Sample details: 04dece2662f648f619d9c0377a7ba7c0 --

Hashes
MD5: 04dece2662f648f619d9c0377a7ba7c0
SHA1: d2ebd63b9038e7d77b8773bdba309beb7c46c593
SHA256: 3ffb8343387bd208a59811b632007a357933a5587eb7f7e10d234b2bc1643625
SSDEEP: 1536:rgCgean2Ml/nzJznl0WOmvycrYw9/Hg4T+5ThqNr24FXnSWGgK6325es:rgCgean2Ml/zJ7lbOjcrYwKTur249SWa
Details
File Type: PE32
Yara Hits
YRP/MSVCpp_DLL_v8_typical_OEP_recognized_h | YRP/MSVCpp_DLL_v8_typical_OEP_recognized_h_additional | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/disable_dep | YRP/inject_thread | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Http_API |
Strings
		!This program cannot be run in DOS mode.
N|Rich|
`.text
`.rdata
@.data
.reloc
D$pPQR
L$|_^[3
UUUh@)
T$XVWR
T$\VWR
T$`VWR
T$lVWR
T$pVWR
HHHH9-
HHHH9-
HHHH95
L$HRPQhP
T$hj R
t$(j.V
D$<PSSh
T$PVWR
L$(9L$
T$@VWR
L$ 9L$
D$$9D$
SUVWj@
lG;|$X
T$xRQj
|$XVSW
;t$(~RV
L$,Qj&P
D$,PVQ
D$,PVQ
T$$SVW
L$(QUVP
D$$SVj4PW
SVj4PW
D$(Ph,
D$\PSS
L$$RPQV
T$$PQR
L$(QSSSR
T$,RSSSQ
PSSSSSSh 
D$<PSSh
L$4QSRV
V9\$4u
L$ j@h
L$4Qj@j
L$<QSRh
L$4QSRV
V9\$4u
L$ j@h
L$4Qj@j
SUVWh$
T$0PQRh
D$<h~f
D$X}	=3'
L$\SPQU
\$<9\$,
|$@;D$,
VSVVVVP
SUVWj@
SUVWj@
SUVWj@
SUVWj@
SUVWj@
9o0v@S
D$ R@P
D$(SV3
D$,^][
+t$$_F
Feb 04 2015
NtQueryInformationProcess
NtQuerySystemInformation
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
ExitProcess
GetCommandLineW
GetModuleFileNameW
GetModuleHandleW
CreateDirectoryW
GetComputerNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
GetProcAddress
GetCurrentProcess
CreateProcessW
CreateFileW
GetFileSize
SetFilePointer
GetTickCount
ReadFile
CloseHandle
WriteFile
FindFirstFileW
FindClose
GetLogicalDriveStringsW
GetDriveTypeW
SetErrorMode
FindNextFileW
DeleteFileW
OpenProcess
TerminateProcess
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
MoveFileExW
RemoveDirectoryW
GetTempPathW
GetCurrentProcessId
GetStartupInfoW
GetSystemDirectoryW
WaitForSingleObject
ResumeThread
VirtualAllocEx
WriteProcessMemory
GetThreadContext
VirtualProtectEx
VirtualFreeEx
CreatePipe
AllocConsole
GetConsoleWindow
GetStdHandle
WriteConsoleInputW
PeekNamedPipe
GetWindowsDirectoryW
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
lstrcmpiW
QueryDosDeviceW
lstrlenW
lstrcpyW
GetTempFileNameW
GetSystemTime
OutputDebugStringW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
WaitNamedPipeW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
KERNEL32.dll
GetSystemMetrics
ShowWindow
wsprintfW
wvsprintfW
USER32.dll
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GDI32.dll
RegOpenKeyW
RegQueryValueExW
RegCloseKey
GetUserNameW
LookupAccountSidW
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
ControlService
StartServiceW
CreateServiceW
ChangeServiceConfig2W
RegCreateKeyExW
RegSetValueExW
DeleteService
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
DuplicateToken
CreateWellKnownSid
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
