Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d422839c99927db561f5c019643eacec --

Hashes
MD5: d422839c99927db561f5c019643eacec
SHA1: e6c1322baebf818092af991de744ea1081cfd062
SHA256: b7f9ba5ae3a6590a0e08117f90825e4076e295ab407b85c2ed42a20df478df83
SSDEEP: 1536:EGTJG3gY1xqNUi8tUUoC2RjJ/j8a6tgyQHG:39Sx8UHUUoCcj5ktg5HG
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Install_Shield_2000 | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/InstallShield_2000_additional | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation |
Parent Files
714a658c266c2a4e644e42d4a983a500
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
T$ QRPPPPPP
T$ QRPPPPPP
u PPPPj
u PPPPj
u!PPPPj 
u"PPPPj!
u#UUUUU
u6UUUUU
UUHUUt
uf_^][
u,SSSSj
SSSSj-
u,SSSSj
|$ SSj
u"SSSSj
L$<QhM
D$$QRPV
SUVWPQ
L$`VQR
ujPPPPS
D$LRQP
T$ QRUh
L$hPQh
SSSSHj
D$0RPh
t_Hu+j
SUVWt]H
t.;t$$t(
T$ QRP
D$,SUV
D$LQURP
T$TPQRS
T$LPQRS
D$$QRP
T$0QRPWS
L$0RPQ
D$,PVU
L$$PSQVU
D$ _^]
HSUVWh
VC20XC00U
D$(PWSUQ
VPWSUQ
D$8QVRh 
L$ RQP
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
lstrcmpiA
lstrcpynA
lstrcmpA
lstrcatA
lstrcpyA
lstrlenA
FindClose
FindFirstFileA
DeleteFileA
GetLastError
RemoveDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringA
GetCurrentDirectoryA
SetErrorMode
WaitForSingleObject
CreateProcessA
MultiByteToWideChar
IsDBCSLeadByte
WriteFile
CloseHandle
SetFilePointer
CreateFileA
ReadFile
LocalFree
LocalAlloc
GlobalDeleteAtom
GlobalAddAtomA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFindAtomA
CompareStringA
WideCharToMultiByte
GetFileAttributesA
GetWindowsDirectoryA
OpenProcess
GetVersion
KERNEL32.dll
CharNextA
wsprintfA
DispatchMessageA
PeekMessageA
PostMessageA
PackDDElParam
DestroyWindow
SendMessageA
UnregisterClassA
CreateWindowExA
RegisterClassA
DefWindowProcA
UnpackDDElParam
LoadStringA
LoadIconA
LoadCursorA
MessageBoxA
wvsprintfA
TranslateMessage
GetMessageA
SetCursor
ShowCursor
SetDlgItemTextA
ShowWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
CreateDialogParamA
EnableMenuItem
GetSystemMenu
PostQuitMessage
EndPaint
SetRect
DrawTextA
FillRect
GetClientRect
BeginPaint
SetClassLongA
CharPrevA
CharUpperA
InvalidateRect
SetWindowTextA
UpdateWindow
DialogBoxParamA
SetFocus
GetDlgItem
EndDialog
SetWindowLongA
USER32.dll
CreateSolidBrush
DeleteObject
SetROP2
Rectangle
SelectObject
SetTextColor
SetBkMode
GetStockObject
GetTextMetricsA
ExtTextOutA
CreateFontIndirectA
GDI32.dll
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
ADVAPI32.dll
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHELL32.dll
OleUninitialize
OleInitialize
ole32.dll
OLEAUT32.dll
RtlUnwind
SetEnvironmentVariableA
SetCurrentDirectoryA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
%s  %s
Failed getting curdir
DllUnregisterServer
 /UnRegServer
UnRegisterTypeLib of %s failed : %lx
Couldn't GetProcAddress of UnRegisterTypeLib for file %s : %lx
LoadLibrary failed for %s.
GetLibAttr of %s failed : %lx
LoadTypeLib of %s failed : %lx
Couldn't initialize OLE when unregistering: %s.
Cannot access file: %s.
UnRegisterTypeLib
OLEAUT32.DLL
%s %s %s %s "%s" "%s"
CLIREG32.EXE
/nologo
RegValue:
RegKey:
ShellLink:
ProgManItem:
ShellFolder:
ProgManGroup:
RemoteRegister:
TLBRegister:
ExeSelfRegister:
DllSelfRegister:
TempFile:
SystemFile:
PrivateFile:
SharedFile:
CreateDir:
ACTION:
Title:
CONFIG:
APPDESCRIPTION=
VB.Mooo.Conv.Child
[CreateGroup(
[DeleteGroup(
ProgMan
[DeleteItem(
PROGMAN
$(Programs)
$(Start Menu)
End Component
	End Group
			Type = String(256)
			ID = 2
			Name = "Description"
		End Attribute
"FAILED"
"SUCCESS"
			Value = 
			Type = String(16)
			ID = 1
			Name = "Status"
		Start Attribute
		Class = "MICROSOFT|JOBSTATUS|1.0"
		ID = 1
		Name = "InstallStatus"
	Start Group
	Name = "Workstation"
Start Component
Out of Memory - Cannot initialize language strings.  Cannot continue with Uninstall.
ST4UninstallBkgnd
UninstallString
ST6UNST #
\Uninstall\
\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion
ST6UNST Uninstaller
wwwwwwwwwp