Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ce0155405ea902797e88b92a78443aeb --

Hashes
MD5: ce0155405ea902797e88b92a78443aeb
SHA1: 8adff69050d14a57d7f553ca8978439af188c192
SHA256: 789c3c45eda1749bd939f4a96616e1e9ef1b7dcc62a2889f65088954c64d0938
SSDEEP: 3072:+VrhrwLXcA2Ha/joWklbo/Acjwm4AaW7zozn/zgOh0Z76:fklbsqmyWnoz/P
Details
File Type: PE32
Yara Hits
YRP/fasm_Tomasz_Grysztar_additional | YRP/Microsoft_Visual_Cpp_vxx | YRP/fasm_Tomasz_Grysztar | YRP/Microsoft_Visual_Cpp_DLL | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/Armadillo_v4x | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_files_operation |
Parent Files
714a658c266c2a4e644e42d4a983a500
Source
Strings
		!This program cannot be run in DOS mode.
I!Rich!
`.data
@.reloc
:0_0;0_
0_ j0_`=0_pj0_
>0_`>0_
@0_`A0_
v0_ v0_0v0_
m0_0h0_
v0_PW0_
Y0_`\0_
W0_PW0_`W0_pX0_ Y0_pu0_
m0_0m0_
m0_pm0_
m0_@u0_Pu0_`u0_
Q0_0R0_
J0_`J0_ K0_pK0_
K0_ L0_`L0_
L0_ M0_`M0_
M0_0N0_pN0_0O0_
P0_PP0_
P0_ Q0_
0_ j0_@j0_pj0_
0_PW0_
kernel32.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
?IsProcessorFeaturePresent
KERNEL32
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
united-states
united-kingdom
united states
united kingdom
turkey
taiwan
switzerland
sweden
south-korea
south korea
singapore
russia
pr-china
pr china
portugal
poland
norway
new-zealand
new zealand
netherlands
mexico
ireland
iceland
hungary
hong-kong
hong kong
holland
greece
great britain
germany
france
finland
england
denmark
canada
britain
brazil
belgium
austria
australia
america
turkish
swedish
spanish-modern
spanish-mexican
spanish
slovak
russian
portuguese-brazilian
portuguese
polish
norwegian-nynorsk
norwegian-bokmal
norwegian
korean
japanese
italian-swiss
italian
irish-english
icelandic
hungarian
german-swiss
german-austrian
german
french-swiss
french-canadian
french-belgian
french
finnish
english-usa
english-us
english-uk
english-nz
english-ire
english-can
english-aus
english-american
english
dutch-belgian
danish
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#SNAN
_hypot
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
Qh@80_
ShP80_V
t$ ;l$
ShP80_V
5$80_;
5(80_;
5t80_;
5x80_;
5d80_;
5h80_;
0$0_QV
54$0_V
t&j WS
Rh`80_
S0_;S0_US0_oS0_
S0__T0_hV0_
T0_#U0_dU0_
U0_.V0_
D$ SPU
8$0_PRV
<$0_PV
@$0_PV
D$0_PV
H$0_PV
L$0_PV
P$0_PV
=` 0_QV
\ 0__^
D$0j P
L$$RPQ
L$\_^f
D$$jZP
f;OVu(f
f;OVu(f
Qh ,0_
RhP80_V
80_j	P
T$TRUUh
hX$0_P
WhX$0_P
9=p$0_
|$(t#f
t0_Nt0_`t0_~t0_ot0_
t0_?t0_
Nw0_Rw0_Vw0_Zw0_
@PQPRj
x"0_^3
E$0y0_
|$(vh;
tG9}(vB
"0_;EDu
"0_UVWP
VDQh!0
"0_;FDu>
Qh 90_
` 0_UWV
=T!0_R
D!0_PU
H 0__^][
L"0__^
L$4h090_j
RhP90_U
Wj(PQ3
T$0Qhp
L$0PQh
5$80_;
5(80_;
5t90_;
5x90_;
ulf9x uff9x0u`f9x@uZf9xPuTf9x`uNf9xpuHf9
HtJHt+
F RjdP
 0_9D$
D$$)D$
T$dPQRS
x 0_h(
T$lPQRS
D$ QUPV
D$8RPQ
$ 0_[^_3
D$$RPQ
L$<PQSR
$ 0_[]^3
D$ PQR
L$4Wh@
D$4Wh@
T$(SUP
T$0PQRW
D$,SUQ
D$4QRPW
D$(SUQ
D$0QRPW
j<_^][Y
+0_h`.1_d
=CWLTt,=GWLTt%
Ph )0_
\$,UVW
D$@_^][
L$ QRS
t$@Wj,PV
|$8 EMFt
\$HSjB
D$(tkP
2_WUSPQR
2_WQRUSP
5D 0_;
9|$lu"9|$pu
D$pf9l$,
D$@PjB
D$\QPV
|$,ltut
T$0RVS
T$8PQRVS
D$0PVS
L$0QVS
t$LWPV3
` 0_jBSUj
` 0_UV
D$ SUV
QRWPUV
T$ QRV
D$TSUVW3
tX9|$hu
=,!0_S
T$$WVR
@!0_]^
 0_VWj
8!0_PWS
T$$SU3
D$@RjB
G,QRUP
!0__^][
!0__^][
h"0_Vj
T"0__^][
L1(PVQ
T$PUPWR
T$ VRW
D$ _^][
h0+0_h`.1_d
=CWLTwHtM
=GWLTu
2_f;D$
+0_h`.1_d
Ph`(0_j
Qhp(0_V
=P!0_;
=$!0_f;
5 !0_hl
(SUVWj
T$LVVQRW
L$4VVQ
D$4RPW
=T!0_P
+0_h`.1_d
+0_h`.1_d
+0_h`.1_d
,0_h`.1_d
,0_h`.1_d
=d 0_j
=d 0_j&V
L$$RPQ
h0,0_P
1_pG1_
t.;t$$t(
VC20XC00U
1_w<j	
"0_^][
1_tBjtj
HSUVWh
!0_f9|$F
!0__^][
D$ _^]
d!0__^
1_SUVW3
!0__^][
!0_UVW
WUVQh 
|$$UWQ
L$ PPVQj
D$$RVPj
!0_UVW
VRWSUP
D$0PVQh 
&2_h  
"0__^3
WuBh(00_
	2_P	2_R
VPj1Sj
G Pj*Sj
G,Pj-Sj
G@PjFSj
GLPjISj
GXPjLSj
GdPjOSj
GpPj:Sj
G|Pj=Sj
S RjPVj
C$PjQVj
C*PjTVj
C-PjWVj
 SUVW3
PPPPPPPP
PPPPPPPP
h 	2_PQ
h8	2_PQ
QSUVW3
T$(SSSSWQh 
VUWPh 
T$$WSR
L$ RQP
WWURj	S
zuTVVVSU
5|!0_W
T$$PPj
T$,PQj
D$TRVP
T$DQPR
L$ PQF
KK<5|1;
(2_UVW
L$ _^]+
T$(SUVf
f9|$(w
9D$*u,9D$.
80_SVW
(2_SV;
"0__^[
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetLastError
GetVersion
GetProcAddress
LoadLibraryA
WideCharToMultiByte
IsDBCSLeadByte
MulDiv
FreeLibrary
LockResource
LoadResource
FindResourceA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalDeleteAtom
GlobalAddAtomA
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
SetLastError
KERNEL32.dll
GetSysColor
SetWindowLongA
GetWindowLongA
DestroyWindow
SetFocus
IsWindow
SetActiveWindow
GetActiveWindow
PostQuitMessage
PostMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageW
GetMessageA
SendMessageA
EnableWindow
GetParent
GetFocus
CharNextA
GetWindowTextA
CharLowerA
SendMessageW
GetDlgItem
GetKeyState
ReleaseDC
GetDialogBaseUnits
GetClientRect
IsWindowUnicode
GetTopWindow
WinHelpA
wsprintfA
DestroyIcon
CreateIcon
CreateCursor
DrawIcon
GetSystemMetrics
GetIconInfo
CopyIcon
CopyImage
RegisterClipboardFormatA
USER32.dll
GetDeviceCaps
SelectObject
GetTextMetricsW
GetTextMetricsA
GetTextFaceW
GetTextFaceA
EnumFontFamiliesExA
CreateFontIndirectA
DeleteObject
GetPaletteEntries
GetTextExtentPointA
DeleteMetaFile
DeleteEnhMetaFile
PatBlt
CreateBitmap
SetMetaFileBitsEx
GetEnhMetaFileHeader
GetBitmapDimensionEx
GetObjectA
StretchDIBits
GetDIBits
StretchBlt
RealizePalette
SelectPalette
GetStockObject
GetObjectType
GetCurrentObject
GetWinMetaFileBits
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SetTextColor
SetBkColor
SetStretchBltMode
RestoreDC
EnumMetaFile
PlayEnhMetaFile
OffsetViewportOrgEx
GetWindowOrgEx
IntersectClipRect
SaveDC
SetEnhMetaFileBits
GetBitmapBits
CreateCompatibleBitmap
DeleteDC
BitBlt
CreateCompatibleDC
GetMetaFileBitsEx
GetEnhMetaFileBits
CreatePalette
PlayMetaFileRecord
SetDIBits
SetBitmapBits
Escape
CreateDIBSection
CreateDIBitmap
CreateHalftonePalette
GDI32.dll
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoCreateInstance
StgCreateDocfile
StringFromGUID2
CoGetMalloc
ole32.dll
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA
RegFlushKey
ADVAPI32.dll
OLEAUT32.dll
GetCommandLineA
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LCMapStringA
LCMapStringW
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetLocaleInfoW
RaiseException
FlushFileBuffers
CloseHandle
SetStdHandle
SetFilePointer
OLEPRO32.DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor
comctl32.dll
PropertySheetA
CreatePropertySheetPageA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
MS Sans Serif
COMCTL32
CLSID\%s
HelpDir
InprocServer32
urlmon.dll
CreateURLMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback
RevokeBindStatusCallback
asycfilt.dll
FilterCreateInstance
MS_AsyncImage_DCWait
MS_AsyncImage_Display
MS_AsyncImage_Abnormal
MS_AsyncImage_Finished
{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
Standard Font
StdFont
Obsolete Font
OldFont
Standard Picture
StdPicture
InprocServer32
ProgID
0_pv0_
1_olepro32.dll
OleIconToCursor
OleCreateFontIndirect
OleCreatePictureIndirect
OleLoadPicture
OleTranslateColor
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
oleaut32.dll
P1_tO1_
`'1_d/0_
1_`'1_X/0_
x1_L/0_
1_@v1_@/0_
t1_8/0_
dQ1_jQ1_oQ1_uQ1_zQ1_
R1_>R1_CR1_]R1_bR1_
S1_&S1_:S1_RS1_fS1_
T1_*T1_/T1_IT1_NT1_nT1_
U1_&U1_>U1_RU1_rU1_wU1_
60_|60_x60_t60_p60_l60_h60_d60_`60_\60_T60_H60_@60_860_x60_060_(60_ 60_
50_P	2_.
CompObj
RDAAAAAAAA
QDAAAAAAAA
PDAAAAAAAA
ODAAAAAAAA
NDAAAAAAAA
MDAAAAAAAA
LDAAAAAAAA
KDAAAAAAAA
JDAAAAAAAA
IDAAAAAAAA
HDAAAAAAAA
GDAAAAAAAA
FDAAAAAAAA
EDAAAAAAAA
DDAAAAAAAA
CDAAAAAAAA
BDAAAAAAAA
ADAAAAAAAA
ZCAAAAAAAA
YCAAAAAAAA
XCAAAAAAAA
WCAAAAAAAA
VCAAAAAAAA
UCAAAAAAAA
TCAAAAAAAA
SCAAAAAAAA
RCAAAAAAAA
QCAAAAAAAA
PCAAAAAAAA
OCAAAAAAAA
NCAAAAAAAA
MCAAAAAAAA
*\R7c0*#3
*\Rffff*#d
*\Rffff*#18
*\R7c0*#4
*\Rffff*#19
*\Rffff*#19
*\Rffff*#18
*\R7c0*#3
*\Rffff*#d
*\Rffff*#7
*\Rffff*#8
*\Rffff*#5
*\Rffff*#6
*\R7c0*#4
*\Rffff*#5
*\Rffff*#6
*\Rffff*#7
*\Rffff*#8
*\Rffff*#d
*\Rffff*#1d
*\Rffff*#1d
*\Rffff*#1c
Standard OLE Types
MCAAAAAAAA
GBAAAAAAAA
NCAAAAAAAA
HBAAAAAAAA
OCAAAAAAAA
IBAAAAAAAA
PCAAAAAAAA
JBAAAAAAAA
QCAAAAAAAA
KBAAAAAAAA
RCAAAAAAAA
LBAAAAAAAA
SCAAAAAAAA
MBAAAAAAAA
TCAAAAAAAA
NBAAAAAAAA
UCAAAAAAAA
OBAAAAAAAA
VCAAAAAAAA
PBAAAAAAAA
WCAAAAAAAA
QBAAAAAAAA
XCAAAAAAAA
RBAAAAAAAA
YCAAAAAAAA
SBAAAAAAAA
ZCAAAAAAAA
TBAAAAAAAA
ADAAAAAAAA
UBAAAAAAAA
BDAAAAAAAA
VBAAAAAAAA
CDAAAAAAAA
WBAAAAAAAA
DDAAAAAAAA
XBAAAAAAAA
EDAAAAAAAA
YBAAAAAAAA
FDAAAAAAAA
ZBAAAAAAAA
GDAAAAAAAA
ACAAAAAAAA
HDAAAAAAAA
BCAAAAAAAA
IDAAAAAAAA
CCAAAAAAAA
JDAAAAAAAA
DCAAAAAAAA
KDAAAAAAAA
ECAAAAAAAA
LDAAAAAAAA
FCAAAAAAAA
MDAAAAAAAA
GCAAAAAAAA
NDAAAAAAAA
HCAAAAAAAA
ODAAAAAAAA
ICAAAAAAAA
PDAAAAAAAA
JCAAAAAAAA
QDAAAAAAAA
KCAAAAAAAA
RDAAAAAAAA
LCAAAAAAAA
Picture
Object
StdType
OLE_COLOR
OLE_XPOS_PIXELS
OLE_YPOS_PIXELS
OLE_XSIZE_PIXELS
OLE_YSIZE_PIXELS
OLE_XPOS_HIMETRIC
OLE_YPOS_HIMETRIC
OLE_XSIZE_HIMETRIC
OLE_YSIZE_HIMETRIC
OLE_XPOS_CONTAINER
OLE_YPOS_CONTAINER
OLE_XSIZE_CONTAINER
OLE_YSIZE_CONTAINER
OLE_HANDLE
OLE_OPTEXCLUSIVE
OLE_CANCELBOOL
OLE_ENABLEDEFAULTBOOL
OLE_TRISTATE
FONTNAME
FONTSIZE
FONTBOLD
FONTITALIC
FONTUNDERSCORE
FONTSTRIKETHROUGH
IFontDisp
StdFont
IPicture
Picture
IPictureDisp
StdPicture
Unchecked
Checked
Italic
pitalic
Underline
punderline
Strikethrough
pstrikethrough
Weight
pweight
Charset
pcharset
phfont
lplpfont
IsEqual
lpFontOther
SetRatio
cyLogical
cyHimetric
AddRefHfont
ReleaseHfont
QueryInterface
AddRef
Release
GetTypeInfoCount
GetTypeInfo
GetIDsOfNames
Invoke
Handle
phandle
pwidth
Height
pheight
Render
lprcWBounds
phdcOut
SelectPicture
phbmpOut
KeepOriginalFormat
pfkeep
PictureChanged
SaveAsFile
lpstream
fSaveMemCopy
lpcbSize
Attributes
lpdwAttr
SetHdc
*\G{00020430-0000-0000-C000-000000000046}#1.0#0#C:\WINNT\System32\stdole32.tlb#
TYPELIB
4 4(4,4044484<4@4D4H4L4P4T4p4|4
5 5(5,5054585<5@5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6(6,6064686@6D6H6L6P6T6X6`6d6h6l6p6t6x6|6
7 7$7(7,7074787@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7
7`9d9h9l9p9t9x9|9
: :$:(:,:0:8:<:@:D:H:L:P:T:X:`:d:h:l:p:t:x:
; ;$;(;,;8;<;@;D;H;L;P;T;X;`;d;h;l;p;t;x;
:5;?;J;
=(=f=l=t=}=
>8?C?e?
1Z2f2m2v2}2
2;3E3L3S3Z3a3q3
4!4'4,424@4P4Z4c4i4
5>6O6_6
6N7_7o7
7	8B8O8[8
969>9R9
141?1D1R1o1u1
2<2Q2b2t2
7"7(7079798
=#>7>q>
0$0[0a0
2'3:3X3|3@4Q4X4e4k4
9%979X9g9
9*:F:L:T:]:
:H;q;w;};
<(<><I<
1	2?2~2
5 5$5(5,505B6M6\6
6J7d7x7|7
8$8>8o8
9M:U:[:e:
:1<B<|<
4#4,494J4O4X4b4h4v4
525:5A5
6.7d7h7l7p7t7x7
:A;_;f;q;~;
676@6J6R6Y6
7"7T7X7\7`7d7q7
8'878Z8k8{8
9):6:B:j:
:,;A;R;d;
4X4\4`4d4h4y4
5(6,6064686R6h6u6
6,7\7g7
8J9[9x9
:":2:h:|:
;K;j;};
<'<L<r<
?#?/?I?k?
0A1V1b1
6v7{7t8
9p9w9f:m:}:
:7;Q;l;
>8>M>a>
?,?>?M?`?
0b0m0u0/1p1z1
2,373a6
657S7b7p7
8-8A8Q8g8{8
=.=3=L=W=
=">L>V>`>k>v>
>8???X?l?y?
2%3,393
44585<5@5D5i5
7'8R8s8
:%;7;R;
=&=7=F=Q=t=
2<3@3D3H3L3P3T3x3|3
4_536>6H6
: ;\;Y<j<q<
3)323;3B3J3O3T3]3b3h3p3u3{3
5$525A5O5
657<7u7|7(8,8084888|8
9 :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:);0;
< <$<(<,<0<4<8<B=I=
6%6+616\6n6
7X7g7w7
949U9z9
<<=V=[=~=
>%>V>[>~>
0&0E0e0x0}0
1?1Q1n1
3.3J3^3y3
4+4:4@4M4]4b4q4
5 5,5C5L5q5
5)676L6
8O8U8Z8x8~8
9+919Q9\9e9
9E:a:p:
;d;j;o;x;~;
0%121y1
2!2,212>2C2
444;4B4`4h4{4
4>5G5~5
6&6T6g6
7I7P7d7k7
<6<?<N<[<c<i<s<y<
=0=;=A=F=L=U=^=e=
>9>D>I>N>S>X>q>y>
>#?9?G?
02090@0U0a0p0
1.2B2K2g2
243>3Q3X3a3j3r3
474E4L4h4o4
5%5@5r5
5V6q6w6
<K=[=g=y=
081`1e8
!0(0:0Y0f0x0
0$1B1x1
3"3+313:3
4#4)4B4I4Q4f4
:1:A;\;l;z;
= =2=N=U=
404D4X4k4w4
5&555G5M5S5`5k5
;i;n;s;x;
?1?i?~?
8 8$8(8,8084888
9 9'9,90949Q9{9
: :$:(:,:
<)<%=7=P=
?b?k?~?
020f0n0|0
2A2J2r2
3F3q3z3
9>:E:_:
> >$>d>h>l>p>t>
0.0;0R0_0h0
6.7;7@7V7
6D7Q7z7^8d8j8p8v8|8
6 6$6(6,6064686<6
848D8T8
90:4:8:<:@:D:
;";&;*;.;2;6;:;>;B;F;J;N;R;V;Z;^;b;f;j;n;r;v;z;~;
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
7P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:8:D:L:T:\:d:l:t:|:
olepro32.dbg
olepro32.dll