Sample details: de1b9f9086d7aa0685c07a62d2f9bd21 --

Hashes
MD5: de1b9f9086d7aa0685c07a62d2f9bd21
SHA1: 6c43c8c9977897389e2b822a3069d4041f7d7d11
SHA256: 0e32ce9e0c309859fd0d1193f54cad0dde7928053795892a0f6c8c96cbf6753d
SSDEEP: 1536:V4NAM2MFoIt0Idjk813v16xHAvfNGV3aGi6fnHRmqUdtE3kb5yTn32jMS:+Nd2M2GHv16xSfgV3aBuHRh3kU7GAS
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg |
Strings
		!This program cannot be run in DOS mode.
`~Rich
`.rdata
@.data
@.reloc
j@j ^V
< tK<	tG
^SSSSS
URPQQh0J
;t$,v-
UQPXY]Y[
v	N+D$
t"SS9] u
PPPPPPPP
PPPPPPPP
QQSVWd
t*=RCC
;7|G;p
tR99u2
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
bad exception
Unknown exception
RSDS<:
C:\Users\ini\Documents\Visual Studio 2010\Projects\MyselfLotPH_miansha\MyselfLotPH_miansha\ScInDll\Release\ScInDll.pdb
FindResourceExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
VirtualAlloc
LockResource
KERNEL32.dll
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
LoadLibraryW
WriteFile
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
GetStringTypeW
ScInDll.dll
dll_wWinMain
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVCAtlException@ATL@@
{7wUEx
;.text
.rdata
reloPF
lqS[ku
r\kPHGP
d$1w/F
pUuF$7
j~!C/Z
?f~TR`
)Pt$jW
?4+C4{P
G*~7o0
t#;@|p
SR10oxr
a0\ZR1
\4VgW}
,048<@j
=8;HPah
c6mS\l
tHHk/u
I>:wKiv
LoX^fHe2
K,8x;s
/	>M&}7
u[9=.~
MCj#N2
w+X`7d
ItU	htDlt
4Hitq	nt(
90tgsc
t'Y	+|
Y=&n$ ;
S.*~=d
whH|4\
 JHm}c
afbozEFR
l4Xo!E
c(iohM`
!Y!Y\d!
@*<v*x
tF$AWP
} sJ"f
fZVx?V
Y[nK|Q
KtGx{6.
Fwf93t
~d=[)	
[1t3r[!
@	))R8`
+.-&P3P
02Z,3w
0`Zx	^B?
1|By`{
7VRh@@
Vv	N+0
QQs<VA
Qj2 ~6
UQPXY]Y
/h&B,,P
~%=| 3
;er 8^
 0@P`x
O(W_$of(on
ovo~p0gPow
j8JQp]
[fo>yWB H
r 34P+
[}XAk{@0
<H,r?0
n_6nksI
Oh;CsR
`d$#qE
Z+;G,v8&u
Fast decoding 
e from
;valid 
]th ne
 back>k
i-Zbl$\
HLP;I4MTX\
=TK`=:
L@r#$B
SXpxDc
4M(4FR`n4M
bad al
CorExit
Pr;ess/m
:mm:2g
Sept)Augus0J
;{a!Su
 !"#$%&'()
*+,-./0123456789:;<=>?@ABCDEFGHI
JKLMNOPQRST3XYZ[\
`abcdefghijklmnopq
9vwxyz{|}~
bSG;'I~
3+-N_t7
WF s 3
:FWfw0<
oUnkno6
wn excepuB 
indowSt9.UserOb
jectInform1
h6L}A1ivePoo[
mplqe 
crip=?B=eIwm
ArGy''] 
c thre
m$/c	<
`eh %W<
.new[]
KC08ir)j
efaultU
TH<0( v
ixtplh
)Cgttw
incorr
Os setg
Md-of-blo
rmsymbols
s"ici9^
pyrigh
1995-2
	#j/+e?
[-&LMb#{'
)\ZEo^m/
H*0"E_
l!;b	F
IiGM>nw
ewh/?y
O*9y]!
qmdvucpg~oKAPMQMDV~uKLFMU
Q~aWPPGLVt5QKML~pW
Microsoft 
: -GET /%s
 HTTP/1.}
Mozilla/
;1SIE 8+;
OW64BCon
{D9873505-4A6
-8510-94
BBAF00
CLR 2).
27'3#.3&9
aeor\}~MHz
08x?TDec
f00FXP
ogikDr
}6ShU{ath
v_ucFi
	YeHandG
L32.5l
o`"OpaK
CBk2ADVAPI
;fUrl&
DehvAC8
0x:<GC
JeAMSpGQm
ih\XTP
|lXL@_
Bw?]aB
uly xmlns="
:!m.v1"_8
ifes{e1.p
  <G/mC0
r	cWity
Level l
v1r_uiAcb
DDINGXX
0B0W0a0
1F1M1Z1
/2A2b2g3u3
42494N4U4j4q4
65n5w5|
7F7W7x7
878D8N8V8d8l8r
9#9/9C9H9V9[9i9n9x9
<z>D?l?}
n	090Y0w0
191N1^1e1x1
4%4,4g4{
5$525H5U5b5l5u5{5
36-6C6[6q6
7-7C7[7q7
8"8?*I.S8k8
6:9B9b9
:M:e:z:
6!6167
H6N6U6b6o6v6}6
7%747N7
8#8F8`8z8
<$<0<N<
=%=.=5=Q=a=u=
>%k>C>O>V>
K?T?[?w?
0h0n0?V
RS2X2a2p
:%;8;g
?7?>?E?L?S?Z?
a?h?p?x?
2$2@2J2`2k2
3(3/3I3P3{2
4b4<5D5\\
6L7^7>8H8U
'5+5/53575;5?5C5
]2V9bk1o1s1w1{
h4s4}4
<!<.<8
/?4?<?B?I?O?V?\?d?k
0	0Q0$0*030S
93C3^3f3l3z
8=8C8m8
x=:R:[
;Z;e;wA>=D=I
>Q>]>l>q>
'0Jwc0k0s0
1J1Q1[1m1
H3M3R3b
;21464=4B4P4
4H5W5e5k5q5
7f8s8G
=}>M?~?
2"212>
3E3T3]
4[4f4z5
4080<0@0D0H0L0
162<:D2H
K3Q3[3a3k3qp
@9Y9u9
:$-:P:
_C!>h?
= =$=(=,=0
H=L=P=T=X=
	=s"=?
2 2,20
L2P2{l2
~,v<nk
T0\0d0l0t0|0
 1$1(1,10uZ<1@_
P1T1X1\1`1d
1l1p1t
v(3D&h3
484X4t4x
7 7$7(7,70
7D7H7L7P7T7X7\
d7h7l7p7
L8P8T8X8\
9$909498G
SVWjKXjEf
.?AVbad_exception@std@@
.?AVexception@std@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0-0<0M0
152:2M2R2s2}2
2(3F3X3i3
5%6A6]6|6
<+=_=e=k=
0 0*030>0J0O0_0d0j0p0
1#1(1,101Y1
393@3D3H3L3P3T3X3\3
5Q5X5e5k5
6L6d6k6s6x6|6
7Z7`7d7h7l7
:W:]:i:o:x:
;1;<;A;S;];b;~;
;6<@<f<m<
?"?B?G?
0#0/050A0G0P0V0_0k0q0y0
3(3.3:3@3P3V3\3k3y3
4"4'464L4R4Z4_4g4l4t4y4
4	5/555_5
6<6T6r6
7)7/7D7d7
7&818;8L8W8
:(:0:6:;:A:
:C;O;^;c;
;K=n={=
>+?C?V?
02181B1|1
2!2'202C2g2
3%3q3|3
4.575=5
8'8B8J8P8^8
2.3c3v3
4O5[5n5
6#6J6s6
8(8c8}8
-0?0Q0c0u0
1+1=1O1a1s1
	184h4r4}4
:$:.:;:@:F:J:O:U:b:q:
1d;l;t;|;
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
2 2$2(202H2L2d2t2x2
3$3(3H3h3
484T4X4x4
585@5D5\5`5p5
6 6(60686<6D6X6`6t6
0(3,3034383<3@3D3H3L3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5(585H5X5|5
; ;$;(;,;0;4;8;@;D;P;p;