Sample details: 95e20f15be9f37b78b2603ab88361604 --

Hashes
MD5: 95e20f15be9f37b78b2603ab88361604
SHA1: 2a70809bd0a26dcc40250ab128c1bea789921f50
SHA256: 6e2b0edfc94acdfb81853a525f7b8d96d5efe1d48e33ba9495a43380632f8920
SSDEEP: 6144:Z2g1aWJAVbW882dW5Rcj/gfjcmAjUFIYA2GECKsMMwqWTiqqpFKmcwl:Z2iuT45RbfjDAjUFJMwq3
Details
File Type: PE32
Yara Hits
YRP/Borland_Cpp_DLL | YRP/Borland_Cpp_for_Win32_1999 | YRP/Borland_Cpp_DLL_additional | YRP/Borland | YRP/IsPE32 | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/borland_cpp | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/escalate_priv | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers3 | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Parent Files
07366aeaaf4cc541451e35c636f53fa4
Strings
		This program must be run under Win32
`.data
.rdata
P.idata
@.edata
@.rsrc
fb:C++HOOK
_^[YY]
_^[YY]
C,;C$s2
_^[YY]
u h$BD
PVhKBD
K43K 333K
K83s$3K$3s
K<3s(3K(3s
3s,3K,3s
3s83K83s 3K 3s
3s<3K<3s$3K$3s
3s(3K(3s 3K 
3s$3K,3K$
3s(3K03K(
3s43K43s,3K,
3s83K83s03K0
3s<3K<3s43K4
s43K 3s 3K
K83s$3K$3s
K<3s(3K(3s
3s43K43s
3s83K83s 3K 3s
3s<3K<3s$3K$3s
333s(3s 
3{$3s,3s$
3{03s03{(3s(
3{43s43{,3s,
3{83s83{03s0
3s<3s4
3{8333s8
3{<3s<
s43{ 3s 3{
s83{$3s$3{
s<3s(3s
33s,3{
3{03s03{
3{43s43{
3{83s83{ 3s 3{
3s<3s$3s
333s(3s 
3{,3s,3{$3s$
3{03s03{(3s(
3{43s43{,3s,
3s03K83K0
3s43K<3K4
3s83K8
3s<3K<
K43s 3K 3s
K83K$3s
K<3K(3s
3s,3K,3s
3s03K03s
3s43K43s
3s(3K(3s 3K 
3K,3s,3K$
3s03K03s(3K(
3s,3K43K,
3s03K83K0
3s<3K<3s43K4
3s83K8
3s<3K<
_^[YY]
Y_^[YY]
_^[YY]
_^[YY]
t Kt<Kt[
_^[YY]
tKhdGD
L$0:L$
L$4;K(s
L$1:L$
L$2:L$
CXH;D$L
#p$#x$;
#X$;PX
ST;Slt
KT;Kxu
L$0#K$
#s$+l$L#k$
L$0+L$ 
L$4;CX|<
+K`#K$
YZ]_^[
#W$;WX
GXH;D$
#K$;K(w)
#S$;SX
CXH;D$
A<^[YY]
v$;C(s
#p$#x$;
#{$#s$;
T$$;T$
;L$,u	
Ht/HtG
_^[YY]
_^[YY]
_^[YY]
_^[YY]
S$;V$t
K$;N$|
S,;V,u
K$;N$u
K ;N t
C ;F }
_^[YY]
;s4w'VW
tih\QD
_^[YY]
Rt7HtO
DtcHtl
t'hfYD
u9hPZD
u9hPZD
FShUZD
T$(;T$,
);l$8u
;D$Tt\
L$\)L$T
D$,;D$0u	
YZ]_^[
YZ]_^[
;Z$sa;Z
M;Z4s+;Z,s
std::bad_alloc
bad_alloc *
std::exception
_^[YY]
**BCCxh1
_^[YY]
_^[YY]
H_^[Y]
e@FBC;u
QUVWRSPT
0_^[Y]
Borland C++ - Copyright 1999 Inprise Corporation
WinRAR
Software\WinRAR\Paths
AppData
?*<>|"
yyyymmddhhmmss
%04.4d
%02.2d
%03.3d
%05.5d
YMDHISWAEU
kernel32.dll
GetDiskFreeSpaceExA
%s - %s
shell32.dll
SHFileOperationW
__rar_tmp
%.*s(%d)%s
rtmp%d
__rar_XXXXXX
Protect+
MAPI32.DLL
MAPISendMail
MAPIResolveName
MAPIFreeBuffer
SeShutdownPrivilege
rarlng.dll
__rar_
0123456789abcdef
%02.2d
a538f494a2afdb0ca5c008d34100dc71cb684672c0c511da8d95d38642fc2360
70c2441db366d92ea7be1342b3bf629026ba92bb675f06e684bdd34511097434
System Volume Information\
%s%c%s
%%s%%0%dd.rev
%%s%%0%dd_%%0%dd_%%0%dd.rev
%02u-%02u-%u %02u:%02u
%02u-%02u-%02u %02u:%02u
FFF))EE	FFFF))))))
'H/	vm
CreateThread failed
								
