Sample details: dcdb83a37e27cd70406391d53557467a --

Hashes
MD5: dcdb83a37e27cd70406391d53557467a
SHA1: e0c8b1cc1a817e74be988733a540521e9b7a1cb8
SHA256: 070d4eada1ee9ce14a4eadd78c365aacdf9ff3c0c9458265ee0df8eb8ea2fb61
SSDEEP: 6144:oLLaBCdrBBFQutMa9i2KK86MTdBnJGVH+pqQLQwXShV1rVshJE+cbbLvcmwVIuU2:oa8rf5zc9ijEQwszqJ5kcm+In2
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/PerlApp602ActiveState | YRP/IsPE32 | YRP/IsConsole | YRP/IsPacked | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/android_meterpreter | YRP/MD5_Constants |
Strings
		!This program cannot be run in DOS mode.
-Richs
`.rdata
@.data
GPVWPPP
t6j@_+
@VhaT@
D$4VSP
^9t$@u
D$00;@
t$$W+0
t$$+\$$+0
P0;Q(t7
A0;B(t7
J0;H4t[
J0;H(t7
P0;Q(t7
A0;B(t7
J0;H(t7
A0;B4t[
J4;H,u
v@aTR'
 inflate 1.1.4 Copyright 1995-2002 Mark Adler 
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindFirstFileA
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringA
GetLastError
FindNextFileA
LeaveCriticalSection
EnterCriticalSection
GetTempPathA
GetVersionExA
InitializeCriticalSection
LockResource
LoadResource
FindResourceA
LoadLibraryExA
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
MultiByteToWideChar
WideCharToMultiByte
ExitThread
KERNEL32.dll
MessageBoxA
USER32.dll
GetUserNameA
ADVAPI32.dll
malloc
fprintf
fclose
strlen
sprintf
strcat
strcpy
getenv
memcpy
memcmp
strchr
strstr
localtime
_pctype
_isctype
__mb_cur_max
strcmp
fwrite
strncpy
fflush
vsprintf
_errno
__p__environ
memset
perror
_setjmp3
_assert
strrchr
wcscmp
_strdup
_mkdir
_getpid
_chmod
_strnicmp
_putenv
_rmdir
_unlink
_close
_stricmp
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
calloc
Panic: Cannot reallocate argv
Panic: Cannot determine full path of '%s'
0123456789abcdef
Buffer too small - perhaps license file was modified while reading it
Cannot read license file '%s'
License file '%s' does not exist
ActiveState.lic
ACTIVESTATE_LICENSE
Could not create directory '%s'
Directory '%s' does not exist
ActiveState
Couldn't find HOME / USERPROFILE / HOMEDRIVE&HOMEPATH / windir
windir
HOMEPATH
HOMEDRIVE
\Application Data
USERPROFILE
ACTIVESTATE_HOME
SHGetSpecialFolderPathA
shell32.dll
SHGetFolderPathA
shfolder.dll
Commercial
IssuedDate
LicenseType
UpdatesUntil
ExpirationDate
Panic: Some symbols not resolvable from %s
Error: Can't locate %s
Error: Can't locate either %s or %s
Make sure the ActivePerl bin directory is in your PATH
Panic: Can't create %s
Panic: Can't extract %s
Panic: Can't allocate memory for %s
Panic: Can't extract MD5 checksum for %s
Panic: Can't malloc name (%d)
perl.md5
Panic: Can't find temp dir for perlapp
Perl_sv_2pv
perl_run
perl_parse
perl_free
perl_destruct
perl_construct
perl_alloc
boot_DynaLoader
Perl_win32_init
Perl_sv_setpv
Perl_sv_setiv
Perl_sv_2pv_nolen
Perl_sv_2pv_flags
Perl_sv_2mortal
Perl_sv_2iv
Perl_sv_2bool
Perl_stack_grow
Perl_set_context
Perl_newXS
Perl_newSVpv
Perl_newSViv
Perl_newSV
Perl_hv_store
Perl_gv_fetchpv
Perl_get_sv
Perl_get_hv
Perl_get_context
Perl_eval_pv
Perl_croak_nocontext
Perl_call_list
Perl_Ttop_env_ptr
Perl_Tstack_sp_ptr
Perl_Tstack_max_ptr
Perl_Tstack_base_ptr
Perl_Tscopestack_ix_ptr
Perl_Tmarkstack_ptr_ptr
Perl_Tdefstash_ptr
Perl_Tcurstash_ptr
Perl_Tcurstackinfo_ptr
Perl_TXpv_ptr
Perl_Isv_undef_ptr
Perl_Isv_no_ptr
Perl_Iperl_destruct_level_ptr
Perl_Ipatchlevel_ptr
Perl_Iorigenviron_ptr
Perl_Iexit_flags_ptr
Perl_Iendav_ptr
Perl_Gcurinterp_ptr
cleanup path
cleanup entry
mkdir("%s") failed, errno=%d
chmod("%s", 0755) failed, errno=%d
TEMP path need more than %d characters
*TMPDIR
tmpdir
Panic: Can't alloc %d bytes for %s
PerlApp::lic
PerlApp::dl_reg
PerlApp::LoadLibrary
PerlApp::_dlmap
PerlApp::_use
PerlApp::_check
PerlApp::_init
PerlApp::no_linestr
PerlApp::get_temp_dir
PerlApp::bfs
PerlApp::exe
paperl.c
DynaLoader::boot_DynaLoader
env_kill entry
PERL5SHELL=
PERL5DB=
PERL5OPT=
PERLLIB=
PERL5LIB=
env_kill
This program is not compatible with Windows 9x
*DYNDLL
DynDLL
rmtree failed
DB::single
PerlApp::PERL5LIB
Panic: new_argv overflow
Error: cannot load shared library '%s'
Your trial license has expired.
Please purchase a license from %s
Your license does not cover this version of the product.
Please purchase an upgrade from %s
Panic: Can't find bfs section
You don't seem to have a valid license.
Please purchase a license from %s
Retrying without debugging...
-e BEGIN {}
-e#line 1 "%s"
hashline
script
*SCRIPTNAME
scriptname
RuNlIb
BEGIN {chop($PerlApp::RUNLIB = <<'RuNlIb');
DOLLaR_NULL
BEGIN {chop($0 = <<'DOLLaR_NULL');
*TAINT
$ENV{PERL5DB}
PERL5DB
PERL5DB=BEGIN { $PerlApp::P=$^P; $^P=0; delete %s; PerlApp::_init(%d); eval %s('%s'); die $@ if $@; $^P=$PerlApp::P;}BEGIN { require 'perl5db.pl' }
PERLDB_OPTS=
PERLDB_OPTS
*DEBUG
debugger options
-eBEGIN { PerlApp::_init(%d); eval %s('%s'); die $@ if $@ }
perl56.dll
perl58.dll
*PERLDLL
perldll
*CLEAN
shared libraries
--err2out
*RUNLIB
runlib
bfsx list entry
PAPERL
Panic: paperl not initialized
*SETUP
*PROVIDE
provided modules
SerialNo
*SHARED
shared
PerlApp::APPDATA
copyright
suffix
release
PerlApp::version
PerlApp::_paperl
Panic: _paperl not defined
Usage: _check(FILE, SCRIPT, CHECK)
no_linestr: unexpected scope stack entries
Usage: no_linestr()
*DLMAP
Can't find temp directory
Usage: LoadLibrary(libname)
Usage: dl_reg(handle)
..\..\BFS\src/bfs.c
bfs_ok(bfs)
..\..\BFS\src/bfs.c
i->file
..\..\BFS\src/bfs.c
i->file->f_entity_size == i->file->f_stored_size
..\..\BFS\src/bfs.c
bfs_ok(bfs) && name
..\..\BFS\src/bfs.c
hashtable->h_dir_offset
DisableThreadLibraryCalls
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
KERNEL32.dll
kernel32
DynDllMain
unknown compression method
invalid window size
incorrect header check
need dictionary
incorrect data check
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
invalid literal/length code
invalid distance code
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
invalid distance code
invalid literal/length code
jZ-TT[
lmXQg$!
-RcmooRh[Q
u2P'V/
Si/7& 
$v?42VU
&	(PK}
m4}!6?
zCxT[5
W2n7Xn
uoSk:g
h^=`ML
pooONw
BOI=j*
6]@EZZ
)F-	;V
7rI*gd
#Y4W,3
^+-*p_
8q0%\3A!
I?0(+4
Kx!	wB
wu+_G	
zduSnlYL
)/Yi0a
u(e-=I
s6O!``u
K4i7zi
h-5d L
mHW3g"
9 {ak7
:O@''7
sJ}6z@
W5	A9H
K(V_@J
.1D.HwMc 
c-5<84
 RY>A>2Q
{{1 lDX
Z-+tk!
!&ZZEwQ,
S\RH1)(E
dn#[jdk
F'kxf0)
}L]n~9
V`u8w'
w[MITs
pdkun!
*u}4t+_
R(4`Dx
gTO5HO
1>.{m 
grkp?i
kR$^*+
$[$LyQ
n.A+Y%
^|1?#x
t~	IJX
;zX_qY{)L
\f--`a
$Y'st-
l4:	i"/6
SflZr2
gN@*`~b
y'm{.c
	|J%x]
e6HKlu
A,osiu
AqJ>zb
nRh;0F
EYV]IS
(wc/fA
?IQj%	
P/;7(H
KdIX!@
K__<,YQ!+)
;'{MLy
%r#A1)o
;l%J{J
imX|cLx
RKGKe4
p|+J||D
BhG-9TC
*^Y ,Z
s0(MvLx
(%af-$B
p5-|G	)
U)TRX:
0Uc@pS
@_)	ax
#!,auU?
hg3o@x
!&%~JK
^YdHkF
dZJHl*
bW0&\3
vtPhfH
zBNQY9
S27L#SY
cPp~`^(
$=7Ret
Ir/\FJr
}*m[]F
yYBx_d
==)]AT
9bn$0I
1.kLxh4
9OA7+)
^<\y'6
i8F>c!
~-@s	j
BVtz"L
s@[`^%
0_3H"$
!#_.M;
(pz@c^v]
c:--hv
Tjm)LG
ON|\&Nux
qxN_x 
SKu++t%f
'B+:\$
gN:RKo
GcEo@k
&ENd)&
WG*S1<
?::-zy
k=R,I`
x\o wv
P+X_]/
h8XE44
@t$lws
{|H{j9 G
o']WDqg
	"*IYV
cX.)51a
OEmUCG
>1<c#l
v7?j!)c1
q&O#%7
}|rV'0
+(L%OMG
dG~c2=sH
W~nl>S
7/"^{U
	7FB=+
?$21?u0
EPHQx4J
b<ada:
".@Rah
$::cOQ7v
!NbzRZ
&6|4Fr
CkBhnu
Z#5'z$
,sM<)TE
#"z;}<
s@\&IWK+p
'WS9C5
3iL}Of
T=x?[;
	l PAh
^8t[==|
(t'.)[
t/Z"BR
+P0)o4
TwZgva
9Wa9e:#V
x}He{	
>y{%J47
N	+XNx=
xuF[aPI~b
T[`aUn#EY
HI~{#2
[A.jw8
nT;-j+
B.lY8_
QGASf#
b;PYdu-
~B_}!Z4`%
V&y1<eyV
D)Dj}4
uRp{mR{
B$m+k)
,HG@*?
i[BjVu
V`&Cm9
g8U%y'
nm	r%1,
UR@/:U
cZ^bJIg
g:Nx'#
gkJ<4I.{
Z]5z	L
?AeE1Hs
VO{!Nn
9|=8YRL
*+*r%V:
WXsUO$
Rh+e~X$
vp+SES&
V]p/lm
XE~t%=
=C{t+k
#\JN 1
*7%zp	
ci7jKH3Ao
q13jfFG
)/:BXpS
7S Sy.Lw0&Z
:gZ>H7
i$iU`!
"5>"+]
HVc@XA
s.Zsx>
FHiCy*
\On\8p
qovAvb6i
=p62QId"
@a~uV1
F3U}'tx
YtAAtI
LVwmhT	4
<CmZA}
uz2%os
8[HYcBx
]G#2[,l
98vtDG
'Ot%$ 
lul4|o
=4gZ<q#z
b`a0+~
o6.s:#
S"jl@(&O9@
PJM%NI
MW.;D5Ls
ow~z79?
