Sample details: 1a4b710621ef2e69b1f7790ae9b7a288 --

Hashes
MD5: 1a4b710621ef2e69b1f7790ae9b7a288
SHA1: 5908116eee9a7c21d2c5301b66f3c3d820f0db82
SHA256: 12ae4a7072c95eae0e433570b1d563c3d39fe3239816c04426c8e64a49bbe7d7
SSDEEP: 768:hWaRyIYZhVswZjlqQWarGLI/j3uCXTJDRlJl4jNITfmuLThkzkHWCfqQsWMe3ZeW:gQfmhVTY8qaJFUG2BILV+
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/System_Tools | YRP/Misc_Suspicious_Strings | YRP/network_dropper | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/GenerateTLSClientHelloPacket_Test |
Strings
		!This program cannot be run in DOS mode.
bRich7G
`.rdata
@.data
@.reloc
RWSPQCf
PURWVS
[^_Z]X
PVWQSU
][Y_^X
UVPQRW
_ZYX^]
SWQURP
fJfHfi
XZ]Y_[
QPWSRU
u Pf4G4
]Z[_XY
SPWQRV
^ZY_X[
D$LUVWj
PURWVS
[^_Z]X
UVPQRW
_ZYX^]
PVWQSU
][Y_^X
RWSPQCf
D$(VPQ
D$(VPQ
L$(QRh
L$(QRh
D$,SPQ
L$$PQh
L$ j Q
D$Pj\P
D$ RPV
L$ PQV
D$8RPh
D$(QRP
D$$Pj@
L$ Qj@
T$8Ph$
pSVWVWRPS
[XZ_^h
[_^]YSPV
[XZ_^h
SVHWuZ
Z][YXV
<gtA<Gt=<pt
D$ SUV
D$ _^][
L$(PQj
\$0t$8
D$@PVW
3VWRPS
[XZ_^_^3
<Vt1VW
VRPWQS
[Y_XZ^3
RWSPQCf
PURWVS
[^_Z]X
GetVersionExA
GetTempPathA
SetCurrentDirectoryA
ReadFile
CloseHandle
GetFileSize
CreateFileA
DeleteFileA
CopyFileA
SetFileTime
GetFileTime
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateProcessA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
WaitForSingleObject
CreateThread
SetEndOfFile
FlushFileBuffers
WriteFile
SetFilePointer
WinExec
GetSystemDirectoryA
GetWindowsDirectoryA
SetLastError
GetVersion
GetSystemInfo
GetCurrentProcess
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GlobalFree
GlobalAlloc
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
GetSystemTime
DisableThreadLibraryCalls
GlobalLock
KERNEL32.dll
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ChangeServiceConfigA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA
StartServiceA
RegQueryValueExA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
CoTaskMemAlloc
ole32.dll
DeleteUrlCacheEntry
InternetSetCookieA
WININET.dll
malloc
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
__CxxFrameHandler
strncpy
_snprintf
printf
strncat
asctime
localtime
fclose
fflush
fprintf
_except_handler3
strstr
wcscpy
wcslen
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
URLDownloadToCacheFileA
urlmon.dll
Netbios
NetApiBufferFree
NetUserEnum
NetServerEnum
NETAPI32.dll
GetTcpTable
GetAdaptersInfo
GetNetworkParams
iphlpapi.dll
WS2_32.dll
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
_strnicmp
_stricmp
_memicmp
ieupd.dll
UpdvaMd
UpdvaMt
abcdefhirstuvwxz
update
research
history
health
safety
government
expand "%s" "%s"
Program Files\Windows NT\Accessories\
%sindex%2.2d_%d.html
B8V	peZ
AZ)v2_!
^Voq<u=$@QH>y
 t	|0+U
i}M$>[
'z[P{h
7{4$NQ
'bklD[
'yq1UV
&xp0TW
#qP/GU
9Ja&Ii
)~^!I[
;hd?lO
=Wy.BY
:kc-Cl
%%I	H,P
	ia	HQ
<Bk	0fm6
)_	iE{
BGi]<	
Fol<XK
RD:h!A2
Z?	-/Vq"a.ME
7Bt8(v
ZP	j	bJckik:
\S*s2E$
@ZwtUY
],+)[y<"n
x"&j<F,
&Xv|3} <J^E6d
b89I-^
c98H,_
CP4d[g
8U:=bb.
%s}&FE
s)+lHH
cgNq4p5
:~;}8=9=Qk#G3Qh:2
=UmL+M{#D
!Z,EMzY/A
N~BK?&_)E
JyE]+O
_+u<J%
P3_c9]L2-
2Ga8\M3,
>Gi,&j
DC,z,i
}0{XM6'
No!(lL
T ~7A.
