Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ac9c1988fa6340c90f639363117f7c98 --

Hashes
MD5: ac9c1988fa6340c90f639363117f7c98
SHA1: ab605b430dd81fa0065a94e709b25f2616013f8e
SHA256: 2a18ff13acd8f4797be2b9e84efd7e54e0fbd215919cd880b0c075d294d2a429
SSDEEP: 1536:gl1V/Z+tiT7So/IbKa4NFUG/HSP9/D6tjBm1BjIxNJjumq0uun4d:vt67So/cXGFU8HSPtD6tlm1mxNJjumq1
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/Dropper_Strings | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Parent Files
07b8c227806b6e7d003c6ea006beb524
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
SetupDefaultQueueCallbackA
SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupSetDirectoryIdA
SetupGetLineTextA
SetupGetLineByIndexA
SetupFindFirstLineA
SetupFindNextLine
SetupOpenFileQueue
SetupCloseFileQueue
SetupQueueCopyA
SetupCommitFileQueueA
SETUPAPI.DLL
SystemDrive
Software\Microsoft\Windows\CurrentVersion
ProgramFilesDir
REGINST
%SystemDrive%
%SystemRoot%
SystemRoot
%s="%s"
_SYS_MOD_PATH
_MOD_PATH
Strings
InstallINFSection
Software\Microsoft\Advanced INF Setup
AdvOptions
ComponentName
SetupDefaultQueueCallbackA
SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupSetDirectoryIdA
SetupGetLineTextA
SetupGetLineByIndexA
SetupFindFirstLineA
SetupFindNextLine
SetupOpenFileQueue
SetupCloseFileQueue
SetupQueueCopyA
SetupCommitFileQueueA
CtlSetLddPath32@8
GenInstall32@20
GetSETUPXErrorText32@12
GenFormStrWithoutPlaceHolders32@12
QRunPreSetupCommands
QRunPostSetupCommands
RunPreSetupCommands
RunPostSetupCommands
DefaultInstall
DefaultInstall.NT
SmartReboot
Version
AdvancedINF
RequiredEngine
SETUPX
SETUPAPI
BeginPrompt
Prompt
ButtonType
EndPrompt
Prompt
ZzZzZzZz
SHELL32.DLL
SHBrowseForFolder
SHGetPathFromIDList
CustomDestination
SourceDir
RegisterOCXs
UnRegisterOCXs
advpack.dll
w95inf16.dll
w95inf32.dll
Advanced INF Install
Advpack RegisterOCX()
GrpConv
Software\Microsoft\Windows\CurrentVersion\RunOnce
grpconv.exe -o
Reboot
CheckAdminRights
IExpressRegOCX%d
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
SeShutdownPrivilege
W95INF32.DLL
Unexpected Error.  Could not load resource.
~TMP4352~.TMP
Could not get the system message. You may run out of the resource.
DelDirs
Cleanup
RunOnceEx
rundll32.exe %s,RunOnceExProcess
explorer.exe
iernonce.dll
DllUnregisterServer
DllRegisterServer
DllInstall
rundll32.exe advpack.dll,RegisterOCX %s,%s,%s
%s|%s|%c,%s
 /UnRegServer
 /RegServer
wininit.ini
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
System\CurrentControlSet\Control\Session Manager
PendingFileRenameOperations
\VarFileInfo\Translation
Rename
SetupDefaultQueueCallbackA
SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupSetDirectoryIdA
SetupGetLineTextA
SetupGetLineByIndexA
SetupFindFirstLineA
SetupFindNextLine
SetupOpenFileQueue
SetupCloseFileQueue
SetupQueueCopyA
SetupCommitFileQueueA
CtlSetLddPath32@8
GenInstall32@20
GetSETUPXErrorText32@12
GenFormStrWithoutPlaceHolders32@12
software\microsoft\Active Setup\Installed Components
BackupRegPathName
BackupRegSize
AINF%04d
ComponentID
Locale
StubPath
Version
IsInstalled
DisplayName
BackupReg
DelReg
AddReg
InstallCabFile
PreRollBack
BackupRegistry
InstallINFFile
BackupFileSize
BackupFileName
RegBackup
Uninstall Information
BackupPath
RegRestoreLogFile
RegSaveLogFile
HKEY_CURRENT_USER
PF_AccessoriesName
APPS_DESC
SM_AccessoriesName
Accessories
inf\wordpad.inf
ProgramFilesPath
QFEVersion
PerUserInstall
URLMON.DLL
DllGetVersion
Extract
CABINET.DLL
HKEY_USERS
HKEY_CLASSES_ROOT
HKEY_LOCAL_MACHINE
_$Val#0
_$Val#
_$Sub#
SetupDefaultQueueCallbackA
SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupOpenAppendInfFileA
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupSetDirectoryIdA
SetupGetLineTextA
SetupGetLineByIndexA
SetupFindFirstLineA
SetupFindNextLine
SetupOpenFileQueue
SetupCloseFileQueue
SetupQueueCopyA
SetupCommitFileQueueA
\%s%lu
CRCValueName = %1
ValueName = %1,%2
Value backed-up
, BckupValueName = %1
BckupSubKey = 
Backup Value deleted
%lu.map
,$'?%;:
Software\Microsoft\Windows\CurrentVersion\SharedDlls
backup
-1,0,0,0,0,0,-1
IEBAK%03d.TMP
%lx,%lx,%lx,%lx,%lx,%lx,%d
ttVVSh
eVVVVVVh
t\SSSS
PVSSh4
tZ9} tU
<at	<nu
tpj:W3
:\$(usV
D$ []_
VWVVhL
j VPhj
VWVVhO
VWVVhP
VPVVVVVV
>\u	<\u
SVWj@3
QQSVW3
SVWj@3
SSShd 
PSVhd 
VPVVVVVV
PWWhL 
PWWh< 
PSSSSSSh 
e@PWVj
jdPVSh(
WSWWWh(
e@@Pj@
eu6Wj@
E @u=9= 
SSSSVWS
e_^][YY
Vj0VVh
e_^][Y
B 02CV
C =02CVu
t.;t$$t(
VC20XC00U
urVVVVVV
RtlUnwind
ntdll.dll
CharNextA
wsprintfA
LoadStringA
IsWindow
ExitWindowsEx
CharPrevA
PeekMessageA
MessageBoxA
MessageBeep
DialogBoxParamA
EndDialog
EnableWindow
GetDlgItem
SendDlgItemMessageA
SetWindowTextA
GetDesktopWindow
GetDlgItemTextA
SetDlgItemTextA
SendMessageA
SetWindowPos
ReleaseDC
GetWindowRect
CharToOemA
OemToCharA
CharUpperA
DispatchMessageA
MsgWaitForMultipleObjects
GetSystemMetrics
DestroyWindow
UpdateWindow
ShowWindow
CreateDialogParamA
USER32.dll
DeleteObject
GetDeviceCaps
CreateFontIndirectA
GetObjectA
GetStockObject
GDI32.dll
GetProcAddress
GetLastError
FreeLibrary
lstrcpyA
lstrlenA
GetDriveTypeA
lstrcpynA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
GetShortPathNameA
SetFilePointer
LocalFree
LocalAlloc
GetModuleFileNameA
lstrcatA
IsBadReadPtr
GetPrivateProfileIntA
GetPrivateProfileStringA
DeleteFileA
LocalReAlloc
GetFileAttributesA
GetFullPathNameA
lstrcmpiA
FormatMessageA
GetCurrentProcess
SearchPathA
lstrcmpA
GetVersionExA
LoadLibraryA
IsDBCSLeadByte
ExpandEnvironmentStringsA
GetSystemDirectoryA
MultiByteToWideChar
LoadLibraryExA
_lclose
_llseek
_lopen
GetVolumeInformationA
GetDiskFreeSpaceA
GetFileSize
OpenFile
SetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileSectionA
CopyFileA
MoveFileExA
MoveFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SetLastError
GetProfileStringA
WritePrivateProfileSectionA
ReadFile
GetFileTime
SetFileTime
KERNEL32.dll
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegSetValueA
RegQueryInfoKeyA
RegDeleteValueA
RegFlushKey
RegSaveKeyA
RegLoadKeyA
RegUnLoadKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegDeleteKeyA
RegEnumValueA
RegEnumKeyA
ADVAPI32.dll
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
ADVPACK.dll
AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
TranslateInfString
TranslateInfStringEx
Qkkbal
5$5+50565=5B5H5O5T5Z5a5f5l5s5x5~5
6#6+636;6C6K6S6[6c6k6s6
7H7W7^7q7
8P8V8o8
8(9F9Q9a9
<0=V=e=l=y=
>@>[>h>
0,0K0[0j0
3!3*373@3
555?5H5X5a5j5p5
7*7A7\7v7|7
8#9V9n9
<*<W<y<
<4=;=H=[=a=w=
>)?;?n?{?
00L0S0y0
1 2*2@2I2
3*3?3I3N3U3o3}3
4&4,494c4
4.5F5T5
576?6p6
8*9>9~9
<1=[=n=|=
>E?M?Z?b?g?o?t?z?
0 0.090?0a0
2C2P2V2]2h2n2
3*353A3O3a3}3
4)4e4m4u4{4
5A5T5Z5o5t5
717<7O7m7y7
8!8/898o8u8
9 9<9Z9z9
;5;[;h;p;
<C<Q<r<
2+3:3H3
6L6c6w6~6
9'92999B9z9
:$:V:f:
;#;=;l;
<)<:<C<k<
?>?D?r?
0"0;0P0
1E1X1{1
2+2K2v2
2<3U3d3
3!4Q4x4
5%5?5O5i5p5{5
5*6K6f6l6
8!9F9`9
:::O:b:n:
=	= ===\=
>Q?X?i?
1$1S1d1
1+222h2t2
283T3[3k3u3
4*5D5Z5u5~5
7@7b7o7u7z7
8%8D8[8r8
9*989=9H9N9T9s9
;%;C;`;m;
<-<=<H<M<f<p<v<{<
>)>L>u>
?+?6?Q?
1#1/181C1|1
2/2q2|2
3@4m4}4
4+535K5b5v5
6)6.676=6B6c6{6
727o7t7y7
8N8V8^8
97:I:O:l:
?2?B?Q?u?{?
0#0)070@0S0[0c0n0t0z0
1 1*141<1A1`1g1n1x1
162=2]2
4,484D4J4P4W4\4a4o4u4
515D5S5m5|5
6!666>6E6J6O6V6d6o6z6
70767B7P7U7k7q7|7
8!8>8T8
:':;:E:`:s:~:
<A<Q<h<
=5=H=`=t=}=
>*>B>S>\>e>
?/?6?W?p?
1'1C1O1q1}1
2&2E2U2
3(333S3f3
4-474=4F4N4Z4`4|4
4R5Y5f5
5R6Y6`6
787A7G7R7^7j7
849:9?9E9V9g9x9
9]:e:k:t:z:
;$;;;H;N;
;9<?<V<
=">->R>c>
?"?/?a?
0!1[1z1
1&212:2b2
3!3/353A3S3b3
5 5-575O5h5
8!8(8;8L8Q8i8
9%93989?9H9]9q9w9
9G:`:j:w:
<#=)=%>V>_>|>
1/1t1{1
1(2/252L2\2o2x2
3X3p3w3
4b4h4l4p4t4
8 8)8F8K8
0 0$0(0,0004080<0@0D0T0X0\0`0h0p0x0
*dll\advpack.dbg