Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 1a86abbe1393edb7b05579db02eb2b1e --

Hashes
MD5: 1a86abbe1393edb7b05579db02eb2b1e
SHA1: c439b8cc9fc43a3c2d3ac092a48b022948dbc5db
SHA256: 7c622218fe87cb6b8ffe25dd2c7ebf6eecc755105df9f380a3930edd770ecc31
SSDEEP: 192:M37OTtWXB5OGzrxcFxhysz8oztWmhi6cZ:27OTtWXdrCFxhf/zjk
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitDropper/Objs/Release%20DLL/CabPacker.obj
Strings
		.drectve
.debug$S
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.rdata
0@.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.text
`   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper\Objs\Release DLL\CabPacker.obj
Microsoft (R) Optimizing Compiler
hD$C2j
CABINET
hz\?jj
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
?FN_FCIALLOC@@YAPAXK@Z
?MemAlloc@@YAPAXK@Z
?FN_FCIFREE@@YAXPAX@Z
?MemFree@@YAXPAX@Z
?FN_FCISTATUS@@YAJIKKPAX@Z
?FN_FCIFILEPLACED@@YAHPAUCCAB@@PADJHPAX@Z
?FN_FCIGETNEXTCABINET@@YAHPAUCCAB@@KPAX@Z
?CloseCab@@YAXPAX@Z
?GetProcAddressEx@@YAPAXPADKK@Z
?FreeList@@YAXPAPAUFILEENTRY@@@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PADKHHKHH@@YAPAXPADKHHKHH@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAXIPAKH@@YAPAXPAX0IPAKH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPAXIPAKH@@YAPAXPAX0IPAKH@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0OPEIOADK@$0BL@PAXJHH@@YAPAXPAXJHH@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0PBEJLMME@$0JN@PAXPAU_BY_HANDLE_FILE_INFORMATION@@@@YAPAXPAXPAU_BY_HANDLE_FILE_INFORMATION@@@Z
??$pushargEx@$00$0OFHJCOJE@$0JO@PAU_FILETIME@@PAU1@@@YAPAXPAU_FILETIME@@0@Z
??$pushargEx@$00$0LGIOLOPI@$0JP@PAU_FILETIME@@PAGPAG@@YAPAXPAU_FILETIME@@PAG1@Z
??$pushargEx@$00$0FIPOHKLO@$0DG@HPAD@@YAPAXHPAD@Z
??$pushargEx@$00$0PKEPFAC@$0GG@PADPBDHPAD@@YAPAXPADPBDH0@Z
??$pushargEx@$00$0CMKFPDGG@$0IA@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0CMKBLFOG@$0HO@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0DCEDCEEE@$0IJ@PADPAU_WIN32_FIND_DATAA@@@@YAPAXPADPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0CMKCLHOG@$0HM@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0CMKBLFOG@$0HO@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0CMKFPDGG@$0IA@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0CHJNOKNH@$0IL@PAXPAU_WIN32_FIND_DATAA@@@@YAPAXPAXPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0HLEIECMB@$0IN@PAX@@YAPAXPAX@Z
?FN_FCIOPEN@@YAHPADHHPAHPAX@Z
?pGetLastError@@YAKXZ
?FN_FCIREAD@@YAIHPAXIPAH0@Z
?FN_FCIWRITE@@YAIHPAXIPAH0@Z
?FN_FCICLOSE@@YAHHPAHPAX@Z
?FN_FCISEEK@@YAJHJHPAHPAX@Z
?FN_FCIDELETE@@YAHPADPAHPAX@Z
?FN_FCIGETOPENINFO@@YAHPADPAG11PAHPAX@Z
?FN_FCIGETTEMPFILE@@YAHPADHPAX@Z
??_C@_07BLINPCHP@CABINET?$AA@
?CreateCab@@YAPAXPBD@Z
?AddFileToCab@@YA_NPAXPBD1@Z
?ScanFiles@@YAXPBD0PAPAUFILEENTRY@@@Z
??_C@_02DJGKEECL@?4?4?$AA@
??_C@_01LFCBOECM@?4?$AA@
??_C@_01KICIPPFI@?2?$AA@
??_C@_04FGAJMCLA@?2?$CK?4?$CK?$AA@
?m_memset@@YAPAXPAXKK@Z
?AddDirToCab@@YA_NPAXPBD1@Z
?AddBlobToCab@@YA_NPAX0KPAD@Z
?Free@STR@@YAXPAD@Z
?WriteBufferA@File@@YAKPADPAXK@Z
?GetTempNameA@File@@YAPADXZ