Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 85597897de722e867b90bf0e42239b0d --

Hashes
MD5: 85597897de722e867b90bf0e42239b0d
SHA1: 13a7a090ee9ce4f8f2b8e5e2765f964ff4183ac7
SHA256: 351a630a6130f71718cc11e944f22342844aa62394d7c7c6a46aaaea054e824b
SSDEEP: 3072:qTZm+26YVj0splrUS1dnXkny170loOp8gSsySgVnnicZh:qTksYVj0splrUS1dl170loO6gSsySgVZ
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | YRP/create_com_service | YRP/screenshot | YRP/keylogger |
Parent Files
00b5612ef632fd9729e78f3ce3740e4f
Strings
		!This program cannot be run in DOS mode.
~VRich
`.rdata
@.data
@.reloc
=TADIt4=DNEI
=SNRtt'
=SPB8t
U SQRP
F<98t`
@(QRSV
90u+9p
9Kptv3
90u+9p
x9;~$}4
UnRegisterTypeLibForUser
RegisterTypeLibForUser
outofmem
bad code lengths
bad huffman code
bad DHT header
bad DQT table
bad DQT type
bad DRI len
progressive jpeg
expected marker
bad SOS component count
bad AC huff
bad DC huff
bad SOS
bad SOS len
bad TQ
bad component ID
too large
bad component count
0 width
no header height
only 8-bit
bad SOF len
no SOF
no SOI
bad req_comp
bad codelengths
output buffer limit
bad dist
read past buffer
zlib corrupt
bad compression
no preset dict
bad zlib header
bad png sig
invalid filter
not enough pixels
invalid PLTE
tRNS with alpha
bad tRNS len
tRNS before PLTE
tRNS after IDAT
0-pixel image
bad interlace method
bad filter method
bad comp method
bad ctype
8bit only
bad IHDR len
multiple IHDR
outofdata
no PLTE
no IDAT
first not IHDR
not BMP
BMP RLE
bad BMP
bad masks
invalid
bad bpp
monochrome
unknown BMP
wrong channel count
wrong color format
unsupported bit depth
wrong version
not PSD
bad file
bad format
not GIF
illegal code in raster
too many codes
no clear code
bad Image Descriptor
missing color table
unknown code
unknown image type
AlphaBlend
D:\GIT\loldevobs2010\Release\MutiControl.pdb
KERNEL32.DLL
ATL100.DLL
GDI32.dll
MSVCR100.dll
ole32.dll
OLEAUT32.dll
USER32.dll
HeapReAlloc
HeapFree
HeapSize
HeapDestroy
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
InterlockedExchange
TerminateProcess
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
SetUnhandledExceptionFilter
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpyW
GetThreadLocale
SetThreadLocale
CreateFileW
GetFileSize
CloseHandle
ReadFile
FindResourceW
LoadResource
FreeResource
SizeofResource
LockResource
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
CreateCompatibleDC
DeleteDC
CreateDIBSection
SetTextColor
StretchBlt
DeleteObject
BitBlt
SetBkMode
SetStretchBltMode
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
SetViewportOrgEx
SetMapMode
LPtoDP
GetDeviceCaps
SelectClipRgn
CreateRectRgn
SelectObject
GetClipRgn
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
__dllonexit
_unlock
?terminate@@YAXXZ
vswprintf_s
_vscwprintf
_purecall
memcpy_s
memmove_s
_itow_s
_wcsnicmp
??2@YAPAXI@Z
??_U@YAPAXI@Z
realloc
memset
malloc
memcpy
??3@YAXPAX@Z
_CxxThrowException
wcsncpy_s
swprintf_s
??_V@YAXPAX@Z
_recalloc
__CxxFrameHandler3
CoTaskMemFree
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstance
OleRegGetMiscStatus
CallWindowProcW
CreateWindowExW
SetFocus
IsChild
BeginPaint
GetKeyState
IsWindow
GetClientRect
EndPaint
EqualRect
OffsetRect
SetWindowRgn
SetWindowLongW
SetWindowPos
ShowWindow
GetWindowLongW
GetFocus
UnionRect
SetCursor
DefWindowProcW
InvalidateRect
DestroyWindow
PtInRect
SendMessageW
IntersectRect
DrawTextW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CharNextW
UnregisterClassA
MutiControl.dll
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
.?AVCAtlException@ATL@@
.?AVCMutiControlModule@@
.?AV?$CAtlDllModuleT@VCMutiControlModule@@@ATL@@
.?AV?$CAtlModuleT@VCMutiControlModule@@@ATL@@
.?AVCAtlModule@ATL@@
.?AU_ATL_MODULE70@ATL@@
#*1892+$
%,3:;4-&
'.5<=6/7>????????????????
