Sample details: 991538973511d559ddded2b5af29a79a --

Hashes
MD5: 991538973511d559ddded2b5af29a79a
SHA1: 0911fb1e0bcce1f8b3d4bc229028629a7d8b513e
SHA256: 294ddc03e1e1372defb5b67fe50aa815e52772931ba9e9a1027437e0b7bb8242
SSDEEP: 6144:en1lAQNurZCvgdK4FySIbahpCAgza3vAog985urB/uh:e1lAQN0UQK4FPI2hEZ+vAogW8/W
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_files_operation | YRP/Big_Numbers0 | YRP/TEAN |
Source
http://photoscape.ch/Setup.exe
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
@.gfids
@.rsrc
@.reloc
zipucolemo.txt
kernel32.dll
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator "" 
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`template-type-parameter-
`generic-class-parameter-
`generic-method-parameter-
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static 
virtual 
private: 
protected: 
public: 
[thunk]:
extern "C" 
short 
unsigned 
volatile
std::nullptr_t 
std::nullptr_t
<ellipsis>
,<ellipsis>
 throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
char16_t
char32_t
wchar_t
__w64 
UNKNOWN
signed 
 volatile
`unknown ecsu'
union 
struct 
class 
coclass 
cointerface 
volatile 
const 
cli::array<
cli::pin_ptr<
{flat}
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
UTF-16LEUNICODE
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetActiveWindow
GetCurrentPackageId
GetDateFormatEx
GetEnabledXStateFeatures
GetFileInformationByHandleEx
GetLastActivePopup
GetLocaleInfoEx
GetProcessWindowStation
GetSystemTimePreciseAsFileTime
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
GetXStateFeaturesMask
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
LocateXStateFeature
MessageBoxA
MessageBoxW
RoInitialize
RoUninitialize
SetThreadStackGuarantee
SystemFunction036
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
"B <1=
_hypot
_nextafter
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.text$mn
.xdata$x
.data$r
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
URPQQh
tK<_t<<$t8<<t4<>t0<-t,<a|
<z~$<A|
E<$uMR
<0|L<9
tE<A|2<P
t9<_u5
t.<_u*
<A|,<P
<$u"8F
<0| <9
<0|^<8
;t$,v-
UQPXY]Y[
< t1<	t-
j"^f91j\^u8
j"^f9q
t/j=[f;
QSSSSj
tyPVj@W
_tcPVj@
u#j,Xf;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
^$+^8+
^$+^8+
^$+^8+
^$+^8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
t	j-Xf
t0jXXf
~$+~8+
F(jgYjGZ
F2jgYf;
F2jgYf;
<0|H<9
x(j$Xf9
u0jAXf;
u0jAXf;
<xt"<Xt
u/jAXj
>=umF8
uFVWhd
taj*Xf
WWWPWS
u-PWWS
VWj\^j:
WWWPWS
SSVWh 
f9:t!V
|VWj=S
}VWj=S
QQSWj0j@
<0|o<9
u	!FX@
u^9^\t/
VX9^`tT
;N\u\W
j	PjYV
u2Vj@hPB
9C`u99C\t4
9C`u5Wj
WHPh`E
Wj0XPV
SVjA[jZ^+
jAZjZ^
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
mSjA[jZ^+
8jZZf;
jA[jZZ+
SVWjA_jZ+
uBjAYjZ+
D8(HXt:f
D8(Ht5F
Wj5_f;
v	N+D$
v	N+D$
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
.?AVtype_info@@
GetProcAddress
LocalAlloc
GetProcessAffinityMask
GetProcessTimes
GetProcessIoCounters
GetProcessWorkingSetSize
SetProcessWorkingSetSize
GetCurrentProcess
GetCurrentProcessId
ExitProcess
FatalExit
GetThreadPriority
TerminateThread
GetSystemTimes
GetTickCount
LoadLibraryA
GetProcessShutdownParameters
KERNEL32.dll
SetScrollRange
GetScrollRange
ShowScrollBar
GetPropW
USER32.dll
StretchBlt
GDI32.dll
OpenEventLogA
ADVAPI32.dll
TransparentBlt
GradientFill
MSIMG32.dll
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WINHTTP.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThread
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
CreateFileW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
WriteConsoleW
EncodePointer
DecodePointer
RaiseException
y0.'U5?
	~7\[8
;%%;Cc
)Zwh[qT
>AFRZV
"[2M/N
-&,/W5
}yb%]T
e,1'1yT
ss]3Z[b6
GAd3E&
K86??h+ky* 
*eC7]b
T%_8]i
T\Shu/d
"9OIjlC_6
nCnPSm
cW9Tq|
~v@*yk
C|$Ef9
vPbB}OJ
i_Qwjg
WDq9Y3CK
K{SI.6
yJvW=6
_(.0Ue
lSY^a2
 A'dV7Z;u
)Dxuronubidisawayolizabocarupabanaxoyitesuxazepijiwusoxilemafuhorineyuwovecogupexehobazisiyikixicohisarehutoxesazovegepopanobehiranovapamuculumayexotehutudazazazuwoxucarocetoromuzurowiyeruxoraxihirelonibixejomeyagazisihiredeximovuricurucatepiwijayomawijipozi(
 -  -  -  - 
 -  -  -  -  -  - 
 -  -  -  -  - E
dk']k']
 -  -  -  -  -  -  -  -  - E
\ -  -  -  -  -  -  -  -  - 4
\ -  -  -  -  -  -  -  -  -  - 
k']k']k']k']
 -  -  -  -  -  -  - 
k']k']k']k']
k']k']k']k']k']
Ek']k']
Vk']k']k']
Vk']k']k']k']
 -  - 
Vk']k']k']k']k']
 -  - 
Vk']k']
a.'vak']k']k']
 -  - 
a.k']k']k']k']
 -  -  - 
k']k']k']k']
'va'va'vav
0 -  -  -  -  -  - 
k']k']k']
0 -  -  -  - k']k'] - 
'va'va
k']k']k']k'] - 
k']k']k']k']k']
k']k']k'] -  - 
k']k']
\_Tk']k']k']
\_T\_Tk']k']
\_T\_T4
\_T\_T4
 -  - r
\_T\_T\_T\_T
 -  - 
 -  -  - 
 -  - 
d -  - 
 -  - 
 -  -  -  -  -  - 
M -  -  -  -  - 
d -  -  - 
d -  - 
 -  -  -  - 
 -  - 
; -  - 
 -  - 
; -  -  - 
; -  -  - 
; -  -  -  - 
m\_T\_T"
; -  -  -  - 
m\_T\_T\_T"
; -  -  -  -  -  - 
6' -  - 
\_T\_T4
 -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  -  - 
 -  -  -  -  -  -  -  -  - 
E\_T\_TNd
7 -  -  -  -  -  -  -  -  - 
7 -  -  -  -  -  -  - 
7 -  -  -  -  -  - 
3 -  -  - 
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO$$$$$$$$$$$Ow
wO$$$$$$$$$$$O
O$$$$$$$$$$$O
O$$$$$$$$$$$O
O$$$$$$$$$$$O
O$$$$$$$$$$$O
O$$$$$$$$$$$O
!!!!!!
O$$$$$$$$$$$O
!!!!!!
O$$$$$$$$$$$O
!!!!!!
O$$$$$$$$$$$O
!!!!!!!!!
O$$$$$$$$$$$O
!!!!!!
O$$$$$$$$$$$O
!!!!!!!!
O$$$$$$$$$$$O
!!!!!!!
O$$$$$$$$$$$O
O$$$$$$$$$$$O
!!!!!!
O$$$$$$$$$$$O
!!($$$w
O$$$$$$$$$$$O
O$$$$$$$$$$$O
$$$$$$$$$$$
O$$$$$$$$$$$O
$$$$$$$$$$$
O$$$$$$$$$$$O
O$$$$$$$$$$$O
!!!!!!!
O$$$$$$$$$$$R
R$$$$$$$$$$$
$$$$$$$$$$$
ggggggg
##^l&[[
$$$$$$$$$$$
gggggg
$$$$$$$$$$$
gggggg
$$$$$$$$$$$
gggggggg,
$$$$$$$$$$$
gggggggg,
$$$$$$$$$$$
gggggggg,
$$$$$$$$$$$
gggggggg,
$$$$$$$$$$$
$$$$$$$$$$$
$$$$$$$$$$$
^^ll'[[
$$$$$$$$$$$$
$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$
w$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$
w$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$
w$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$
w$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$
w$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$t
$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$O
w$$$$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Q                     
DDDDDDDDDDDDDDDDDDDDD
UDDDDD
DUDDDDD
UUUDDDDDDD
DUUUDDDD
UUUUUDDDDDD
UUUUUU
UUUUUU
UUUUUU
oooooooo
222222222222222222222222222GGGGGGGGGGGGGGGGGG222222G
G22222G
G22222G
``````
G22222G
G22222G
G22222G
G22222G
G22222G
G22222G
G22222G
G22222
G22222j((((
22222d
2222222
2222222
2222222222
G222222222
o222222222220
222222222
622222222222>>222222222i>22222222222222222222222222222
PPPPPPPPPPPPPPPPPP
ZZZZZZePPP
H\\\\ZePPP
PPPPPPP
PPPPPPPPPPPPPPPPPPP
SK~~mm
8@NKGBu
FHo~DL
KFv~RJm
0 0,00040
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3d=h=l=p=t=x=|=
=8?D?T?
1 1$1,1014181<1@1D1H1T1\1`1d1h1l1 4$4(4,4`4d4h4l4p4t4x4|4
8 8$8(84888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
P2\2h2t2
3(343@3L3X3d3p3|3
4$404<4H4T4`4l4x4
5 5,585D5P5`5l5x5
6 6,686D6P6\6h6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
3$=,=4=<=D=L=T=\=d=l=t=|=
?(?,?<?@?H?`?p?t?