            
%7d     
dos.sfx
;%%0%du
rarfiles.lst
$default
Protect+
Protect!
fixed.
rebuilt.
--------  %2d %s %d
%02d:%02d:%02d  %s
[%c]%s
default.sfx
rar.ini
switches=
rar.log
7z;ace;arj;bz2;cab;gz;jpeg;jpg;lha;lzh;mp3;rar;taz;tgz;z;zip
%d.%02d %s %d
%d.%02d
FUADPXETK
*messages***
.%s%s1
SeSecurityPrivilege
SeRestorePrivilege
%5lu %16s %8s %3d%%
       
%5lu %16s %8s %3d%%
 %8s %8s 
  %c....B  
 %8.8X
 %d.%d
Win95/NT
%22s %8s %4s
%22s %s
*<-?->
 %c%c%c%c%c%c%c  
%c%c%c%c%c%c%c%c%c
 (08@P`p
 (08@P`p
9tu@KVk
b*#Gx[
rarreg.*
70c2441db366d92ea7be1342b3bf629026ba92bb675f06e684bdd34511097434
Version: 
VersMax: 
DateMax: 
rar.lng
Illegal mode in _vector_delete_
Illegal mode in _vector_new_
Illegal dtorMode in _vector_new_
borlndmm
hrdir_b.c: LoadLibrary != mmdll borlndmm failed
borlndmm
@Borlndmm@SysGetMem$qqri
@Borlndmm@SysFreeMem$qqrpv
@Borlndmm@SysReallocMem$qqrpvi
no named exception thrown
bad exception thrown
bad alloc exception thrown
rwstderr
<notype>
<notype>
___CPPdebugHook
Stack Overflow!
),(((((),(((
Error 0
Invalid function number
No such file or directory
Path not found
Too many open files
Permission denied
Bad file number
Memory arena trashed
Not enough memory
Invalid memory block address
Invalid environment
Invalid format
Invalid access code
Invalid data
Bad address
No such device
Attempted to remove current directory
Not same device
No more files
Invalid argument
Arg list too big
Exec format error
Cross-device link
Too many open files
No child processes
Inappropriate I/O control operation
Executable file in use
File too large
No space left on device
Illegal seek
Read-only file system
Too many links
Broken pipe
Math argument
Result too large
File already exists
Possible deadlock
Operation not permitted
No such process
Interrupted function call
Input/output error
No such device or address
Resource temporarily unavailable
Block device required
Resource busy
Not a directory
Is a directory
Directory not empty
Unknown error
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
%H:%M:%S
%m/%d/%y
%A, %B %d, %Y
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
January
February
August
September
October
November
December
printf : floating point formats not linked
scanf : floating point formats not linked
printf : floating point formats not linked
scanf : floating point formats not linked
Error: system code page access failure; MBCS table not initialized
%02d/%02d/%04d %02d:%02d:%02d.%03d 
kernel32.dll
GetProcAddress
Borland32
Abnormal program termination
No space for command line argument vector
No space for command line argument
No space for copy of command line
No space for copy of command line
Out of memory in _setargv0
GetEnvironmentStrings failed
Could not allocate memory for environment block
___CPPdebugHook
**BCCxh1
ADVAPI32.DLL
KERNEL32.DLL
SHELL32.DLL
USER32.DLL
AdjustTokenPrivileges
GetFileSecurityA
GetFileSecurityW
GetSecurityDescriptorLength
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetFileSecurityA
SetFileSecurityW
BackupRead
BackupSeek
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
CreateThread
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemTime
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
MoveFileA
MoveFileW
MultiByteToWideChar
RaiseException
ReadConsoleA
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetPriorityClass
SetThreadPriority
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
ExitWindowsEx
LoadStringA
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA
rar.exe
__GetExceptDLLinfo
___CPPdebugHook
NHr,g 
N0RS_MR
g~bW[&{2N
Rpencb`
\Pbkkb
X[ch^\'`
O(uS_MR
y(u(u7b
bc:N'Y
SibU\^\'`
y(u@b	g
OYu_cOW
:NUSMO
vW[xQ'Y
y:NUSMO
Rpencb`
Spenc(
Q@b	gwS
kwSKNMR
:N_cOW
O>f:y)
g~bwS 
(u7b-N
ceQ&^	g 
ck(WKm
ck(W Rd
0OHr,g,
ck(W Rd
ck(W Rd
ck(W Rd
ck(WKm
O(uS_MR
ck(WKm
ck(WSbpS 
~X[(W,
N4Y_cOW
N4Y_cOW
4Y_cOW
pencb`
Y4Y_cOW
ck(W Rd
ck(W Rd
U_X[(W
ibU\^\'`
~penc:
ibU\^\'`
[hQpenc
N4Y_cOW,
ck(Wkb
spencb`
spencb`
Rpencb`
penc_cOW
vpenc 
[hQpenc
[hQpenc
[hQpenc_cOW
[hQpenc
Ampenc_cOW
Ampenc
ibU\^\'`_cOW
vibU\^\'`
ibU\^\'`0R 
vibU\^\'`
ibU\^\'`
vpenc4Y,
vpenc4Y<h
pencWW
penc4Y{|
wS"N1Y
*NW[&{
{@b	gwS
{<:y&q?	
{<:y&q?	
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGX