Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ce0652c12f137f39778697fa3e4dc6e9 --

Hashes
MD5: ce0652c12f137f39778697fa3e4dc6e9
SHA1: a7a2379469d32aaadfde0193c058937d9c047e53
SHA256: ec909c7d4991bda1c89240c2ffd092c92cbca5b5e17c8d26e0d0ad71c789d08b
SSDEEP: 1536:itBhvGqOnO8cSxiFUqwOWaB3d6m9a+3HiBEdktH0MLJr61xHaeb:itHvG1nO8/mUqo+d6ZQetH0+Jr61Qg
Details
File Type: PE32
Yara Hits
YRP/MSVCpp_DLL_v8_typical_OEP_recognized_h | YRP/MSVCpp_DLL_v8_typical_OEP_recognized_h_additional | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation |
Parent Files
754ee79b4dca5f311090e6b5929aadfa
Strings
		!This program cannot be run in DOS mode.
q5RichU
`.data
@.reloc
FreeLibrary()
DLL_PROCESS_DETACH
d:\bt\256\private\multimedia\directx\setup\dsetup\dsetup\dsetup.c
CloseHandle()
DllMain
CreateMutex()
DSETUP DLL Mutex
DLL_PROCESS_ATTACH
RegCloseKey()
RegQueryValueEx()
StringToVersionInfo() failed.
Version
GetRegistryDXVersion
RegOpenKeyEx()
software\microsoft\directx
GetProcAddress()
Module: %d, Function: DirectXInputCreateA
DirectInputCreateA
LoadLibrary()
Unable to create path string, %s%s.
\DINPUT.DLL
GetVersionEx()
SetCurrentDirectory()
GetSystemDirectory()
GetRunningDXVersion
GetCurrentDirectory()
DirectXSetupGetVersion
GetRunningDXVersion() failed.
SetDlgItemText()
CreateDialog()
DirectXSetupCallback
SetFocus()
Not fatal...
LocalAlloc()
LocalFree()
mmioRead()
mmioClose()
DirectXSetupGetFileVersion
mmioDescend()
DirectXDeviceDriverSetupA
DestroyWindow()
DirectXDeviceDriverSetupA()
DirectXDeviceDriverSetupW
DirectXDeviceDriverSetupW()
DirectXUnRegisterApplication: Completed.
DirectXUnRegisterApplication: ERROR!
RegDeleteKey()
Unable to delete key %s.
RegEnumKeyEx()
Index: %d
Unable to find GUID.
RegQueryInfoKey()
WideCharToMultiByte()
Unable to convert GUID from UNICODE to ANSI.
StringFromGUID2()
SOFTWARE\Microsoft\DirectPlay\Applications
Invalid parameter - GUID is NULL.
DirectXUnRegisterApplication
Current logon user doesn't have the Administrator privilege.
DirectXUnRegisterApplication:
DirectXSetupIsJapan == 0
DirectXSetupIsJapan == 1
DirectXSetupIsEng == 0
DirectXSetupIsEng == 1
ValidateDXRegAppStructA:  Valid struct
Invalid structure member - lpszCurrentDirectory is NULL.
Invalid structure member - lpszPath is NULL.
Invalid structure member - lpszCommandLine is NULL.
Invalid structure member - lpszFilename is NULL.
Invalid structure member - lpszApplicationName is NULL.
Invalid structure member - structure size is incorrect.
ValidateDXRegAppStructA
Invalid parameter - structure pointer is NULL.
ValidateDXRegAppStructA:
ValidateDXRegAppStructW:  Valid struct
ValidateDXRegAppStructW
ValidateDXRegAppStructW:
distinction98 failed generally
distinction98 failed GetKeyboardType
DirectXSetupIsJapanNec == 0
DirectXSetupIsJapanNec == 1
Module: dsetup32.dll,  Function: iDirectXSetupGetEULA
iDirectXSetupGetEULA
Module: dsetup32.dll, Function: DirectXSetupShowEULA
DirectXSetupShowEULA
Module: dsetup32.dll, Function: DirectXLoadString
DirectXLoadString
Module: dsetup32.dll, Function: DirectXSetupSetCallback
DirectXSetupSetCallback
Module: dsetup32.dll, Function: DirectXSetupCallback
Module: dsetup32.dll, Function: iDirectXSetup
iDirectXSetup
Unable to find backslash.
\DSETUP32.DLL
GetModuleFileName()
LoadDSetup32
LoadDSetup32() failed.
DirectXSetupGetEULAA
Invalid parameter - output buffer is NULL.
Insufficient buffer.
MultiByteToWideChar()
malloc()
Unable to allocate memory block.
DirectXSetupGetEULAW
DirectXSetupA
***DirectXSetupA***
DirectXSetupA(): hWnd: %08X dwFlags: %08X
DirectXSetupW
DirectXSetupW()
DirectXRegisterApplicationA: Completed.
DirectXRegisterApplicationA: ERROR!
RegCloseKey() failed
RegSetValueExA().
RegSetValueExA()
RegCreateKeyExA()
Application name is too long, %s.
XDirectXLoadString() failed.
Function pointer XDirectXLoadString is not initialized.
Invalid parameter - struct pointer is NULL.
DirectXRegisterApplicationA
MyLoadStringW
DirectXRegisterApplicationW: Completed.
DirectXRegisterApplicationW: ERROR!
MyLoadStringW().
RegSetValueExW()
RegCreateKeyExW()
Application name is too long.
MyLoadStringW() failed.
Not running NT 4.0. Version: [%08X]
Not running NT. Platform ID: [%08X]
 GetVersionEx()
DirectXRegisterApplicationW
DirectXRegisterApplicationW:
Unable to load %s.
d:\bt\256\private\multimedia\directx\setup\dsetup\dsetup\dsinline.c
IsAdmin
Module: %s, Function: %s
IsNTAdmin
advpack.dll
DXBuildPath
StringCchPrintf()
%s %s: %s: (null)
%s %s: %s: %s
DSETUP
DXSETUP_DPF(): Unable to open log file.
DXSETUP_DPF(): path name too long.
%s%s%s
DirectX.log
DXSETUP_DPF(): GetWindowsDirectory() failed.
DXError.log
%s(): %s
    File in process:	
DXSError(): FormatMessage() failed, error = %d.
DXSError(): FormatMessage() failed, system cannot find message text for error.
(0x%x)
    Error:		
%s(): %s failed.
%s(): %s failed, error = %d.
%s(): %s failed, error = 0x%x.
    Failed API:		%s
 module: %s(%s), file: %s, line: %d, function: %s
Jul 28 2006
[%s %s]
--------------------
CorExitProcess
mscoree.dll
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
runtime error 
TLOSS error
SING error
DOMAIN error
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
`h````
ppxxxx
(null)
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
InitializeCriticalSectionAndSpinCount
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SetThreadStackGuarantee
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
DSETUP.pdb
t%SPh8
tDSShH
t=SShH
tgSSh 
u%hT @
v'h4 @
'VWhd!@
QQSVW3
HHtxHHtt
VC20XC00U
F,98uX
btFHt+
v	N+D$
;F(r(8_
;t$(v(
UQPXY]Y[
PPPPPPPP
PPPPPPPP
j4hx5@
t!SS9]
WWWWVSW
WWVPVSW
FreeLibrary
CloseHandle
GetLastError
CreateMutexA
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetVersionExA
SetCurrentDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
LocalFree
LocalAlloc
lstrcmpA
WideCharToMultiByte
GetSystemDefaultLCID
GetModuleFileNameA
SetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
CompareStringA
GetWindowsDirectoryA
FormatMessageA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
GetLocalTime
ExitProcess
GetModuleHandleA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
SetFilePointer
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
SetEndOfFile
ReadFile
KERNEL32.dll
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
MessageBoxA
SetDlgItemTextA
CreateDialogParamA
SetFocus
DestroyWindow
GetKeyboardType
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegCreateKeyExW
ADVAPI32.dll
mmioRead
mmioClose
mmioDescend
mmioOpenA
WINMM.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
StringFromGUID2
ole32.dll
DSETUP.dll
DirectXDeviceDriverSetupA
DirectXDeviceDriverSetupW
DirectXLoadString
DirectXRegisterApplicationA
DirectXRegisterApplicationW
DirectXSetupA
DirectXSetupCallback
DirectXSetupGetEULAA
DirectXSetupGetEULAW
DirectXSetupGetFileVersion
DirectXSetupGetVersion
DirectXSetupIsEng
DirectXSetupIsJapan
DirectXSetupIsJapanNec
DirectXSetupSetCallback
DirectXSetupShowEULA
DirectXSetupW
DirectXUnRegisterApplication
84<4H4X4h4x4
0(585D5P5`5p5|5
8&8,888J8O8U8[8a8m8s8x8
9#9Q9o9
:":=:H:
; ;&;+;?;J;P;U;z;
<)</<H<O<e<k<q<
=c=j=t=
>#>6>[>a>n>t>z>
?L?]?c?
0L0W0\0g0z0
2/282H2a2g2|2
3,313<3G3M3R3\3j3
4(43484T4_4d4
646R6X6l6r6
7&7;7F7Z7}7
8-848E8L8]8d8u8|8
9 91989I9P9a9h9y9
;#;.;4;9;a;x;~;
<"<1<8<J<P<W<]<f<m<s<y<~<
=(=/=5=;=@=M=T=Z=c=j=p=v={=
>#>3>D>K>U>j>z>
?"?(?-?7?P?`?u?{?
020B0R0\0h0
1N1]1c1h1s1
2Z2d2|2
313]3l3
4$4*4L4U4o4
5"5+5A5\5g5
6*656f6o6
7*7W7d7w7~7
8$8R8^8{8
9 9'9O9]9d9n9
: :;:F:K:h:v:}:
:2;7;X;f;m;
<:<H<O<
=/=;=@=J=W=l=x=}=
>F>M>Y>a>
1)1/1R1\1w1
2$292B2I2N2Z2m2t2
263;3@3n3
4#4?4G4S4`4l4y4
4?5U5a5i5q5}5
6 6/646:6I6N6V6d6j6t6z6
7!7*70797?7H7O7v7{7
9.9E:W:
; ;^;l;
010L0T0\0g0n0v0|0
1,181>1X1p1v1~1
2C3U3h3n3
4!4&4,444P4V4i4
5(5C5I5l5
7/7M7o7
7"8-878H8S8
<-<:<B<K<R<y<
=#=.=5=A=F=u=z=
:D;S;n;+>
595L5R5u5|5
7c9q9w9
:1:7:B:G:O:U:d:j:
;u;8<><y<
2W2_2f2u2
3M5p5{5
546O6^6k6w6
747a7u7~7
9$;M;e;
<O=Y=^=c=h=
>+>B>O>j>
?8?P?g?p?v?
0%0.0K0`0f0n0u0
1"1W1_1g1|1
2#2`2u2
3!3+353=3C3L3S3X3a3f3
4&4-454:4W4g4
6'6J6h6v6
6!7`7 8_8~8
=;>U>^>
?;?Y?`?d?h?l?p?t?x?|?
>0I0d0k0p0t0x0
1b1h1l1p1t1M2b2z2
393P3W3]3t3{3
4#4+464?4i4
5%5G5T5
8+868H8S8e8p8
:$:D:f:
<4=B=T=
>">H>U>Z>h>
2"2-2W2
;@<G<j<
f0r0~0
0T0\0d0l0t0|0
0P2`2d2l2
3 9$9(9,9094989<9`9h9l9p9t9x9|9
:$:(:,:0:4:8:<:@:D:H:T:
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
031204000000Z
131203235959Z0S1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
http://ocsp.verisign.com0
0http://crl.verisign.com/ThawteTimestampingCA.crl0
TSA2048-1-530
?7!Op1
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA0
031204000000Z
081203235959Z0W1
VeriSign, Inc.1/0-
&VeriSign Time Stamping Services Signer0
http://ocsp.verisign.com0
"http://crl.verisign.com/tss-ca.crl0
TSA2048-1-540
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
970110070000Z
201231070000Z0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority0
060404174414Z
120426070000Z0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
#;q@4G
X1AU8~
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
^KIP9&: 
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA0
060404194346Z
071004195346Z0t1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
r0p1+0)
"Copyright (c) 1997 Microsoft Corp.1
Microsoft Corporation1!0
Microsoft Root Authority
:http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl0O
3http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0
Washington1
Redmond1
Microsoft Corporation1+0)
"Copyright (c) 2000 Microsoft Corp.1#0!
Microsoft Code Signing PCA
"http://www.microsoft.com/directx/ 0
VeriSign, Inc.1+0)
"VeriSign Time Stamping Services CA
060728163030Z0