Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 6cf2618034490e8ffca7710ff62dcd63 --

Hashes
MD5: 6cf2618034490e8ffca7710ff62dcd63
SHA1: 8ffabf8ba081f3fdf1d81b42344dc46eb252afbc
SHA256: 574624d840a7cd40fcf81ed27e64da8cb0066880b39d1d81bdb2d8e88489dd89
SSDEEP: 3072:JGDw3eJUefjqv0WRJ/E115dZy4bhdW+nrkNI7hWike8Fc:AwkUeecqJ/E11vZdFE+IawRm
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry | YRP/win_files_operation | YRP/Str_Win32_Wininet_Library |
Source
http://autowrd.net/xls/mstsw.exe
http://autowrd.net/xls/mstsw.exe
Strings
		!This program cannot be run in DOS mode.
Rich8/
`.rdata
@.data
Ht'Hu3
2WSj(j
PSh4EA
jEj2j2WS
SQSShw
RRRRWP
A	PWQS
QQSVWd
tWItHIt9It 
f-00f=
t*=RCC
;7|G;p
tR99u2
F\=XjA
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
	X 9} 
v	N+D$
tRHtCHt4Ht%HtFHHt
URPQQh
v	N+D$
;t$,v-
UQPXY]Y[
t"SS9] u
PPPPPPPP
PPPPPPPP
<+t"<-t
+t HHt
RASAPI32.DLL
RasEnumConnectionsA
RASAPI32.DLL
RasEnumConnectionsA
LISTBOX
STATIC
ToolbarWindow32
STATIC
Window
DISPLAY
New item 1
New item 2
New item 1
New item 2
New item 1
New item 2
default
vector<T> too long
deque<T> too long
map/set<T> too long
invalid map/set<T> iterator
Unknown exception
bad allocation
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?Dj0Q:W$=
5s3R6=
bad exception
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
CorExitProcess
_nextafter
_hypot
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
1#QNAN
1#SNAN
`h`hhh
xppwpp
N+R/Bhs
1=)&7YU
fJA_\,
1F#5C4
z2`9>8
jZ&Dcr!
@31ribC
7g`kiMg
GlobalAlloc
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
CreateThread
GetACP
GetOEMCP
CloseHandle
lstrlenW
GetModuleFileNameW
GetSystemInfo
IsProcessorFeaturePresent
lstrcpyA
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
HeapCreate
lstrlenA
GetLastError
GetFileInformationByHandle
AllocateUserPhysicalPages
GetCurrentProcess
KERNEL32.dll
GetDlgItem
SendMessageA
LoadCursorA
LoadIconA
WaitForInputIdle
DrawTextA
SetDlgItemTextA
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
GetMessagePos
AppendMenuW
CreatePopupMenu
LoadStringW
SetDlgItemTextW
InsertMenuA
ReleaseDC
ClientToScreen
GetFocus
IsWindowEnabled
GetWindowDC
EndPaint
BeginPaint
GetSysColor
GetWindowLongA
SystemParametersInfoA
DispatchMessageA
GetMessageA
SetMenu
LoadMenuA
RegisterClassExA
UpdateWindow
ShowWindow
GetWindowRect
LoadBitmapA
SetActiveWindow
GetWindow
GetDesktopWindow
OffsetRect
MessageBoxA
SetWindowTextA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateWindowExA
GetClientRect
PostQuitMessage
DialogBoxParamA
SetCursor
IsCharAlphaA
MoveWindow
IsCharLowerW
DefWindowProcA
GetDlgItemTextA
IsDlgButtonChecked
USER32.dll
SetViewportOrgEx
SetMapMode
TextOutA
MoveToEx
CreateEnhMetaFileA
Rectangle
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetPaletteEntries
GetCurrentObject
DeleteDC
DeleteObject
CreateFontIndirectA
TranslateCharsetInfo
GetTextCharset
ExcludeClipRect
SetDCPenColor
SetBkMode
LineTo
SetTextColor
CombineRgn
CreateRectRgn
CreateICA
GDI32.dll
ChooseColorA
COMDLG32.dll
RegCloseKey
RegSetValueExW
RegCreateKeyExW
ADVAPI32.dll
SHGetDesktopFolder
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
SHParseDisplayName
SHELL32.dll
CoLockObjectExternal
RevokeDragDrop
RegisterDragDrop
CreateFileMoniker
GetRunningObjectTable
OleUninitialize
CoCreateInstance
OleInitialize
ole32.dll
OLEAUT32.dll
FtpSetCurrentDirectoryA
WININET.dll
RsopFileAccessCheck
RsopResetPolicySettingStatus
USERENV.dll
SCardListReadersA
SCardEstablishContext
WinSCard.dll
CertEnumSystemStore
CRYPT32.dll
PathFindFileNameW
StrChrA
SHLWAPI.dll
DestroyPropertySheetPage
CreatePropertySheetPageA
CreateToolbarEx
COMCTL32.dll
WinHttpCloseHandle
WinHttpCheckPlatform
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpReadData
WINHTTP.dll
DrawThemeBackground
UxTheme.dll
CallNtPowerInformation
POWRPROF.dll
RaiseException
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
HeapSize
LCMapStringW
GetStringTypeW
LoadLibraryW
SetStdHandle
WriteConsoleW
HeapReAlloc
FlushFileBuffers
CreateFileW
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
uV^G3){T)(
E:=`$|
|\1o_W)
f'!A	7
P7_<*$
 #Y^7[
u.MN>)
$S>dTV
]2e()`
/g|zEqd
H0UlF}
$	^3p;
B|2_*)
-wElC:Fw
5C1bBH_
>B_g\]$z
a@{13Ne
~WqOlU
Gv	Kf3
!6D+8w
S=m,9|
gVn	VSR
TnVK[\1
\-\N"C
't"K<,
|R}fha-
M\ow@c?
gVn	VSR
nDS.X\nm
!!WPxl
r^)@o0
oO	w47`&-
)s_pk2
*Ye}5v
64z<+M
^/q# -
sY'~l$
T6QqS 
G{$_t'
M0cdL<l
7b`"hbiw
6Ry'sm
ipF.e5
R9L55'_C#
qrPAoZ
y?PHLp!
Hy8d=2
7T1+/I
BN@+emV8
N?+e&#
LlO/|lO/|
lO/|lO/|<-
LlO/|lO/|
lO/|lO/|<-
eL.reL.r
eL.reL.r
eL.reL.r
eL.reL.r
nR2onR2o
nR2onR2o
nR2onR2o
nR2onR2o
y_>ly_>l
|b@l|b@l
y_>ly_>l
|b@l|b@l
UK7;UK7;
YO:;YO:;
bkrkS9171
bkrkS9171
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX