Sample details: cd297fa39cca5dc6d88c6dcc7f2a36e4 --

Hashes
MD5: cd297fa39cca5dc6d88c6dcc7f2a36e4
SHA1: 82b0821bcf5ad6a5d3e0b9ccb922ff6b56a15775
SHA256: a1a125157cb9ba4945c73b32c456238666f1abd084e32237e242afba64daf535
SSDEEP: 768:+K1IucYTPjVlXz4y2fNA2qZTa+nxyGgq033rn4e84GTLJKZaoT8E72Qf14cfxW:qCVLxyF4e84GTLkZaoT8E72S28W
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation |
Strings
		!This program cannot be run in DOS mode.
+.N]7 N
+.NRich
`.rdata
@.data
L$XQh p@
\$pUWh
u!hpp@
u*hpp@
L$$hXt@
D$$h`t@
D$ hht@
L$ hht@
D$Hh|t@
L$DSSj
D4T<$u
l$ VWU
l$8VWj
@Qh`t@
L$`Ph|t@
L$`Ph|t@
D$<h,u@
D<P<$u
T$0Qh|t@
T$0Qh|t@
T$`h<u@
T$<SRP
??3@YAXPAX@Z
??2@YAPAXI@Z
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
MessageBoxA
wsprintfA
DestroyIcon
LoadImageA
SendMessageA
GetDlgItem
CheckDlgButton
EnableWindow
GetDlgItemTextA
PostQuitMessage
DestroyWindow
SetWindowTextA
SetDlgItemTextA
SetTimer
EndPaint
BeginPaint
ShowWindow
IsWindowVisible
SetWindowLongA
GetWindowLongA
CreateDialogParamA
KillTimer
DialogBoxParamA
FindWindowA
USER32.dll
DeviceIoControl
GetLastError
CreateFileA
WriteFile
DeleteFileA
lstrcatA
GetSystemDirectoryA
CloseHandle
ReadFile
SetFilePointer
GetModuleFileNameA
lstrcpynA
GetVersionExA
lstrlenA
CreateThread
CreateEventA
SetEvent
ClearCommError
WaitForSingleObject
SetCommState
GetCommState
SetCommTimeouts
SetupComm
LocalAlloc
GetLocalTime
ResetEvent
SetCommMask
lstrcpyA
LocalFree
CreateDirectoryA
GetSystemTimeAsFileTime
OutputDebugStringA
WaitCommEvent
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegCreateKeyA
CreateServiceA
StartServiceA
OpenServiceA
ControlService
DeleteService
RegDeleteValueA
RegQueryValueExA
ADVAPI32.dll
Shell_NotifyIconA
SHELL32.dll
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SETUPAPI.dll
SYSTEM\CurrentControlSet\Services\XPort\Parameters
Can't open service manager
Can't create service %d
Error: Service marked for delete.
Restart Windows and try again.
Error: Service already exists.
Fixing.  Try again.
Error: Bad driver.
Error starting XPort driver (%d)
Make sure you're not using the slected port.
Error: Service disabled.
Restart Windows and try again.
Error: MID not found.
Unable to find XPort.sys
Error: Invalid COM port, or driver is confused.
\\.\%s
Error: You do not have proper rights
Error: Unable to find XPort.sys in archive
\drivers\xport.sys
Error: Unable to open XPort archive
C:\GPSLog\Gps
Logging
LogPath
Software\CuriousTech\XPort3
SYSTEM\CurrentControlSet\Control\COM Name Arbiter
System32\Drivers\XPort.sys
Software\Microsoft\Windows\CurrentVersion\Run
Port%d
\\.\COM%d
%s (%s)
.%d-%02d-%02d.%02d.%02d.gps
No output ports selected
Please disconnect from COM%d
%d %d, 
[%d %d], 
%d ?, 
GPS on COM%d at %d
No GPS Found
XPort %d %d %d
%02X%02X%02X%02X%02X%02X%02X%02X
XPortMsgWnd
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
!This program cannot be run in DOS mode.
Rich1q
h.data
.reloc
DriverWorks (c) Copyright 2003 Compuware Corporation
F|;Fxr
F$;F t/
hDdk j
9A(}#;
hDdk PS
F08XEt*
F08XDt*
hDdk P
hDdk Pj
hDdk Pj
hDdk Pj
hDdk Pj
t6Ht,Ht"Ht
hDdk Pj
WSShj*
j@WSShv*
hDdk Pj
hDdk Pj
VhDdk jDj
8SVWhDdk 3
~ Yj@h
hDdk WS
hDdk WS
hDdk Pj
ExAllocatePoolWithTag
ExFreePool
IofCompleteRequest
KeQueryTimeIncrement
KeTickCount
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
ZwClose
RtlInitUnicodeString
KeInitializeSpinLock
ObfDereferenceObject
KeSetPriorityThread
KeGetCurrentThread
ZwDeleteValueKey
InterlockedExchange
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
ntoskrnl.exe
KfAcquireSpinLock
KfReleaseSpinLock
HAL.dll
IoDeleteDevice
RtlAppendUnicodeStringToString
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
IoRegisterShutdownNotification
IoUnregisterShutdownNotification
ZwOpenKey
ZwCreateKey
memmove
RtlCopyUnicodeString
ZwQueryValueKey
ZwSetValueKey
RtlIntegerToUnicodeString
IoGetDeviceObjectPointer
4 4$4(4,404l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
9	:":@:I:
3)434?4D4K4
5*5/565Q5
5-6?6J6
6A7r7f8l8
:2:::Y:
"000L0
132I2N2S2_2d2i2s2}2
4#565H5m5
5-6L61888?8F8M8T8_8
: ;&;.;<;t;
C:\Prog\BSRC\XPort3\sys\objfre\i386\XPort.pdb