Sample details: 2041c4e39d29453ae3d1b60e1038b172 --

Hashes
MD5: 2041c4e39d29453ae3d1b60e1038b172
SHA1: b9e0c4b7cbd5713507dada167a2b9ce4cfc6e995
SHA256: 8c6e5bae4d07860d3634f1cb8fca2473a1ee9ddd61655150e58d5450ace625e3
SSDEEP: 3072:zRb0/DI/tRkN8GtpdGtEuSiOOd+gqvYy+1:zRp/yCvSiOc8Qy+1
Details
File Type: PE32+
Added: 2018-06-22 20:21:13
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/SEH__vectored | YRP/screenshot | YRP/keylogger | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants |
Parent Files
b9f6e7af4042ded29421d3e568250e0c
Strings
		!This program cannot be run in DOS mode.
`.text
`.pdata
@.rdata
@.data
L;<$u0H
L;<$uZH
L;<$uwH
L;<$uWH
$YZAXH
UAWAVH
H;D$0|o
H;D$0|jL
L3|$PL
t$HYZAXAY
t$@YZH
L;<$u:H
L;<$u	H
t$PYZAXAYH
D$@H;D$H
t$HYZAX
L;|$H|GL
L$ UAWAVH
l$0HcE
l$@HcE
l$0HcE
t$ WATAUH
 A]A\_
ATAUAWH
t+D8#t,H
0A_A]A\
0A_A]A\
<0|8<1
t$ WATAUAVAWH
9D$pt8Lc
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
Hc\$8L
Hc\$0L
UVWATAUAVAWH
@A_A^A]A\_^]
WATAUH
WATAUH
p WATAUAVAWH
 A_A^A]A\_
x ATAUAVH
0A^A]A\
UVWATAUAVAWH
T$lD+\$`+T$d
A_A^A]A\_^]
WATAUH
0A]A\_
H WATAUAVAWH
E f9OF
tGH9O(t(H
A_A^A]A\_
uDH!l$ 
p WATAUH
t$\+|$PE3
D$H+D$@+
D$L+D$D+
UAUAVH
f9\$2uoH
UATAUAVAWH
A_A^A]A\]
` AUAVAWH
A_A^A]
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
`A_A^A]A\_^]
SUVWATAUAVAWH
A_A^A]A\_^][
WATAUAVAWH
Hc\$ H
A_A^A]A\_
UVWATAUAVAWH
t$8HcU
Hc\$ H
`A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
	<"t	H
L$@D+A
HcD$@D
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
@A_A^A]A\_
|$ ATH
tV@8.tQH
HcD$`H
HcD$PH
UVWATAUAVAWH
H9h tWI
 A_A^A]A\_^]
WATAUH
 A]A\_
WATAUH
 A]A\_
tmHcI(H
HcA(;A<}
L9	uA3
WATAUH
!Lci(E
 A]A\_
LHcO<H
t LcG03
t LcC03
SWATAVH
XA^A\_[
UVWATAUAVAWH
@A_A^A]A\_^]
s#ffff
!s H!s
A9@ u?I
WATAUAVAWH
 A_A^A]A\_
WATAUH
0A]A\_
H;F uSH9{
8HcD$HH
u%HcD$ H
+HcD$ H
HcD$HH
HcD$HH
8HcD$@H
D$(HcD$(H
HcD$HH
D$ HcD$HHcL$@H
HcD$0H
D$(HcD$0H
HcD$0H
WATAUH
SHGetPathFromIDList
SHBrowseForFolder
SHELL32.DLL
Static
Button
PB_DropAccept
PB_WindowID
WindowClass_%I64d
PB_Focus
PB_MDI_Gadget
SysIPAddress32
ComboBoxEx32
MDI_ChildClass
PB_Hotkey
IsAppThemed
uxtheme.dll
DllGetVersion
COMCTL32.DLL
AlphaBlend
msimg32.dll
?UUUUUU
?GetLongPathNameA
Kernel32.DLL
PB_PostEventMessage
PostEventClass
%d:%I64d:%I64d:%I64d
0123456789abcdef
Qkkbal
-InitOnceExecuteOnce
Kernel32.dll
PB_GadgetStack_%I64i
Overwrite?
An unknown error occured. The program will be terminated.
b2eincfilepath
b2eargs
Continue?
b2etempfile
b2eincfile
@shift /0
Password
Choose a location to save the files.
-b2epass
b2eprogramshortname
Please enter the password.
Error!
b2eincfilecount
The file 
This program is not supported on your operating system.
b2eprogramfilename
Can not create some of your include files.
b2eprogramname
@call:extd
Can not allocate the memory.
b2eprogrampathname
b2eextd
Wrong password.
extd.exe
 already exists in the current directory. Overwrite?
@set result=
@%b2eextd% "%~1" "%~2" "%~3" "%~4" "%~5" "%~6" "%~7" "%~8" "%~9" > "%b2etempfile%"
@set /p result= < "%b2etempfile%"
@del "%b2etempfile%"
@goto:eof
KERNEL32.DLL
COMCTL32.DLL
GDI32.DLL
msvcrt.dll
OLE32.DLL
SHELL32.DLL
SHLWAPI.DLL
USER32.DLL
WINMM.DLL
GetModuleHandleA
HeapCreate
GetCommandLineA
RemoveDirectoryA
GetTempFileNameA
GetShortPathNameA
HeapDestroy
ExitProcess
GetExitCodeProcess
FindResourceA
LoadResource
SizeofResource
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapReAlloc
SetLastError
TlsAlloc
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTempPathA
SetFileAttributesA
DeleteFileA
CreateDirectoryA
WriteFile
CreateFileA
SetFilePointer
ReadFile
DeleteCriticalSection
InitCommonControlsEx
GetStockObject
SelectObject
SetTextColor
SetBkColor
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
GetObjectType
CreateDIBSection
BitBlt
CreateBitmap
SetPixel
memset
memcpy
strncmp
memmove
strncpy
_strnicmp
strlen
strcmp
sprintf
malloc
fclose
_stricmp
tolower
strcpy
CoInitialize
CoTaskMemFree
RevokeDragDrop
ShellExecuteExA
PathRemoveArgsA
PathGetArgsA
PathAddBackslashA
PathQuoteSpacesA
MessageBoxA
SendMessageA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongPtrA
GetForegroundWindow
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
DestroyWindow
GetWindowTextLengthA
GetWindowTextA
SetRect
DrawTextA
GetWindowLongA
GetSystemMetrics
ReleaseDC
GetSysColor
GetSysColorBrush
CreateWindowExA
CallWindowProcA
SetWindowLongPtrA
SetFocus
RedrawWindow
RemovePropA
DefWindowProcA
SetPropA
GetPropA
GetParent
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
ShowWindow
CreateAcceleratorTableA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
EnumChildWindows
GetClientRect
FillRect
GetFocus
DefFrameProcA
GetWindowRect
IsChild
GetClassNameA
GetKeyState
DestroyIcon
RegisterWindowMessageA
timeBeginPeriod
P-b2edecompile
PAWINDOWS10.bat
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> <v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3"> <v3:security> <v3:requestedPrivileges> <!-- level can be "asInvoker", "highestAvailable", or "requireAdministrator" --> <v3:requestedExecutionLevel level="highestAvailable" /> </v3:requestedPrivileges> </v3:security> </v3:trustInfo> </assembly>