Sample details: 175b4116c3edb94b50a3df4aa91ac9c5 --

Hashes
MD5: 175b4116c3edb94b50a3df4aa91ac9c5
SHA1: f8ff69becefaea474ab641777262c1daa7f924b3
SHA256: fef7a38663a2bccc52f4ab506a6b32e378d4c006d06abbfd169b9ea278a4769c
SSDEEP: 1536:kniyniyniyniyniyniyniyniyniyniyniyniynii6Xca/aHjsgIMqqU+2bbbAV2E:QimimimimimimimimimimimimivX8j+8
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Antivirus | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/network_http | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Crypt32_CryptBinaryToString_API | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/ReflectiveLoader |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.rsrc
@.reloc
<}tK<=tBF
<}t)F<=t
HthHuo
<}tcG<=t
D$(PQh
D$(PWh
D$(PWh
SVWj@h
SVWj@h
QSVWj@h
0SWj@h
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
[T:$6.
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
PQAeS~
~4[C)v
8$4,6-9'$6.:*?#1pHhX~AeSlZrNbS
EHl\tFeQ
T~FbZwKi
,8$4'6-9:$6.1*?#XpHhS~AeNlZrEbS
FeQbT~FiZwK
4,8$9'6-.:$6#1*?hXpHeS~ArNlZ
EbS\tHlQ
FeFbT~KiZw
$4,8-9'66.:$?#1*HhXpAeS~ZrNlS
Ebl\tHeQ
F~FbTwKiZ
pub_key
DELETE}
{DELETE}
Fatal error
Fatal error: rsaenh.dll is not initialized as well
advapi32.dll
CheckTokenMembership
Address:
fabian wosar <3
Can't find server
ntdll.dll
RtlComputeCrc32
%Xeuropol
*******************
malwarehunterteaGandCrabGandCrabpolitiaromana.bi
encryption.dll
_ReflectiveLoader@0
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
VirtualAlloc
GetModuleHandleA
lstrcpyA
GetFileSize
GetModuleHandleW
WriteFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
lstrcatW
CloseHandle
CreateThread
VirtualFree
lstrcmpiW
lstrcmpiA
ReadFile
SetFilePointer
GetFileAttributesW
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
CreateProcessW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
KERNEL32.dll
wsprintfW
MessageBoxA
wsprintfA
USER32.dll
RegCloseKey
AllocateAndInitializeSid
FreeSid
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
WININET.dll
IsProcessorFeaturePresent
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
1#1-171A1i1s1}1
2:2D2N2X2b2l2v2
3)333=3G3^3h3r3|3
4/494C4M4W4g4q4{4
5(585B5L5V5~5
6'6O6Y6c6m6w6
6 7*747>7H7R7\7s7}7
8#8-8D8N8X8b8l8|8
9)939=9M9W9a9k9
:(:2:<:d:n:x:
;5;?;I;S;];g;q;
='=1=;=E=m=w=
>?>I>S>]>g>q>{>
?%?/?9?C?M?e?o?y?
070A0K0U0_0o0y0
1'111A1K1U1_1
2'212Y2c2m2w2
3+353?3I3S3]3g3
4%4/494Q4[4e4o4y4
5#5-575A5K5[5e5o5y5
6-676A6K6s6}6
7E7O7Y7c7m7w7
7R8[8`8s8
9&959g9
9,:1:&;0;7;I;};
< <1<K<i<
</=6=D=f>q>
1,1a1t1
2B3O3U3Z3a3|3
4=5C5b6~6
8 8&8*8/8D8K8Y8_8o8t8
<7=?=G=O=W=_=g=o=w=
> >+>6>A>L>W>b>m>x>
1	2*2/2
3Z3`3z3
5!5+5E5V5w5
6G6U6e6z6
7(7-757=7a7x7
808O8^8
9*959A9K9]9j9
: ;*;0;F;
>L>Q>`>e>l>{>
?.?]?s?
3E3n7z7
:-:9:n:
;0;D;X;l;
;J<_<t<
>M>U>\>
>D?I?V?d?j?
0,0A0J0Z0`0{0
1/1@1I1P1W1j1
3B3m3u3
4D4T4e4x4
5"505D5R5f5t5
616K6U6l6
7)747S7^7z7
9$9?9H9[9d9
:&:/:::C:g:
;#;3;8;?;F;M;T;
<"<7<<<Q<\<p<u<{<
=>=F=a=
>4>@>H>T>_>
?2?9?@?G?N?U?\?c?j?q?x?
0,01090A0H0V0
4A4K4U4h4s4
5B5N5T5l5b6
6 7.7B7P7
7*818A8N8y8
969=9L9V9\9
:B;I;Y;f;
<.<;<t<{<
0%0,0004080<0@0D0H0
10171<1@1D1e1
1.24282<2@2
3E4S4j4u4
545S5h5r5
C:\Users\VLAD\Desktop\GrandCrabv2.exe
xWY$xWY$xWY$xWY$xWY$xWY$xWY$