Sample details: a3e6b5b55dbc1b973e4c2169a7148a29 --

Hashes
MD5: a3e6b5b55dbc1b973e4c2169a7148a29
SHA1: 9ca1ad4c1591a9362f15cd39a54e3e6beb7c2290
SHA256: 1aded78346fec3589b1d561422c0930e5d111e484b18a11cbc81d8d5f3afcf1d
SSDEEP: 768:u+dcsmYZICOAweJIEWuIK9SvK87GonvjwIr/+W9Mg/:ugc0ZICOAw0IBM9SLrwIKW9Mg
Details
File Type: PE32
Added: 2018-03-07 05:01:07
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/win_files_operation | YRP/android_meterpreter |
Source
http://103.68.190.250/Sources//Advance/WndRec/divhalf/divhalf.exe
Strings
		!This is a Windows NT character-mode executable
`.idata
DGROUP
.reloc
Open Watcom C/C++32 Run-Time system. Portions Copyright (C) Sybase, Inc. 1988-2002.
Not enough memory to allocate file structures
D$p)D$P
+P +P$+P(
SQRVWU
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
8888888888
XXXXXXHHHHHHHHHHHHHHHHHHHH
USER32.DLL
The instruction at 0x00000000 caused a division by zero floating point
exception.
FS =0x00000000 
A privileged instruction was executed at address 0x00000000.
written.
address 0x00000000 and
cannot continue.
The instruction at 0x00000000 caused a denormal operand floating point
exception.
CS =0x00000000 
at 0x00000000.
The memory could not be 
The instruction at 0x00000000 caused an underflow floating point exception.
The instruction at 0x00000000 caused an overflow floating point exception.
GS =0x00000000
A stack overflow was encountered at address 0x00000000.
SS =0x00000000
EIP=0x00000000 
An integer divide by zero was encountered at address 0x00000000.
The instruction at 0x00000000 referenced memory 
EFL=0x00000000 
EDI=0x00000000 
An illegal instruction was executed at address 0x00000000.
ECX=0x00000000 
EDX=0x00000000
EBP=0x00000000 
The instruction at 0x00000000 caused a stack overflow floating point
exception.
EBX=0x00000000 
-stack end
EAX=0x00000000 
DS =0x00000000 
The program encountered exception 0x00000000 at 
The instruction at 0x00000000 caused an inexact value floating point
exception.
0x00000000 
ESI=0x00000000 
Stack dump (SS:ESP)
The instruction at 0x00000000 caused an invalid operation floating point
exception.
ESP=0x00000000
ES =0x00000000 
The instruction at 0x00000000 caused a stack underflow floating point
exception.
GetActiveWindow
Exception fielded by 0x00000000
Floating-point support not loaded
WVIDEO
SQRVWU
]_^ZY[
]_^ZY[
conout$
conin$
C_FILE_INFO
C_FILE_INFO=
SQRVWU
]_^ZY[
ABNORMAL TERMINATION
SQRVWU
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
USER32.DLL
SHLWAPI.DLL
KERNEL32.DLL
CharUpperA
PathRemoveExtensionA
CloseHandle
CreateEventA
CreateFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetEnvironmentStringsA
GetFileSize
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
ReadFile
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointer
SetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcatA
lstrcpyA
error not param
_1.frm
_2.frm
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdef
	^B{	I
0-1;1N1S1a1f1x1
2!393e3w3
5%515d5i5o5u5z5
888?8w8
:(:2:=:E:M:R:^:d:j:o:w:{:
;X;];t;
<!<1<7<S<y<
:G;L;l;t;
<E<P<[<f<k<
=$=-=J=Z=z=
070<0`0e0m0
1 1B1G1]1|1
2/252;2H2d2
3"30353@3F3S3`3}3
414E4L4[4h4m4
4D<J<c<j<
<	=!=a=
>">4>F>a>s>
???F?\?
%0V0i0~0
1(1C1I1W1`1d1h1l1p1t1x1
3A3H3N3
7'797k7y7
8"818W8a8
8H9N9W9j9
<2=l=z=C>P>c>n>
?(?-?3?R?W?\?d?o?u?y?~?
2C2J2Z2d2
6 6&6*6:6S6p6u6z6
7*7\7a7i7
8"8(8E8J8n8
9L9Q9o9
:*;L;s;
=,=4=L=Z=
474U4k4
; ;N;U;
>z>t>n>h>b>\>V>P>J>D>>>8>2>,>&> >
5d2h2l2p2t2x2|2
E:\Projects\progs\Petrosjan\WndRec\divhalf\divhalf.cpp
W?u_ReadAllBytes$n(pnxapnpnuc)i
W?u_WriteAllBytes$n(pnxapnuci)i
W?u_ReadFile$n(pnvpnvi)i
W?u_WriteFile$n(pnvpnvi)i
W?u_CreateFile$n(pnxaii)pnv
W?u_CloseFile$n(pnv)v
W?u_alloc$n(i)pnuc
W?u_free$n(pnv)v
W?begFrames$n[]pnuc
LINKER MODULE
_lstrcpyA@8
_PathRemoveExtensionA@4
_lstrcatA@8
_GetFileSize@8
_ReadFile@20
_WriteFile@20
_CreateFileA@28
_SetFilePointer@16
_CloseHandle@4
_LocalAlloc@8
_LocalFree@4
_GetEnvironmentStringsA@0
_GetVersion@0
_GetModuleFileNameA@12
_GetCommandLineA@0
_GetCommandLineW@0
_FreeEnvironmentStringsA@4
_GetModuleHandleA@4
_ExitProcess@4
_GetCurrentThreadId@0
_GetStdHandle@4
_SetStdHandle@8
_CreateEventA@16
_GetModuleFileNameW@12
_MultiByteToWideChar@24
_LoadLibraryA@4
_GetProcAddress@8
_SetUnhandledExceptionFilter@4
_UnhandledExceptionFilter@4
_VirtualQuery@12
_WideCharToMultiByte@32
_FlushFileBuffers@4
_GetLastError@0
_VirtualAlloc@16
_SetConsoleCtrlHandler@8
_GetFileType@4
_GetACP@0
_GetOEMCP@0
_GetCPInfo@8
_VirtualFree@12
_SetEnvironmentVariableA@8
_CharUpperA@4
_SetEnvironmentVariableW@8
printf.c
printf_
cstrtwnt
_cstart_
mainCRTStartup
argcv.c
__argc
__argv
___argv
___argc
___anon44
___anon45
fsroot.cpp
W?fs_root$n()v
___wcpp_4_data_init_fs_root_
cppdata.cpp
__wint_thread_data
__compiled_under_NT
___iob
__fmode
___OpenStreams
___ClosedStreams
___anon61
___anon62
fprtf.c
file_putc_
__fprtf_
main2wnt.c
__NTMain
segdefns
___begtext
__nullarea
__Start_XI
__End_XI
__Start_YI
__End_YI
initargv.c
__Init_Argv_
_getargv_
_SplitParms_
__Fini_Argv_
___CmdLine
initfile.c
__InitFiles_
ioexit.c
docloseall_
fcloseall_
__full_io_exit_
fputc.c
fputc_
mainwnt.c
__wcmd_ptr
__cmd_ptr
___TlsIndex
___FirstThreadData
___GetThreadPtr
__AccessFileH
__ReleaseFileH
__AccessIOB
__ReleaseIOB
__AccessNHeap
__AccessFHeap
__ReleaseNHeap
__threadid_
__SingleThread_
__sig_null_rtn_
__NullAccTDListRtn_
__NullAccHeapRtn_
__NullAccIOBRtn_
__NullExitRtn_
__NullAccessRtn_
__NTInit_
__NTFini_
__NTMainInit_
__exit_
__ReleaseFHeap
__AccessTDList
__ReleaseTDList
__AccessFList
__ReleaseFList
__ThreadExitRtn
___sig_init_rtn
___sig_fini_rtn
___process_fini
___Is_DLL
ioalloc.c
__ioalloc_
prtf.c
__prtf_
getprintspecs_
evalflags_
far_strlen_
far_other_strlen_
fmt4hex_
FixedPoint_Format_
SetZeroPad_
write_wide_string_
formstring_
flush.c
__flush_
initrtns.c
callit_
__InitRtns
__FiniRtns
mthrdini.c
__InitThreadData_
___ThreadDataSize
memset.c
memset_
cmain386.c
__CMain
dosseg
crwdata
__osmajor
__osminor
__osbuild
__osver
__winmajor
__winminor
__winver
__LpDllName
__LpwCmdLine
__LpwPgmName
__LpwDllName
__LpCmdLine
__LpPgmName
__dynend
__curbrk
__STACKLOW
__STACKTOP
__ASTACKSIZ
__ASTACKPTR
__cbyte
__cbyte2
__child
__Envptr
__Envseg
__no87
___FPE_handler
__null_FPE_rtn
histsplt.c
___historical_splitparms
___argc.c
____Argc
____Argv
nmalloc.c
_nmalloc_
malloc_
___nheapbeg
___MiniHeapRover
___LargestSizeB4MiniHeapRover
nfree.c
_nfree_
___MiniHeapFreeRover
xmsgwnt.c
__exit_with_msg_
__fatal_runtime_error_
fclose.c
__doclose_
__shutdown_stream_
fclose_
___RmTmpFileFn
freefp.c
__freefp_
__purgefp_
seterrno.c
__set_errno_
__set_EDOM_
__set_ERANGE_
__set_EINVAL_
__set_doserrno_
hdlman.c
___NHandles
___OSHandles
___FakeHandles
__growPOSIXHandles_
__allocPOSIXHandle_
__freePOSIXHandle_
__getOSHandle_
__setOSHandle_
__NTGetFakeHandle_
__initPOSIXHandles_
__finiPOSIXHandles_
__set_handles_
_grow_handles_
___topFakeHandle
___anon240
environ.c
___env_mask
_environ
__wenviron
___anon43
___anon50
getmodfn.c
__lib_GetModuleFileNameW_
strdup.c
__clib_strdup_
istable.c
__IsTable
ustrdup.c
__clib_wcsdup_
excptwnt.c
_my_GetActiveWindow_
fmt_hex_
___ReportException@4
__DefaultExceptionHandler_
___ExceptionFilter
__NewExceptionFilter_
__DoneExceptionFilter_
___oscode_check_func
___raise_func
___ExceptionHandled
___ReportInvoked
stklmwnt.c
__init_stack_limits_
chktty.c
__chktty_
wctomb.c
wctomb_
itoa.c
strupr.c
strupr_
noefgfmt.c
_no_support_loaded_
___EFG_printf
___EFG_scanf
lltoa.c
ulltoa_
lltoa_
ltoa.c
ultoa_
mbisdbcs.c
___IsDBCS
mbislead.c
_ismbblead_
__mbInitOnStartup_
___MBCSIsTable
___anon58
__lseek.c
__lseek_
fsync.c
fsync_
qwrit.c
__qwrite_
__stos
__STOSB
__STOSD
cinit.c
__CommonInit_
exit.c
_null_exit_rtn_
__null_int23_exit_
_exit_
___int23_exit
___FPE_handler_exit
nmemneed.c
__nmemneed_
__MemAllocator
__MemFree
grownear.c
__LinkUpNewMHeap_
__AdjustAmount_
__CreateNewNHeap_
__ExpandDGROUP_
enterdb.c
__EnterWVIDEO_
___WD_Present
_clsewnt.c
__close_
nrealloc.c
_nrealloc_
realloc_
iomode.c
__GetIOMode_
__SetIOMode_nogrow_
___NFiles
___init_mode
___io_mode
stiomode.c
__grow_iomode_
__shrink_iomode_
__SetIOMode_
__init_NFiles
___anon99
setenvp.c
__setenvp_
__freeenvp_
__free_ep
ustrlen.c
wcslen_
memcpy.c
memcpy_
conutwnt.c
__NTRealKey_
initConsoleHandles_
__NTConsoleInput_
__NTConsoleOutput_
_console_in
_console_out
fclex387.c
_ClearFPE_
signlwnt.c
__SignalTable
__SetSignalFunc_
__GetSignalFunc_
__GetSignalOSCode_
__CheckSignalExCode_
_CtrlSignalHandler@4
CtrlHandlerIsNeeded_
StartCtrlHandler_
KillCtrlHandler_
__sigabort_
__sigfpe_handler_
signal_
raise_
__SigInit_
__SigFini_
__sig_init_
_CtrlHandlerRunning
___anon290
isattwnt.c
isatty_
mbinit.c
set_dbcs_table_
clear_dbcs_table_
__mbinit_
___MBCodePage
alphabet.c
___Alphabet
dosret.c
_dosretax_
_dosret0_
__set_errno_dos_
__set_errno_dos_reterr_
__set_errno_nt_
__set_errno_nt_reterr_
amblksiz.c
__amblksiz
heapen.c
_heapenable_
___heap_enabled
nheapmin.c
_nheapshrink_
_nheapmin_
_heapmin_
_heapshrink_
__ReturnMemToSystem_
__ReleaseMiniHeap_
nmsize.c
_nmsize_
_msize_
nexpand.c
_nexpand_
_expand_
__HeapManager_expand_
iomodtty.c
__ChkTTYIOMode_
__IOMode_
dofilstr.c
__ParsePosixHandleStr_
clearenv.c
clearenv_
abort.c
abort_
__terminate_
___abort
getenv.c
getenv_
strncpy.c
strncpy_
strtol.c
radix_value_
_stol_
strtoul_
strtol_
_nearly_overflowing
putenv.c
putenv_
findenv_
__putenv_
mbterm.c
_mbterm_
mbsnextc.c
_mbsnextc_
mbcupper.c
_mbctoupper_
mbsinc.c
_mbsinc_
tolower.c
tolower_
mbschr.c
_mbschr_
mbslen.c
_mbslen_
mbstowcs.c
mbstowcs_
uputenv.c
_wputenv_
findenv_
__wputenv_
toupper.c
toupper_
memmove.c
memmove_
mbconv.c
_mbvtop_
mbclen.c
_mbclen_
mbccmp.c
_mbccmp_
mbtowc.c
mbtowc_
ustrchr.c
wcschr_
setenvar.c
__lib_SetEnvironmentVariableW_
crtwenv.c
__create_wide_environment_
wcstombs.c
wcstombs_
utoupper.c
towupper_
E:\Projects\progs\Petrosjan\WndRec\divhalf\divhalf.cpp
7pDXX4
.debug_info
.debug_abbrev
.debug_line
.debug_aranges
.shstrtab