XXXX chunk not known
.?AVCComClassFactory@ATL@@
.?AUIClassFactory@@
.?AUIUnknown@@
.?AV?$CComObjectRootEx@VCComMultiThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AV?$CComObjectCached@VCComClassFactory@ATL@@@ATL@@
.?AV?$CComObject@VCSimpleHistoryPad@@@ATL@@
.?AVCSimpleHistoryPad@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AV?$IDispatchImpl@UISimpleHistoryPad@@$1?IID_ISimpleHistoryPad@@3U_GUID@@B$1?LIBID_MutiControlLib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUISimpleHistoryPad@@
.?AUIDispatch@@
.?AV?$IOleControlImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIOleControl@@
.?AV?$IOleObjectImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIOleObject@@
.?AV?$IOleInPlaceActiveObjectImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIOleInPlaceActiveObject@@
.?AUIOleWindow@@
.?AV?$IViewObjectExImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIViewObjectEx@@
.?AUIViewObject2@@
.?AUIViewObject@@
.?AV?$IOleInPlaceObjectWindowlessImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIOleInPlaceObjectWindowless@@
.?AUIOleInPlaceObject@@
.?AUISupportErrorInfo@@
.?AV?$IQuickActivateImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIQuickActivate@@
.?AV?$IDataObjectImpl@VCSimpleHistoryPad@@@ATL@@
.?AUIDataObject@@
.?AV?$IProvideClassInfo2Impl@$1?CLSID_SimpleHistoryPad@@3U_GUID@@B$0A@$1?LIBID_MutiControlLib@@3U2@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUIProvideClassInfo2@@
.?AUIProvideClassInfo@@
.?AV?$CComCoClass@VCSimpleHistoryPad@@$1?CLSID_SimpleHistoryPad@@3U_GUID@@B@ATL@@
.?AV?$CComControl@VCSimpleHistoryPad@@V?$CWindowImpl@VCSimpleHistoryPad@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@@ATL@@
.?AVCComControlBase@ATL@@
.?AV?$CWindowImpl@VCSimpleHistoryPad@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CWindowImplBaseT@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@2@@ATL@@
.?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@
.?AVCWindow@ATL@@
.?AVCMessageMap@ATL@@
.?AV?$CComContainedObject@VCSimpleHistoryPad@@@ATL@@
.?AV?$CComAggObject@VCSimpleHistoryPad@@@ATL@@
.?AV?$CComObject@VCSimpleImage@@@ATL@@
.?AVCSimpleImage@@
.?AV?$IDispatchImpl@UISimpleImage@@$1?IID_ISimpleImage@@3U_GUID@@B$1?LIBID_MutiControlLib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AUISimpleImage@@
.?AV?$IOleControlImpl@VCSimpleImage@@@ATL@@
.?AV?$IOleObjectImpl@VCSimpleImage@@@ATL@@
.?AV?$IOleInPlaceActiveObjectImpl@VCSimpleImage@@@ATL@@
.?AV?$IViewObjectExImpl@VCSimpleImage@@@ATL@@
.?AV?$IOleInPlaceObjectWindowlessImpl@VCSimpleImage@@@ATL@@
.?AV?$IQuickActivateImpl@VCSimpleImage@@@ATL@@
.?AV?$IDataObjectImpl@VCSimpleImage@@@ATL@@
.?AV?$IProvideClassInfo2Impl@$1?CLSID_SimpleImage@@3U_GUID@@B$0A@$1?LIBID_MutiControlLib@@3U2@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$CComCoClass@VCSimpleImage@@$1?CLSID_SimpleImage@@3U_GUID@@B@ATL@@
.?AV?$CComControl@VCSimpleImage@@V?$CWindowImpl@VCSimpleImage@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@@ATL@@
.?AV?$CWindowImpl@VCSimpleImage@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@3@@ATL@@
.?AV?$CComContainedObject@VCSimpleImage@@@ATL@@
.?AV?$CComAggObject@VCSimpleImage@@@ATL@@
.?AVtype_info@@
	NoRemove CLSID
		ForceRemove {8A29B716-AB6F-4939-B787-4341A8E4BD1A} = s 'SimpleHistoryPad Class'
			ForceRemove Programmable
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			ForceRemove Control
			ForceRemove 'ToolboxBitmap32' = s '%MODULE%, 106'
			MiscStatus = s '0'
			    '1' = s '%OLEMISC%'
			TypeLib = s '{6B6CE430-9F21-45B9-8EAC-F14C07E252F6}'
			Version = s '1.0'
PADHKCR
	NoRemove CLSID
		ForceRemove {6E14D2A6-91E8-4DA8-85F6-179857AD512E} = s 'SimpleImage Class'
			ForceRemove Programmable
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
			ForceRemove Control
			ForceRemove 'ToolboxBitmap32' = s '%MODULE%, 108'
			MiscStatus = s '0'
			    '1' = s '%OLEMISC%'
			TypeLib = s '{6B6CE430-9F21-45B9-8EAC-F14C07E252F6}'
			Version = s '1.0'
stdole2.tlbWWW
[MutiControlLibWW
SimpleHistoryPadd
ISimpleHistoryPadWWWd
	SetResModule
hModuleWd
SetGameAirPathWW
jrbstrAirPathWd
gtSetSimpleSummonerWWW
tsSummonerWWW
sChampionWWW
.asServerW
dnKillWWW
LnDeathWW
nAssistantWW
]nFarmWWW
gmnGoldWWW
lGameIDW
;$nServerIDWWWd
#SetBkImageWW
hBitMapW
s^nXWW
p^nYWW
SetShowImage
nImagePosWWW
wireHFONTWWW,
_RemotableHandle,
cfContext
Z__MIDL_IWinTypes_0009WWW
JhInprocW
hRemoteW,
SetCommFontW
%hboldWWW
hCommWWW
hUnderLineWW
tagSIZEW
\cyWWd
lvSetObjectSizeWWW
_siWWd
SetTextHostW
ptextHostWWWd
CSetNotifyHwndWWW
SimpleImageW
ISimpleImage
SetImage
strPathW
SetImageResW
DpstrType
hResModuleWW
Created by MIDL version 7.00.0555 at Fri Feb 28 11:10:09 2014
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PA
2X2b2l2
373K3Q3Z3a3j3
6:7@7F7L7Q7V7\7b7g7m7
8S8[8a8
9+:q:|<
<=?P?T?X?\?`?d?h?l?p?t?x?|?
