Sample details: e567bfd10153eb650123a6679c7523dd --

Hashes
MD5: e567bfd10153eb650123a6679c7523dd
SHA1: 7778208c06bffafaf86e58a0ff71e7671ac9cc27
SHA256: 1a681560583d6b9be927c954c4e7a8f9aa96d7ff94a5071e4f05883e93b88acb
SSDEEP: 12288:rWbt3AVHn4Okgn0n1gyF1ZFtGbE0LqWaG0TUYoyMA0aJqCVyC:rWxAVYin0n1DF1R+Eaq0KUjyMufVyC
Details
File Type: PE32
Yara Hits
YRP/WinRAR_32_bit_SFX_Module | YRP/WinRAR_32_bit_SFX_Module_WinRar | YRP/WinRAR32bitSFXModule | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/escalate_priv | YRP/spreading_file | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers0 | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Parent Files
0049ed8ef242794bd2653964db2f4b53
Strings
		This program must be run under Win32
`.data
.idata
@.rsrc
AQRPhD
N_^[Y]
Archive
Array<unsigned char>
Array<unsigned char> *
CommandData
CmdExtract
WinInit
FindFile
ComprDataIO
RAROptions
FileHeader
BlockHeader
BaseBlock
LanguageResources *
LanguageResources
WinInit *
YZ]_^[
t Kt<Kt[
YZ]_^[
&;D$Dr
&;D$Lw
H$_^[YY]
tfkL$@)
T$0+L$8
D$`;D$T
D$`;D$\}
D$T;D$\|
D$`;D$T|
|$|;|$d
_^[YY]
C,;C$s/
T$(;T$,
);l$8u
;D$Tt\
L$\)L$T
YZ]_^[
YZ]_^[
D$,;D$0u	
;Z$sa;Z
M;Z4s+;Z,s
shlwapi.dll
SHAutoComplete
<font color="#a00000"><b>%s</b></font>
REPLACEFILEDLG
RENAMEDLG
%s %s %s
GETPASSWORD1
STARTDLG
RichEdit
LICENSEDLG
Delete
Silent
Overwrite
TempMode
License
Presetup
ExtSign
Shortcut
%s.%d.tmp
Software\Microsoft\Windows\CurrentVersion
ProgramFilesDir
%sRarSFX%d
Install
color="#
face="
*messages***
riched32.dll
riched20.dll
COMCTL32.DLL
InitCommonControlsEx
?*<>|"
SeSecurityPrivilege
YNANRC
__rar_
FFF))EE	FFFF))))))
 (08@P`p
KERNEL32.DLL
ADVAPI32.DLL
COMCTL32.DLL
GDI32.DLL
OLE32.DLL
SHELL32.DLL
USER32.DLL
CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FormatMessageA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
LocalFileTimeToFileTime
LocalFree
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetFileSecurityA
SetFileSecurityW
DeleteObject
CoCreateInstance
OleInitialize
OleUninitialize
SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
CharToOemBuffA
CharUpperA
CreateWindowExA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
wsprintfA
wvsprintfA
`wxFD@
,,~lkr,,,-IK
8pk^j8}|-HIIJ+y
-DEFG~+,,~
cccpPpccc
										IK
x	HIIJwy
;;;;;;;;;
ssssssss{7;;
ddddddd
dddddddd
rrrrrrr
rrrrrrr
rrrrrrr
~vrrrrr
rrrrrrr
~vrrrrs
rrrrrrr
~vrrrrs
rrrrrmm
mmrrrrs
rrrrrr
rrrrrrr
yrrrps
rrrrrrrr
yrrrpps
rrrrrrrrrrrrrppps
kkkkkkkkkkkjhjjjo
tqmxzz
aaaaaaaaaaaaaaaaaaaaf~leQmux
JJJJJJJJJJJJJJJJJJJaieQRamu
''''''''''''''''''DaJKHPam
"(GLOa
\\`Ve}b
YVXc~c
{<:y&q?	
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Roshal.WinRAR.WinRAR" type="win32" /> <description>WinRAR archiver.</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>
ye-msd-2ug
ye-msd-2ug\desktop.ini
ye-msd-2ug\2.5MANUAL1.awd
Tj	%z8,
uKW09Up
L7Vayw0
lzz27/$
= H>\h	GY$
p DMr)<
v&plfu~Y
){$x,]:*+
Q0poh%9>
oD1l$"
x^Duwc
Eg<G5,
8g)\?";
J^_s,J
[/sPv:
o^kIXx
hUYqW@m
kZQ<R>l
==x\Jc
Nwp }[
B(e)uE2f`
%e`x q
clpsZ1
1CE3"x
zuWxAgUS
~_E&^FC
Hx	%Ix
y+&$UK
"]b>N'
A+P/-P
Ju-4[~sj
9t6DCd
5SyO%7
B@1)7tm
7bQD3C
B2bNro
.&NJw4
dMbQ[<
F[<"C4
hZ]2PVZ
Q1)Tak
6z3QP'
4vWc\1
aB	`Pp
Tnc%PS{
3D=-_0
uuVI/&7]-j
bYg~!S
k%qSYw
,0_Qr*"
dU)o@o
m7ynb5
@a^,1B
xf[::1(de
^Dx5z{Wy
Fe7UwT
N[i]G*CqW
fF3/+L
es3c9/
vWmE(D
Z(8<vP?
a_M( Hy
0d_DoR
IwJ)M$
DVUCHF#z
51KAG[w
yQ+D?|
NU%Q/^
6r.\m7
	b?)RE
?A %kL3pi
#3b-HZ
14KSz+
Np-NfPn
G.4Cw}
$+gA!k
$(=:wE
v;,Ft'{O
TNy]'`
.hA^2%
E	)=Wx
kG2uq<[
N=!R&e
C[uXLD
{:lo{^
!44G0<e
#a-,F5%
.,`xm.
4%^OUQ
;A'PlV
C:uy^e
BPoRmO
b$NZdD
r'tWB2
=aa%lg
|\:#HZ
+JT/q\7R>zM
F'8%sm#c
x%j+m0s
g_K_xm
l3I/,z
W:#Yv1
TAh5xUYGZ%s
L8 p_,
6]K6o,
#J{`u0,/
{`/mXNj
ehJJ8"
gk;a:g
7Is.1j
&:Zaf67mj
s  ?MyH
~l-u*/3
M,tA)n
m;r$Tv
.?|.[Y?y
*,0,:T
3!Adk%
"6G\1 
;D+i>xq
@P_9p-!Z$
ofoe*L
Q%{Sh2KG
\.6G`6
aHwe{doN
V\Xlq'Z
CnCHAR
2you	E
xNn)x>
J\iM.@,
\q4v98
e*cQB"
zM&ZoS
Y`4"7i&
NeZtdP8E
eewUtS
]}40xl
R#Ku2S
|p	%c(
/o#6f`
5&g-,Ra
M1'"Pv
X!Tc+u
by{{al
T)$!8(
7@^P5"qBv
g'Uh+R
DY	xp}
	a:",O3.
6;>c;3C
2>O1Kmt.
8G"e^%
/(Vb1Dp
M cW-t
*xW	3h
T@sw}_
8}2{hXoxy
=,CHrh
Uz%~=`
x0(vu	
wB	B"p
rxv_x	
&=<c<66
posY@`
|uDM~U
I7`4Z+
 gN@]5
?85Uud
0Z^T,s
IO0[j 
CTuWBTg
3Vs	}w
'1'huN
~9_Dxy[~
,^_+_&
y53wa0I[w
f0H#b7
J);sFpb
[0c;Fs
_o&MMG>Vk
1a7vMu
x9hsj%
(8m4<b
_A0_;?
G>y! ]
KB@zal\N
B6OzB.