0 0$0,0D0T0X0h0l0p0x0
5-6U6_6i6u6
7-7;7[7i7u7
<%</<:<A<G<M<X<p<x<
="=(=.=4=:=v=
=	>7>H>M>R>s>x>
2 2&282B2
3/3`3{3
40464\4e4k4
4G5f5p5
6	6Q6Z6_6
6 7.7I7T7
748C8J8
9&9,92989>9D9K9R9Y9`9g9n9u9}9
9-:3:9:?:E:K:R:Y:`:g:n:u:|:
;";);0;7;>;E;L;T;\;d;o;t;z;
=7>?>Q>
1U1a1x2
303>3D3_3
4-4R4Y4b4p4w4}4
5'5,515A5F5K5[5`5e5u5z5
5:6J6a6i6
617F7P7b7q7v7{7
7.83888w8|8
9%9*9/9V9b9g9l9
=!='=/=6=?=H=M=U=[=r=
080?0R0_0q0w0
3E4S4q4
8 9A9`9
051H1x1
2(3S3n3x3
4@4e4j4v4}4
4A5\5{6
9J9T9^9h9r9
;T;X;\;`;d;h;};
>>>c>n>C?c?
3*4W4c4x4
4B5V5\5
9P9T9X9\9`9d9h9l9x9
9(:?:\:m:
=$=.=U=
1?1N1g1
4!4^4h4
5=6l6~6
7'777G7]7
7	8%8*8>8
8*9=9G9Y9g9q9
<#<X<_<r<
< =8=A=W=
>2?M?y?
1'1T1a1
4H5M5e5{5
6$6D6d6
707:7Q71868V8t8
:1:R:d:n:
0C1N1]1
1(242E2^2{2
2.3@3s3
5(5/545:5?5E5J5O5U5Z5`5j5z5
556Z6b6h6n6t6
>1>h>~>
?#?A?H?N?\?b?w?
10?0F0N0g0y0
1'21272=2
2'3A3M6^6
6'767=7K7Q7_7e7o7
=/=6=<=L=Q=[=`=k=v=
?8?G?w?
1B1g1r1
6"7-777F7N7V7
>'>:>m>|>
%0/090?0H0[0f0t0}0
8$8,8I9
=2?G?g?y?
73878;8?8C8G8K8O8
<;=?=C=G=K=O=S=W=
=[>_>c>g>k>o>s>w>
*2_5e5z5
0464O4=5G5T5
7N7a7	8#828@8L8X8f8v8
9G:O:M;
>$?C?b?
7N7_7{7
8R8c8~8
9$9F9W9a9g9
9@<R<m<
=+=F=r=
:8:V:`:q:v:
>8>=>H>\>g>~>
6&6H6[6
7Y7d7q7
9-9A9N9
<R=i= >&>\>u>
?$?8?P?b?j?
&080=0C0I0[0a0w0|0
1)1.131C1H1M1]1b1g1w1|1
2-22272G2L2Q2a2f2k2{2
3!31363;3K3P3U3e3j3o3
4 4\4l4
5O5f5p5
696V6a6f6k6
7#7(7-7H7R7n7y7~7
8(8-828_8
9'939Q9\9a9f9
:!:&:P:e:
;?;J;O;T;u;
<=<n<y<~<
=)=R=t=
>*>5>:>?>Z>|>
?'?,?1?L?
0#000F0Q0V0[0u0z0
161D1S1w1
313k3r3
4,4j4w4
:C=M=W=
>+>=>O>a>
7!8B8)9
1"2+2N2
;$<F<k<}<
=0=;=g=
=L>]>e>r>
?D?K?R?Y?f?
2/393?3I3Y3y3h4z4
7*7=7W7j7
8"8<8O8i8|8
:.:5:M:T:r:|<
>9?>?E?i?
2.3M3R3
5,5^5x5
;7;>;h>]?e?
191@1j4_5g5
0 1S1h1y1
4	5@5_5u5
5+6T6}6
=+=U=_=
4#5l5)6G6j6w6
6 7E7P7[7
7-8@8v8
8#9;9n9
; <5<d<{<
>6>S>u>
>!?A?k?
121b1l1
7'747d7
0I0Q0Y0a0i0
9.9S9_9k9~9
9%:1:=:I:\:
<+=J={=
1-1C1Y1a1
5-:g:Z;
F0P0&2,22282>2D2J2P2V2\2b2h2n2t2z2
3"3(3.343:3@3F3L3R3X3^3d3j3p3v3|3
616N6"8>85?
=1A1E1I1M1Q1U1Y1]1a1e1i1m1q1u1y1}1
9!9%9)9-9195999=9A9E9I9M9Q9U9Y9
;&<k<p<t<x<|<
3$3(3,303
888X8`8d8
9(9H9h9
:(:H:h:
;(;H;h;
<(<H<h<
=(=H=h=t=
>0>P>p>
?0?L?P?
0@0 6X6\6h6
7 7$787<7@7D7H7L7P7T7X7\7h7l7p7t7x7|7
9$9D9\9