GetSidSubAuthority
RegDeleteKeyW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ADVAPI32.dll
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHELL32.dll
CreateStreamOnHGlobal
CoInitialize
CoCreateGuid
CoUninitialize
CLSIDFromString
CoGetObject
ole32.dll
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipGetImageEncoders
gdiplus.dll
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WINHTTP.dll
GetModuleFileNameExW
GetProcessImageFileNameW
PSAPI.DLL
WS2_32.dll
WTSEnumerateProcessesW
WTSFreeMemory
WTSAPI32.dll
CreateEnvironmentBlock
DestroyEnvironmentBlock
USERENV.dll
??3@YAXPAX@Z
malloc
??2@YAPAXI@Z
_snwprintf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
wcsstr
_wfopen
fwrite
fclose
_wcsnicmp
strncpy
memmove
_purecall
wcsncpy
_wcsicmp
_wcslwr
wcsrchr
msvcrt.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
memset
memcpy
_CxxThrowException
.?AVTPipeProtocol@@
.?AVThread@@
.?AVTCaptureMgr@@
.?AV?$Singleton@VTConfig@@@@
.?AVTConfig@@
NtReadVirtualMemory
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtProtectVirtualMemory
NtQueryVirtualMemory
NtQueryInformationThread
NtQueryInformationProcess
NtSetInformationProcess
NtQuerySystemInformation
NtGetContextThread
NtSetContextThread
RtlCreateUserThread
.?AVTFileMgr@@
.?AVTProcessMgr@@
.?AVTCommand@@
.?AVTPacket@@
.?AVTServiceMgr@@
.?AVTShellCodeMgr@@
.?AV?$Singleton@VTShellMgr@@@@
.?AVTShellMgr@@
.?AVTProtocol@@
.?AVTTransMgr@@
.?AVTUserMgr@@
.?AVLocalMutex@@
.?AVLockable@@
.?AVTInfo@@
.?AVTTransData@@
.?AVTTransConnect@@
.?AVTServiceInfo@@
.?AVTProcessInfo@@
.?AVTShellcodeData@@
.?AVTCaptureData@@
.?AVTFileDataReq@@
.?AVTFileUpload@@
.?AVTFileInfo@@
.?AVTDirve@@
.?AVTFileData@@
.?AVTFileDown@@
.?AVTLoop@@
.?AVTLogin@@
.?AVTSock@@
0"080j0x0
1!1@1d1k1
2!202Y2l2
757@7P7T7X7\7`7d7h7Q8n8
9!9(9D9
9&:3:;:B:H:M:]:e:m:
;&;I;S;[;c;
="=)=1=9=X=`=e=m=t=
>%>D>L>R>Z>b>
?,?4?:?B?J?
0"0(00080
4!4@4H4N4V4^4
6!7@7\7m7v7~7
7&8.8=8r8z8
:*:3:=:l:x:
;W;h;l;p;t;x;|;
<#<:<r<
?(?0?9?A?H?Y?
41:1?1P1
1Z2`2k2s2}2
3!4j4q4
5-676R6c6
7	8@8Z8_8e8u8
:*:1:F:M:Z:_:e:l:
2<3K3X3`3h3
3;4B4O4]4
8&8.868
809C:Q:i:o:
;E<P<]<~<
="=0=S=h=t=
>&>Y>`>
>R?]?d?y?
3;4W4h4y4
:+:6:I:
:J;i;'<M<z<
?D?K?x?
/0E0K0_0
3#3/373?3
6$6J6^6w6
7-7m7}7
;7;E;R;p;w;
<z<3=R=
? ?+?e?
0$060~0
5$535<5C5
5^6e6r6
7+767M7g7
8%81868>8w8
>!>'>g>l>u>|>
?+?G?z?
141;1i1
3_3f3p3~3
515M5W5c5
6D7S7d7
9 939>9t9
:C:J:U:j:{:
;*;E;O;];d;
< <9<Z<b<l<r<
=0===L=r=
2%3C3Q3]3
54595?5F5b5
7@8l8}8
090G0X0
3-363W3
898?8J8f8v8
5 8F9p;
4-4@4m4
8)8C8J8
9%9/9:9A9J9P9V9\9p9
:':0:7:J:W:\:a:f:q:~:
; <&<,<I<l<q<
<q=w=|=
>%>,>3>9>@>a>g>k>q>w>{>
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7$74787@7X7\7t7
8$8<8L8P8`8d8h8l8t8
9(989<9L9P9X9p9
: :0:4:D:H:X:\:`:d:h:p:
; ;$;,;D;T;X;`;x;|;
< <$<(<0<H<X<\<l<p<x<
=(=8=<=L=P=T=\=t=
> >0>4>8><>D>\>l>p>
? ?(?@?P?T?d?h?l?t?
0$04080H0L0P0X0p0
1,10181P1`1d1x1
080T0l0
545P5h5
646L6h6
7$7@7\7x7