Sample details: d5fabcdf60b9b1ed47c0e5f4ec7f8017 --

Hashes
MD5: d5fabcdf60b9b1ed47c0e5f4ec7f8017
SHA1: c01257751cea457b19ba687749df76ae724234b4
SHA256: 6846b7075c80352af6469c20915f39ce83f20a035384650ee3cc017367bc1804
SSDEEP: 3072:dkccackRFhasNNvee9v+opyML5L3zhsPXYah20/rGVC7dC:pFBmU9sA+G
Details
File Type: PE32
Yara Hits
YRP/GenerateTLSClientHelloPacket_Test | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_files_operation | YRP/VC8_Random |
Source
http://photoscape.ch/Setup.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
(sm\	3-8
}t#iQYm<
`s@ G9
<ch$y@
8@p+/g#
QXq#/7c<
uh#!!-t
I-$c]`
VVRPQVVV
F PWVQ
F PWVS
0WWWWW
0WWWWW
QQSVWd
0SSSSS
_VVVVV
^WWWWW
f-00f=
tNIt?It0It 
URPQQh
s[S;7|G;w
tR99u2
0A@@Ju
t$<"u	3
>=Yt1j
< tK<	tG
j@j ^V
0SSSSS
v	N+D$
_VVVVV
tRHtCHt4Ht%HtFHHt
	X 9} 
;t$,v-
UQPXY]Y[
t"SS9]
0SSSSS
PPPPPPPP
0SSSSS
PPPPPPPP
v	N+D$
<+t(<-t$:
+t HHt
t+WWVPV
bad allocation
fighters 
Save current changes in %s?
Notepad
map/set<T> too long
deque<T> too long
list<T> too long
invalid map/set<T> iterator
bad allocation
string too long
invalid string position
Unknown exception
GAIsProcessorFeaturePresent
KERNEL32
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
?5Wg4p
"B <1=
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
?_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetTickCount
SetConsoleCursorPosition
GetStdHandle
ReleaseMutex
WaitForSingleObject
SetEvent
GetModuleHandleA
SleepEx
QueueUserAPC
GetCurrentThread
CreateEventA
GetLogicalDrives
CreateMutexA
GetCurrentProcess
AllocateUserPhysicalPages
HeapAlloc
GetProcAddress
GetConsoleWindow
SetConsoleScreenBufferSize
LoadLibraryW
SetConsoleWindowInfo
lstrlenA
CloseHandle
GlobalUnlock
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileA
GetLastError
KERNEL32.dll
GetKeyboardLayout
SetScrollInfo
ScrollWindow
GetDlgItem
EnumDesktopsA
GetWindowThreadProcessId
FindWindowA
SetMenu
LoadMenuA
EndDeferWindowPos
KillTimer
SetWindowPos
GetWindowRect
GetDesktopWindow
SetWindowRgn
GetWindowLongA
SetWindowLongA
SetFocus
GetKeyState
GetSysColor
wsprintfA
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
InsertMenuItemA
ClientToScreen
GetClientRect
USER32.dll
ExcludeClipRect
CreateRectRgnIndirect
GetStockObject
PolyBezier
SelectClipPath
EndPath
TextOutA
BeginPath
GetTextExtentPoint32A
SetTextColor
DeleteObject
Ellipse
SelectObject
CreateSolidBrush
CreatePen
BitBlt
GDI32.dll
ChooseColorA
GetOpenFileNameW
COMDLG32.dll
LogonUserA
ADVAPI32.dll
SHGetDesktopFolder
SHELL32.dll
StgOpenStorage
CreateStreamOnHGlobal
CoUninitialize
CoGetMalloc
CoInitialize
ole32.dll
OLEAUT32.dll
ODBC32.dll
GetBestInterface
IPHLPAPI.DLL
COMCTL32.dll
ImmReleaseContext
ImmSetConversionStatus
ImmGetConversionStatus
ImmSetOpenStatus
ImmGetContext
ImmIsIME
IMM32.dll
lineSetAgentGroup
lineSetAgentActivity
lineSetAgentSessionState
lineSetAgentMeasurementPeriod
lineSendUserUserInfo
lineSecureCall
TAPI32.dll
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Clipping
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
"|mp}r
jl)N(6T
L\T8j=
_QDNQ$
0DO7DpY)
p|fTu\
sfi8\?L
.;|4|o
{A@HH{
Ns ib>=
$lf8a`
@#\kLm
88S)!|$
#b}nf>	 
Oi3hs'
O)*6)$
jGAWV!
