Sample details: c0a4db485d6759fdaab0175157909e23 --

Hashes
MD5: c0a4db485d6759fdaab0175157909e23
SHA1: 0aab2f5bcfe422efa93d0806ff5ee10ac6ee754b
SHA256: 3fd66cbb34e75cf5a0cf2b12d34de68ff51794ae033208c42ac0eaa7f68cf6e3
SSDEEP: 12288:DSxPTqKkZFdefiq7CEwGYjsgiBEosIgv3TT:GVTeZL4RCE7YjsginsIgL
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/url | YRP/domain | YRP/IP | YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/screenshot | YRP/win_mutex | YRP/win_registry | YRP/win_hook |
Source
http://peopleiknow.org/3g76fh
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
@.pdata
@.idata
NTPorts.c
D$HPSP
_^][YY
j9h8_@
t$:jsh@C@
j\jehp
jhhx)@
VWUj6h
j;hX	@
TPh06@
QueryPerfor1an
t$)jehhI@
$j_VSh
RegCloSPj
jUjjj[
4$jlj5j
cheme is %x
ctiveP
legeVu
~du-P3
L$,j8YY
UQRho!@
t$_h`"@
u/<+th<-t1
$14$Wh
jUjjh[
RQh`N@
jxhp1@
jBjSRj
$VUThY
rSj|h 
t$	h8F@
t$ehX[@
t$Ch8J@
PPPPh)
t$hhpS@
14$WP1
<a|#<z
DevMgr2K.c
t-;l$$}
[hsTmA
SPh(_@
ersionInfoSQ
t$4Qh8Y@
t$*ShP:@
$jfURh
GIu;^]Wh
MItlIt
uj_^[]
ZTPThE
Vj7SSh
Pj(jAh
9^|u|3
QQSVWd
@h_^]U
^PjqhV
t$zh@T@
 ug9=A
j1h87@
t$qj3j
t$]h(E@
f9>t)H
jXh )@
jTjxTh
SSSQUh<
Pj_Shp
j-hVH?
j(SSjAh
jzj+h}
_^[]Uj
Qj3QhH
j'h'7?
PSjlSh
TSjzhDw?
jRj#j 
VUQjvRh
QShGQ?
y9jDj-Vh
ERNELh
RQUQhh
j}jrh	
rSj|h 
rameters
ESIF_DATA_STRIetSystemMetrics
anslateMetermination
  Keys
  -----
AIN_TYPE_WIRELE unable to ope
					Comma
4-47DA-C
tdHandle
timerstop
d allocat
0lench-canadian
onment
UnpackDDElPar
esif_lf - 
@ESIF_EVE
Unable to g
12s %-7s %-36s
cInitStatus
E_CORESarget
domain
e to reset th
  <filename
INT_PAS
thread start e
(%d) U
flat up min angXPZ
--------
RegOpenK
CPaintDC
imestamp:   
tcag1\work\3a
@m`vcall'
`typeo9Q
obalFindAto
able fi
etObjectTyp
Error:
psyWnd
CloseThr
CompatibleDC
|D,OvL
Virtua
getb        
c:\tcag1
_TRACEMOD
oducts\esif_uf\d parameter !
er in EsifActI
ontrolsEx
loaded fil
ected m
FromPoint
Tata Length     
terator'
]1\work\3a7a3a3
pttributes
lKTPOOL.DRV
ent wrong, b
T_PARTICIP
hos Parame
HeapReAlloc
Gupright_inve
SetTAP_SELE
montent:    
X64 Plant
O[rQ`-
kR7POT
MS6@,p
BViz$>
EKS1i{
|6${|\
kiSi3#zq	
+nz2o'
pjZTquS
Q,J]%Q
C+6y8ar
iZ%6{b
d{zp:z:
9v38rfi
e;		}~
"&vW:VS
Hj,FI+
h4hIw~
;5t7fB
<B_tXa
e[ctc|+
H~2=\/[I
#g_)n`.@(	
aQ35n'
;{*KG{
ju52o:
Fb7?S9
^l)m,M*
oi+Eyb
,quVr*
^u[n'/(
{jK2<#
rBUOn*
yaH!j4
%ok	}4 
+F^@	0}
O,L&yy
}O7i3\
`85Tgg>
O4~=}v
iO>PqF
~ [GOh
pP2`a!
( s~-s
T@Gwb+
:]'3A_0
E3~ri?b\C
]%VtmT1
=&g'n(V
-3<G+g
<,iUwxu"
&c)m	!
"&_SPj-
8?vJq8
iy@.kA
g^+gU.
 @oT{w
DkZI_'
14o9Hp
Q48@#Q
X0RNbT1
58^unQ-
AG$`gw
y$Wk E
;}:HOrs
"Vzq]s
XRLqIO
Q9p%z*#W&
_ckEq(d'
@]/~qY
d;3wzRVF9U/
t5g 8qyG
WO}pI_
>PADXs"
<?6@EB
YGV4m5
1x1aZW?7
dG}P#&
>Brw;U
<Xr(|H-=-
GcUcNN
.kp"F>
@8YQi`
MEaQa< 
?+YtDv
NCY[;?C
>W a9?
n_vPI7
|4ZPXW#g
w;}D&Q
g:GcpM{
B5d9kD2
uD/H X
gvX<^e
:11Aa}
d2!//g
=2fYfv
clUARf4c5
Yy9:.a>
':];iU
I-18Ep
=$}+:L/w
t $RIV
z1iE	*
1,3%s)AL
Q!KC1Q
%hrDU5
R$+$cNU
0K]n:U/z
1`cX25X
&VNt#"
' ol '
P/rt?Q
FdA2*I
(F4	1J
1n&PO#
KsJ>R1
R$NzkT6!
 VVr=v
*D?7:G
! $5I"
UrRc``k
u8Aq;mg
2oxEp7k
&[\aPo
Yr^!XZ
$U-9[?
&X=B8*
 uDKki[
+\V8tf
~Uh+Ku
=Z,&JpM
5R"KGS%A
i #)7+
UrykH5
08]Db,
eX@7bq
8Mw,5X
0ycjU3+
tY-?)p
C~=NRk
FV#xBC^E
)Tc`S:i
Q6p;0_
YQSa?j
hum?_dc
m"9vdJ
wR[E0z/8Ic
%?s`~?
_g~t?F
^Do2c70
b<H(mA
,D(fHsj
biL08_
;CKc?o0
0NfZFo
"V:E+d
_G8Umu
}$&^%(B
D{`9J=2
O;&z#m]a
Zv@cPn[nc
e?1@q%
7gQwP#
wbOHCU4
k4<=T>
:?e$pq0
!$NmnM
lyEve-
D	DO+y
^3V?:S
-[y~(We
do*'F^
4=>.i!C
RSrrOz
;To 8k>[\
>|ME;M
CBCfNZ
+Gc3 vUO
mQ	n)2
^l^p!d
YDN>*FM
i/{4`!
h/4Ii{Y1
%)&Q5^
4jF*0;
KR}]Y_
;<#p$j
*8Xuxp
_Q@W9\
t *aXx
3O%Y8Em
0<cJJR
@5D$0=/85
Y=qVI)Gm
G^WAh\&
4x*jqQ
iVEvEkZ
kR7l>z
e`KZ3k
Vb{(`'
gqN 5L
H{ ?r?
QC=e.j
f!kKTI
y{C$iZ
%@,LS$
dq#@Bv
W@It!3a^
gmbxQu
=_+ByBpfp
rVVU'3W
hmtHtt0
:YrZ(&G
~=oDuH
 UXtp/v
E+D.:#
K3hfz)
/PaL4a
1x!c!j
g=Wvw{xc
MrqC~H
L5Gv&U.{7
cR|HY0
G~[Xf)
>?P_Nyd
$4o	}d@
ms=sYqP
V_2q"h
U=AFUo
cS8&<{
;pj{S6=
f\zWPC+
gW#ZbMn@
%e7q,H
8D<4Zi'
K7	#dC
_([_pr
~_j1tba_-
A8b@M;
X	A8bSe,
A8bSe 
A8brM;
7^MG7^EU;9
get_participant_data
ipc_ptr return
bad exceptio
    server            Starts the application in server mode.
    create            Creates the object
 Get Current Error level
timerstart                               Start Interval Timer
CMFCRi
etWindowsDirectoryA
CreateMutexA
GetLastError
OpenMutexA
lstrcmpiA
CreateFileA
sValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetStringTypeW
GetConsoleCP
@UUUUUU
IPPGenuine
IPPGenuine
USB\VID_0ac8&PID_0331&MI_00
.?AVbad_alloc@std@@
.?AVexception@std@@
AmA-Tb
BKBKbh~XF
BKBK!;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
^0_CGo>
Z:b[|\
t;.18B
OR&jO,
]0M1dJf
9}e[^M
FaL!<K
S1Kx%k
}^F\5;
TzK^F"v(
Z/Iw8:
	4ny@1K
zm7vVkX
L	My}H
 jM^M7T
^l!jJ9
<N#zbx8
 ,a Wb
goQN00
R7<QHL
il`Rlb
L/6dt0
!@24P,
6Pc^{e
^0`` 1G
]eXv!U^
}[HJa7K
=@tUbx
ou64+d
|F,eF*.