Jx7c20ko
h!&{,oyi
3E;;U3&
k}<#I}
%Ip)7c
B$o**a0
)+5V@]
m":/G}[
n<':;P
_mjbrSj
bLPTXz
AOu25G
0-+/sU_
TkpxB{
q5g\>F
lLJ~EK
?*WYwi
V-YIJN
(35gTy<e
kF6oPv
{;+Arl~
$-Hkg'l
WW@S+`/
JunCk`
"Y<?oQx
ewX8"]
JN(bIX2
0,4@nJ
3M|XU"
r>< zq
M]7LN}Ayi
ybB;},w
n,	gcI-
9eT02HXz
EJe+[v
"M3WHF,
M6% 4vY
,S>UGbnX
^RKga*
jv4)NX
f75~_.`<
&#"OF,
0c+4Q?
P[/y8v
eI"w%	q
<##^]D
;gwB!>"c
I6{CkR
Mqn$&u
V3Zg$b
T5\Cv)
p"ATk*_
cagTx`
Re;X',
#T#t,&
'wP'c<
\)EBIP}Mw
;UK7vC'&z
FX!_H)
d40SYG
s7wd1w
XEtd+]-
kVvqbe
=rXK'8rd
FS\gY'
6e+Zq*
&iS-P @
LkiR]A
]e\Ie\
V_cnn_
1K_BeX
L@5DCW
:/^_|6^
An-;*^pk
EausX-
#+we$g
&,Pz>]J
KWQLO]e
69\d~ 
R/1(9^
;cpm?w
jM-4PWF)
f #r?Z&
'pi)	\ZJ
of\Z 4
,#:p\G
,;B1Ml
3iQ1m7B
X.!}#a
m/bIxF
#8Q)ufFd
gEjU?W
m$uC5}
vU^B>3
7fe[iL
nu Gjk@j
6~5T"W
/1zZo-
yuEEk	
27ASBS
a|ci@-A,
P&c;>#
?##3#hz
"s3#h_
~@1bGP
x%Y+pv
$o;*[|
Fyja:u*
?zbr|C
ks}QfGcEJ
{L~DGYa@Ya
wrsVJK
^z/a])
}1)/`6\
'w/r_K
#RYx~Yl
{di|qx
A@sQ|_
Vqa4n7
2amC;]q
xLHsB-6
|B`/#0
x?lg>-
-&>O"	
|	E5/[
B?8p$w=t
;t_az>
oG$;0a
$u_t6u
G[:BSnf
Yo]ua(
NX	ra%
q$"@BI
>8iLu>XB
k<&5xk|c
SKIV?9
AwG<Z3
gq3L+Ez2
-%Rp3mi9
ZRiet<
khls~k
%%ZF2l,
R\'/d7/
sn)|m1
iA';-8nP
<>ZWAqh
s'@L<V
wR+onL
vK-^5s
"`-"2/
=E\$]H
\L&eev
M45;\s
Mm}rsy
DE@]Q[
6 Tz	~
dy!UmM"
g_<a.&
YL$y~\<
#Q.ZK4
8CJ+ti
z2>W:_
w_]Wrn	
7#vn,6\
v%^"2^
)S#fZ-
fVF'Zy
a#N!]u
d?nR@o
LtHq%/
$#Ymd$k
<08x_A
u4bbGQJf
zBW7	L&; n
}9ne+K!4
6%%ng)
IoIp"~
k3Em3.
uyL_AJ
_+9'^r
!9W&r>
~d)j!)e
u@(dyh
0aTqcg
@kK_2m
S0n"vo
`:z(o0d
jLZ`FS
7Y~Tb\
kn7\`'
8$;pHv
L*`e9'
HXy+"\y
ynU6~UW
-VKR,1
-v.ckC
yQ_&b7?
P*t=!/
Z9wRV-
L]OW&T
$4OI`|Y
0&8b,2
e,w~$2z~,N
 !3L/s
ngTDTu
i{|tI<:
uZY"+-
)?eT_?k#
YR!Atd
n]gKi(
RRk@;,
]r	=}J)
w4dL.(
|	3f+0
evT7f_
t(jMy"*
XBdA#+J
SCM8,Y
sa?H#e
"_m|7 
,e<{^,
U_Vi5H
@SCD8J
n-	%!d
rC}	0$fwu
	tdax&
D<Z%)v
I!&@*^V6
0?rx<N
+x3M.x
@*8*d?N-
]xfkaxj
E%+*,{
a*NNz*
gG7D'&U
"A^~T-
EBp&	v
aa(,@q
X6,y%N
P-@]yt
xt,^,iNYx
VsQcsJU2
%$mHr*
stU/ao4
#$A\]nrer
gU?H;Cn'
5MeZ(wJ
D<^v>wK
w	cgHH
R}i(B1
KfgK<	
2?/`?Q
n5[;d5
tV6[yi6
;A[p9x
w(Lb2s
,V>Wf)
T^V^Q^S^W^UF)
2@y\yTyL
E:&5KG
zJ7K7J7I
4RzYzEzMz]zU
H/J/Ic
HOIOKC
<H~F~J~Z
HwLtLr,r|
ru4W(ia
Mq"k}!
h	DK\iR
}hYCjeW
LBq%1B}
+/_+q\
G0VQLzs
k)?VYiIT
[jZ,zS4
(6m"|_4K0%
j\yIL#]
?S7ZDz
em#]]g
}rFh2c
RZMe%w
KUSe]U
 XZsEY
g)lBfm7v
AQXU-dAW
$;rVgg._
mgeUyE
q?&q?b
MfAnf^
A+1kj*
:#4cFYc
b69#D+b
u4bV)"
\]krOe]
	c"I=,
r: FyT
>S3L]5
xa+AD[
}g]Cy]
.4wFjQ
/}f9Nc
Ba1v=J
Qf=n@iI
YqWy	7
xT#U)-
EQll<bq
1rlXt?
U?T;TU&
C@@r\\\^> 8fMU
q^z~MU
zr[+aE
0!z/{Aa
v(?^Y~
c0oJs7
IF1dr;=ph
X$7?*Tc:
}SSC$OM
t k[!F
Z%X>?7.
DwQ=18
^AvRk\
9n:u'*
F8L4_.
6AS?w{?
=3y"+[%'
hi)w/E}h
pZn^$}w8
dDMB~I
rOKrmi
A]{$<b"|T|
6j7iWh
0n2.4o%
{Veob/f
J{BKG;
<[7o3G
6Gj)]!
|t*=7q
>My[IQ
Np?`n]
1O2_IS
5_VfA"
RtCgtA
*w(7*7C
Uz@j)].
EKl!~ 
8	8a<d
DA(+,&
X.<J&%'
id.U B
7_bla1
B,RV-R
?H>9xWtIi
~Jf-oq:
.kq!P\L
/>	r^>
gENuwGH
?o>?,//
QhyQC,
F.3&uF
Ul/3.m
oNP	@C
skYghH
a`c:+PZo
8,q)[^
<Ag1C|
w35`_O
?p$J^18)[
X,o~|b#
idijn	[#
8%pCnR]n
`,*8 mk6
Uh'"MD;fH
-"X\:>
i/e/Cj
Snj8Kt,$
	.%_} 
Q'.i%8
*DX+K,k<
q>^[qT
V}*=t	L
}"&i^L
,,Zb0c+
<<]8`b
,R?w1q
n9"/H4
f50#`^
]TV<Nu
3H#<gV
Af%DY`
% KGEq
Lec/V6X
G8p|^x
)~	0yN
JO#1Ty4`=4n}
^[UOMY
UqVmlI
Zm&z>ac-mn
!J"x82k\
2% &Ha
	moj2_
eXR##O`
Ch:P+3P
bh3g??
$$!	IHB
BU.u(]:m
;^3gCO,
+c18Bv
OO`_2A
~X^uHOOTT
upHTCvP
U}zIp</2&
V]1jz?
qZs\kE|
qoYaGK
$$!	IHB
$$!	IHB
Q'!	IHB
$$!	IHB
-%knI.
ZfCZsyZ
vyR.2&
fR>J^t
E i<?`^
`^5WVsE57
B3It#,
'B~3DH
9VM-gS
T*vEK}$
G9TZFOm|
rvztnEJU
k#Xk{VO
DG:inW
?+QLoN
,p,V;S
	(PuM?2^
|63%}i
)Q[Yh$[rM
r7lZvr
XkS4Yd
G8mG1s
2:sr4M:
^7@O;?A
i),3+[6
UXeWT*T&+
KI6e;i
:(dNSi
&/+kZ-
e,CY.<
 [Pr2 
k{{o9P;v
^7UF3)<`
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="0.0.0.0" processorArchitecture="X86" name="Perl" type="win32" />
<description>Perl</description>
<dependency><dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0"
processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" />
</dependentAssembly></dependency>
</assembly>
D:\p4view\Apps\PDK\src\PerlApp\src\paperl.pdb