PU2$=q
a]hcM-_^k
y%ERIx-
VUx	>YN
V$y-	_
{2-~m=
@HrqA}
&}ynuAm
fAZ`Pr8t
&8{h]!
2G)d3Z
6\uuUwW
28O]Tw
vo	R_;!
wP<x{[O
)wZdR'
_B/~Uk
'aE<oL
'lduG 3
/gd?EK
H*cl)O
swO$$c
kXI	Mg"
4f6>#j
nnnmKKK
nnnmKKK
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""DDB"""""DDB"""""DDB"""""DDB"""""DDB"""""DDB"""""DDB"""""DDB"""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB"!DDDDDDB!DDDDDDB$
!DDDDDDB""""""""""D
""""D334""""D334""""D
""""D334""""D334"""@
""@33334""@33334""@
""@33334""@33334""@
""@33334""@33334"!333333B!333333B$333333
!333333B"""""""""$
333B""$
333B""$
4D3B""$
4D3B""@
""@33334""@33334""@
""@30334""@30334""@
4""@4DDD4"!333333B!333333B$333333
!333333B""""""""" 
"" 33334"" 33334"" 
""@33334""@33334""@
34""@3
4""@4DDD4"!333333B!333333B$333
!333333B"""""""""@
""@33334""@33334""@
""@33334""@33334""@
34""@0
4""@4DDD4"!330333B!330333B$330
!334333B"""""""""@
""@33334""@33334""@
""@33334""@33334""@
4""@4DDD4"!33
33B!33
33B$33
!33DC33B"""""""""@
""@33334""@33334""@
""@33334""@33334""@
""@330
4""@330
4""@4DDD4"!30
33B!30
33B$30
!34DD33B"""""""""@
""@33334""@33334""@
""@33334""@33334""@
""@333
4""@333
4""@4DDD4"!3
3B$333333
!3DDDC3B""""""""" A
B"" C333B"" C333B"" A
B"" C4D3B"" C4D3B""@
""@33334""@33334""@
""@33304""@33304""@
4""@4DDD4"!333333B!333333B$333333
!333333B"""""""""$
330B""$
330B""$
330B""$
330B""@
""@33334""@33334""@
""@33334""@33334""@
""@33334""@33334"!333333B!333333B$333333
!333333B""""""""""@
"!333333B!333333B$333333
!333333B"""""""""""DD""""""DD""""""DD""""""DD""""""DD""""""DD""""""DD""""""DD""""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB""$DDDDB"!
$DDDDDDB!
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""(
6:_Zc:c[g
R[c:_:_
srB[g|o|k{kZg|k
k{kZc[g[g[g9_RB
s{k{g[g
s|k[g[g1:
PA&=O8
ybrowser
=uDNSHook
AFDLLHook
KWindows
UTypes
SysInit
System
zuMemHelper
DCPbase64
SysUtils
ImageHlp
SysConst
BrowserExtra
CUxTheme
SyncObjs
^Classes
"RTLConsts
sActiveX
3Messages
QTypInfo
CVariants
$VarUtils
CommCtrl
DwmApi
5Themes
&Controls
Consts
YStrUtils
EActnList
+Graphics
8Registry
IniFiles
vMenus
ImgList
Contnrs
MultiMon
StdActns
(ShlObj
UrlMon
?WinInet
RegStr
*ShellAPI
Clipbrd
Dialogs
RHelpIntfs
WideStrUtils
ExtCtrls
GraphUtil
dStdCtrls
Printers
WWinSpool
3CommDlg
FlatSB
+uAppHelper
	uCommon
uConst
JConsts
$TntStdCtrls
TntWideStrUtils
TntWindows
TntSysUtils
TntFormatStrUtils
TntClasses
TntSystem
FComObj
qComConst
WideStrings
TntActnList
6TntMenus
sTntForms
TntStdActns
`TntDialogs
QTntExtCtrls
TntGraphics
TntControls
xTntClipBrd
ListActns
nComCtrls
ComStrs
ToolWin
RichEdit
Buttons
)CheckLst
UDCPsha256
9DCPconst
DCPcrypt2
IEUtils
TIeConst
=PngSpeedButton
pngimage
pnglang
ZLibEx
_DateUtils
2PngButtonFunctions
PngFunctions
PngImageList
WinThread
NativeXml
WinSvc
AdvStrings
WinSock
uAPIHook
uShareCookie
uTabLib
FavIconList
FavIconDB
SQLite3
SQLiteTable3
ComServ
0uIECommon
MSHTML_TLB
StdVCL
OleServer
OleConst
OleCtrls
AxCtrls
SHDocVw_TLB
uIEAPIHook
uPageClient
BuDownloading
uCapWnd
=Masks
guCaptureImage
uMaskLayer
EmbeddedWB
oleacc
0uBrowserDragDrop
uHTTPProtocol
uTabProcess
vuBrowserMDIHelper
/uBrowserProtocol
uRssUtils
[uIInternetProtocolEx
UuIEContextMenu
uShortCut
IETravelLog
uAppEvnts
GDIPAPI
DirectDraw
,GDIPOBJ
DeskBand
7TB2Dock
TB2Item
TB2ExtItems
ShLwApi
	TB2Consts
TB2Common
{TB2Version
TB2Toolbar
TB2Hook
GMMSystem
hTB2Anim
TB2ToolWindow
TBXDefaultTheme
TBXUxThemes
TTBXUtils
TBXThemes
TBXLists
[TBXExtItems
TB2MRU
uMediaBar
uInstantSearch
gclHttpHeader
clUtils
clWUtils
JclTcpClient
clSocks
clSocket
clWinSock2
clFirewallUtils
9clSspiTls
clCertificate
clEncoder
1clStreams
@clTranslator
rclCertificateKey
clCryptUtils
YclCryptAPI
@clSspi
clSspiUtils
JclCertificateStore
clTlsSocket
superobject
clHttpUtils
!HistoryDB
clHttpRequest
clHttp
clZLibStreams
clHttpAuth
nclSspiAuth
clUriUtils
clWinInet
yclCookies
clMailMessage
zclEmailAddress
clHtmlParser
$uDownloaderCommon
FastMM4
FastMM4Messages
OYW28L7G9JQ2H9TATYFXW5QTS7USASPAGEVE
PADTPF0
Tfrm_Insert
frm_Insert
BorderIcons
BorderStyle
bsSingle
Caption
Waiting for disc
ClientHeight
ClientWidth
	clBtnFace
Font.Charset
DEFAULT_CHARSET
Font.Color
clWindowText
Font.Height
	Font.Name
Tahoma
Font.Style
OldCreateOrder
Position
poMainFormCenter
OnClose
	FormClose
OnCreate
FormCreate
OnShow
FormShow
PixelsPerInch
TextHeight
TImage
Image1
Height
Picture.Data
	TPngImage
;IDATx
d/+YXqC
Ab$D9IQ
j(55uhq
t@h: $
^h+Y\faXCGn
Xocnv8%o
TLabel
lbl_Message
Height
AutoSize
Caption
lbl_Message
Transparent
Layout
tlCenter
WordWrap	
TLabel	lbl_Media
Height
AutoSize
Caption
	lbl_Media
Transparent
Layout
tlCenter
TButton
btn_Cancel
Height
Cancel	
Caption
Cancel
Default	
Enabled
TabOrder
OnClick
btn_CancelClick
TTimer	tmr_Start
Enabled
Interval
OnTimer
tmr_StartTimer
TTimer	tmr_Check
Enabled
Interval
OnTimer
tmr_CheckTimer
TTimer
tmr_Check2
OnTimer
tmr_Check2Timer
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <assemblyIdentity
    name="Hilaly"
    type="win32"
    version="5.0.0.0"/>
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
  <security>
   <requestedPrivileges>
    <requestedExecutionLevel
     level="AsInvoker"
     uiAccess="false"/>
   </requestedPrivileges>
  </security>
 </trustInfo>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
8A8g8n8u8
979M9k9q9w9}9
:D;O;Y;c;j;p;
:0;Z;m;x;
>2L2Z2j2t2
4$5:5J5m5s5
6C7Q7b7p7v7
7!8<8G8_8h8n8
<)<B<R<[<c<~<
=4=P=X=b=|>
>a?g?m?