V\8w!m
^LiqvD]
VJ`=s"
qp#5A!
}_.T:1
Tn>tTz
0=[ZZp~
l ~QRE
>4Y&Xoc
5\tlO:
0QQ%w5
EMV0>}
jBj-&Z
	EmGxa
>JJ59A
iM<#{$
Z0_^`-
|\1@ R
=.0w83i
gNl(0+
]6>>O/5
0;{}Q&
PO&ZC&
a&-zY%
`]65<c
:wOKC^
seService@@
V?$CFixedStringT@V?$CSt
LZhvtfXJ<.
RunServices
2<Z-0<
apIcon
iDockFrameWnd@
;H;H;HM[M[M[M[M[M[FactoryMgr@@
IPPGenuine
%x: Cannot
_STATE@@
.?AVCNoT
CMFCMous
mDlgWrapper@@
.?AVAFX_MO
sion\Uninstall
System\
uffman8x8_DCFi
stall Hel
;Iropped.
seTabbedPane@@
&-4;:3,%
$+2981*#
BKTbBK
(BKAD_STAT
DTE_TaskInit
IPPGenuin
Unable to create service[
.?AV_AFX_WIN_STATE@@
BKTbBK
IPPGenuine
IPPGen
.?AVCSet
ay@JJ@@
EAD_STATE@@
IPPGen
ap_traits@KPAXU?
.?AVCMFC
urrentControlSet\Se
?AVCMFCAutoH
Capture Device
ERROR d
AV?$CTypedPtrArray@VCO
kState@@
HandleMap
EncodeHuffman8x8_
KToCMYK_C
.?AV?$CArray@HAB
VCMFCShadowRendereC
Server@CWnd
PEG encoder based onx@@
&-4;:3,%
$+2981*#
IPPGenui
IPPGenuine
CMFCRibbonEdit@@
nePropertyPag
%\N>LZhvtfXJ<.
ScreenImpl@@
.?AVCMFC
Genuine
enuine
IPPGen
12CHINE%s
HKEY_CURRENT_
.?AVCMFCCustomizeMenu
CMap@IIPA
ption@@
?AVCMDupBtn2@@
tNotify@COleControlSite
.PAVCFileE
<nuine
ntainer@COleContro
.?AVCMemoryException@
iCopy_8u_C4P4R
04FC295EE}
ltm_WV?$ChTraitsCRT@_W@ATL@
%d x %d
pleDownH2V2
HomolTimeDef@@
.?AVlogiq
@ATL@@
IPPGenuine
.?AV_AFX_WIN_ST
IPPGenuine
VCOleExc
fghijklmnopqrstuvwxyz
egDeleteKeyExA
RegDeleteK
y@PAUHWND__@@P
.?AV_AFX_BASy
manSpecInitAl
IPPGenuine
enuine
.?AV?$CArray
e@ATL@@
 Denied
.?AVCMFCToolBarFo,
Manufacturer
.?AVCRes
.?AVCWi
stics8x8_ACRefine_JPEG_
abcdefghij
.?AVCOleCon
IPPGenW
AVCImage@ATL@@
16s8u_C1R
VCListB
teSecondModem
ltmodem.cat
PGenuine
IPPGen
IPPGenuine
><UQ<<
ameList@@
TestCmdUI@@
MFCRibbonUndoButton@@
.?AVCMFCRibbonB
AVXOleClientSite@COleCo
@std@@@2@$
List@@
IPPGenuine
$ltem\CurrentControlSet\S
?AVCListCtrl@@
6&DEV_2486
.?AVCSpool
 fps %d.%d Meg/
^lzxj\N>L
olBar@@
.?AVCMF
DataSourceCo
ption@@
Icon@@
.?ACopy_8u
.?AV?$CMap@I
.?AV?$CArray@JJ@@
DockContext@@
IPPGenu
\Class\{4D36
CoInstaller
sePane@@
IPPGenuine
~~~~~~~~~
IPPGenuine
IDropSource@@
VCObject@@
><UQ<<
IPPGenuine
MODULE_THREAD_STA
llbackForQStr
FCVisua
log pho
BKTbBK
H;H;HM[M[M[M[M
f*.inf
IPPGen
essible@CWnd@@
@K@std@@V?$a
.?AVexception@std
XBKBKX
_traits@KPAXU?$less@K@std
.?AVCRibbonU
.?AVCMultibyteCh
mage@Gdiplus@@
.?AVCComCtlWrapper@@
.?AVbad_excep
.?AVty
.?AVCD
AVCAfxStringMgr@@
ippiDCTQuantFwd8x8L
?AVCMFCRibbonSeparator@@
.?AVtype_info
on\RunServices
c@std@@
F&F&F&F
DCPSpeakerVolume
IPPGenuin
e driver
AFX_COLOR_STA
CToolBar@@
gnized command: %s ***
Stopped[ %s ]: %s
ngArray@
.?AVCOleC
ltmodem.vxd
Softwa
.?AVCHandleM
PEG_8u
Software\Microso
IPPGenuine
CloseR0D
t@std@@
icalSection@@
@_WV?$ChTraitsCR
Error 
ap@IIPAUHACCE
TMAP__@@PAU1@@@
.?AUIProper
ippsCopy
anceDialog2@@
XBKBKX
ACRefine_
Genuine
JobPrint@@
map_traits@
xj\N>LZhvtfXJ<.
