Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 654ac82000cac612c7823bd3332c2cb1 --

Hashes
MD5: 654ac82000cac612c7823bd3332c2cb1
SHA1: e1dd1d0de389af879693c928665e8c07a6224623
SHA256: be2efbd295a0328d9bd62a9fb5bf73e458f45fb999a2ae07d4341af10f2c3305
SSDEEP: 12288:5hSc5emy9vksYLheChivZiqwH66XlZ2mI+dRMiCacxNKpJWB:nzo598smeChoiok6m3dRMiCacxNKpJWB
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Winsock2_Library | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
205056c92558fcd831ecebcef56bd314
Source
http://cryptovoip.in/bn/TGFX.exe
Strings
		This program must be run under Win32
Boolean
Integer
ByWl'Word
TObject
Wrface+
|NNNNxtplNNNNh(d`NNNN\
NNNNXT
MM 0rl.
td EDtion 
 2004,
/"rofe
twa@Develo
4M[D ((K
v^d8@@kW
^KZjQS
W6An unexp`e
d memory
ak has occu
heYsmall blHkc
$s:gUnknown
 xYZXu
.9;]w"!
0Huvrp
i C=Dr/
y>ENHZ8|
u0NHJ%NZ
+t_$xtZXtU0
N"	w%9
~KxI[)
SOFTWARE\
\Delphi
FPUMaskValu
t7I4r(
ZTUWVS4X
H*@Ll9Wf
N|*(}&
p8tJ(Xo
.|"Gff(
4.> ;sH
t1t-$hLa
h\$8p=xVk
Yvw#@PVg4k
kkernel3
GetLongPathNameA$X(
"^rNADe@
YZtW8GC
odSel3
&Disabl
FocusDefault
PHotLigh
ive>NoAc
omboBox
Windows
TOwnND0wStaJ
<84099
,($ 9999
[ MagelX MSW
H_#SUPPORT_(
_.SCK_LINES/4
	TFile
	Excep`
EAbortE
wEHeap]
EOutOf
~Range
fv0idOp
Varian@.
SafecalH~
bkFUDls
TThread
|$TMulR
 lusA`j
,zR<GH
6MpTa'1
?GuEHD8V
>@A`XF
m0n=Pt
dd 9q=
-?<.*F
0r=<9w9i
INFNAN
* (()@-3$-	u
*-&*$Q
0()(2)
hgn2%}
8,fk<d
bX#PY.
Bb_e:uew'd
42:P T
a_!JJu
I8^#2#
HKv~\0$
AAHbDXw
YSU<HtH
dV-NHl
}2$%2C
	%7*\7
7m/d/?
l8[@P?
TUnitHashAr@
TModuleInfTX
kFreeSp
!;G$t@
h<h%Hh{
ChrTyp
	h'Neg
/_SubMulDivd
XorCmp4FdH
romSt*
WZImpl
Ft?Htb
t6[u&8
=3=l#&lA=A	
B'Empty_
eWOAny2E/!m G
602Zx*
Wxm}]S
TAlign
LeftJHify
	TBiDi
Middle
List@(#
VAHWAu9U&
_WDc^7
e6Tf(g\
Tag>P9p9
TBjicA
2.VNIdfM
gGroup
EuA,WW
\K3%m^
RI^a!u
~+8PU1
;$iCUj
'Rl|&G
2ggIJ!_cu
XUL#`zU
u&=|T|RG
4/C;^X{
\D'FB+`
Mo`Q4+Rx
Z1<CNu
M &8"U
"_g/QF
 r"d}&,
~"Vpp@
f(Y=	x
hn"j4M
Y0)-|0
,;{P`4
'7G yu
/BpFixup>
2lY(SI9
.M; <Qia
W<	_!q
@Py&IO	
[1?K,ty
,G4@I2.
,fd"x@~
=RP?P9
"FEmE5>}
%s_%d?