424`4d4z4
:7?T?[?a?e?~?
5 5D5H5
:w={=w>{>
> ?$?5?9?J?N?h?v?
22262O2v2
7\:`:l:p:t:x:|:
6*6.6F6J6b6f6~6
70747h7l7
1G4K4c4g4
4+8^8l9s9
;a<e<~<
C0G0b0f0
3S4W4r4v4
:V;h;l;
2-3R3[3|3
4-464V4
345F5Z5k5
666S6d6
7'8I8k8x8
:*;5;j;w;};
<$<6<E<L<s<
849X9b9
:J;Q;X;_;f;m;t;{;
;==D=Y=`=x=
2*242_2l2
4/4?4n4
4C5u5{5
6_7f7y7
8E8M8V8_8|8
='=?=w=
=	>7>h>
4?4Z4<5`5
0)0H0U0
264H4k4
5%5,535:5A5H5O5V5]5d5k5r5
59687C7N7V7
9)919<9D9
9&:-:4:;:B:I:P:W:^:e:l:s:
>$>;>H>
=1H1m1s2
9 9/969]9
< <'<-<G<c<
U0]0f0o0
1E1M1V1_1|1
6<7C7J7Q7X7_7f7m7t7{7
=&=4=K=l=
>#>(>->
0L0S0Z0i0
1,1@1]1
1(2'373>3G3Q3[3w3
4.4D4U4[4
5.5O5^5r5
8 8%8;8G8h8v8
9)999?9F9]9c9w9
:,:3:8:=:D:Q:b:
<*<0<6<<<B<H<O<V<]<d<k<r<y<
=&=,=2=7=F=K=l=q=(>->?>]>q>w>
> ?-?9?A?I?U?~?
5%515;5Q5[5e5o5z5~5
3P9T9X9\9`9d9h9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<$<0<<<H<T<`<l<x<
=X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0 0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3,383D3P3\3h3t3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6L6P6
7$7<7@7X7h7l7p7t7x7
8 8(8@8P8T8d8h8l8p8t8x8
9 9094989@9X9\9t9
:(:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
;(;8;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<(<,<0<8<P<T<l<p<
=$=<=@=X=h=l=p=t=|=
> >0>4>8><>D>\>`>x>
?(?,?D?T?X?\?`?h?
0 0$0(0,00080P0T0l0|0
1 1$1<1@1X1\1t1x1
202@2D2H2L2T2l2p2
30343L3\3`3d3h3p3
4$4(4,40484P4T4l4|4
5 585H5L5P5T5\5t5
64686P6`6d6h6l6p6t6x6|6
70747L7\7`7d7h7l7t7
8(8,848L8P8h8l8
9,909H9X9\9l9p9
: :$:4:8:H:P:T:X:\:`:d:h:l:p:t:x:|:
;,;<;@;P;T;d;h;x;|;
<,<0<4<8<<<D<\<`<x<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=d=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>p>
? ?(?@?D?\?l?p?t?x?
0 0$0(0,00040<0T0X0p0
1(181<1@1D1L1d1h1
2,2<2@2D2H2L2P2T2X2`2x2|2
3,303@3D3T3X3h3l3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$54585H5L5\5`5p5t5
6(6,646L6
7$707X7|7
8$8<8H8h8t8
949@9`9h9t9
:8:@:H:P:\:
; ;,;T;h;x;
< <8<@<L<t<
=(=H=h=p=t=
4(4D4`4
5D6d6|6
<\=`=x=|=
>$>(>,>4>d>
30343L3
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130515000000Z
160514235959Z0
Beijing1
Beijing1=0;
4Beijing Stone Age Network Technology Limited Company1>0<
5Digital ID Class 3 - Microsoft Software Validation v21=0;
4Beijing Stone Age Network Technology Limited Company0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
`1bUIR
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA