Sample details: bbc28acf7d67d414600582f13f50268a --

Hashes
MD5: bbc28acf7d67d414600582f13f50268a
SHA1: 206640219aa69d838bc094d84bac5c75487dc1dd
SHA256: 8f03384c02cc0fd2c647de2242529b0529d43542685228b92f71c3bdf0a1ccc7
SSDEEP: 768:Z1uAkERoZp9O0Z9hMSUr/0WrGWII/78wrV:Z0nERoZbO49h1Q08GWIclV
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/PureBasic_4x_Neil_Hodgson_additional | YRP/PureBasic_4x_Neil_Hodgson | YRP/PureBasic4xNeilHodgson | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/PureBasic | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/win_files_operation |
Strings
		!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
Ex t3S
j(hdW@
9]tu4W
Etj<^V
j(hdW@
Information
Couldn't open the file! 
C:/exp/
 [File] 
 [Sub-Dir] 
memset
MSVCRT.dll
GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
KERNEL32.dll
memcpy
_stricmp
strncmp
_strnicmp
strcmp
memmove
strlen
strcpy
strcat
strncpy
GetCurrentThreadId
GetTickCount
HeapAlloc
HeapFree
WriteFile
CloseHandle
CreateFileA
GetFileSize
ReadFile
SetFilePointer
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
CreateDirectoryA
GetLastError
FindNextFileA
SetFileAttributesA
HeapReAlloc
InitCommonControls
COMCTL32.DLL
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
USER32.DLL
ShellExecuteExA
SHELL32.DLL
CoInitialize
OLE32.DLL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="CompanyName.ProductName.YourApp"
    type="win32" />
  <description></description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*" />
    </dependentAssembly>
  </dependency>
</assembly>
visua[.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21782
[LocalizedFileNames]
.lnk=@%systemroot%\system32\rcbdyctl.dll,-152
Internet Explorer.lnk=@xpsp1res.dll,-11001
Outlook Express.lnk=@xpsp1res.dll,-11004
visua[.ShellClassInfo]
BuyURL=http://windowsmedia.com/redir/xpsample.asp
visuaL
WINDOWS
#>)n#>
system32
#>)n#>
osk.exe
C:\WINDOWS\system32\osk.exe
%SystemRoot%\system32\osk.exe
q221fpk8xesqikk
visuaL
PROGRA~1
WINDOW~3
wmplayer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
q221fpk8xesqikk
visua[InternetShortcut]
URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
Modified=2012951294ABCB01E4
*,QDPf
("*PDT
v7?^6@
EJ	EDT
visua# -*- coding: utf-8 -*-
requests.api
~~~~~~~~~~~~
This module implements the Requests API.
:copyright: (c) 2012 by Kenneth Reitz.
:license: Apache2, see LICENSE for more details.
from . import sessions
def request(method, url, **kwargs):
    """Constructs and sends a :class:`Request <Request>`.
    :param method: method for the new :class:`Request` object.
    :param url: URL for the new :class:`Request` object.
    :param params: (optional) Dictionary or bytes to be sent in the query string for the :class:`Request`.
    :param data: (optional) Dictionary, bytes, or file-like object to send in the body of the :class:`Request`.
    :param json: (optional) json data to send in the body of the :class:`Request`.
    :param headers: (optional) Dictionary of HTTP Headers to send with the :class:`Request`.
    :param cookies: (optional) Dict or CookieJar object to send with the :class:`Request`.
    :param files: (optional) Dictionary of ``'name': file-like-objects`` (or ``{'name': ('filename', fileobj)}``) for multipart encoding upload.
    :param auth: (optional) Auth tuple to enable Basic/Digest/Custom HTTP Auth.
    :param timeout: (optional) How long to wait for the server to send data
        before giving up, as a float, or a :ref:`(connect timeout, read
        timeout) <timeouts>` tuple.
    :type timeout: float or tuple
    :param allow_redirects: (optional) Boolean. Set to True if POST/PUT/DELETE redirect following is allowed.
    :type allow_redirects: bool
    :param proxies: (optional) Dictionary mapping protocol to the URL of the proxy.
    :param verify: (optional) whether the SSL cert will be verified. A CA_BUNDLE path can also be provided. Defaults to ``True``.
    :param stream: (optional) if ``False``, the response content will be immediately downloaded.
    :param cert: (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    Usage::
      >>> import requests
      >>> req = requests.request('GET', 'http://httpbin.org/get')
      <Response [200]>
    """
    # By using the 'with' statement we are sure the session is closed, thus we
    # avoid leaving sockets open which can trigger a ResourceWarning in some
    # cases, and look like a memory leak in others.
    with sessions.Session() as session:
        return session.request(method=method, url=url, **kwargs)
def get(url, params=None, **kwargs):
    """Sends a GET request.
    :param url: URL for the new :class:`Request` object.
    :param params: (optional) Dictionary or bytes to be sent in the query string for the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    kwargs.setdefault('allow_redirects', True)
    return request('get', url, params=params, **kwargs)
def options(url, **kwargs):
    """Sends a OPTIONS request.
    :param url: URL for the new :class:`Request` object.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    kwargs.setdefault('allow_redirects', True)
    return request('options', url, **kwargs)
def head(url, **kwargs):
    """Sends a HEAD request.
    :param url: URL for the new :class:`Request` object.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    kwargs.setdefault('allow_redirects', False)
    return request('head', url, **kwargs)
def post(url, data=None, json=None, **kwargs):
    """Sends a POST request.
    :param url: URL for the new :class:`Request` object.
    :param data: (optional) Dictionary, bytes, or file-like object to send in the body of the :class:`Request`.
    :param json: (optional) json data to send in the body of the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    return request('post', url, data=data, json=json, **kwargs)
def put(url, data=None, **kwargs):
    """Sends a PUT request.
    :param url: URL for the new :class:`Request` object.
    :param data: (optional) Dictionary, bytes, or file-like object to send in the body of the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    return request('put', url, data=data, **kwargs)
def patch(url, data=None, **kwargs):
    """Sends a PATCH request.
    :param url: URL for the new :class:`Request` object.
    :param data: (optional) Dictionary, bytes, or file-like object to send in the body of the :class:`Request`.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    return request('patch', url,  data=data, **kwargs)
def delete(url, **kwargs):
    """Sends a DELETE request.
    :param url: URL for the new :class:`Request` object.
    :param \*\*kwargs: Optional arguments that ``request`` takes.
    :return: :class:`Response <Response>` object
    :rtype: requests.Response
    """
    return request('delete', url, **kwargs)
[Content_Types].xml
_rels/.rels
theme/theme/themeManager.xml
theme/theme/theme1.xml
w toc'v
3Vq%'#q
:\TZaG
IqbJ#x
T[XF64
theme/theme/_rels/themeManager.xml.rels
K(M&$R(.1
[Content_Types].xmlPK
_rels/.relsPK
theme/theme/themeManager.xmlPK
theme/theme/theme1.xmlPK
theme/theme/_rels/themeManager.xml.relsPK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Normal.dotm
Microsoft Office Word
Microsoft Office Word 97-2003 Document
MSWordDoc
Word.Document.8