Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 2042982c4b5cb67fd0b36f0e3f2e030f --

Hashes
MD5: 2042982c4b5cb67fd0b36f0e3f2e030f
SHA1: 5de855504cf9ea02f72a13c19228c14f771fcd5b
SHA256: e652f302e3979354d0f2df2470a43c3f57285a5af38457cc664bba5bb7f2b481
SSDEEP: 384:r/oX3AP5uYlVKf6N2gEebq1/MdBPZr9kIioYMWCSx:W3ABuYlVTbqMZbO
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/FakeDllInstaller/Obj/Release/BotUtils.obj
Strings
		.drectve
.debug$S
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\FakeDllInstaller\Obj\Release\BotUtils.obj
Microsoft (R) Optimizing Compiler
h`@Tlj
0SWj\Xjsf
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
?StopAVPath@@3PA_WA
?BOT_WORK_FOLDER_NAME@@3PADA
?BOT_FILE_NAME@@3PA_WA
?BOT_STOPAV_NAME@@3PA_WA
?BOT_MINIAV_NAME@@3PA_WA
?BOT_STAV_HASH@@3KA
?BOT_MNAV_HASH@@3KA
?MiniAVPath@@3PA_WA
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
??0TBotObject@@QAE@XZ
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Length@?$STRUTILS@D@@SAKPBD@Z
??$pushargEx@$06$0MJFNIFEG@$0BLF@PAUHWND__@@PA_WH_N@@YAPAXPAUHWND__@@PA_WH_N@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0EJKBDHFM@$0DF@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WKHHHHH@@YAPAXPA_WKHHHHH@Z
??$pushargEx@$00$0KOBHMAHB@$0CJ@PAXPAU_FILETIME@@PAU1@PAU1@@@YAPAXPAXPAU_FILETIME@@11@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PADJHHHHH@@YAPAXPADJHHHHH@Z
??$pushargEx@$00$0KOBHMFHB@$0CK@PAXPAU_FILETIME@@PAU1@PAU1@@@YAPAXPAXPAU_FILETIME@@11@Z
??$pushargEx@$00$0EHFFIHKB@$0FF@PA_W@@YAPAXPA_W@Z
??$pushargEx@$00$0ENFFIHKB@$0DL@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0COOEPBBL@$0BO@PA_WPA_WH@@YAPAXPA_W0H@Z
??$pushargEx@$00$0IBPAPAMJ@$0CE@PA_W@@YAPAXPA_W@Z
??$pushargEx@$00$0IPIPBAC@$0BF@PA_WJHHHHH@@YAPAXPA_WJHHHHH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPAXKPAKH@@YAPAXPAX0KPAKH@Z
??$pushargEx@$00$0CMKFPDHA@$0IB@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0FIPOHKKI@$0DH@HPA_W@@YAPAXHPA_W@Z
??$pushargEx@$00$0PKEPFBE@$0GH@PA_WPB_WHPA_W@@YAPAXPA_WPB_WH0@Z
?Hash@?$STRUTILS@_W@@SAKPB_WK_N@Z
??$pushargEx@$00$0GMFEEAGA@$0JM@H@@YAPAXH@Z
??$pushargEx@$00$0JMEIAOCE@$0DO@PAU_OSVERSIONINFOEXA@@@@YAPAXPAU_OSVERSIONINFOEXA@@@Z
??$pushargEx@$00$0KAHDFHH@$0KJ@PADH@@YAPAXPADH@Z
??$pushargEx@$00$0ENFFIHLH@$0DK@PADH@@YAPAXPADH@Z
?Hash@?$STRUTILS@D@@SAKPBDK_N@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
??$Alloc@D@STRBUF@@YAPADK@Z
?Alloc@HEAP@@YAPAXK@Z
?GetShellFoldersKey@@YAPA_WK@Z
?MemAlloc@@YAPAXK@Z
?SetFakeFileDateTime@@YAXPAD@Z
?MemFree@@YAXPAX@Z
?SetFakeFileDateTimeW@@YAXPA_W@Z
?Free@STR@@YAXPAD@Z
?ToAnsi@WSTR@@YAPADPB_WK@Z
?AddToAutoRun@@YAXPA_W@Z
?AddToAutoRun@@YAXPAXK@Z
?GetMiniAVPath@@YAPA_WXZ
?GetStopAVPath@@YAPA_WXZ
?GetTempName@@YAPA_WXZ
?IsHideFile@@YAHPA_WKH@Z
?IsHiddenFile@BOT@@YA_NK@Z
?CopyFileToTemp@@YAXPA_W0@Z
?DisableShowFatalErrorDialog@@YAXXZ
?Hash@?$STRUTILS@D@@SAKPBD@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
?Free@HEAP@@YAXPAX@Z
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
??0?$TString@D@@QAE@ABV0@@Z
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
??1?$TString@D@@UAE@XZ
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
?MakeBotPath@BOT@@YA?AV?$TString@D@@XZ
?GetSpecialFolderPathA@@YA?AV?$TString@D@@HPBD@Z
?MakeWorkFolder@BOT@@YAPADXZ
?AddHiddenFile@BOT@@YAXK@Z
?CryptFileName@UIDCrypt@@YAPADPBD_N@Z
?GetStr@@YA?AV?$TString@D@@PBD@Z
?StrBotWorkPath@@3PADA
??_G?$TString@D@@UAEPAXI@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
?MakeWorkPath@BOT@@YA?AV?$TString@D@@XZ
?DirExists@@YA_NPAD@Z
??_C@_01KICIPPFI@?2?$AA@