Sample details: 8f0e80d06b6b6942f2b34a0eee5badb7 --

Hashes
MD5: 8f0e80d06b6b6942f2b34a0eee5badb7
SHA1: fac26fa28a67fc6b0ad87c7ef9398ff4b73f5f4d
SHA256: 85fea8bb68d3dc22f36fd21295c91c2a970546d5d4e296a725ac1dcc23beb066
SSDEEP: 1536:IYfp8+QhToyh3Y1rr24S1uBXTWva+l+18S+fkPPYnLr:IuLuYlq4SuXTWva+l+6ZfWC
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/CRC32b_poly_Constant |
Parent Files
ad1355d65b614753e40aecef6bdbbede
Source
Strings
		!This program cannot be run in DOS mode.
=KRich9
`.rdata
@.data
.reloc
t&9^(t
NP;NL|
L$XQh@"
\$4+\$
u)9t$(u#
D$4+D$
@PQRVh0
D$<+D$(
tO9X8uF
tO9X8uF
QP;QL}4
ND;NH|
FP;FL|
VP;VL|
NP;NL|
OP;OL|
VDPQRh
$WQRPh
C$VtTi
bz2.BZ2Decompressor
decompress
unused_data
bz2.BZ2Compressor
compress
bz2.BZ2File
compresslevel
buffering
filename
flag indicating that a space needs to be printed; used by print
softspace
file name
file mode ('r', 'w', or 'U')
end-of-line convention used in this file
newlines
True if the file is closed
closed
__exit__
__enter__
writelines
xreadlines
readlines
readline
Mixing iteration and read methods would lose data
the bz2 library was not compiled correctly
the bz2 library has received wrong parameters
invalid data stream
unknown IO error
compressed file ended before the logical end-of-stream was detected
wrong sequence of bz2 library commands used
Unable to allocate buffer - output too large
line is longer than a Python string can hold
|l:read
I/O operation on closed file
file is not ready for reading
requested number of bytes is more than a Python string can hold
|i:readline
|l:readlines
s*:write
file is not ready for writing
writelines() requires an iterable argument
writelines() argument must be a sequence of strings
O|i:seek
seek works only while reading
Unknown newlines value 0x%x
O|sii:BZ2File
compresslevel must be between 1 and 9
invalid mode char %c
unable to allocate lock
s*:compress
this object was already flushed
object was already flushed
|i:BZ2Compressor
s*:decompress
end of stream was already found
:BZ2Decompressor
couldn't find end of stream
__author__
BZ2File
BZ2Compressor
BZ2Decompressor
        bucket sorting ...
        depth %6d has 
%6d unresolved strings
        reconstructing block ...
        main sort initialise ...
        qsort [0x%x, 0x%x]   done %d   this %d
        %d pointers, %d sorted, %d scanned
      %d work, %d block, ratio %5.2f
    too repetitive; using fallback sorting algorithm
CONFIG_ERROR
OUTBUFF_FULL
UNEXPECTED_EOF
IO_ERROR
DATA_ERROR_MAGIC
DATA_ERROR
MEM_ERROR
PARAM_ERROR
SEQUENCE_ERROR
bzip2/libbzip2: internal error number %d.
This is a bug in bzip2/libbzip2, %s.
Please report it to me at: jseward@bzip.org.  If this happened
when you were using some program which uses libbzip2 as a
component, you should also report this bug to the author(s)
of that program.  Please make an effort to report this bug;
timely and accurate bug reports eventually lead to higher
quality software.  Thanks.  Julian Seward, 10 December 2007.
*** A special note about internal error number 1007 ***
Experience suggests that a common cause of i.e. 1007
is unreliable memory or other hardware.  The 1007 assertion
just happens to cross-check the results of huge numbers of
memory reads/writes, and so acts (unintendedly) as a stress
test of your memory system.
I suggest the following: try compressing the file again,
possibly monitoring progress in detail with the -vv flag.
* If the error cannot be reproduced, and/or happens at different
  points in compression, you may have a flaky memory system.
  Try a memory-test program.  I have used Memtest86
  (www.memtest86.com).  At the time of writing it is free (GPLd).
