Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 5a18b710adf77e347ac2730d1ab066ea --

Hashes
MD5: 5a18b710adf77e347ac2730d1ab066ea
SHA1: e34b720fd02f4d5f0518a13bbcfaed94cc7cfabc
SHA256: dd53507e3c4f29bb41a23090550aeee4f59131d85a87a6f7ae9f818f4c0459a4
SSDEEP: 6144:kOVuyVTa3eMpx8Q0V2FAutjnVcakqQf0A61nDIhWTzjtgW/8:fuyAuix8Q0VfuZjLQf0A61nDIhWTzjt
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_files_operation |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
R@$9)j
d2zbTd
JW$t<E
o*k9H>
$NIs|^CU<
:a:uq/NO
a3>s;2
CWh~`]
t$ +5@
<+t"<-t
EPQjLP
F 9^$|
QQSVWd
PPPPPPPP
.t|PVj@
t*=RCC
;7|G;p
tR99u2
t"SS9] u
uTVWh%
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
F Pj*S
F$Pj+Sj
F(Pj,S
F,Pj-S
F0Pj.S
F4Pj/S
F8PjDS
F<PjES
F@PjFS
FDPjGS
FHPjHS
FLPjIS
FPPjJS
FTPjKS
FXPjLS
F\PjMS
F`PjNS
FdPjOS
FhPj8S
FlPj9S
FpPj:S
FtPj;S
FxPj<S
F|Pj=S
C PjPV
C$PjQV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
C.PjRV
C/PjSV
CHPjPV
CLPjQV
PPPPPPPP
v	N+D$
URPQQh
;t$,v-
UQPXY]Y[
HHt$HHt
v	N+D$
t VV9u
<+t"<-t
+t HHt
V!b]1t
=S\WR[
(_j)B	7
{T^u:[~
$Op$	g"
f,zcA 
e[Y&I`
R] """
f  " "
2_[H<$
" " " 
"""""3
za*;&+
/I{	$	
""  "[
""v(I{`
""   I
"  B#S/
" d8OL
" @>f ""
!IQ#VB
36S^	5
"""cn" 
yolv0*
{*.c" 
A@F7wh
"* "  
O=wr1'1F
9LoD8,
cFI!>r
KERNEL32
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
invalid string position
string too long
bad locale name
bad cast
generic
iostream
system
iostream stream error
Unknown exception
bad allocation
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Visual C++ CRT: Not enough memory to complete call to strerror.
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
(null)
`h````
xpxxxx
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
`h`hhh
xppwpp
1#QNAN
1#SNAN
c:\key\Go\Strong\studentMetal.pdb
MoveFileA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetCurrentDirectoryA
GetEnvironmentVariableA
KERNEL32.dll
WindowFromPoint
LoadIconA
ReleaseCapture
OffsetRect
EndDialog
CloseClipboard
GetMessageA
FindWindowA
GetWindowTextA
ShowWindow
EnumChildWindows
GetAsyncKeyState
GetClassNameA
UpdateWindow
GetMessagePos
USER32.dll
Escape
TextOutA
GDI32.dll
PdhVerifySQLDBA
PdhValidatePathA
PdhUpdateLogA
PdhUpdateLogFileCatalog
PdhSetQueryTimeRange
PdhSetLogSetRunID
PdhSetDefaultRealTimeDataSource
PdhSetCounterScaleFactor
PdhSelectDataSourceA
PdhRemoveCounter
PdhReadRawLogRecord
PdhParseInstanceNameA
PdhParseCounterPathA
PdhOpenQueryH
PdhOpenQueryA
PdhOpenLogA
PdhMakeCounterPathA
PdhLookupPerfNameByIndexA
PdhLookupPerfIndexByNameA
PdhGetRawCounterValue
PdhGetRawCounterArrayA
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumLogSetNamesA
PdhCreateSQLTablesA
PdhConnectMachineA
PdhComputeCounterStatistics
PdhCollectQueryDataEx
PdhCloseQuery
PdhCloseLog
pdh.dll
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetLastError
HeapReAlloc
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetCPInfo
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW
3;333333;
333333333333333333333333333333333333333333333;
333333333333333333333333333
333333333333333333333333333333333333333333
3333333333333333333333333333*3*!""
""^D"" "
" ]#KU
N(!`GT8""  
+x'DMz
"3333"33
 EI^6#
dI["" " 
 """""
?.2r{I&
"" "#L
" p~ ""
3333";33
j".;E["
333"33
l |t  
Sf3j  "
"   "{o+
 "   "
F-B ""
 "nCcUa
     /K
   "" "
=h}/i'*Tz
 /jQu(YU
H*R$9F"
333333
""   4
5x8b79
""Sv"" " 
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVsystem_error@std@@
.?AVfailure@ios_base@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVbad_alloc@std@@
.?AV?$numpunct@D@std@@
.?AVbad_cast@std@@
.?AV_Locimp@locale@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
::9p443Y****''&
)))kuro
+*)pHGG<KJJ
sss$SSR
ONMm]\\
>==7dcc
"!!-211bRON
1/.H777
###F===
///zHGG
NMMi}}}
KJJ2a``
vvvr]\[
0/.{999
!  G777
2"!!g321
332OBAA
<;;9:98lMKJ
)))$)))
---SHHG
-,,wKKK
7!!!k0//
!!!!T//.
HHH	LLL
ZYY=hggqnml
   '//.Z>=<
---	---
   ~AAA
kkk:DCC
uuumIII
(((nooo
A   t--,
F"!!{100
"""0000c===
444M%%%
5)))j777
kkkVwww
   |:::
###6999
///k<<<
OOOTCCC
LLL_===
I   ~,,,
#"""V...
rrr	vvv
E&&&y333
```.lllbvvv
,,,D:::
777w<<<
   bEEE
ccc-BBB
lllaAAA
eeeL>>>
&&&C000w<<<
,===`'''
I!!!},,,
2   f,,,
UUUOaaa
!!!v:::
$$$|:::
&&&N999
555k===
///d999
   |999
%(((W444
@DDDu...
E!!!z,,,
...L888
%%%p777
)))u999
   i:::
   p;;;
   u;;;
###|:::
&&&e:::
wwwL???
aaa6===
jjjk???
XXX <<<
'''i999
8   n---
>###s---
E###z000
5   h***
:   o---
'(((W555
MMM?%%%u---
F###{000
6***j333
0#0)0-03070=0A0G0K0Q0U0[0_0e0i0o0s0y0}0
1#1'1,11161;1@1E1J1O1T1Y1^1c1h1m1r1w1|1
2;2D2Y2
3 3&323J3P3_3i3s3
4%4-4=4G4[4d4l4v4
5"5:5A5J5R5v5
6#6(6.696?6H6S6X6]6m6s6x6}6
7#7)7.747?7H7M7j7o7t7}7
8'81898D8I8N8V8v8
9#949U9_9k9
:!:/:q:
<.<><D<P<Y<e<z<
<+=B=[=c=m=
>$>*>6>=>G>L>]>t>
?'?>?P?f?w?
0!0,020D0K0U0[0h0r0
1"1*191?1G1W1c1m1
6&7j7t7
=)=2=i=v=
0:2R2g2p2
3k4<8C8
;;;D;S;m;v;
<$<?<p<}<
=/=5===J=O=i=o=|=
>!>+>1>7>H>N>X>b>m>u>
?$?.?4?>?G?O?]?c?l?w?}?
0,0H0P0U0^0d0n0s0y0}0
8"8(8.848:8@8F8L8R8X8^8d8j8p8v8|8
</<9<O<
>8>C>_>
1(143<3\3d3%4
4&595N5W5
939<9s9
:><6=(?0?
90L0\0
1+1;1H1Z1`1f1m1v1}1
707V7f7
<	=/=M=T=X=\=`=d=h=l=p=
=2>=>X>_>d>h>l>
?V?\?`?d?h?
*0\0t0{0
1 1j1p1t1x1|1
4C4I4N4V4f4p4v4
;7;\;k;s;
=/=d=F>
141<1X1_1g1
0L0_0-1N2S3
: :+:B<6=
	0p0v0
1-1;1P1Z1
:";+;7;p;y;
D0d0i0
3%404:4S4]4p4
787@7H7_7x7
9l9/:]:
;9;i;p;|;
<'<<<b<
>b>h>~>
?+?1?9?>?F?K?S?X?_?n?s?y?
142A2G2m2y2
233;3N3Y3^3p3z3
6!6)6/6=6q6~6
8*868;8K8P8V8\8r8y8
1)1.1Q1n1
2.3H3k3x3
3)3;3r3
4Q5c5u5
:1:E:K:T:g:
=4=H=\=
223E3t3
9"9&9*9.92969A:G:
<C<P<U<c<
0w1G2x2
=/=^=d=l=
7<7N7Y7m8
7.8A8Y8y8
9\:P;X;	<
=)>/>=>
3*4A4{4
;";&;*;.;2;6;:;>;B;F;J;W;
<A<Q<n<
<	=,=W=
0$0.0C0X0\0f0x0}0
1&11151:1
2 2$2(2,2024282<2@2L2P2T2X2\2`2l2p2
l8p8t8x8|8
9l9p9t9x9|9
: :$:(:8:<:@:D:H:L:P:\:`:d:h:l:p:t:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<X<`<d<h<l<p<t<x<|<
2$2,242<2D2L2T2\2d2l2t2|2
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<
H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
8h8l8|8
9 90949D9H9L9P9X9p9
: :$:4:8:<:D:\:l:p:
;$;<;L;P;`;d;h;p;
<$<4<8<H<L<P<X<p<
= =$=(=0=H=X=\=l=p=t=|=
> >8><>T>d>h>l>p>x>
?,?<?@?P?T?\?t?
0 0$0(000H0X0\0l0p0
2 242<2P2X2`2h2l2t2
3$3,343<3D3H3T3t3|3
4 4(444\4
505D5L5h5p5
6,646@6`6h6p6x6
7 7(7074787@7T7\7d7l7p7t7|7
8(8H8T8t8
909P9\9x9
: :P:X:\:t:x:
;0;P;\;x;
<8<X<x<
=$=(=H=h=
>(>D>H>h>
8$9P9|9
<(<,<0<4<8<<<@<D<H<L<X<\<`<d<h<l<p<t<x<
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7
8 8$8(8,808@8D8H8L8P8T8X8\8`8d8h8l8
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|: