Sample details: e43244db36895d6a28850d3408d80f45 --

Hashes
MD5: e43244db36895d6a28850d3408d80f45
SHA1: 86ef0edf0a3f2f3edf4192fdd3addedda48945c9
SHA256: 1f1f7961cf583e6644eba26fb9727be8d091dc3754c9a8030c26b0b73f07e5a3
SSDEEP: 12288:ltA+wOgP7zVlFXx4svG0Xrx+bL3LWyyN:ltAlOgP/4svG07x+n3LpK
Details
File Type: PE32
Yara Hits
YRP/contentis_base64 | YRP/domain | YRP/Borland_Delphi_40_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/antisb_threatExpert | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation |
Source
http://rosewinegl.info/2
http://folxdogerm.info/1
http://rosewinegl.info/2
http://folxdogerm.info/1
Strings
		!This program cannot be run in DOS mode.
`.data
.data1
@.pdata
.idata
uY9u uT
aceIcon
ImageList_SetBkColor
Creat%Pr
8\uZ@C
u.r,rwe
jIh(>@
t$pj{T
SjOhxG@
tSVh8^@
$14$Pj
QjsRj0
\$$h(!E
jKhFh@
j"hsu@
t$djnh
PVh(^@
RVjsh4
u,hx%E
YQhh3@
j	h @@
SVWjePRh
SShn E
P^[]SVW
PThZ!@
jLh`%@
ap~_t#p
Sjzj+Sh
j9Th >@
VjxRSh
4$Rjfj
iCallClas
^]USjDj-hpZ@
QQSHt=H
t$Yjzh
Pindow
QjeRj:h
]Qh0>@
j1hQ&@
t$(hX0@
t$DUj#
jkh84@
jGjtTRh@
TUh0'@
j;jXh Y@
jeVj:h
WVh`@@
t$+h@Q@
j QjMj
jWThtbI
jDj-h-"E
jGRQjth
t!Vj(h
Sj!jFh
j0Qh""E
TThLbI
_QjBjSj
p`jfThx
jahlbI
SjzShl
]Uh]!E
j$h|bI
Pj3RhB
PjhUhO
juh4%E
SUh'l?
jGjtVj
SjUjjh<
Edj`Yh
jATRh<bI
j}UTTh
j5Th?7?
ratorsA
Sendle '
Te-hongk
Memory all
. Status 
stemLocalesA
IFileNameA
OpenSe
  <logid>%s<
gnatureStr
p_DspReadyIn.
    clienL
nish-guatemala
GetTimeZon
EsifUp_Crea
GET_TRIP_
Septembe
HOpenKeyExA
attern %s
_cdecl
__based(
CMiniFrA
m_metri
e an att
F_TRACEMODULE_
ackageId
3a3f3b0f@
XFf\productl
. It is most
butesA
E, power lim
urce of t
bineRgn
FlsSetVal
FpinButtonC
 Kernel Parti
eAccelerator
GetWindow
 namesp
Error removin
  <fpments
PlayMeta
seUnits
Out of m
ce deleted, b
`vbtable
- not e
rcCheckPxcInitS
ringFieldW
Dp But Con
uctor itera
EnvironmentS
IF_E_CPC_PRI
@CMFCOu
SetDlgItemI
	Has Temp Se
TonAndSpinCounD
GetDri
etThreadLocale
8Wq1-K
3Uhj '
[(Eb-%
M1xHf_
gw H*b
$w+2.E
y}M]j|:N
6l!zv0-a
7#SEiSb
0z>,=!
E2RNdZ
]\aIZnz
d"<6R#
|Wqmfq
HU5d,F
M%^6WZ
&h3RBu
3PCokF
4'aYy_
T4bG2"1
(qvP!G
4RJMKm
bOA*U)
N#F.YE
[s@5P)l
8nB#7.
cTW&EK'4Z
76~AL]D]
iQF)m\S)
#wQeCW
>jb3Dy
-9'O?6
/Q5{*7
_SQ]}{
q`2'WQ
"0(xfW
-R=Yr	
:)$BSV
O3|!KB
uPyoQb
)z8xG5
bqb(o\
'oKf6k
PdEdGi
zT-QQ(9
\L,w()
OcYC3|
):2S!_
%g#It'<Nt
	~bxN-{	
V082D|
Bw]y*`
OWmrCr
F=-Y]L
.Md4s.
Z((5v$
M?d_<U
F`;ShC
~?:|;D
G]&^:}
5e?qTYi
eY0#$X
{$_x(<
RsHhi{I
3V#Q!C
b_I^9Qd
~L&k*Q
Z.]6oR
n*5a3)"
iS)R^Z
U+-u{I
rtEE@A-
['^\rCp
d5~rr"D
	bg!5F
58h,$*
LWOZ\9
<S\V/\{
`d-rY"{
E}Pe,z+b
;Gc*Rk
DiZ=\^
M6wr[n6Z
8Z-wthx*I
fxhIz'
>p<cIK
nD33Aa
Gs[.#u
QiXOh#5
y@gh/6
;~`*>,
77!Pm}
j!^aql
!]'M&wm
H|+;-L
(4o2Vx
w^@7~f
RSg-MM[{
C`Y,%$
nE>zsSE
h	zeXd
q5W!Rt
SuW;e\!
yC[<>F
=/kQi@U
CZKlJQ}
(GSEI,
coJ;e*uRe6
[jhCz 
B"k*#o
yU/UWS
ue=h>L
A(>tc0
mQ(Om5@
jS$xyM|.
x;BeK	
r1Mi	a
mr=jhJ
K0cX"E
&t)x#B8
%(Jtas
wEK.4<|,
%#d=8p.FD
@'+L 	Z
%%a-^xw=
MuLwq0
8I@7@K:1>P
5SFha3
g^tfBd
:uMH1%m
s1ak%1Z
l/]|#{
~' *$E
IhW^8z
);*C<B
GIbICh
?|u!9^
b:PY2b@
FefsK]
Hl@,Wj(
6bAjQ?
M$*/&b
>_zvh@
J]L_-d
)\tl6M
p_h9,Z
%h"VYI
}?w7Mw
4^*/ fP0
Nqg1*p
gIb9t;
yq S+C
#1a8Bmc-E!
V-nH<v
7GnsK?0"H
f\\24{
_v6,'(
\!+E/iJ#
WY@=nk
1NT1`Z
p{^Xho
6|qiFE
$hY0Gy
Sal6&s
ZzNNUi
5"P.}V
#f%!+V
};*f\B
">-jFL
/4v$}a3
`9A=412
A62zVT
t|Vd)6Q
R[|!zN
+q(GR"
vj./U[
HET@qF
Em-P	nb
K5IYWt<
0Z="Mb
)UUW4p*
`yb=Fr
*k'9QA
~(-pdDT
IW41H7
;bb3}!%
X+&kb]
 wNv~"
l3I +<
@,L\Pv
fSlH+2lIZ
"G{$^D
TRL89~
t{ <hI
^=mqST|
OvHmZ9
	Mp`-s
'JvSu9
"NMoO@
Vge`4G
&/2~%Hq
8,?0.O1
$qP'YC{&k
Vba>(:
}l^KV/
uAMFg%)
]uqgz,
A3eqQR
;mmEqB
){/(FZ
woldVc
jgG 9W
s0-efo
Xk7):H
WSem[>
#%aD@'
Sd-+6+Ar`
Cs*OY)U
E'I+j9
uDn+MiP
:	9,~X/Z
#D3M/o
:mX&%e{n
)^i@-}@
9HueJ	P?
gWH.s9
#HEzj5n
z?=flAi
)m,#fv
@.I$i/
sA2A8p*
/@MWG+5b0p
T-MnZk}
~bSy1Q*
1fx3s<
$P!:!tq
 ^\_^)
,5nqsC
wkibJW
)kbE_I
9[?^om
lS[UMkk
W63cf*yQ
I<X=A=
}3H9sG
'KA9D^
GlRODq
_'O]o+c
(Rv!1S]
P\A2in
[mjm4Q
ph)%`3
	Cif$	
2'lL3Cl
	y/I'hF0
,U5Nh.
-^wha{
ls)3)t
l||K%U
eyksJb
6[v	][
]10uP+*M
zL"&+v
DM@n!wb
KMz+^Z
O>!'i;
rM8;Dx{	b
y[=t_O
%7({rU
xaYCTi
@a@m8Y
_D7*B(u$
=d,D1K%
Dk]:T-
FBD{|B
L1bD-Oh
k{v$`c/
u!kk=#&
#Zak[a
t\@^09O
grhD?	
[z JA37[=L
`=V#8 
5&.sb=
U~*'%#
].[ViI:
c`;008
6|y&A1
3uoZ(a:G_
8[$+.8O
T;VgEB!G
bEZO#?1T
|PZ3?@Y
Mz~K N
oJ1@!}
OFG(oMQ#
E\^KQO
Vw"Z.G
Q|}rS%}b
IzTmh-
<U/<b.
Nl<ZTg
DYh$^4
A0U5<]
8p%jT:
":tD"[t~1,y
vyrW>x
JSI16vcv
q<[+VM]
w3G|0d
7&Yo,u
<?\;+m
W	P58W
eu$:)*I
GU'#%vw
v:BFx>
QMuUMP
MhJ8_Z
I]Xm2L
h/)2B)
r(EFgA
/~ 7k\
%Z`^}ZV
n#qdIpn
L P10n
comparator2
argument2
operator2
@PAV1@@@
.?AVCMFCRibbonLabel@@
.?AVCRecentPaneContainerInfo@@
.?AVCRecentDockSiteInfo@@
.?AVCSmartDockingHighlighterWnd@@
MaskedEdit@@
.?AVCMFCLinkCtrl@@
.?AVCMFCFontComboBox@@
.?AVCMFCFontInfo@@
.?AVCMFCColorButton@@
.?AVCPalette@@
.?AVXFi
.?AVCMFCOutlookBarPane@@
.?AVCTabb
8&PID_0331&MI_00
.?AVbad_alloc@std@@
.?AVexception@std@@
Brush@@
.?AVCBitmap@@
.?AVCPen@@
.?AVCOleException@@
.PAVCOleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
.?AVCMessageAboutDlg@@
.?AVCDialog@@
.?AVCWnd@@
.?AVCAboutDlg@@
Wk^aC2
$pi1-a
ZfKN;(7KL
s?c)i/
n"(o|G
MT$z%[
0'yy(>
<?7)L\
%SH7	V
[@wey)e
v!qv1%
jJ4cW,
jvoroC
6&n4_K
|R?fh/
 ?KZiV
=;38t#_J
)}r/	Z
v	r/zV
lWW^9L
/5M n{
%%Ln}5
s{qhZr
z4b`C	j
jyvx?==
;94dT\0
Z{m["a
6}@][,
|; RiF
K'PC4/
8gZ<bD~?
WK#B@b
LTa=H@L
!K;UgG4
,|c;8?
:+km?I
j4#)67
Unknown
.?AVCSpool
.?AVCCommonDiet\Enum\R
PGenuine
tInvTableIn
destroy
piEncodeHuffmanS
drivessibleServer@CWnd@@
okBarPaneB
owsetNotify@COlon_rtti_object@std@@
%s\System32\Driver
unload
PGenuine
IPPGenuine
ventLog\System
!{bhbh
st@VCPtrList@@PAUCOleCo
eException@@
IPPGenuine
8-E325-11CE-BFC1
or privileges. You must
Tmap_traits@K
.?AVCMF
.?AVCWn
.?AVCMFCR
iCAM.exe
DH_Monitor_Mu
.?AVCLis
orPaletteBar@
Exception@@
Genuine
IPPGenuine
 Modem Monitor
ypeLibCacheMap@@
PPGenuine
.?AV?$_Tmap_traits@KPA
(6DR`PB4&
XBKBKX
taller
IPPGenui
AV_AFX_B
IPPGen
eHuffmanStateFree_JPEG
j\N>LZhvtfXJ<.
enuine
IPPGenu
stem\Current
.?AV_AFX
.?AVCMainFrame@@
.?AVC0
.?AVCAcce
.PAVCUserE
.?AV_AFX_BASE_ackObject@@
evice %s /vendor %s
ActiveM
----------Creates the sTM
PGenuine
Unknown@@
.?AVbad_alloc
r@@ABQAV1@@@
enuine
ippiCMYKToYC
efghijk
.?AVCCmdTarget@@
 Filter...
Video Display
.?AVCNotSupportedExc
 Service
Warni!
 UIOleWindow@@
.?AUIAcc
ceOperationApp@@
    %s s
delete
BKBKbh~XF
;H;H;H;H;H;H;H;
The 3w
.?AVCComObjectRoot
.?AVXOleIPSite@COle
ndEx@@
.?AVCMD
.?AVCMainFram
 builder
Cannot set f
d[ %s ]: %s.
CMFCToolBarMenuButtons
ports.pnf
ltmodem.sys
nnected phone li
BKBKbh
ABCDEFGHIJKLM
.?AUIOleInPlaceSit$
rlEx@@
0c081*#
SnapShotFil
Base@@
enuine
IPPGenuine
sion\RunDlgWrapper@@
.?AVAFX_MODULE_STATE
ssCtrl@@
iner@@
Microsoft A
\CurrentControlS
FCToolBarButtonCustomi
Save File Progr
ertySheet@@
(6DR`PB4&
$2@AVCSharedFile
?AVCMFC
_8u_P3C3R
annot create video captur
        iew@@
@@?AVbad_exception@std@@
B9&DEV_5450
ippiDCTQuantInv8x8
eProxy@ATL@@@A5
PGenuine
IPPGenuine
.?AVCBaseDlg@@
VCSharedFile~~~~|n^lzxj\N>LZ
Controller 
$system
$other
tG;:3,%
ameWnd@@
zxj\N>LZhvtfXJ<.
,:HVdr
.?AUCThreadData@@
enuine
.?AV?$
nuButton@
 /V:NDTSession.exe /L:
IPPGenuine
empWnd@@
IPPGenuine
.?AVexcePair@@ABV1@M
.?AV?$CList@UtagPrt
Windows\CurS
.?AVGdip
eHuffman8x8_JPEG
CoInstaller
JPEG_8u_P3C3R
.?AUIOleW (US) settings
IPPGenuine
!{bhbh
ee_JPEG_8u
.?AV?$CL
FC@_WV?$ChTrai
.?AUIAccessible@@
%s %08
tions\install
.?AUIAcces
CFileDial
.?AUIUnkn
AVbad_alloc@std@@
AVCDialogE
e?"6!\
(D{}xL
.5+1vs5
A)P'3r!
 ' xPg
!}@R91
	xyKXOU~g
n-<~eR
X<C6vx
ZN`[s4K
z.}d)e
d<djFf
  Zm-6r
M;tg[H9R
vnIy@u
L}FkDf3
hlou~)
\\`?xnz
kT)yb8
z/m5 O*R
fU)A0*
MHf&g^
"6-g(e8M9
^$h[;<
z_n`!9V
;-sT\_
g`Pul 
JF~C].
MQYm/p
S}ke<|
 1rFJ=
\LK R;<k
]au:{9HIqk
CKei	O	
	Rb"<y
N#3R4/X
y_E^U9{i
	0|RWX
d`R4^u
KqNA>J
.j.V		0
j/VN.J
FliFgR
vM?yO6
dW%Zey
%0I;8l$;3~
3<"} ]\
*K=>j%
'C\t	g
*?F6 U
' ~/wS
Qw<<(msxaf
`OV/^j
AuthzAddSidsToContext
authz.dll
CloseServiceHandle
ControlService
DeleteService
EqualSid
OpenSCManagerA
OpenServiceA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ADVAPI32.dll
FindExecutableImageEx
SymGetSymPrev64
SymUnloadModule
dbghelp.dll
CertVerifyValidityNesting
CryptMemAlloc
CryptVerifyDetachedMessageHash
CRYPT32.dll
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetDriveTypeA
GetEnvironmentStringsW
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapCreate
HeapDestroy
LCMapStringW
LoadLibraryA
MapViewOfFile
MoveFileExA
RemoveDirectoryA
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetHandleCount
UnmapViewOfFile
VirtualFree
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
KERNEL32.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>