  Memtest86 tests memory much more thorougly than your BIOSs
  power-on test, and may find failures that the BIOS doesn't.
* If the error can be repeatably reproduced, this is a bug in
  bzip2, and I would very much like to hear about it.  Please
  let me know, and, ideally, save a copy of the file causing the
  problem -- without which I will be unable to investigate it.
 {0x%08x, 0x%08x}
    combined CRCs: stored = 0x%08x, computed = 0x%08x
1.0.6, 6-Sept-2010
      %d in block, %d after MTF & 1-2 coding, %d+2 syms in use
      initial group %d, [%d .. %d], has %d syms (%4.1f%%)
      pass %d: size is %d, grp uses are 
      bytes: mapping %d, 
selectors %d, 
code lengths %d, 
codes %d
    block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d
    final combined CRC = 0x%08x
    [%d: huff+mtf 
rt+rld
C:\build27\cpython\PCBuild\bz2.pdb
PyString_FromString
PyThread_free_lock
PyExc_IOError
PyString_Concat
PyInt_FromLong
PyExc_SystemError
PyBuffer_Release
Py_BuildValue
PyString_FromStringAndSize
PyInt_AsLong
PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyThread_acquire_lock
PyErr_NoMemory
PyThread_allocate_lock
PyType_Ready
PyObject_CallFunction
PyList_GetSlice
PyEval_RestoreThread
PyList_SetItem
PyIter_Next
PyLong_FromLongLong
PyExc_OverflowError
PyFile_IncUseCount
_Py_NoneStruct
PyMem_Free
PyEval_SaveThread
PyArg_ParseTuple
PyExc_MemoryError
PyExc_ValueError
PyErr_Occurred
PyExc_EOFError
PyObject_GetIter
PyObject_Free
PyErr_SetString
PyObject_CallMethod
PyType_GenericAlloc
PyArg_ParseTupleAndKeywords
PyFile_Type
PyFile_DecUseCount
PyObject_AsCharBuffer
PyLong_AsLongLong
_PyString_Resize
PyList_New
PyType_GenericNew
PyExc_RuntimeError
PyMem_Malloc
PyErr_Format
PyModule_AddObject
PyExc_TypeError
PyFile_AsFile
PyObject_GetAttrString
Py_InitModule4
PyThread_release_lock
PyList_Append
python27.dll
memmove
memchr
__iob_func
fprintf
malloc
ungetc
fflush
isdigit
ferror
fwrite
fclose
MSVCR90.dll
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
_fileno
_fdopen
_setmode
memset
memcpy
bz2.pyd
initbz2
The bz2 python module was written by:
    Gustavo Niemeyer <niemeyer@conectiva.com>
read([size]) -> string
Read at most size uncompressed bytes, returned as a string. If the size
argument is negative or omitted, read until EOF is reached.
readline([size]) -> string
Return the next line from the file, as a string, retaining newline.
A non-negative size argument will limit the maximum number of bytes to
return (an incomplete line may be returned then). Return an empty
string at EOF.
readlines([size]) -> list
Call readline() repeatedly and return a list of lines read.
The optional size argument, if given, is an approximate bound on the
total number of bytes in the lines returned.
xreadlines() -> self
For backward compatibility. BZ2File objects now include the performance
optimizations previously implemented in the xreadlines module.
write(data) -> None
Write the 'data' string to file. Note that due to buffering, close() may
be needed before the file on disk reflects the data written.
writelines(sequence_of_strings) -> None
Write the sequence of strings to the file. Note that newlines are not
added. The sequence can be any iterable object producing strings. This is
equivalent to calling write() for each string.
seek(offset [, whence]) -> None
Move to new file position. Argument offset is a byte count. Optional
argument whence defaults to 0 (offset from start of file, offset
should be >= 0); other values are 1 (move relative to current position,
positive or negative), and 2 (move relative to end of file, usually
negative, although many platforms allow seeking beyond the end of a file).
Note that seeking of bz2 files is emulated, and depending on the parameters
the operation may be extremely slow.
tell() -> int
Return the current file position, an integer (may be a long integer).
close() -> None or (perhaps) an integer
Close the file. Sets data attribute .closed to true. A closed file
cannot be used for further I/O operations. close() may be called more
than once without error.
