Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 91f23590b8cd220932139cbf1cdcc1be --

Hashes
MD5: 91f23590b8cd220932139cbf1cdcc1be
SHA1: d1c13d3b9d9c05b72e6c8d70437f7b340930b84d
SHA256: 612285397e7ea6443e2983e424d437f33a00d899a9cf2a94c58086acb7e8dfe7
SSDEEP: 384:l0kxPK/nBQ2rCI2GL7ZHsMZtkCXQu7ynUrZS6o:lJi/nBQ94HTT7uUrI6o
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Installer_VISE_Custom_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Installer_VISE_Custom | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/win_registry | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
6e1078156a9456706e5655dbe7cf9c1b
Strings
		!This program cannot be run in DOS mode.
KZRich
`.rdata
@.data
YYh `@
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
t.;t$$t(
VC20XC00U
[Sh,T@
"WWSh(T@
^Vh,T@
PVh(T@
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
WaitForSingleObject
GetModuleFileNameA
KERNEL32.dll
GetForegroundWindow
USER32.dll
RegCloseKey
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
jword_plugin.exe
SoftWare\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin
CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}