,:HVdr
,H=Uy;
t:BAX2
><XX;G
kdKEuM
gLSRlf
ke`UI`
i`gXM0
^*`n$B
Mk 1Ho
|`*oFL
s0'3"3
m=8@Us
,{{^$yH
vmkV,y
e+8:#:
XGb`wv
^m5UR^
B/3Egh
Mh(ztn
[{kEXI9
K/B;`(
 \m9+O
YJsF,*
d=M&4$
,J_L5?
pydiQG
0@)SNK
&>C,{/].
m+FvvU
\7F:7k
Nkr*O6
XM*K&q
Ild8P>
J/pO%m
t^9eMrQ
6PRl-30
I=Bm2DEK
S;Wm%"
#E&.U.K1
~'{bW0
mP6Fh.~
GA;Vy6
^}qo>{
b9m4 v
}iw8++
yE`>XR
Fo:UYh
~!b]jd:
\])tkU
m*{}z*
--2!+s
>QK:T5.
{jnB_4
@\Oh8$
r$MA-w
%>JcLH
Q|RtQ2d2
Y?pV(fP
-of 	sL
_1[[_<
p,Af``1
$4DWBm
(^@& y
a-{+gN
?PLU.-
,MyY{l
P.m3p_
K7EmFSd`
[0efO#
Kb~ijq
x	LFb*
k?>AM7Y
NB77|;
L`pmc7
r<M+P&
sdTMbb
/M?COim
&!oYMI
P/)%';
*VZNh@
CloseHandle
CreateEventW
CreateMutexW
CreateThread
DebugBreak
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindResourceW
FreeLibrary
FreeResource
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileAttributesW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetTempPathW
GetUserDefaultUILanguage
GetVersion
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockResource
MulDiv
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
SetCurrentDirectoryW
SetLastError
SetUnhandledExceptionFilter
SizeofResource
SystemTimeToFileTime
TlsGetValue
WaitForSingleObject
lstrlenW
KERNEL32.dll
CoInitialize
CoUninitialize
OleInitialize
ole32.dll
ClosePrinter
GetPrinterDriverDirectoryA
WINSPOOL.DRV
PlaySoundW
WINMM.dll
RegCloseKey
ADVAPI32.dll
ShellExecuteW
Shell_NotifyIconW
SHELL32.dll
BeginPaint
CallNextHookEx
CallWindowProcW
ClientToScreen
CreateDialogParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawMenuBar
DrawTextW
EnableMenuItem
EnableWindow
EndDialog
EndPaint
FindWindowExW
FindWindowW
FlashWindowEx
GetClassLongW
GetClassNameW
GetClientRect
GetCursorPos
GetDesktopWindow
GetDlgItem
GetForegroundWindow
GetMenu
GetMenuItemCount
GetMenuItemRect
GetMessagePos
GetMessageTime
GetMessageW
GetParent
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindowLongW
GetWindowRect
InsertMenuItemW
InsertMenuW
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
MessageBoxW
ModifyMenuW
MoveWindow
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetCapture
SetCursor
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetTimer
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
WindowFromDC
WindowFromPoint
USER32.dll
BitBlt
CombineRgn
CreateCompatibleDC
CreateFontIndirectW
CreateRectRgn
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetObjectW
GetPixel
SelectObject
SetBkColor
SetBkMode
SetTextColor
GDI32.dll
wwxTDE
xTDDDDE