__enter__() -> self.
__exit__(*excinfo) -> None.  Closes the file.
BZ2File(name [, mode='r', buffering=0, compresslevel=9]) -> file object
Open a bz2 file. The mode can be 'r' or 'w', for reading (default) or
writing. When opened for writing, the file will be created if it doesn't
exist, and truncated otherwise. If the buffering argument is given, 0 means
unbuffered, and larger numbers specify the buffer size. If compresslevel
is given, must be a number between 1 and 9.
Add a 'U' to mode to open the file for input with universal newline
support. Any line ending in the input file will be seen as a '\n' in
Python. Also, a file so opened gains the attribute 'newlines'; the value
for this attribute is one of None (no newline read yet), '\r', '\n',
'\r\n' or a tuple containing all the newline types seen. Universal
newlines are available only when reading.
compress(data) -> string
Provide more data to the compressor object. It will return chunks of
compressed data whenever possible. When you've finished providing data
to compress, call the flush() method to finish the compression process,
and return what is left in the internal buffers.
flush() -> string
Finish the compression process and return what is left in internal buffers.
You must not use the compressor object after calling this method.
BZ2Compressor([compresslevel=9]) -> compressor object
Create a new compressor object. This object may be used to compress
data sequentially. If you want to compress data in one shot, use the
compress() function instead. The compresslevel parameter, if given,
must be a number between 1 and 9.
decompress(data) -> string
Provide more data to the decompressor object. It will return chunks
of decompressed data whenever possible. If you try to decompress data
after the end of stream is found, EOFError will be raised. If any data
was found after the end of stream, it'll be ignored and saved in
unused_data attribute.
BZ2Decompressor() -> decompressor object
Create a new decompressor object. This object may be used to decompress
data sequentially. If you want to decompress data in one shot, use the
decompress() function instead.
compress(data [, compresslevel=9]) -> string
Compress data in one shot. If you want to compress data sequentially,
use an instance of BZ2Compressor instead. The compresslevel parameter, if
given, must be a number between 1 and 9.
decompress(data) -> decompressed data
Decompress data in one shot. If you want to decompress data sequentially,
use an instance of BZ2Decompressor instead.
The python bz2 module provides a comprehensive interface for
the bz2 compression library. It implements a complete file
interface, one shot (de)compression functions, and types for
sequential (de)compression.
0%0Q0V0]0d0s0z0
1 1$1(1,101f1p1w1~1
5'565T5
7%7?7P7o7v7
9.9C9U9o9
?1?F?Z?a?q?
0*0>0Z0_0
1*1d1}1
20272D2U2]2h2m2v2
3P3X3j3x3
5@5V5u5
8#8?8U8f8
9-949;9Y9`9
:#:(:-:2:8:C:K:R:`:d:h:l:p:t:x:|:
;0<7<i<}<
?$?(?,?0?z?
0 0'0J0
1#181t1
1S2g2q2
3!32393@3\3
4	585<5@5D5_5d5s5
808c8w8
9#959<9C9M9S9
=/=6===H=n=u=
0 0W0s0x0
1D4N4T4^4i4
4J6P6Z6X8^8h8
k1u1{1
9!9+9C9M9S9]9h9w9h:n:x:
;';=;P;};
0w2T3X3\3`3
<@=D=H=L=1>G>
?(?6?p?
1F1V1l1
1*3'5N5T5^5
7W8]8g8I9O9Y9p?
3090F2L2
2W4G9M9W9
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
;";(;.;4;:;@;F;L;R;X;^;d;j;p;v;|;
<"<(<.<4<:<@<F<[<d<k<p<
=1=6=<=W=\=h=x=~=
>#>D>U>`>h>
0#0)00070>0E0L0S0Z0b0j0r0~0
1%191N1Y1q1
2"2(2.2
374<4S4v4
5$5*50565<5B5H5N5T5Z5`5f5l5
3(3D3H3
< <$<(<,<0<4<8<<<@<D<H<L<
5$5(5,54585<5D5H5L5T5X5\5d5h5l5t5x5|5
64686<6@6t9
<$<d=p=
1$1(1,101@2D2