\t,xwa\
fL$\BX
Ri{Qd:{
N"?AMl
nl/P/a
`?A,qP8
wd2T-R
mWu7M%
!-1Omp
8tyD"x
2HD)T9
pk WM#
";<yW$5
LxkLL<
bP.D{(
'7},=#
{9P%^c
w8Gaj9
>7H]Rz
BL-/''
J\M/*86
,sIY6H
*$IaN]N
u Gg*uP
G,FUPn(
@~7+`/
$3;(_!
B[`I.O[w]^
<"HH{^
0|DJeh
ye-msd-2ug\Autorun.inf
[AutoRun]
open=CD-Start.exe
icon=CD-Icon.ico
ye-msd-2ug\CD-Conf.ini
I{.%dh
ByMr!S$
	O~EZQIO~
ye-msd-2ug\CD-Icon.ico
I47p$hQ
ye-msd-2ug\CD-Start.exe
L^PVb 
='Wcv6l
w-jiAQ
hpw)] 
D=		b4Y
Q>7"2/
-g6A8,
Sk/*o-
Y"-(3wD
@DsM[&
mE hZ!Bjx
ibcA<=v
ipu7Pt
*{Z8	dh
mW!0M[j
7HrRB7
Du8H!"
\)Rw<G
 Utj<B
gRp'\c[.
5=vFcV
O0~JwZF
w8cbT5
v]!kkE
Bz,|Eq
Qm=@+e
,'@Qre
CMo.j.5
"I36-B
}Sb\)+)
r+F._N
(W&|AY
-GG/WO
>:Sc/g
!92<"< 
	/Q}. 
-Py>p\
t6pLla3
>R"AUI
oZqP/C
8vi-	Q
>ta]*C
.az_sO#
!+4YpE
)?%~9.,
	X| 9o
$RGc(4/\
Ajp{&*
At`<|CvSH
<mOwbM
fiUtc8
c#\s}n
PeAf]R
CM.W}f>Z~l
zf<rh+;
2>J627
p`3x/Ke
}C4yHu7n_
 #''a+
g,m`!\~
r_T 8K3s
b3;`/e
j[tF:;
:lroeG
"|+Z&e
?*Qa$#g
]&gCO[
U02i0.^^
F1$'2/EI
'E4ZRNb3
L|3xxC
7.ZXDC
)kC2FS
IS5}|W@
=j<p":G&
`B?">h
T|0+.(c
:G=^>$w"p
m	9Cw/
~|2tv<C
l9:~%Ov
x dGsV
V)Fvt<
R8zg@3	
$/OF^-
	Ju@	]D4,f
9c>pjD7
RFt?k'"g
gG\(61
% ;Ms'&)F#
}`3Y0`
V7Hl*BO
Q%5b27K
7o[6Q&
[e0+5(
@sG;}]
 M|::@
WG.kLTQ
zb	-Kg
7t_uo/
IQ%-=}
UHap,D
3g*%>6
=w[#1E
L~VH <
s)X:(B
+-Mohm
U9&rhpx
AkeoMK
,pTx{X\
!{<vQB@N2
%6l{rVjzC
f)sd.K
poI4%2
|Z:lJy2
5(l-MI
78[?-j
(k]M{Uzx
{fI G/b
aV%*%}
31W?N@
3i%[GV
5Gj*==
<js++=
TJd%!b
^}>P;<
c~24R~c
n`6CA-J
gwhFNH]
ci\zEi
a*UM%#
vSZ!"y
$\&d#xw
;";	3E{u#
vF:`vh<
0$rG-;
0=(h8<
*r[Tpn
	b$lf`q
1Z-jfM
KOM}7M
V#`Ler
KrP=#e
	11fG)N2
h`%Ybz
}B-h`K
/k:>@H
*	}-Zm
r1Tx_]
qEV'Vq
}40x'2B
!Z<2H2
*wwU1WK
#{}E:;"jJ7
pmjDZy
L7E6wtf
~YC($+
%uo2:i
{"AJ}g
9UpI]c
=%+Lm"
`u<i0?.	
