Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 826c9caa1c8881475715d23f4d30159b --

Hashes
MD5: 826c9caa1c8881475715d23f4d30159b
SHA1: 969e334d3eef7c1aeec0891b2b0f05001a6a26ae
SHA256: 8c80a027ce9e09a0e6b260fb45690fc6274325fe96b78636570bbf08fc915a5e
SSDEEP: 3072:ONYi5B6GcEVZonHvHw+Fyty1ry4BYCGOZ24SqJ:Oqi5/zVCHmdHbOZLF
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/CRC32_poly_Constant |
Parent Files
0146b14dea4e6241e2b42e933a712b18
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
xuHSSj
6CSPQVj
RCSPQVj
F$;F,r
ItIItAIt4It
9~|~!;~pt
<A@C;F
H0;N0t
_t8_ht7h
M,Qh(#
E<9]Dr
Hp9]4u]3
E\9}\u
uHVRQW
tPHHt9
KtmKt<Kt'Kt
_^][YY
x0C;^D|
Ed8XTt
]h9X0~+
Mh;H0|
ue9]\u`
]d9^D~
Ep9]p|`
]`9^l~ 
E`;Fl|
]`9]pv2
M`;Mpr
]@9]Pr=w
E@;EPr
E<;ELr
+E\;EL
]\9]dv
E\@;Edr
uO8D$,uU
VP;VTu
#T$0#D$,
t7Ht#Hu
D$ )Ft
D$,_^]
L$,_^]
T$,_^]
~(9~$u
D$<)D$
|$D;T$ 
AG;L$$u
;L$ds3
;T$hs)
D$(;D$
D$(;D$
L$(;L$
9F _^]
9NLtp;
T$0_^]
D$0_^]
D$0_^]
L$0_^]
T$0_^]
D$0SUV
N(9N$u
L$D)L$,+
D$L)|$0
9NLtn;
v	N+D$
out of memory
OLEAUT32.dll
CharUpperA
CharUpperW
USER32.dll
malloc
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_purecall
memcmp
memset
_beginthreadex
MSVCR100.dll
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetVersionExA
DeleteCriticalSection
VirtualAlloc
VirtualFree
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
7zxr.dll
CreateObject
GetHandlerProperty2
GetHandlerProperty
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode
.?AVCNewException@@
.?AUCInBufferException@@
.?AUCSystemException@@
.?AUCOutBufferException@@
.?AVCInArchiveException@N7z@NArchive@@
GenuineIntelAuthenticAMDCentaurHaulsN
.?AVtype_info@@
""""""""""""""""""""""""""""""
0yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"0
0yyyyyyyyyyyyyyy
000000000
0yyyyyyyyyyyyy
0yyyyy
3333333
DDDDD;
3333333333333330;
DDDDDDDD;
DDDDDDDD;
D33333333D
DDDDDDDD
DDDDDDDD
9G:p:|:
?:?Y?x?
Y2(494@4G4N4U4\4g4n4u4|4
>->4>:>B>X>k>
>%?A?S?e?
%0K0g0z0
<.<P<r<
454J4}4
6)676>6Y6s6
<I>0?^?
3k304N5g5
>N?Y?n?
88;q;7<F<
8!9?9C:Q:i:
9+:>:U:{:p;
@0D0H0L0P0f0
:7<W<w<
1;2K263{3$4+4B4I4P4t4
44585<5@5D5H5
;#;*;1;<;C;J;Q;X;_;
<<=@=D=H=L=P=
3 4$4(4,40444E4L4S4Z4a4l4s4z4
2 2$2(2,202
5&5;5U5b5u5
:(:.:A:V:a:w:
<$<)<?<K<l<z<
=!=-===C=J=a=g={=
>0>7><>A>H>U>f>
0%0*000:0C0N0Z0_0o0t0z0
1"1'161;1\1a1
2/2M2a2g2
3)31393E3n3v3
9	:,:]:
4!434S4q4
1 1$1(1,1014181<1H1P1T1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686D6H6L6P6T6X6\6`6d6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9
:4:<:D:`:h:p:|:
;(;4;T;X;`;|;
<(<0<8<@<L<p<
=(=H=T=|=
>,>4><>H>l>
?$?,?4?<?D?L?T?`?
0$0,040<0D0P0p0|0
1,1L1T1\1d1l1t1|1
2,282@2d2x2
3(3H3T3|3
4 4(40484H4\4h4p4
5 5,545T5\5d5l5t5|5
6$6,6<6L6X6`6
7 7(707@7H7P7\7|7
8 8,8L8T8`8
9 9@9H9P9X9d9
:$:,:4:<:D:L:T:\:d:l:t:|:
;D;h;t;|;
<4<<<D<L<\<d<l<t<|<
= =T=X=x=
0(080H0L0p0
1$101<1H1T1`1l1x1
1P3T3x3
4 4$404@4D4P4`4d4p4
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
160214060639Z
170314060639Z0
Shanghai1
Shanghai1<0:
3Shanghai  Zichou Liuhe Network Technology Co., Ltd.1<0:
3Shanghai  Zichou Liuhe Network Technology Co., Ltd.0
'http://ocsp1.wosign.com/class3/code/ca106
*http://aia1.wosign.com/class3.code.ca1.cer07
&http://crls1.wosign.com/ca1-code-3.crl0O
http://www.wosign.com/policy/0
\V	'-"
WoSign CA Limited1*0(
!Certification Authority of WoSign0
090808010005Z
240808010005Z0R1
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA0
%DEe3F
http://crls1.wosign.com/ca1.crl0o
http://ocsp1.wosign.com/ca106
*http://aia1.wosign.com/ca1-class3-code.cer0
http://www.wosign.com/policy/0
cbf^W	
>'H7G^
StartCom Ltd.1+0)
"Secure Digital Certificate Signing1)0'
 StartCom Certification Authority0
060917224636Z
191231235959Z0U1
WoSign CA Limited1*0(
!Certification Authority of WoSign0
TzQhnw
http://ocsp.startssl.com/ca00
$http://aia.startssl.com/certs/ca.crt02
!http://crl.startssl.com/sfsca.crl0
7CE[2.E
WoSign CA Limited1'0%
WoSign Class 3 Code Signing CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
160317101314Z0#