Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9f89f763e8bb0bf8ce0ab174f5c481ba --

Hashes
MD5: 9f89f763e8bb0bf8ce0ab174f5c481ba
SHA1: 7cda1d995ccc084738ccadcbee298425a69dedd3
SHA256: 5c4070e6995a55b20a6b9b561898d44fe76994cd0eb8acb2802c3b9cb7476f11
SSDEEP: 3072:74vhjxMapBECJj+iqM8dTxoze71zPjuPd4ySKeXLLrrMuwopmItD9Cg:74vhjxMapBHjvl2Txoze71zPjuPd4y18
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry |
Source
https://f.coka.la/Toz2JS.jpg
Strings
		!This program cannot be run in DOS mode.
D>Rich
`.rdata
@.data
.hadata
P.udata
@.rsrc
MFC42.DLL
__CxxFrameHandler
strcpy
memset
strlen
_mbsstr
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
CreateProcessA
lstrcatA
VirtualProtect
GetLogicalDrives
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
lstrcpyA
WaitForSingleObject
SetEvent
ResetEvent
GetStartupInfoA
KERNEL32.dll
GetSysColor
DestroyCursor
MessageBeep
ReleaseCapture
SetCursor
SetWindowLongA
IsWindow
CopyIcon
LoadCursorA
PtInRect
InflateRect
SendMessageA
GetWindowRect
GetClientRect
ReleaseDC
InvalidateRect
RedrawWindow
SetCapture
GetParent
EnableWindow
EnumWindows
GetSystemMetrics
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
SetTimer
KillTimer
FlashWindow
LoadIconA
PostMessageA
USER32.dll
GetStockObject
CreateFontIndirectA
GetObjectA
GetTextExtentPoint32A
GDI32.dll
RegCloseKey
RegQueryValueA
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
MSVCP60.dll
_setmbcp
\winhlp32.exe
The operating system is out
of memory or resources.
The specified path was not found.
The specified file was not found.
The .EXE file is invalid
(non-Win32 .EXE or error in .EXE image).
The operating system denied
access to the specified file.
The filename association is
incomplete or invalid.
The DDE transaction could not
be completed because other DDE transactions
were being processed.
The DDE transaction failed.
The DDE transaction could not
be completed because the request timed out.
The specified dynamic-link library was not found.
There is no application associated
with the given filename extension.
There was not enough memory to complete the operation.
A sharing violation occurred. 
Unknown Error (%d) occurred.
Unable to open hyperlink:
\shell\open\command
;y.,,P
,FO-,,V
o^^S.,,
X^k.,,
X^k.,,
;`&,,P
Z^;-,,X
ZV?-,,
^^7-,,
;X),,P
X^K.,,
;K$,,P
XFK.,,
XFO.,,
XVO.,,
Z^+-,,ZF/-,,X
^V+-,,J
,FC-,,Z
,F_-,,Z
XFO.,,
,F[-,,Z
,Fc-,,P
V&-,,P
^V;-,,J
XF+-,,ZF
,,,XV/-,,ZV
':*-,,k
;t(,,P
;P*,,P
;P),,P
:8-,,P
/,,>|2k
V[/,,	
VC/,, 
VG/,,Gx
Vw/,,e
Vc/,,|U
Vg/,,@:
V3/,,K
V7/,,|j
V?/,,@
V'/,,Bz
V[.,,L
V_.,,u
Vo.,,$
V3.,,|
V7.,,f
V;.,,8a
-,,+:v]
VS-,,c
V_-,,s
VC-,,K
VG-,,kP
V{-,,o
-,,CD(
Vc-,,	!
Vo-,,;
-,,KBC}
V7-,,3
V?-,,dG
V#-,,(1%\
,,,J1Z
,,,U)f
,,,|3k
/,,mHoJ
/,,1_<
VS/,,k
VW/,,%
V[/,,y
V_/,,w
VC/,,i
Vs/,,*q
Vw/,,2
V{/,,UFz
Vg/,,	$
V'/,,Hk!~
.,,H)@>
VW.,,]
V_.,,B*
Vk.,,.
.,,h0g
V#.,,{
V'.,,hW
V+.,,}
-,,gLk
VW-,,In
Vs-,,d
V{-,,,
-,,8Oe
V;-,,msK
^^/-,,
^F/-,,
^V?-,,
^^K-,,
^F?-,,
^VK-,,
,,,,,,,^F
X^?-,,
^Vw-,,
^^w-,,
;#$,,P
^Fw-,,
Pn2-,,
^^6-,,
;!$,,P
;`|,,P
/,,2Mb
VS/,,W
VW/,,U1s
VK/,,?
