layers in registry cannot exceed %d characters
__COMPAT_LAYER name cannot exceed 256 characters.
Failed to create search DB context.
Looking for "%s".
SdbGetMatchingExe
Failed to open the database.
GThe entry 0x%x contains bad string value 0x%x
The entry 0x%x contains bad binary value 0x%x
The entry 0x%x contains no value
The entry 0x%x contains bad valuetype information 0x%x
The entry 0x%x does not have valuetype information
The entry "%s" not found
Cannot allocate temporary buffer for parsing the name "%s"
One of lpBuffer or lpdwBufferSize should not be null
The entry 0x%x contains NULL name
The entry 0x%x does not contain a name tag
The entry 0x%x does not appear to have data
SdbQueryData
Failed to convert tagref 0x%x to tagid
GEntry tiExe 0x%x does not contain TAG_DATA.
No flags for tiExe 0x%x
Failed to read guid ID of the database
Failed to read guid ID referenced by 0x%x
SdbReadEntryInformation
SdbpGetTagHeadSize
Error reading tag.
SdbGetTagDataSize
Error reading size data
d:\xpclient\windows\appcompat\sdbapi\read.c
SdbpGetTagRefDataSize
Can't convert tag ref.
GError reading tag data.
SdbpReadTagData
Buffer too small. Avail: %d, Need: %d.
SdbpGetMappedTagData
Error getting ptr to tag data.
Error reading data.
SdbpReadStringRef
TagID 0x%08X, Tag %04X not STRINGREF type.
SdbpReadStringFromTable
Pulled out a non-stringtable item.
No stringtable in DB.
SdbpGetMappedStringFromTable
Error reading buffer.
SdbReadBinaryTag
TagID 0x%08X, Tag %04X not BINARY type.
SdbGetBinaryTagData
READDATATAG
TagID 0x%X, Tag 0x%X not of the expected type.
READTYPETAGREF
GSdbpReadBinaryTagRef
GSdbReadStringTag
Error getting StringRef.
SdbReadStringTagRef
GSdbGetStringRefLength
Failed to convert tag 0x%x to tagid
Failed to allocate %d bytes.
SdbFindNextTag
Invalid tagid 0x%lx
SdbFindFirstNamedTag
Can't get the name string.
Can't get the name string tagid 0x%lx
SdbpFindNextNamedTag
Can't get the name string for tagid 0x%x.
SdbpFindMatchingName
The tag 0x%x was not found under tag 0x%x.
SdbpFindMatchingDWORD
The tag 0x%lx was not found under tag 0x%lx
Cannot read binary tag 0x%lx
SdbpFindMatchingGUID
Can't convert TAGID.
SdbFindFirstTagRef
SdbFindNextTagRef
Can't convert tag ref trPrev.
Can't convert tag ref trParent.
Invalid argument.
Failed to read database id 0x%lx
Failed to get the database id
SdbGetDatabaseID
Failed to get root tag
SdbpGetDatabaseDescriptionPtr
Failed to get database tag, db is corrupt
SdbpReadMappedData
Attempt to read past the end of the database offset 0x%lx size 0x%lx (0x%lx)
GSdbpGetMappedData
Trying to read mapped data past the end of the database offset 0x%x size 0x%x
SdbOpenDatabase
SdbpOpenAndMapDB
Failed to open file "%s"
SdbGetTagFromTagID
SdbpGetNextTagId
Reading from unfinished list.
SdbGetFirstChild
Trying to operate on non-list, non-root tag.
SdbGetNextChild
SdbpCreateSearchPathPartsFromPath
Can't find tag for tag ref 0x%x.
d:\xpclient\windows\appcompat\sdbapi\dbaccess.c
Can't find LIBRARY tag in main db.
Can't find DATABASE tag in main db.
Can't find DATABASE tag in db.
SdbGetItemFromItemRef
GCan't find FILE "%s" in main db library.
SdbpGetLibraryFile
Using DLL "%s".
SdbGetDllPath
Can't read DLL name.
No DLLFILE for the SHIM in LIBRARY.
No SHIM in LIBRARY.
GSdbReadPatchBits
Cannot get the patch bits.
Corrupt database. Zero sized patch.
Can't get the patch bits tag.
Can't get the patch tag.
Can't read the name of the patch.
Can't find the name tag.
GMagic doesn't match. Magic: 0x%08X, Expected: 0x%08X.
SdbGetDatabaseInformation
Can't read database header.
MajorVersion mismatch, MajorVersion 0x%lx Expected 0x%lx
Reading under hack from older database
SdbOpenDatbase
Magic does not match 0x%lx
Failed to open the database "%s".
Can't allocate DB structure.
No systest.sdb found.
