Sample details: 7397f6ee4a9601a123b645c0cd428017 --

Hashes
MD5: 7397f6ee4a9601a123b645c0cd428017
SHA1: 890368473ecbc404dcd42ff0c6c38397102f59c0
SHA256: 5aaf73ef89f0efab963abb170bc9b7cd7d4d5bd7a691cd83137b4cc39cd120de
SSDEEP: 768:ORWMA68kDGXcK1JP9COApZsLUFDeLHAwu0aB0wWYS/a/x9GYDM0+0O:OkMKH9fApDFPgiKMM0I
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v2xx_CopyMem_II_additional | YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/escalate_priv | YRP/win_token | YRP/win_files_operation |
Parent Files
04f50b7f721e3ae2bee5686a4cb584bd
Strings
		!This program cannot be run in DOS mode.
Richn!w
`.rdata
@.data
HHtZHHtV
D$$VP3
u,h U@
QQSVW3
t#SSUP
t$$VSS
_^][YY
v	N+D$
VC20XC00U
SVWj ^
+tzHHtj
WWWWVSW
t2WWVPVSW
t!SS9]
t.;t$$t(
	-a    Get/Set Affinity Mask of Process.
	-p    Set Process Priority.
	-r    Resume Suspended Process.
	-s    Suspend Process.
	-k    Kill Process. (Terminate)
	-q    Send WM_CLOSE Message. Default timeout is 60 Sec
	-c    View Process Creation Times.
	-t    View Kernel and User CPU Times.
	-v    View Processes.
       %s [-a] [Process Name/PID] [Mask(To Set)]
                                                Normal|BelowNormal|Low}
       %s [-p] [Process Name/PID] {RealTime|High|AboveNormal|
       %s [-k] [-s] [-r] [Process Name/PID]
       %s [-q] [Process Name/PID] [timeout sec(optional)]
Usage: %s [-v] [-t] [-c]
SeSecurityPrivilege
SeDebugPrivilege
Cannot find entrypoint for ZwOpenThread in ntdll.dll
ZwQuerySystemInformation
ZwOpenThread
OpenThread
ntdll.dll
Kernel32.dll
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Error : Mask should be specified in binary. e.g process -a <process> 101
Where <process> will run on processors 1 & 3. Any leading zeros are ignored.
Error : No Processors Specified
Affinity Mask Successfully Set to 
A process is only allowed to run on the processors configured into a system.
 [%d Configured Processor(s)]
Process : 0x%04x 0b
  [%d Installed Processor(s)]
System  : 0x%04x 0b
Affinity Mask for PID %d '%s'
Setting 
Getting 
%s (PID %d) has been closed successfully.
%s (PID %d) failed to respond to WM_CLOSE. Terminating Now.
OpenDesktop(Default) returned
Default
Sending PID %d '%s' WM_CLOSE Message. Timeout is %d seconds.
Error : Cannot broadcast WM_CLOSE message to all active processes on desktop.
Killing PID %d '%s'
Setting PriorityClass on PID %d '%s' to %d
BelowNormal
Normal
AboveNormal
RealTime
Resuming PID %d '%s'
Threads 
Suspending PID %d '%s'
Threads 
Cannot find entrypoint for OpenThread() in Kernel32.dll
Cannot find entrypoint for ZwQuerySystemInformation in ntdll.dll
Error, Cannot find a process with an image name of %s
Error, Cannot find a process with a PID of %d
Error allocating memory for Buffer
 %02d/%02d/%04d %02d:%02d:%02d
 %02d:%02d:%02d.%03d 
 %02d:%02d:%02d.%03d 
%16ws %5d %7d %8d 
 Creation Time 
 User Time     Kernel Time 
       ImageName   PID Threads Priority CPU 
Memory Allocation Error
Error 0x%X : %s
`h````
ppxxxx
(null)
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
GAIsProcessorFeaturePresent
KERNEL32
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
g:\Projects\Process\Process\Release\Process.pdb
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
SetProcessAffinityMask
CloseHandle
GetLastError
GetProcessAffinityMask
OpenProcess
TerminateProcess
WaitForSingleObject
SetPriorityClass
lstrcmpiA
HeapFree
ResumeThread
SuspendThread
GetVersionExA
WideCharToMultiByte
HeapAlloc
GetProcessHeap
GlobalFree
GlobalAlloc
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
LocalFree
FormatMessageA
KERNEL32.dll
PostMessageA
GetWindowThreadProcessId
EnumDesktopWindows
CloseDesktop
OpenDesktopA
USER32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
ExitProcess
GetModuleHandleA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
RtlUnwind
HeapSize
SetStdHandle