"%#>_u
x7\8~+
f\d(N7
u_/*b:
e?x[ktJ
yE7JBo:
ZQOT^`y
]00V_8
MJzO?g
r)zbJa
_Lo&s=
>@#kr?9
^XIwmL
T0M_rQ9Y
Vx[FO#
(!e9ZO
['_|!	ZN_
LvzyUVx
T_Z]Vk'_o
6>aE>>
*<Z_Qq
.F2LvY
< )A/%a
3D'c3Z
oA-QgM
b+!AQ	
[FRD,W
Fu[_5K
j[j9	&K
]7!B)kq
df5	Xu
mw&~3p
EO1b>*
)~5$g1
o&EL"5
	-L^r4
HYc:l9yT
I`QB}>
o+qllI
&^HO7s
!f&A	/
f{ATT|Z
H^IxgM!M
*3\R/KS
{Y<@%F
qKtxG"c
$5pPWv
7(x2_D
dWyK>m
|pA4W_
r*,_'~:
3~XM(qi>
5'']t	
s	(Z!\D
(i5|L6p
2,-r&Q
^b~(2Y
[Plk:u
F [zMw
d:"UWWd
;Jdi|*
ng2b;!
T(Chv$
"G`z7_^
g;IeVh~
	zO1>i8
O!T&P=F
#-\Cb:
BJdmN:
y1/Aj0
fs	5!z
vL;aKQ}
yCs,Q@
Y^AXoQ(
)180'^
9])=2#G
UoE5LW
EJ,E51g
N0jpH2O
b2t~rc
Dv&}9*
p>tGqHsKo
Dp%(eL*
,"qb6Q
 f;@9N
_^2=6r
S'IuD2
+_HzkiE
b\zr	#
T wHwE7
WD!;N~
r=UT	|
"+_.m!
1.Pn1^
lBg5\n)wa
uMj?co
eg%F;*di
I	"=Bo
.uoeB`<
ld\7B 
j]L]R?O
'^SduW
\[5[{o
nex8"e
;:Krf%
-"RR5;
a} 2KM0x
W.#sB_X
,)PE"X
u?A2Bk
1S~fgm$
v-[/*Y.
es]gzRc
hN^4I 
c\Ki7u
mm,m#w
w$^8\_
ThN~^3
LbZo4w
~da;?>l
rwB!0O
8t|Ed|2
U-C^|V
SQ0&\L
 m3Rwv<
]	"oJ,a
 Ix8t2V
d.`fQ>
]G8:6t
\G"`C)
Og&#ox|
 y$vzvW
p-:RiVB
Y/oTIN n
-z;'O%
CGxHI,
2`oPnZmb
U7on!/
,Wpchx
ta(/Zi
 -1)[A
EEA0At(
^XGm%-:
BA" <&
bvq)k"
DmW7}I
:].n|q
+YX@S:
C>m<Xv
n]r'94	WgK
.i}uH!B
2aLj;.
u4W32\F
UL:o=8Jf`9
J`$2Gdr
'nHw|Y
!:u?}8
EB6"7.
zqj]ev
q]p-`HJ
A5k Dh
bB-fgS
M:5S4,
P/Zkyl]#cM
SK#A#,
K\XYoe
\i}b_{K&
U*I6Upg
y{PnWa
w#(4Fi
|0D^`\
\J#6uW
YwBsE'9
Cj"t~_
&KEm)l
jdF~3r
q7Npy-)
:>TI8`h
-Axo$-D
A6:QfE[
,A5jRu
5mY9qvQu<
Sn"vqy
*HbC/G
j%bY	*
cQaQn,
}t4k+wpf
cte%/x'/B
>fK"-U$
ge_kc5y
5sZ+Kc
r|`,p:
MR=kmYTEL2
%ec*~a
6Fn9aOG
wdmLtQU
hQ|{gf`
TG 1^a&
sY=FXx
_}mcP8
!j3prK'Hx
=_@5g'
qXcNovN
Ui7lj!
XRNmkv
3q_vqi!:
Y+s*W}b
5'u-jm
R^]-^g
=~{>"v
>`^{Y`Ig
6mvP3Jau
?O[(XM
6g8.!q42$
+ga)\2
+sg)`/]
^~0'{Fc<
oRnICW
rsl*m=
jTJ.Sq
J799+)~
Y=33V+K
>Y	D#P
#&@ph8z
Z+1ut`
gl`jyhQD
Oi-Qp`
M\KtOj
y@er]q\
s"U@>kd
W&.+GK
:9>-uC5
1|5n]\
{uI]hU
ye-msd-2ug\DELENTRY.EXE
?j<?? `X+
R44jb%
>J93:y6^W
70{4)j
w7##3cV
WN56*=
(zHh@o
!f:> g
Hq7dd=6
8~nd6	
8yL`@G
<(e=z;
rdxu!D
fqx:Qk
hV.x~b
1vUkl,~W.
ye-msd-2ug\DELUIDRV.EXE
-]-Pii
iTm;Jl
|RN,H8[
WRcG{]
8??0`X+
 (rdl 
dkM\k'
6-Gn=a
t&%yMm
3%1Tc)
mh3bw4	{
rMrcO#q
"F6}9t
>L%6EL
C5*$fI
T>$N-d
phRN )
\oFV!l2c
^MUdpN
icbAOc
uf?V+y
e6'3U_
Oxnmc^q^
yy#<[(
7b=wb^
5%.}J*
Lym5IITL
ye-msd-2ug\Sound
ye-msd-2ug\Sound\desktop.ini
ye-msd-2ug\Sound\FOLDER.HTT
2tlwWU
rBpMdM
E9*"i|:q
ZzP5!Z
R{H&yx
ye-msd-2ug\FOLDER.HTT
2tlwWU
rBpMdM
E9*"i|:q
ZzP5!Z
R{H&yx
ye-msd-2ug\GENEDISK.INF
'2B-D-
ye-msd-2ug\GENESTOR.PDR
	,$nc{
h6Nr~7
)i_H`}
'6M?o_
y{!zEYm
@HS$3ZQ
y%]L)(
O}B"en!
IKv2X{A
ye-msd-2ug\GENEUIDE.INF
WzVQ4'
XZv{_2
X31x{7
$d%M)Zp
ye-msd-2ug\GENEUIDE.SYS
lWG/ai
CA^rwZ
z@<X#=y
+*u,zjs
%@|k+a
zt	f5]K
aQ:bqB%
c*5'P(
7,3}]Gl
Rt` (B;
DWcJ^:&>v
S1v;%o
>yt[yIHV
?;G;MC9;"
mm(+-+
mciEk[
g[3_3m3
KHKJKj
~VOE(gW4+
W,eVF|"
ye-msd-2ug\SETUP.EXE
y A@EB
	h[Hq6L
(EfM)"
`x?wot
IXc	yp@
]ZWgUO
KV>!Y{
KM"9>hZ
~=8_uUz
z|oWYN
-sIpP-M;
zwf*+i
Ix2[Y/.J
ZRZ^[?-
$ADsK3
S-)3)9(
ye-msd-2ug\Start.txt
?@-H;P
Oj!Se2
ye-msd-2ug\usbbasicspeedlogo.jpg
;4516><
n3qeE J
^"2:BJ
TTci)i
Dl%/?DzN
n{f<<e
p6?j]4
ye-msd-2ug\usbhispeedlogo.jpg
#'+CGKOSW[
PJXY>.
&jpgGY
F#Y~ac
J17-GAL
xq&Nv=
}xu8vbs%
ye-msd-2ug\USBMonit.exe
wWW^7UW
]WUccd
IJT9-_
yCRd\M
?K*D|,
D'xM(}L
E',}^>
nx%Sq=
|w_nVCg
e{1iqkvuN
QQ3ii8
McW/UEmev
3_UgfR
;Af"	t
ye-msd-2ug\ye.bmp
ye-msd-2ug\Thumbs.db
1.umL3]d
en4I@L