Unable to open main database sysmain.sdb.
Cannot get standard database path
Database not specified with the database path flag
No database is open
SdbInitDatabase
Failed to allocate %d bytes for HSDB
GCan't read database information.
SdbGetDatabaseVersion
Failed to copy local database name "%s"
SdbOpenLocalDatabase
Unable to open local database "%s".
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
TagToIndex
Invalid attribute 0x%x.
SdbpSetAttribute
Invalid attribute %d.
SdbpGetFileDirectoryAttributes
No file directory attributes available.
FindFileInfo
FILEINFO for "%s" found in the cache.
CreateFileInfo
Failed to allocate %d bytes for FILEINFO structure.
SdbFreeFileInfo
Bad image type 0x%x
SdbpGetModulePECheckSum
Failed to get Image NT header.
SdbpCheckRuntimePlatform
Platform Mismatch for "%s" Database(0x%lx) vs 0x%lx
SdbpQueryStringVersionInformation
VerQueryValue failed for translation
Failed to query for fixed version info size for "%s"
Failed to retrieve version info for file "%s"
Failed to allocate %d bytes for version info buffer.
No version info.
Failed to import version APIs.
SdbpGetVersionAttributes
Failed to allocate %d bytes from stack
GSdbFreeFileAttributes
Bad pointer to attributes.
"%s" mismatch file "%s". Expected less than 0x%x Found 0x%x
"%s" mismatch file "%s". Expected 0x%x Found 0x%x
"%s" mismatch file "%s". Expected 0x%I64x Found 0x%I64x
"%s" mismatch file "%s". Expected "%s" Found "%s"
"%s" mismatch file: "%s". Expected %d.%d.%d.%d, Found %d.%d.%d.%d
Failed to get attribute "%s" for "%s"
Already tried to get attr ID 0x%x.
Bad Attribute ID 0x%x
SdbpCheckAttribute
Error retrieving header attributes
Error retrieving version attributes
Error retrieving directory attributes
SdbGetFileAttributes
Error retrieving FILEINFO structure
Failed to get the pointer to index data, index tagid 0x%lx
SdbpGetFirstIndexedRecord
The tag 0x%lx is not an index tag
Failed to get pointer to the index data tagid x%lx
SdbpGetNextIndexedRecord
Index missing TAG_INDEX_BITS.
Index missing TAG_INDEX_KEY.
Index missing TAG_INDEX_TAG.
Too many indexes in file. Recompile and increase MAX_INDEXES.
SdbpScanIndexes
Root child tag is not index tagid 0x%lx
Failed to get the child index from root
SdbpGetIndex
Index tagid 0x%lx is not referring to the index bits
SdbMakeIndexKeyFromString
RtlUpcaseUnicodeToMultiByteN failed on "%s" status 0x%x.
SdbGetIndex
index 0x%x(0x%x) was not found in the index table
SdbFindFirstGUIDIndexedTag
Failed to find index 0x%lx key 0x%lx
SdbFindFirstDWORDIndexedTag
Found tagid 0x%x
SdbFindFirstStringIndexedTag
Index not found 0x%lx Key 0x%lx
Failed to get index by tag id 0x%lx
SdbpFindFirstIndexedWildCardTag
Failed to convert name to multi-byte
SdbpFindFirstIndexedWilCardTag
Failed to get an index for tag 0x%lx key 0x%lx
NtCreateFile failed status 0x%x
SdbpOpenFile
RtlDosPathNameToNtPathName_U failed, path "%s"
Unsuccessful. Status: 0x%x.
Unexpected value type 0x%x for Key "%s".
Failed to read value info from Key "%s" Status 0x%x
QueryAppCompatFlagsByExeID
Failed to open Key "%s" Status 0x%x
SdbpGetFileSize
NULL parameter passed for wszItemName or pdwBytes.
Value length %d too long for key "%S".
SdbGetNthUserSdb
Failed to open Key "%S" Status 0x%x
File name longer than MAX_PATH - 2
SdbpGetLongFileName
NtQueryDirectoryFile Failed 0x%x
Failed to open directory file. Status 0x%x
Filename buffer is NULL for "%s"
Failed to get NT path name for "%s"
NtMapViewOfSection failed Status 0x%x
NtCreateSection failed Status 0x%x
NtQueryInformationFile (EOF) failed Status = 0x%x
SdbpMapFile
Invalid argument
SdbpUnmapFile
NtUnmapViewOfSection failed Status 0x%x
NtProtectVirtualMemory on 0x%x failed Status 0x%x
NtAllocateVirtualMemory on 0x%x failed Status 0x%x
NtFreeVirtualMemory on 0x%x failed Status 0x%x
Bad guard page 0x%x base 0x%x
SdbpResetStackOverflow
NtQuerySystemInformation failed Status 0x%x
NtQueryVirtualMemory failed on stack commit base 0x%x Status 0x%x
NtQueryVirtualMemory failed on stack base 0x%x Status 0x%x
NtQueryVirtualMemory failed on stack 0x%x Status 0x%x
GFailed to link %hs from %s status 0x%lx
SdbImportApis
Failed to load "%s" status 0x%x
NtQueryDirectoryFile Failed to query "%s" for "%s" status 0x%x
NtOpenFile Failed to open "%s", status 0x%x
RtlDosPathNameToNtPathName_U returned no filename for "%s"
RtlDosPathNameToNtPathName_U failed for "%s"
SdbGetFileInfo
Failed to allocate %d bytes for full path
RtlGetFullPathName_U failed for "%s"
GFailed 0x%x to write file "%s" to disk.
SdbpWriteBitsToFile
Failed to create file "%s".
Failed to convert file name "%s" to NT path.
Path is too long
SdbpGetStandardDatabasePath
Cannot get the path for database type 0x%lx
SdbpGetProcessorArchitecture
Failed to obtain system processor information 0x%lx
Failed to allocate %d bytes for user key buffer.
SdbpBuildUserKeyPath
Failed to format current user key path 0x%x
NtCreateKey failed for "%s" Status 0x%x
SdbCreateUserKeyPath
Failed to format user key path for "%s"
Failed NtSetValueKey status 0x%x
Failed to create user key path for "%s"
SdbSetEntryFlags
Failed to convert GUID to string 0x%x
Failed to convert "%s" to UNICODE. Status 0x%x
StringToUnicodeString
Failed to format current user key path for "%s"
SdbGetEntryFlags
Failed to convert EXE id to string. status 0x%x.
SdbpFindFirstMsiMatch
Failed to convert tagid 0x%x to tagref
SdbpGetNextMsiDatabase
Cannot open database "%s"
Failed to convert guid to string, status 0x%lx
SdbGetNextMsiDatabase
Unknown MSI Lookup State 0x%lx
Buffer specified is too small
when ptrBuffer is not specified, pdwBufferSize should not be NULL
SdbEnumerateMsiTransforms
Failed to read filename string tag, length %d characters, tag 0x%x
Failed to allocate buffer for %ld characters tag 0x%lx
Failed to get MSI Transform for tag 0x%x
Failed to convert File tag to tagref 0x%lx
Bad Transform reference 0x%lx
SdbReadMsiTransformInfo
Failed to convert tagref 0x%lx to tagid
GCan't write transform bits to disk.
Can't read transform bits.
File bits not found tag 0x%x
SdbCreateMsiTransformFile
File for transform "%s" was not found
SdbFindNextMsiPackage
No more matches
SdbFindFirstMsiPackage_Str
Failed to convert guid from string %s
SdbpGUIDToUnicodeString
Failed to allocate %ld bytes for GUID
CharNextW
PathFindExtensionW
PathCommonPrefixW
PathRelativePathToW
Unexpected qword attribute found
SdbFormatAttribute
Buffer is too small to accomodate "%s"
%s contains no matching files!
SdbGrabMatchingInfoDir
SdbGetMatchingInfoDir
lpBuffer is too small to handle attributes for %s.
SdbpGrabMatchingInforDir
lpData is to small
FindFirstFile Failed on [%s].
SdbpGrabMatchingInfoDir
Unable to allocate memory for lpData or lpUnicodeBuffer.
Unable to open the storage file.
GetFileAttributes failed or %s is not a valid path
SdbGrabMatchingInfo
Unable to allocate memory for lpRootDirectory.
Unable to use Shlwapi functions.
dwFilter is not a recognized filter.
sdbapiu.pdb
GtySh<
=9~$u5
F$u 9=L
G9M tZ9
 t)9=L
GtBVhp
90u	9p
HtJHHt?Ht5
HHtGHt,
tA;F t
Gtfh,&
tGRQWh
Gtwh8)
Gt`ht*
Gt9hX*
Gtnhx+
sdbf9E
sdbft!9
Gtih8-
GtPWhd.
