Sample details: 9f4e6349382ad42a33a4ae6e56894808 --

Hashes
MD5: 9f4e6349382ad42a33a4ae6e56894808
SHA1: bab23417b288e253257fec2c50ca9b50055bb38a
SHA256: 395849c64079276b51af00f2fda2f417a319fbd441c4188fdeadaa42fb0f2845
SSDEEP: 3072:EyI4PUF98f9HhqXLBsulfOndaMYTPOpUOW7bp9bcKiQkzYbbJVZlBGIpyTOPh79Z:EF4PUF981Hh+sul1DOKLgKiSBthJZ
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/win_registry |
Source
http://autowrd.net/xls/mstsw.exe
http://autowrd.net/xls/mstsw.exe
Strings
          	            !This program cannot be run in DOS mode.
Rich:S
`.rdata
@.data
;D$Hu	
9D$4uJ9L$
D$X;D$\|
D$0j	Y3
D$<9D$,
D$d+D$0
+D$<j3+D$4_
D$,;D$8}
|$LSj	Sj
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
SSSSVVVVh
D$8;D$8|
D$D)D$8
L$<+D$(
D$D9\$
D$l+D$D
L$l2L$k
SSPPPPh
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
t"SS9] u
PPPPPPPP
PPPPPPPP
URPQQh
v	N+D$
;t$,v-
UQPXY]Y[
=	%;kh
\(+&Qb
)sq[T$
&Ho2Iw
L*V3B09
9w&HNp
"</7^ 
1-}\L(
=)fTW+
QQSVWd
t*=RCC
;7|G;p
tR99u2
tWItHIt9It 
v	N+D$
tRHtCHt4Ht%HtFHHt
	X 9} 
<+t"<-t
+t HHt
Unknown exception
bad allocation
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
PC_PARAMETERS
REGISTER_CODE
SAVE_KEY
Driver={Microsoft Access Driver (*.mdb, *.accdb)};
SELECT*
MenuDemo
program
&Open...
Save &As...
invalid string position
deque<T> too long
string too long
?5Wg4p
"B <1=
bad exception
?_nextafter
_hypot
1#QNAN
1#SNAN
FindResourceExW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
EnumTimeFormatsA
CreateEventA
GetConsoleWindow
HeapCreate
MultiByteToWideChar
GetLastError
GetModuleFileNameA
KERNEL32.dll
RegisterClassA
GetDlgItemTextA
LoadCursorA
UpdateWindow
SetWindowTextA
BeginDeferWindowPos
AppendMenuA
DrawMenuBar
IsDlgButtonChecked
ShowWindow
GetSysColor
DefWindowProcA
EndDialog
GetDlgItem
EnableMenuItem
ReleaseDC
CreateWindowExA
MessageBoxA
CreateIcon
GetKeyboardLayout
SetPropA
GetWindowTextA
ShowCursor
BeginPaint
SendMessageA
SetFocus
CreateMenu
LoadIconA
LoadBitmapA
KillTimer
SendDlgItemMessageA
SetTimer
GetSystemMenu
USER32.dll
GetStockObject
CreatePen
Polyline
SetDCPenColor
Ellipse
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
AngleArc
SetBkColor
GetDeviceCaps
DeleteDC
CreateHatchBrush
BitBlt
MoveToEx
BeginPath
GDI32.dll
RegCloseKey
ADVAPI32.dll
CoCreateInstance
ole32.dll
ODBC32.dll
AVIMakeCompressedStream
AVISaveOptions
AVIFIL32.dll
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VERSION.dll
PathUnExpandEnvStringsA
PathUnmakeSystemFolderA
PathUnquoteSpacesA
StrToIntExA
SHLWAPI.dll
ImageList_Destroy
ImageList_Merge
ImageList_Add
ImageList_GetDragImage
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_Create
ImageList_SetDragCursorImage
COMCTL32.dll
PdhBrowseCountersA
pdh.dll
RpcErrorAddRecord
RPCRT4.dll
ImmGetContext
ImmReleaseContext
ImmGetOpenStatus
IMM32.dll
SetupDiGetClassDevsA
SETUPAPI.dll
GetPwrCapabilities
POWRPROF.dll
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
LCMapStringW
GetStringTypeW
RtlUnwind
HeapSize
HeapReAlloc
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
T~gKL6;
N3NOv8
NHWH.#
HZ;s|O@
wU hA>f
61/V5J
l|T`p,f
(1~=O(%9
ja|`P0!
@7Yy\Y_E
4':8~uCx$
#HdoqjzI
@Tt.=$p(k
y#]8dP
n^}{8-
ndgN9M
Lu>GGY
hjj*yM
B>mhkR
It=U$pd
hoZxbNs
5cGO  s
x?9jbyM
|#.oP|
A2>">]@
gk95!'I
4shnhX
4':8~uCx$
#HdoqjzI
@Tt.=$p(k
&)p1!<)
L({Q|t
u{~{xR
-=]KDR1P#
pZmPlV
dDDFfffff
dDDDDfffffww
DDDDDFffffgw
DDDDDDfffffww
DDDDDDFffffgw
DDDDDDDfffffww
DDDDDDDFffffgw
DDDDDDFfffffww
DDDDDDDfffffgw
dDDDDDDFfffffww
DDDDDDDfffffgw
DDDDDDDFffffgww
DDDDDDDfffffww
dDDDDDDfffffgw
DDDDDDFfffffww
DDDDDDfffffgw
DDDDDDFfffffw
DDDDDDfffffgx
DDDDDFfffff
DDDDDFfffffg
DDDDDfffffg
DDDDFfffffw
dDDDDfffffgx
DDDDFfffffw
DDDDfffffgw
DDDffffffww
DDFfffffww
dDDfffffgww
DDFfffffww
DDfffffgw
Dffffffww
Ffffffgw
ffffffww
fffffww
ffffgww
ffffww
vfffgw
vfffww
UUUUUU
UUUUUUU
UUUUUUUU
UUUUUUUUU[
UUUUUUUUS
UUUUUUUUZ
UUUUUU[
333;UUUUU
333333UUU[
333333
333333;
333333;
[3333333
S3333333
3333333
3333333
3333333S
33333338
3333333<
33333335!
S3333333;2S333R;
UUS33333333
UUUS333333333
UUUU3333333
"""""3333)
UUUU333
""""""*3333
"""""""""#333=
"""""""""""
""""""""""""""3332
""""""""""""""""#333
""""""""""""""""""333:
""""""""""""""""""""#333
"""""""""""""""""""""333:
""""""""""""""""""""
""""""""""""""""""*33:
:""""""""""""""""*33
:""""""""""""""*3:
3""""""""""""
33:""""""""*
333333:
#33333333333:
333333333
#333333
vPDDDDDDDDDDPv
ZDDIPUY[\\ZWTQNIFDDZ
FDMYcfdca_^\[YXVTSROJFDF
EEVfigfdb`_][ZXWVUSQPONLJFDE
NDVikigecb`^][ZXWUTSQPOMMKJIHEDN
|DMglkifeca`^][ZXWUTSQPONLKJIHGFEDD|
^DZnljhfeca`_][YXWUTSQPONLKJIHGFEDCCC^
RFcnkjifdca`^\[YXWVTSQPONLKJIHGFEDCBAACR
NHhmlihfdca_^\[YXVUTSQPNNLKJIHGFEDCBAA@@CN
RHimkigfcba_^\[YXVUTRQPNNLKJIHGFEDCBAA@@??CR
^Fglkigfdba_^\[YXVUSRQPNMLKJIHGFEDCCBA@@?>>>C^
|Dbljigfdba_^\ZYWVUSRQPNMLKJIHGFEDCCBAA@?>>>=>C|
DYljifeca`^][ZYWVTSLGHMMLIFHHGFFDCCBAA@?>>>=<<?D
NLkihfdca`^][ZXWVTPA===>HD===CFFDCCBAA@??>>>=<<<AN
Ddigfdca_^\[YXVVTM>===========@DDCBAA@@?>>>=<<<<<C
DTigfdba_^\[YXVUTI==\
?=?CBAA@@?>>>==<<<<;?E
Efgecb`_^\[YXVUSH==
G=?AA@@?>>>>=<<<<<;<C
FSfeca`^][ZYXVUSN=@
G=?A@??>>>==<<<<<<<@F
Dadca`^][ZXWVUSRFB
B=???>>>>==<<<<<<<<C
ZLdca_^\[ZXWVTSRQB
==??>>>>==<<<<<<<<B[
DVba_^\[YXWUTSRPPB
HH>_?]jF@=B
==>>>>>==<<<<<<=>BG
D^`^]\[YXVUTSQPONP
K==>>>>======>?@ABJ
uG`^]\[YXWUSSQQONMP
?J=>>>>==>>?@ABCCDK{
PN^]\ZYXVUTSQQONMLD
==>>??@@AABCDEFGLZ
DQ]\ZYWVUTSQPONMLKD
I==>@ABBCDEFGHIKNQ
DT[YYWVTSRQPONMLKJF
z===ACDEFGHIJKLNPT
DVYXWVTSRQPONMLKJIHir=F
~SDFGHIJKLMNPQSV
DVXVVTSQQPNNLLKJIIHG
eEIJKLMNOPRSTVX
DVVUTSQQONNLLKJIIS\Zyi=C
DGJKLMNOPQRTUVXY[
DTUTSQPONNLKKIIO]_^]C
W`TMNNOQRSTVWXZ[\]
DRSRQPONMLKKIIWa``_]>
Rfg^QRSTUVXYZ\]^__
DPRQPONMLKJIJ\bbaa`R^
x=UajklfVVWXZ[]^__`ab
DMQPNNMLKJII]ddc^SJ=
=cmnopqjZZ\]^_`abccd
DJPNNLLKJIIXfbMB====
_Xrrstuvk]_`aabcdeff
PGNNLLKJIIOghW====S
pCG`OBT
Ruvwxyz{gabcdeffghr
uDNLKKJIIHbjjdPz
Wyz{|~
ydeffghhij
DKKKJIJIQnnm^
lgghijklm
DHKKKKKK_ppqql^Vr
cT==vk
xijklmnno
ZGMLLMMMjsstttttumY
bgRBfWDUd
lmnnoop
GMNNOONrwwwwwxxyyn
noopqrs
LMPPPPPwyyzz{{{{||z
pqrstuv
NQQRRSx||}}~~
sttuvw
PRTTTTv
uvvwxz
SUUVVn
^VXXXb
t^^_`|
yrstuz
vvwwxy
{z{|}}~
U6h4hC
WY<m4/
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING