Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 44bd652a09a991100d246d8280cac3ac --

Hashes
MD5: 44bd652a09a991100d246d8280cac3ac
SHA1: 754d5871e15a0aef0347aa33e5d7794e8afb1e29
SHA256: 41d56a50906fa423af1995ba60e64911dc4b6b39df8dc3aaa6c49a7607cfe717
SSDEEP: 1536:mrBU1PKcn7msinXKYuPTbD/0nODmu21wDo90TF3o3FlvIvO:qBUv7WmR54uvO
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Browsers | YRP/Dropper_Strings | YRP/inject_thread | YRP/escalate_priv | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/FVEY_ShadowBrokers_Jan17_Screen_Strings | YRP/GenerateTLSClientHelloPacket_Test |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
D$(RPh
D$tRh$
L$(PQh
L$<PQh
T$,QRj
D$8SPj
<gtA<Gt=<pt
D$ SUV
D$ _^][
L$(PQj
L$PRQP
L$dPQh
L$dPQh
D$8RPQ
D$LUVWj
f&`2g<
eb<)#e
f&`2g<
eb<)#e
D$$Pj@
L$ Qj@
T$8Ph`
URWWh`
PomR5C
~H>My[1,
42(&zajP
PomR5C
~H>My[1,
42(&zajP
D$XRWh@
GlobalFree
DeleteFileA
GlobalLock
GlobalAlloc
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
GetLastError
VirtualAllocEx
GetProcAddress
LoadLibraryA
SetLastError
GetCurrentProcess
OpenProcess
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateMutexA
DisableThreadLibraryCalls
GetModuleFileNameA
GetCurrentProcessId
FreeLibraryAndExitThread
CreateThread
GetSystemDirectoryA
LocalFree
LocalAlloc
ReadFile
GetFileSize
CreateFileA
FreeLibrary
GetTempFileNameA
GetTempPathA
TerminateProcess
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
SetEndOfFile
FlushFileBuffers
WriteFile
SetFilePointer
WinExec
SetCurrentDirectoryA
GetWindowsDirectoryA
GetVersion
GetSystemInfo
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemTime
KERNEL32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
FreeSid
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
CoTaskMemAlloc
ole32.dll
InternetSetCookieA
DeleteUrlCacheEntry
WININET.dll
wcscpy
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
sprintf
strncpy
_strnicmp
_except_handler3
malloc
strchr
strrchr
_strlwr
_snprintf
printf
strncat
asctime
localtime
fclose
fflush
fprintf
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
WS2_32.dll
Netbios
NetApiBufferFree
NetUserEnum
NetServerEnum
NETAPI32.dll
GetTcpTable
GetAdaptersInfo
GetNetworkParams
iphlpapi.dll
_memicmp
_stricmp
msdmoe.dll
DmsrvShow
IeUishow
vv;expires = Sat,01-Jan-2000 00:00:00 GMT
abcdefhiklmnorstuvwxz1234567890q
GIF89a
</body></html>
</label>
</span>
</div>
</form>
VirtualFreeEx 
WriteProcessMemory %X len%d
InjectDll %s
InjectIeProcess OpenProcess %d
InjectIeProcess  %s
ctfmon.exe
CreateApp: %d %s
Runmonitor_MutexTest
Applications\iexplore.exe\shell\open\command
CreateProcess failture: %s
L*: :%08x,  : %d %s %s
\es.tvv
\javae.exe
E: Except in TTimer
: %s : %d
DeleteFile %s
ServiceDll
SYSTEM\CurrentControlSet\Services\%s\Parameters
dmserver
\dmserver.dll
AutomaticLayoutRecovery
%s\Software\Microsoft\Internet Explorer\BrowserEmulation
AutoRecover
%s\Software\Microsoft\Internet Explorer\Recovery
http://%s/%s/
hidden
NAME="
name="
type="
<input
ACTION="
action="
METHOD="
method="
</FORM>
<form 
<img src="
http://%s%s
abcdefhirstuvwxz
general
global
careers
investors
services
bussinesses
expand "%s" "%s"
%}(*2S>
[[vCXZv
r*k*P*T*B*L*8*!*
*x+Z+0+.+
+{(|(h(l(S(U([(Y(H(>( (.(
(g)n)R)T)_)@)J)2)6)#)!)
	,k'~n
Xm]YtV
u+Z&FLXF
InstallDate
SOFTWARE\Microsoft\Windows NT\CurrentVersion
kernel32
IsWow64Process
 %s %d.%d 
unknown state
DELETE-TCB
TIME-WAIT
LAST-ACK
CLOSING
CLOSE-WAIT
FIN-WAIT-2
FIN-WAIT-1
ESTABLISHED
SYN-RECV
SYN-SENT
LISTEN
CLOSED
TCP 	 %s:%d 	 %s:%d 	 %s
	Lease Obtained. . . . . . . . . . : %s	Lease Expires . . . . . . . . . . : %s
	Primary WINS Server . . . . . . . : %s
	Secondard WINS Server . . . . . . : %s
					    %s
	DNS Servers . . . . . . . . . . . : %s
	DHCP Server . . . . . . . . . . . : %s
	IP Address. . . . . . . . . . . . : %s
	Subnet Mask . . . . . . . . . . . : %s
	Default Gateway . . . . . . . . . : %s
	Description . . . . . . . . . . . : %s
	Physical Address. . . . . . . . . : %s
	DHCP Enabled. . . . . . . . . . . : %s
	Autoconfiguration Enabled . . . . : 
	Connection-specific DNS Suffix. . : %s
	Media State . . . . . . . . . . . : Media disconnected
0.0.0.0
%s ...... : 
	Host Name . . . . . . . . . . . . : %s
	Primary DNS Suffix. . . . . . . . : 
	Node Type . . . . . . . . . . . . : %s
	IP Routing Enabled. . . . . . . . : %s
	WINS Proxy enabled. . . . . . . . : %s
	DNS Suffix Search List. . . . . . : %s
unknown
Hybrid
Peer To Peer
Broadcast
SLIP Adapter
Loopback Adapter
PPP Adapter
FDDI Adapter
Token Ring Adapter
Ethernet Adapter
Other Type Of Adapter
%02x-%02x-%02x-%02x-%02x-%02x
Dir %dk (%d)
Copy Ok
Echo Err
Echo Ok
11monitor_MutexTest
\vcl.tmp
http://%s/%s.%s
default
10B0P0p0)1m1u1
41494D4P4Z4c4
515;5D5
6"6)676
6H7Q7Z7
8&8T8X8\8`8d8
8!909c:h:
:7;J;S;o;
<%<?<D<T<^<y<~<
='=,=<=F=a=f=v=
=	>*>/>?>L>m>r>
0*0>0R0f0z0
1/1C1W1k1
4!5B5e5q5
556:6M6\6
7#7?7N7
7 8(8K8^8i8
92:?:F:
<$<7<\<b<g<s<
=E=Y=y=
=&>+>n>w>
0@0G0R0
1:1P1_1
2#2]2d2o253G4N4
7-8;8T8
98:J:U:`:u:
<'<?<^<h<
2!3(3m4
2L4V4y4
<,<4<><
?#?P?c?
647H7[7z7
7[8d8u8
9+969K9g9q9
:Y;_;x;
< <$<(<,<0<I<L=
B2[263
3B7d7n7
80868>8G8P8s8
939L9a9|9
4O5\5n5y5
5k7x7D9W9
2W2[2_2c2g2k2o2s2w2{2
3$4<4c4
9S;];j;.<8<]<m<v<
<1=D=J=P=
242;2l2
5&5-5>5b5#6[6@8E8
9=:B:H:N:T:Z:`:f:l:r:x:~:
?A?f?{?
0070Y0i0w0
1L1S1u1
4"4*424<4@4D4H4L4P4T4X4n4u4z4
6)6I6j6r6
7>7G7b7h7o7
9#9(909
:":j:w:
2/2I2S2X2
2"3F3T3x3
5#505E5y5
576j6t6{6
8+82878\8
9'9-9O9a9
:":(:.:4:::@:\:|:
;#;,;5;>;G;L;o;
@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3(3D3P3l3x3
4 4<4D4P4l4t4