VO/,,k!
Vg/,,a
Vo/,,n
/,,R66
V#/,,J
V+/,,rhS
.,,|Z|o
.,,oILo
VS.,,M+
V_.,,H
VC.,,"
Vs.,,>5\!
Vw.,,)("D
Vg.,,b
Vo.,,`
V3.,,i
V?.,,'
V#.,,t
VS-,,|
V[-,,j
VG-,,`g
VO-,,$k
Vw-,,Js
Vc-,,I[
Vo-,,R
-,,vW&
V3-,,8
V;-,,7
V#-,,<!8
V'-,,9,
,,,e1=
,,,9xyp
,,,sP[/
,,,VaA
/,,|BfE
/,,VDn
V[/,,w
V_/,,=^r
VC/,,q-
VG/,,_~T;
VO/,,e
Vw/,,?
V{/,,Jp
Vg/,,jV 
Vk/,,x
Vo/,,X
/,,aD09
V7/,,D`-
V'/,,T^P
V+/,,dz
.,,p;+
VS.,,3F
VW.,,2A
VG.,,J
VK.,,_
Vw.,,.GdF
Vg.,,)
V'.,,p,
V+.,,A
-,,5hr
-,,[:lm
VW-,,U
V[-,,+
VG-,,c
V{-,,T
Vc-,,m
Vk-,,J
V7-,,W
V?-,,1F
V#-,,]
V+-,,B
,,,_m#
,,,P	d
,,,3U&
^VO.,,
^^O.,,
^VO.,,
^V3.,,
^F3.,,
^V3.,,
^^3.,,
^V3.,,
^F3.,,
^V3.,,
^^3.,,
+P3+X3^
website.lineone.net/~andy.metcalfe
andy.metcalfe@lineone.net
http://
?Subject=CNGDiskSpaceMonitor
mailto:
mailto:
Stopped
Running
Stopped
Stopped
The disk space threshold on drive %s has been reached.
	Available: %u bytes
	Threshold: %u bytes
Kernel32.dll
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
dzhyvhpszloxnopeukgueklrlbpsvuocsyfosyrggarodqjgslgzeqndkjmyfuwlqinzroynkpkrjlrghpxxelxluyejlyf
dzhyvhpszloxnopeukgueklrlbpsvuocsyfosyrggarodqjgslgzeqndkjmyfuwlqinzroynkpkrjlrghpxxelxluyejlyf
dzhyvhpszloxnopeukgueklrlbpsvuocsyfosyrggarodqjgslgzeqndkjmyfuwlqinzroynkpkrjlrghpxxelxluyejlyf
uujctljqequcjfnkxbzhghgbkczoxphxmjaiwazokfuzvvwzogzdpjxdiphaaolxywrm
uujctljqequcjfnkxbzhghgbkczoxphxmjaiwazokfuzvvwzogzdpjxdiphaaolxywrm
uujctljqequcjfnkxbzhghgbkczoxphxmjaiwazokfuzvvwzogzdpjxdiphaaolxywrm
pkkseveljc
uoftpqqqveiqwxxypgkomimsepykwyxwdu
rygljvefagigelfcqlzby
rygljvefagigelfcqlzby
rygljvefagigelfcqlzby
rygljvefagigelfcqlzby
rygljvefagigelfcqlzby
ifqfwdmhozp
ynefejqwlzihzudftninrcvtboinfwotfjkfqhduzthestnrzmudefkeubewphymzkmeywwcgolzrehtwosjzmibswpkp
zuqnmpygnpc
zuqnmpygnpc
zuqnmpygnpc
ynefejqwlzihzudftninrcvtboinfwotfjkfqhduzthestnrzmudefkeubewphymzkmeywwcgolzrehtwosjzmibswpkp
ynefejqwlzihzudftninrcvtboinfwotfjkfqhduzthestnrzmudefkeubewphymzkmeywwcgolzrehtwosjzmibswpkp
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
wajgwivtckshubyrwzaoibilrgrdioobezbsyiodnrkauwlkyzrosmfbkxlbhrfqxekpyyljhkgcufiwpkzjngli
brujtbnjltxlzjmkc
izegkzmtcnvhotojmwhsuwncmjelhehbavowzoandsncfajbynjtyozkezdjmdbidplcstodghglsjp
brujtbnjltxlzjmkc
brujtbnjltxlzjmkc
pvqbgnmq
pvqbgnmq
pvqbgnmq
etdjirrxkglqcgmirtqwfrwblrwfhqvdtpfgjeiopqfncuiyelyzsifovkhhfibjvrzddnjsjuclcagoeeeuqdphjufyy
dzchvpwkvgvrrsytlclmralgewlvgyyuhcxqmuowzcpxyboyccgncyknjezbekw
xofvivgcy
vosltny
vosltny
vosltny
cqrobycsvyjpteooqyoyulkcytujogfehywoegjjmwwikhgrrhliebhigphaijuya
asoabli
cqrobycsvyjpteooqyoyulkcytujogfehywoegjjmwwikhgrrhliebhigphaijuya
cqrobycsvyjpteooqyoyulkcytujogfehywoegjjmwwikhgrrhliebhigphaijuya
wbzdmpbogwcneculrzrfhhkniqvbqyzioilduvifkjlziqructsbrzgewtquhmcwoszumavucrsysrtjytoqfmvaeprkfd
wbzdmpbogwcneculrzrfhhkniqvbqyzioilduvifkjlziqructsbrzgewtquhmcwoszumavucrsysrtjytoqfmvaeprkfd
wbzdmpbogwcneculrzrfhhkniqvbqyzioilduvifkjlziqructsbrzgewtquhmcwoszumavucrsysrtjytoqfmvaeprkfd
mlwgukjryhopflanatvblbhugeotwgccaewrqwjlnuwzu
juzcswq
clcjwmnujlgqzmpmbqblribjtjdlvxmwthlhvoxprhtbbdpehzescejqcesyowogsapjkdowbwktpbfei
lsxbeekftlgkwjgjrmyxgatduhdblkkdlfjhgeslirguzhqfozohk
xemteltjltgfcnlicrzezclsgcomayzqvtzxenutptgvunylumyfpvserqiqajuvftpxm
gbpwcfvatwbdbluldtgdsyvflsqyhizkooqzthvqvngnpcgiimfrcysyrduycpdjxxtbuuwckhxozqplxb
dlireqraejnsgaglsyjxtdwiweetguvdlumiskh
ystuvxaasbenltksfuqkgwwtdwv
qzurakecjpofhhneftonmcvztjsnilbblyxhunwlpyhq
eilnsscnaqezutldxsiwucahp
poefpkqwycswvbyseuybtwhjiwcpmuboizrgwakwvffizyrdbcmhxblimvncqpkibikqerurqdmzsxfwxxzvvrl
przpfmovickuscmtvjxtrrniwehdrobokklebydzgyttambx
tmoeigrpucyhxdstsznapchzvdirruttddnyqizzyqaccaymhronivbqdzflqcolghxy
ddkctunfliiygj
cppbbvzmfc
yxeutxlqglrhbkvkrfaylxfclkieefxwgvwijzylrhishrwywpusiygckkfeuihwtbvdkstkxupaceqlwetjsodiruirjzif
gmyokuzpfgxtfsadcseafpfhqadnfmmlqcmopkikt
rgqkcsvlz
sntyhmqowu
cqukcemcqacktjhtoedczdhpminayeegis
zeiahzeupjponitbsmdsgyruojobugvrtskyxeonmgasjzufhbzbfyazohzlrffzmlhgvkccufugww
dbmfcunwqyzrtwoogvrrrlsmfhfskez
olhljbcmialboeqgvrqsrslcaqeodowkjjucizveyhpqjdphncmsckalixpgvwudoktdruripsykwyraofdcgipxgcfzoxbtymf
cjawgcsjxmgcqjmsaqbovt
i[c*{H
w.57%E1
d)';F8Y4
Q0`e t
>94#%Q
6b6/ma=
hY<lZI
VcGM f
0SFO6YE
M:U1Qe
Ihmw.di
@dT;r^G
0L7a |
1k s>^p
c,*0&u{
%bz\[A
+Q8	&|
<	B'	J
Q\Q{5vE
f	13/n
y)^#"'
$~`Mf>a
-2Zap#
TZ?Z:-
/dcH|x
!z4v< ]
=qV+6,
`<$H'L
b j(G"
boT~lu
Iqo}KG$
tUvpJ;z
7l47N3
s40>D!
1wiOwX]>e_
["w4G,o
DY0lE+e
.",<\YV
3+#h/\
EG:9t9
6v[g<q
'{<t$B%
|*[0,$
Q;~*3&vJ
6r |\<
2	d Bm(
s=U+:%
Qg<ErI
/8|.5|[