J!NM~C
Qhq)]"
kq8U`D)V 7
vO<e7ZW3z\
BH,o \v
f|-Bo?'u
L`?a?T7
n_&~+Nn
.}.a.h._.L.
/y/S/^/G/
,s,`,_,L,J,
-w-|-x-f-o-j-P-X-D-K-
*P*R*H*
*6+<+-+(+*+
+v+}+e+f+o+W+^+
(r(z(Q(I(
)1&9&"&
UWgu/9T
ETS+I7X
InstallDate
SOFTWARE\Microsoft\Windows NT\CurrentVersion
kernel32
IsWow64Process
 %s %d.%d 
unkstate
DELETE-TCB
TIME-WAIT
LAST-ACK
CLOSING
CLOSE-WAIT
FIN-WAIT-2
FIN-WAIT-1
ESTABLISHED
SYN-RECV
SYN-SENT
LISTEN
CLOSED
TCP 	 %s:%d 	 %s:%d 	 %s
	Lease Obtained. . . . . . . . . . : %s	Lease Expires . . . . . . . . . . : %s
	Primary WINS Server . . . . . . . : %s
	Secondard WINS Server . . . . . . : %s
					    %s
	DNS Servers . . . . . . . . . . . : %s
	DHCP Server . . . . . . . . . . . : %s
	IP Address. . . . . . . . . . . . : %s
	Subnet Mask . . . . . . . . . . . : %s
	Default Gateway . . . . . . . . . : %s
	Description . . . . . . . . . . . : %s
	Physical Address. . . . . . . . . : %s
	DHCP Enabled. . . . . . . . . . . : %s
	Autoconfiguration Enabled . . . . : 
	Connection-specific DNS Suffix. . : %s
	Media State . . . . . . . . . . . : Media disconnected
0.0.0.0
%s ...... : 
	Host Name . . . . . . . . . . . . : %s
	Primary DNS Suffix. . . . . . . . : 
	Node Type . . . . . . . . . . . . : %s
	IP Routing Enabled. . . . . . . . : %s
	WINS Proxy enabled. . . . . . . . : %s
	DNS Suffix Search List. . . . . . : %s
unknown
Hybrid
Peer To Peer
Broadcast
SLIP Adapter
Loopback Adapter
PPP Adapter
FDDI Adapter
Token Ring Adapter
Ethernet Adapter
Other Type Of Adapter
%02x-%02x-%02x-%02x-%02x-%02x
Dir %dk (%d)
Copy Ok
Echo Err
Echo Ok
vcl.tmp
http://%s/%s.%s
default
@echo off
cmd.exe /C start rundll32.exe "%s\mt.dat" UpdvaMt
\vc.bat
http://%s/
http://%s/%s/
hidden
NAME="
name="
type="
<input
ACTION="
action="
METHOD="
method="
</FORM>
</form>
<form 
<img src="
http://%s%s
vv;expires = Sat,01-Jan-2000 00:00:00 GMT
</label>
</span>
</div>
031J1V1f1
;;<V<}<
0:0M0k0
849H9[9z9
;!;.;8;E;o;
<?<L<X<f<
=%=9=G=c=p=
>Y?_?x?
000@0D0H0L0P0T0i0
386@6%9
=#=M=^=j=
>,>;>B>F?
2*272A2
3 3'3@3J3
8[9b9o9>:H:m:}:
354E4N4
7W7a7h7o7
<%<,<><D<l<z<
1"1=1T1
232K2X2b2o2
8o:2;X;
1 1&1,12181>1D1J1P1T1X1\1`1d1h1l1p1t1x1|1
1:2@2O2
6&6;6L6]6d6
7)777c7j7
;.;5;:;B;J;R;Z;b;j;r;|;
<	=*=2=
>">(>/>@>F>L>
161=1X1
252P2`2m2
;;;O;i;s;x;
;0<T<b<
> >1>[>z>
1Z1d1i1r1
(0:0E0P0e0o0
2/2N2X2
3A3H3p3{3
96;p;w;
696>6N6X6s6x6
7!7&767C7d7i7y7
8-828B8O8p8u8
:0:D:[:
>!>1>7>B>H>N>T>Z>`>r>
?%?3?8?=?B?M?Z?d?y?
080>0R0X0^0d0j0p0v0|0
1<1\1|1
2$202<2H2Q2Z2c2l2u2~2
0242<2@2L2P2T2X2\2`2d2h2l2p2t2x2|2
3(3D3L3X3t3
4 4<4H4d4p4