@v0BN-
R{ ][@
|S-8JV
!]:`Q^
:N[X2q
SiUpi0W
Nd*6<?
0.@cuJ
K&;@|0
u1C?<t/
Dt:NP7%e
v9]+AG
HItP6U
$r$;zt
H6XX6p
TQAhA7
Q3Viewe
T _ Nhl
^I(.%0~$
$$&BN@<
RL6W+L
)Vh'th
numflay
USERjDL
_<.RaN
oaoFontPitch
.FDiag
Boross&
PDc`DooD
dA&|>WA)
#'@^ `
MuE;@ 16
*TJ3T-
clMaroonG
VEjGtn
eGTeal
)vgSilver
Yellow
_nG	FuchsiaA
^CaW_p
d/BtnFU
-+/W3O
:G3DDk
ANSI_CHARSE4
wDEFAULT5aH
SYMBOLc_
HIFTJIS
GB2312
CNE"BIG5
TURKISHH
EASTROPE
s%Vrlt
%Gx^:6
bOD	2mU
TGonn7	
DB/C=Y@
^gIx/	['
bEJRB^
BVoPOH8
lA`lv 
+Z`u86
u&FO0;
51NJjk
kt$+tu%,
L/:P! 
icobmp
Dm]90\"
oipbop4
T, 	@*
8F':Bqt
@#c2T	/WE&
T	J%}w2?
 hb:#j
\Z!$448
&-XHs8
W84=&u,
E	\u_w	`
u'jFea
J1YVdi
%2$rZHP
H%Ov0S
k6XyNp
 t@;Vs
QO8!/Xo$
Tahoma
Ns|NKh
~ Dlg 2
TIxXpd
TCriwSe
TX\`Va
!{;Xc-
Z+t"lT
xtheme
yClose!
Hies?g
IcqIs 
yTNnSX{
^	=A(>v0
*[T4Su%V
ivC@p!
OnClick
PS|n<~
vTabNb'
IInner
Mt,.Pssw
lV\Op!
vHP_+b
@&pBVxFFFf
BUTTON
d_WebSn
ALav=Bl{
Antique!_
CWheat
~Ghost
Papaya
DarkOr
A(_&Xya
anaWPeru
?goXAB>
Ca,iOc
TJst-/,
{9w=O,b,h
gd	5%c	O
7-.-QH/\
L)*rU(
m-\CdNza
9mock\
\%W=>C
T2?@AB
}=fp:!8H
8_fa E.i
bbf0!sl
NoM5p'2
t=D:Cce
cxxP\`MjT
NLSave?
PWefo-
_(F<^f
J"ZC e%
4@1q}1
GtP.CC8
LEx|E3_
N$O`PE'
LIE$VE
6&0ZEv
wE'0{E
 	^`#al
?x}h0u
^\_Ign
J[>x0z
"l$>up
@hd%CL
cPtr%.8X
1,2 Mik2
aN&Olbsfv
Rd"e#A*
MenuDn
TAdvPd
dwr`q0h
keysK<
uBfB6`v
xC?i>o
A4`pQ=
1234567890A
hGHIJKLMNO
UVWXYZ
]Zv*vH>
nL@P$@PvAF.
PsSBfh
`!|\;BT$
X SAnS?<
Xq:Rqr
]{5Guo
h8Z%GN3
kSJS4YtBk
5)8{Z_
G:^8tA
A:~\f;P`
:]:tJX:
%RK<AX
3VI^=db"
eC>vX3
Er$(8r
P%1FD)
"IP]HH
H/W-!DP
C*ph&(
\SY M 
script26h
; hb!@
;F;uZ]
fu8GHD
,/o]7J`}
#<(/"64
nG<h.P
HIh;J4u
DULdTiU
mbmba8
`$-&xhVd
1?4p!OLD
S8phaD
e=benB^>bebe
6pUGXb 
VkL4p5A
WSEWE'
'HSplitF6
(,,004	
4THJ~} BI
Rh/]OZu@J
FQ u(^
EE_otY
$Zt7lI
aM"AKv&
`Lu8;K+
Le/\9KYF#BY:
n25Qe	#l
llx)Dy
R]GaB/
V\2cY*Y
u7JTxHTP
aj:=k|lV_Z0=
 .jcit
L~/s)l2
r<8Gwe
x5|L*4R
Er(80r
|$44$9
nU@u*1$
 k~5Su
6~OPhl
}	H*<Y
/G!$Bp
3jT 1$Ob
{*@H^5
PDt1!FW
)dGD@EH
.X;ULu
8H|IDl
5X5J,"kL
6T"	GX
+SDpHw
)4|2CX@
mCh{iJ
vi:2c,
 I LQ#
w},;=<
4pcZID
pa~+M]
g||(C{
n	+t\%
4\/\E]
Ki'(hmtb
}+kDS)
$%_P`R$l
	O LpB
1-;XD.
}2	DzC
A*P	/O0
X"t(M"
X#@<1b,
 #4}a9&
|8TD+B
	[h1Do
JMyt`O
=(!$fR
@D4F|Ip
 7pMm x
x|Ztm~C 
$s0[<OB%1
j/^iOS*T
0B^bOM
k	(H$8
@8,x2z
8Y!d\BX
*iZxWLn
S=D$p5
Jt'Jt5
wm`7d6
qBhho_
qHO	wh
GST2.U 
0Ku	U-:
wkq Q*M
f^b-@	Ls
m(H#45
AX9i+9
(8/LHsd
:#Z)G3
w]	iBl
kgnk_\J
dZb()|+
20?FaQe
8484C,
P8u+~O8
4M{lXGH
_1EPLp
v!o8>t
BThumb
hUE>=+$
U3gRB.
\&t6iS
o+m`\U
*Bz'O8[x
l3<f|t
F#y8LU85E
6F"Cal
A^0747D
9!ocu%t
KF&dvw
uDjrU:
LE(`qJ
6U!HPkj
AuL 3,
	7Xw 0
e8'ot2t
baYB:J
wqH\2r
B)Y1=61
u\n+1^[3
eQE!NM
3l;Cpu'
2 -avB
!%*=	t
3Lg=)b
:&03VY
u0/]!S
xN1n[.
#;ADti
`/26=/bpC
MKwAm@H
38@~z]
aU]{DN
dsQ`$\^
Yx~\C2,
%]t"A06
'}`e"/
V]X^Lu
KPPM"6<
L}ttnE
&uM0S*
04|X$C5AgXt
P7PB!,
9BKp/u<u
1;sDt~f
4u/.(^ud
A]9D=m
i!`5*GVJ
C\f~EC
MAINICON
Tx@N	I
g0)EVH
GuGo=B
fPoCM(
V=sN!R
!;AV*s
Gh8uB{n
F'`|uC
gF{r5G
/lIR@c"$
|YhV-J
+8gocketh
Eb]^>[
ebebeb
 H`l:S
l,'pbpb
Vx,$6F
\8F DF
CFP9F|o(
9J.67(
TG(~?mh
L<	tbsV
l AY(F"Q
 )lh(i
6HhYXi
\01\%W
.@@aQD?
*rAA,p
~ICom4
+&_|$,
r?xRin
 bW4$8
V@E?l>
L$W$<:
&Z	egh
h# )tAE
%&]w-t
I{Do^``Q
1.aF^1
Ch#	Xe
Qf@J^@
ptV4$+a
+7H{l Y
\G{u6P
IimB<3
*I_7HM
P!+4B!8c]
e/BS`8
`W?gJF
)Q	e'8\^W<
edbcKL0gy
c$="2R
>~H+x4
VL+P0g
-5 1lS
<0<%u(
H0wpG(q
'VoXE[
Ld;h(t
r1BWXxa
4tgG\9y
KN.ppqC
wG|	+ 
'`@>`6
p~\UkM
,G!r/a
	TJPEG
z&dH_+W
;-	"&mU
W,H,]4
$>poya9
 [UG: 
,-a:1A
bG.\\8
T*mA.RGB
?F@D2L2
0oQKa*
w2r;~r
gY0BR/
VDLHHi
-kw(D&
ZbZq f
CX)ppS
Bbh,Xg"
w:d4ShKl
.^'J7V
b4w	[D
&r6(.~(
AZLDH4A
xd,';Dm
2B,dv	Y
@:g7']Y
arJA a
XplI3J
A1ZA^w 
ayh:9&A.
p;GK63
MNl6WVTND]
@9GD9G
|`,(@L2
ZSw B) 
,T;s$|
f@8X`sgl
7T]O@6
zEI\@;
OY!CBA
yzX	/V
}R70=#
2nP!Xp
d! DY9
nxaSo	7t
VX.%<}q
v;TuT6]D
HPJv#<sQ<
v*L:PO
WaA-*5
=I@.^.
@eP^`W
4W@PPI
 801P*4_
wD*0_`$F
cC2	-<
]MO$:,
@:Q!VS
PPNF2e
Ig's$.
ad!I'x
>51_Bc
3>ITGH
+LI3lrRH
!oOPnw<
Cl}bxD
+U+UBPc
a>se|w
`47Rf +
r$Crttt
GUL6s8h
FsSb$&
IuIB@K
 I@nQeh
UG$;+`
iP`K8k
T2SSD@G
KH}xp;}
nRP@<4f
W;T>D;
}'fl(B
<EH(bi
|nC0k(
avPH#D0
Y{CCcK
a:+5X ;C
dH.H~Z
S phtc
<I+??F
wNhujoJ
T__1558614726d'
46113l
7d3208U
83104h
Xp'91Rt/
0095|w'P
zN+38034
zb'528d
68639t
71050x
at||'902460
'4134X
6524L9717P
p6.`'3
6167t'j
8|'6459
'7193 
0$'ZAb+
'090P'65
1`'2592d
y@988T3
%RaOq]
/abcdefghijklmnopqrstuvB
wxyz+/
Czr/k5;
,,W0B>MRd0
@LRyp@_D|D
\LPPT.
>QXjPY5
!8JQYj
[un|yu	R
r0HW04.
2IT488
LRl@DxLR
<_hh+l
DVCLAL
_O8<O	}d
o0x&5|3
 l$_N*'
(R,E09
T84+8_
]Vvi#+y
(X09B.Gx8
at 0> y
08@HPXy
'.5<=y
y6/7>?9y
@.Qhq\1
9yH_bpdm
(.<Tp6L=
&hlT'f
_^X6`y_
/?N_n'
kicert
g3tO=[
,Bs3jbo
>tD4vi
 OJe!\p
.<J#g[
ujWF.b
])Cz_o
[}`%P!B
$-ASCII
	IBMf@"
kopen_dump
mbE+,m P
AfirsS
g67o`0
6Q,x+_
&aD_+,
BM>kH6B2>
be PhLs
p CS3 
2011:0
 21:398
Uvgad2
f=mpu6
}k)n	'OD
O;$c?Rct1MT/mF=
BtomDw!
G8erW	.r
urlTEXT
@>Msge
IsHTMLlol1
http://n
ap/1.0
?xpaCv%
W5M0MpCehiHzreSzNk
Tczkc9d"?> <x:xmpmja 
4.1-c0366.EYN
, Mon Feb 19
2:40:08 
99/02/-^-s
yntax-#
!sf1/W
hUmm[stRef2q
`Uexi3
-01-06T+1
IDXuu2 C2A49
0I>tLq
sRGB IEC6
66-24QZ
6274&8
.839^{
189>292&
d`5Y683
3"51G^
4850256v
\.78923g
s5728930.