1%111l1v1|1
2:2N2c2m2y2
6O7e7r7y7
8 8'888>8P8k8z8
9+90989>9D9x9
;R<W<_<e<l<
?1?@?Q?
0#0)03090m0
1)1/1A1M1`1o1
3/353;3C3I3P3
4	4'4,494A4T4l4{4
5#5+595S5b5s5
7)7/7A7M7`7o7
92989>9T9^9e9t9z9
:&:,:2:f:~:
:=;C;I;f;n;|;
;)<6<C<W<f<w<
> >1>7>I>d>s>
?%?+?3?9?@?r?
B0O0\0p0
1=1U1[1m1y1
2 2&2Z2r2x2~2
373O3U3[3a3
5#5-5I5V5`5z5
6&656F6
797@7Q7W7i7
848E8K8S8Y8`8
9&9,939y9
91:6:<:D:J:P:
:(;@;F;L;a;p;u;
;:<@<F<d<i<z<
<+=0=6=@=G=y=
=I>O>T>^>e>
?"?@?E?R?Z?h?
020A0R0
1@1X1^1d1z1
20252F2T2o2~2
4 4T4l4r4x4
4+51575T5\5j5}5
6$616E6T6e6
7+71777=7[7`7q7
8+888L8[8l8
92989>9P9d9i9z9
9Y:^:f:l:r:
;N;f;l;r;
;$<*<<<J<S<b<i<
=+=:=K=
>9>A>S>
1&272F2R2Y2_2k2v2
4'4;4A4Q4W4e4~4
5$5*50565<5B5H5N5^5r5
566N6y6
919<9N9b9
:':4:d:
?:?A?Y?
0]1u1z1
4A4I4Y4r4z4
626=6,7A7
819V9j9|9
?O?h?o?w?|?
0^0d0h0l0p0
3?3X3_3g3l3p3t3
4N4T4X4\4`4
5!5K5}5
1)252E2Q2n2t2
7A8M8a8m8y8
9/9?9K9Z9$:n:
;5;I;T;
<!<(</<6<=<D<K<R<Z<b<j<v<
<-=5=B=
>3>?>K>W>|>
?(?1?:?y?}?
2/3=3C3N3Z3o3v3
4$454;4F4P4V4b4q4w4
5(5K5`5
8$8*81878>8D8L8S8X8`8i8u8z8
9"9B9H9d9
:&:O:T:k:
:):1:A:V:
;Y<_<x<~<)=F=
=5>>>J>
1@1K1U1n1x1
4"444O4W4_4v4
4'585[5 6J6
9$:<:G:k:t:{:
;;;N;f;x;
<*<b<l<
>6?<?R?]?t?
0-0_0x0
3:3?3M3\3
4+494?4b4i4
8)828?8J8\8o8z8
9!9*979=9W9h9n9
70B0J0U2a2
8L9q9e:
314K4T4v4
445?5b5&636H6M6R6W6g6
657:7A7F7M7R7
7Z8i8x8
:,;2;V;y;
<@<R<_<k<u<}<
)030K0R0\0d0q0x0
4-4?4Q4c4u4V6d6j6z6
7~:t;|;/<
=R>X>h>
8R;V;Z;^;b;f;j;n;r;v;z;~;
 1B1b1
2 2+2/242
`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
3,303D3H3X3\3`3h3
4 40444D4H4X4\4d4|4
4,505L5P5l5p5x5
6,6P6\6d6
7 7D7X7h7
8 8$8(808D8L8`8h8p8x8|8
909P9p9
: :(:,:D:H:X:|:
; ;$;,;@;\;`;|;
< <@<\<`<|<
0 0<0\0|0
2J3N3R3V3h3l3
809@9P9`9p9
:$:,:4:<:D:L:T:\:d:l:t:><B<F<J<N<R<V<Z<^<b<f<j<n<r<v<z<~<
="=&=*=.=2=6=:=L=T=\=d=l=t=|=
? ?$?(?,?0?4?8?H?P?T?X?\?`?d?h?l?p?t?