F Ph	@
9X,u/j
GteShT>
~WVVj`j
Gtth\J
_VVj`j
Gt`ShdN
GtKVh0Q
Gt4Wh`R
HtJHt8Ht0H
Gt:hTV
F$9F$r
wcscpy
wcsncpy
wcsrchr
strncpy
strchr
strspn
isdigit
_vsnprintf
sprintf
swprintf
memmove
wcslen
wcscat
wcspbrk
wcschr
wcsspn
_wcsnicmp
_wcsicmp
toupper
_snwprintf
swscanf
gmtime
wcscmp
msvcrt.dll
_except_handler3
DbgPrint
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtClose
NtQueryValueKey
NtOpenKey
NtQueryInformationFile
NtWriteFile
NtEnumerateValueKey
RtlFreeHeap
NtQueryDirectoryFile
NtOpenFile
RtlQueryEnvironmentVariable_U
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlDoesFileExists_U
RtlGetFullPathName_U
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlExpandEnvironmentStrings_U
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtQueryInformationProcess
RtlFormatCurrentUserKeyPath
NtCreateKey
NtSetValueKey
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
ntdll.dll
FindClose
FindNextFileW
FindFirstFileW
GetLastError
VerLanguageNameW
WriteFile
CloseHandle
SetFilePointer
CreateFileW
GetCurrentDirectoryW
GetFileAttributesW
GetSystemDirectoryW
KERNEL32.dll
sdbapi.dll
SdbCloseDatabase
SdbCloseDatabaseRead
SdbCreateMsiTransformFile
SdbEnumMsiTransforms
SdbFindFirstDWORDIndexedTag
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstStringIndexedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindNextDWORDIndexedTag
SdbFindNextMsiPackage
SdbFindNextStringIndexedTag
SdbFindNextTag
SdbFindNextTagRef
SdbFormatAttribute
SdbFreeFileAttributes
SdbFreeFileInfo
SdbGetBinaryTagData
SdbGetDatabaseVersion
SdbGetDllPath
SdbGetEntryFlags
SdbGetFileAttributes
SdbGetFileInfo
SdbGetFirstChild
SdbGetIndex
SdbGetItemFromItemRef
SdbGetMatchingExe
SdbGetNextChild
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbImportApis
SdbInitDatabase
SdbMakeIndexKeyFromString
SdbOpenDatabase
SdbOpenLocalDatabase
SdbQueryData
SdbQueryDataEx
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadPatchBits
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbReleaseDatabase
SdbReleaseMatchingExe
SdbSetEntryFlags
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnloadImportLibs
Qkkbal
9 9\9`9
<,?0?8?<?
3,303|3
3,707t9x9<:@:
2K2_2p2
3+3L3e3|3
3F4P4U4
4?5J5Y5F6T6Y6t6
7"8)8.8E8N8S8|8
9"9[9|9
9K:Z:{:
;f;s;x;;<B<G<
?*?/?D?L?Q?
30A0F0[0c0h0
3]3d3i3
3.4W4^4c4
6/6C6Y6j677?7D7
9C9N9x9
= =+=n=
>%?,?1?T?
0W0e0j0
3%3*3R3^3c3y3
5L5r5y5~5
6&6+6i6p6u6
6,737w7~7
8Z8p8u8
8:9P9U9
= =%=T=
=%>,>1>V>|>
20P0X0]0
1%1*1\1
1]2k2p2
3#3,313e3l3q3
4H4O4T435>5C5_5f5k5
5.6L6W6\6
879>9C9c9
9 :V:a:f:
;#<-<2<e<l<
<6=A=a=l=
= >.>3>N>
?,?3?I?P?p?w?|?
1,161;1S1Z1_1
2!2>2I2p2w2
383?3F3S3}3
4N4U4\4i4
5<5t5{5
5H6u6}6
707B7L7W7h7r7
8%9>9J9O9p9
<o<x<}<
>$>)>S>k>r>w>
>c?l?q?
070A0P0d0n0s0
181@1E1
3X4\4`4d4
5=5P5U5
5+606g6
7C7]7b7
91989t:}:
:J;S;X;
?B?K?P?
3+303u3~3
3#4?4I4P4U4y4
475P5Z5d5i5
6 6P6Z6i6n6
7)72777|7
8B8M8u8
9 919C9Q9
:&:+:K:x:
;I;P;U;t;~;
<U<_<h<m<
=8=G=u=
>&>+>=>T>^>i>
?d?n?s?
0<1H1\1a1
2I2S2a2
4#4f4r4|4
6?6G6L6]6t6
7=7G7O7T7p7
8[8e8p8u8
9!9*949<9w9|9
;*<2<7<
<Q=[=`=
>l>s>x>
>&?_?m?r?
#0+000b0n0
2"282?2D2
2=3D3I3p3y3~3
4,5?5U5
5"6.6e6
8;9Q9X9_9f9m9t9{9
:!:(:::H:W:\:
;7;@;K;p;
<L<S<[<
=C=N=S=b=i=
?"?<?E?y?
1,1;1@1X1b1~1
2#2:2I2P2U2
P0X0`0h0p0
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9(9,9P9X9`9h9l9t9|9