9856789r
\V90123
12345{
467tV2
4M3456
;FACD4FF
FEFBEA
_PROFILE
spMSFT2\ 
P.98 H
-P(ard
oCRT0*v
	%	:	O	d	y	
P%8%h%
DTsEF7Gc
$wsR9I*o
Ft_UeuV7
(GWB"\
*:JZjz
v{OzW/
$?Ow{s
[D>I6x
LHVzwI,
SSVES'
y<UUV7
n&NA _
Tc,P}DPHE
ydmM;C
 Y.-mbRk
3),(b 
KY$G 6
 UicUG%
K,sMq2#
/Kb2]+
#vNfNo
`DwU,L
DhV#g&
*:l5gd
UkB@".
XD?P-6
x>,e	g
[rfh|=^(
*VJ;iR
$_F!fYm
rTt5>sAS
owN_UX
l,CAks
+Eeemu}eS
WYYW9y
B(;<(Z
e~=r}:
KlIKiJ
mVAJnnwP$
-*,vZmM
 f).0]u
BM"2D	R
i)ujtw
m\.ru(
Lmicg2
dtrcpy
gVirtu
adLibrar
mQ;%hl"
0"!<_a
p"b	-G
gIPlayo 
KmH'{op
DsP<Of
ook?sH
%&WGClg
XPTPSW
&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb&&&&&&(
&&&&&&&bbbbh
bbbbbbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&
&&&bbb
bbb&&&&(
&&&&&&&bbbbbbh
bbbbbbb&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb&&&&&&&&&&&&&&&&bbbbbbbbbbbbbbbb
v&&/bbbbbbbo&&&&&&&/o
bbbbbo/
o&&&&/
&/bbbb
bbbbbo/
&&&&&/bbb
rbbo&&&
...-.-..-..-..-..-..-..-..-..-...-..-..-..-..-..-..-..-..-.-
$4CR\_____0
"2?P\___________2
/>N\__\______________0
:NZ_______________________2
$__________________________2
QQPPPPPPPPPPPPPPPP0
$__________________________2
__________________>
$__________________________2
__________________?
$__________________________2
$__________________________2
$__________________________2
$__________________________2
$__________________________2
$__________________________2
__________________?
$_______________K:58_______2
$_______W
2_______2
$________"
	W_______2
$________K
-________2
$_________
S________2
$_________G
&_________2
__________________?
$__________
Q_________2
$$$$$$AW$$$$$$$8__?
$__________C
"__________2
$___________
K__________2
$__________Y	
?__________2
$__________8
__________2
$__________
F_________2
WZYYYY__ZZZYYYZ\__?
$_________A
_________2
-----+FW--+-+-+?__?
$_________
I________2
$________K
"________2
$________)
Q_______2
$________>5/Q___-		)_______2
$_________________ZY_______2
QNQNQQW_QQQQNQNW__?
$__________________________2
444443HW3333444C__?
$__________________________2
$__________________________2
$__________________________2
$__________________________2
$__________________________2
GGGGGGP\HGHGHGGQ__?
$__________________________2
____\_____________?
$__________________________2
KKKKKHLKKKKKKKKKKK-
6FT_______________________2
)8GT_________________2
+9GW___________2
-:KZ_____2
y/!WG&
LKogwP
KERNEL32.DLL
advapi32.dll
comctl32.dll
comdlg32.dll
gdi32.dll
msimg32.dll
oleaut32.dll
shell32.dll
user32.dll
version.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
ExitProcess
RegFlushKey
ImageList_Add
GetSaveFileNameA
SaveDC
GradientFill
VariantCopy
SHGetSpecialFolderPathA
VerQueryValueA
WSACleanup
&$%@*118237324&$%@*
&$%@*&$%@*1&$%@*&$%@*&$%@*U
&$%@*&$%@*U
Pdoa|uC