Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 456cfb514b8fcbddc775acd11a869d64 --

Hashes
MD5: 456cfb514b8fcbddc775acd11a869d64
SHA1: fd086c23c09be49b7dfda55f16c18fed4d9f5294
SHA256: 84d06e7541bafcf499ac69d3ededa494556aea6c4af4f979f7b7493dbf3aaa76
SSDEEP: 3072:02KvTioGdqEfdV9y7J6bxhuM5nKLAcKso6rLXFxXKdrd4EA8M4MC:02KveoqLfTwkdhuM51cKsV3VIdrd4EJ
Details
File Type: MS-DOS
Yara Hits
YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mew_11_xx | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/MD5_Constants | YRP/VC6_Random | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://94.130.104.170/illusion_bot//Build.exe
http://94.130.104.170/illusion_bot/Build.exe
Strings
		.mackt
X_^][Y
X_^][Y
uRFGHt
<]t_G<-uA
HHtpHHtl
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
t.;t$$t(
VC20XC00U
QSUVW3
>:uNFV
>:u#FV
"WWSh<
+ttHHtd
t/WWUPj
QQSVW3
89=l	A
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
Open 1.1 BOT binary
Ok, key is valid and will be stored in HKEY_CURRENT_USER\Software\Illusion
Information
SOFTWARE\Illusion
Error in integer value
Invalid IRC server
Invalid WEB path
Invalid IRC channel
Invalid WEB server
Invalid WEB port
Invalid IRC port
Invalid password
Sock5 port range is not valid. Start value > end value
Sock4 port range is not valid. Start value > end value
Binary saved
No clients selected. Select IRC and/or WEB!
Couldnot write to binary: file access error
This is not valid binary
Access denied
Good script value: %d
100 bots: %d requests every sec
500 bots: %d requests every sec
10.000 bots: %d requests every sec
15.000 bots: %d requests
%d.%d.%d.%d
RANDOM
Some values are illegal
Invalid password or IP address
Invalid password or IRC ident
%02x %02x %02x %02x %02x %02x %02x %02x
Builder already started
IllusionBuilder
./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
8F{&6\ 0G
MU]QdwRt
+H~!2U
\ilCQew
(=,HgU|
$6G4GM6DK
!+E'2T
$5B7SrFq
*V2I|7P
+A"Gf8j
	1IoX|
/M @y3X
$	"8!Fe=n
#D-Hv5X
'9 DdAt
#B.Iw0X
2F&Jl?r
(J3R};c
6K)Pr?s
2NNXuy
1I+TvBx
(E[!7C
4P)RuD|
(G'Kz@k
4#<Y*SxK
:'Dc.Z~U
?>RHPc
8(Ff+X
4)Gi1b
8P0Nog
1)Fl9l
 [6EoJf
5+Hc6Vp
,+EnCt
EW[$9H
+EGb}\y
FS^)?S
) 8TDUu\i
"7Uv	-C
-=)5G,CS
1?AZj(;L1DV
+$3FNi~`
Jlx"<D
)-HY!?Q+HY
%(=O5P^Slx
"A`4Zv
"!4@'@Q)CV&@Q
0E.N`<Zl6Sc
"AIBPb~
Xt~3Q^
$11IY.CS
!!?O:XkKhz
<O8Rg?^t
7I5ScXw
<DDfoKm
Qjv 1D
$5)DUMar%/C
 &?Q)J^Ik
#':WdKf
%>.H`0La(C\)Fb
.I,Me%GZ8Rj 7P
7#=RAf
Iiv1PY
(!2E,AV:[jJcw)KT
*6<Pl{
/=P3@N
2Ur)Bs>^
4M'Fc6Qn.Qt"?\
-C(<U>Xr.Jb
6F0KXMgvUn
*7*IUZw
.G\ >N%9D=K[_q
"-7Uk*Ij
*6F[:]rJn
#B(Gd1Ng;^u&C]
!6*K^1L`=Ug 7L
5C?`nQl
E`p2M_
2.IUc|
Ic&Jd#Gd
5`p<Zx
/R6Ws8Zm,Vf
.D@]v4Wb
,G 7M8Vkk
4T\!:G%EW)DVRm
+@4\x5]z
,8)CLd
+@'";ws
*0?Uh0ZqGn
4Yu%Nf
Da9Zv%Fa
("?U4Ul(A[)CX!?N
*0Nn}Ddx2Vc/M]
!.3Oa.XjIt
%!BQ*Sf:\x4Wx
.K!If'Nk"E_'Nf
6O#BQ2T`=\m
=I"FQ=`lQn|Pn
6[t3Sk
2A8Xb2O\
@Us5Un;h
F]2Wn)Ia
1@,M_Lm}9Zf$ET
+B1MiXz
(2M^<Zk'BS
?W6d{.[l
9D,N]Fm
;YGd{7Ye
:O ?TGe
9T!J`;YqXp
,;]xBv
5O3[y<p
(Zx'Qr&Ji
9N-RpAe
=Y Jh@a
;Zr)Gc%J`+QgFp
/\j%Vd
?JEcua
5R$Mm+[|?n
;c$JjI{
!?^!>\$Ic>j|O{
7K3Ud@fwY
1A0Qp5^}%Sr
:`Fh|c|
C`|#Kf/Wh`
,<4Xr+Yy
=a'Lv.S
5Wy+Tu5`
Fbv*Jb$Jj2_
17Nl#Jk%Ps"Ek
)S-Jw)Lw?h
:`+Fo1Mz$Dl
A_/QiKl
1X~#Jq`
 Ln#Ie-L\
3V =f%Lp
(N2Pr)Nm/Vr$Cd*Cf+Bf
2J)IcBc
/J=`~Mx
Be|#<[(Eh
Qm"Ty|
.@*LdNy
-F"<d8Ow
#6-IV+DU
$4(G\"=S
)3Fdu-GZ 8O;Vn:Tl
:M3Wk'EU
 /7Sf4La
/C-Qe[
AUp@Pm
:f'Mv >X
?^,Qm,\t<m
*!0<$3@
7['OtN{
.+DW/G_
&<CZpUi
 3L":UTl
$5%3TDVz+@]$=VCax
=O7Na%@S$BU!5Mfu
@Xm@Sf"3F&9OJ^m
(EZtTs
/7:QZ9JO
2H1Ui@[r&=S
%61K_3N_
#@#<_6Rs
0Sq#D]
">-Km7Wy*Qq&Mp"Hh
;E,G\0@V
1Ro >Y
"=6Zx7]
<W%C\0Ma.BS
:Q"=T"9W
2M;^}Tv
"4D.Hd">a
5S!=Y!?Y
+Yy3Qf
*>Q-Lk,Fj =] >\
/Yy#G_
)Ps;^w
&AV(Kl-Kl#?`
*Uy*Uu$G_
5N:To#;V
-Wv=^{1H\
 .&A\)Jm+Ij
'Pp%Mj&I`
&.=%6Q 9STn
&@c8X|Bb
Mu!Sx<j
0C'Ec/Nq(Hi
,	">Qv
)Pm(Nd
/J-C^9Qa
Hp)W~Bq
:R'Gh.No(Gd
&Mj,Pg
'?;Uk"7A
,O4T| FqP
@^'Ij-Nk!@]
Mn#Rq2Zz3Yy$Li$D]
	!-3Sf
%7*AU+E]
%>4No%Ov
1I&?^$Ei"Bf
Aa!Cd)Ik&Gd
"Ts1\z%Ml'Nm,Uq
(;#;V-Ie+Km$Fj'Gk)Hl$Ee
?^&Ef+Ii B\
9T4Xv Kk,Qp Gd/Xt2Yu
&=1Pn/S{j
4J'Ba.Np0Qr+Or&Il(Gk)Ii#Cb
<Y$Cd-Kj#A]
!9!=Z/Oo
Eb)Qm-Ql
$$;P)AV
/E=`}9d
2F/Pm2Sx0Sx0Qt*Or'Km'Fj'Fi"Bb
;[#Bb)Ge
00Hf'Ee(Ik5Ss)Lk.Qn&Ga
)5K_@Xl
2E/Nn5[~8[
0Tx.Ss)Ps*Np'Gm#Bg
<\#?`">\
>Yr(Gd)Jh+Jf(Mh+Mh
4)No:Z
 .&<T6Rp6[~9`
1Vy.Ss+Ps*Nq&Gl @d
@\"@a&Ab
!=[q0Rn7Zv$E`-Sj*Oe
'D/Rr?e
);2Nn8\}=a
3[~2Vx-Ss+Lq)In(Hj
:Z"?_(Db!;V	#=
1?\u,Ql-Pl!A\1Wn1Tl
7Q3SuW~
'>@\{Cg
-X{0Xz-Rr'Lm$Ij%Eg
;Z$Aa(D^
)>>Yt*Ni$Hc"D_/Sk(G`
' ;UPz
<!@ZIs
 Sw"B]
,Ux/Vx+Rs'Lm#Ij#Ef
"5I-Ke)Lg'Mh!E]$Ha"BX
%)FZ.DV
%P"CiIm
.><XuOu
/Vy-Su)Pq#Jk"Gh @b
.EY'G_(Mg'Nh Gc(Lh
-/Oc 7D
'Ku%Kwn
(9NDa~Gk
1X{,Su,Rs#Ij!Ce!@b
D_%Le-Us,So
1Y|-Su*Op%Gi"Bd!?`
<\ >^#B^
6Pd!D^!Hc&Ng/Ss+Ql
 <M4Tm
.Sv(Jn(Ik#Cd
<[!?_!A]!=[
*7Oc B[&Hd+Mg-Mm(Je
(+H\7Vp
0Ux)Ko'Hj"Bc
;W"@_$D_(Fc
%6H)BZ =W(Gb.Oi(Ki
&7-Oc2Mk
4Y~/Tw*Kn%Fi
;X$@^&D`(Hb
/EU ?U$BY*Kd+Kh%Jf
4I/Mg)Dc
"1Il1Mj
4Y|&Km#Hi
8T ?]%E_%E`
>P!BX*Me+Li
(*BZ(@^!@\
(Np%Ih
7S!?]$D_%B`
9M#FZ)Mc)Ka
 2(A\ 9W"B\
,A)LfJu
-Qr"De Aa
7U"=\$D^$?^
!9	#6	#8
 3Mc!=Q
-Qt#Ef#Bd
<Y"A^ B\ >[
(R.Cn"@j+Jq3Pm
$Lo Eg
:W$B_$C`
%Kr!Bg
<Y&B`*Ig$Bc"?^
1X~#In
>\'Ee(Hh*Ii(Ee
)Ot#Gk
=[#Ba%Cc+Ll/Lk
+=T"?Z	.L	.I
Bo-Mxl
Hr&I|Bf
'8Sm]}
4X~1Ry0Ov+Qt)Mp&Jm
<Y#A`(Hi)Dd
	 0D] A_
2U|0Qy<Xz
#2Je]~
,P6Uyk
2W~0Uz/Tw*Lp)Im&Ll"Eg
6U =]&Ed$?^
+9Rn$Jh
!N| Hq
5W.Joi
0Vy/Qu/Ru(Im#Eh"Ff
4T!=['Ed"<Z
68\{&Vu
"#AP1L^
)Hq-Ou8[
%3Eb_}
 >a!<be
/St3Sv.Op%Fh&Gg A`
3S&B_*Hh
7S5_~)]{
2F7Zk BU
=Zs;f~
:_0PwCe
%1Da[y
8Y~-Mo1Qq.Ll)Gh#Ac
2Q%Da)Ff
31Ki2Y{4c
!Np%Pr&Qq
1@T.M^
;o,G|1P
+Jr$Ab9Uw
42EdSq
3Uz-Mp0Pp.Ll(Gg
1M @](Ec
6<Sr;]~5]
%45Nc'FZ
5P|1Mt0Jp5Mn 3S
$A"4M2IiPo
1U{.Qs,Ln,Mj*Ij$Dc
 =BZz!Ce
':K`6Sm
9V~.Ks"?d0Il,?\
,*;]Jj
/1E_2KlNn
/Su+Oq+Ll+Li)Gg%Cb
7W	!?=\}$Ll
$"/BDXq/Me
$<"?UKm
0W|$Dp#Bk*Jq%<[
+FX|Jl
*CYr,Hl@b
6V}0Ru.Pr/Pr+Kk%Cb"A]
">8]z,Zx$Qo
'-CW<Wl"@U
1V~-Q|<a
-&5UQg
0=Ut-Ls4R{=\
1Pw-Lo)Kn+Ko'Gg >]">Z"<X
2L	)@<f
"2?Wo/I_
0E"=R4Rg"E[2Q_
0,@^H`
%<BZ{#@iG^
*K9Yy@c
.Rz.Nt+Km'Jl*Hl'Ed
(:L8Rj
.C)CX/I\-DT#8E	
)A=Ro?]
)06JES
*K3Rr@_
-Nv.Mr*Ln'Gj&Dg&Dd
=]">[">Z
#@-IfJl
 1=Pf&H^0Oc-CT
 :?Ro2No)Ow<d
	/O.Mm@`
*Jq*Im+Kl(Fi%Bf#Aa
8?Ts.Oq
7T$Da	!7
-@S+E\0Ri(FU
 8$?^3Ou2V
3U*HiE`
)Hl'Gi+Gg-Gi)Cf @\
$1.HX3K\
'E!Eb;b
5W*FeD]
*Gj$Fg'Ec+Eg+Ce#>^
=`)Or If
.?I&>J
#J EhVz
6W$A]A[y'Ef$Eg(Dd-Ce)Ad">_
Mt&FnTo
'Mt,V~Ce
8Tv!?a}
;V=Yv"De!Bc'Cc-Bd)@a#?`
9]#>`?X
:U;Xt Bc#Ab)Cd+Ac$<^";\!;["=Z
+?S =V
4 9\3Mt
7c)SwLr
3R9Tr"@b =],Bd*?b#;\":[$<]#<Z
!J$Vv^
3Q6Rq#A`
8Y*Aa&>`!:["8Z%:\%<[!9W
A]u0[|,Xy
8T2Ro!@`
;W+Bb'@a ;\!7Y$9Z"9X
7S2Sp"A`
:W)Cb$@a!<]!:[ 8X
>]!<Y0Oj#Bb
6T(A`$>_
:Z!;Z#=Z
%;a%>]#:X+Gf&Cb
3P+?`&?a
=Z#>[#>[#<X
%!B^-Ok
03A`)?\ 6V'Dd%Eb
/L*?]+Ad#?_'@a%@\'>["6U
)+ZyJt
:Ia)>Y
3V'Dg-Mk
1M)>_-Df'@a+@c#<X%<Y 5S
2:Pj&<Z
6Y)Eg1Pq
2P&=\+Ac(>]&<[!9T*A]
/L6Po$<] 7W'B`2On
.K"9T%;Y%;X
5O(<W-B[
3Q5Pq#;]&;\&@^3Om
.K$9S'>X(?Z
.I#1L$0J
0Q9Tu$<^&;`(Ac6Sr
,I$9S+C]"6O
1R>Yz#;]!9](@b>Yy
)H%:X+B^
5VC^~ :Y#=])BaD]z
)H.?^&:V
 :X%<[,GdAXw
*F0C]"0L 0K#6O
Em-Ef0Ge
&?`#<[3Lm8Rs
.M-@\#4M"3N
1L6Pk1Jh
D^%Rp2]
=`/Zvy
8U)Ea Ed@`
,Hh&A`>Yz3No"=Z(<Y+:P;F^=MdDWmQe
>Wp!9M
<[(Uv(Z{*c
Cf.Qn#C_-Lm:V{/Jk,Hh@\}*Ff*E`#6P
%.</=O
8[/U}9f
%Tx Gf7Wq
%Jj8Tx)Cf#8X';^Gb
8Vq1G]
 11CYj
1Gd0A\AQkN`w
5Ss<[x
#,?*;K
'G!:m0It
CHb.<\
	 T&7m
:Qo$Kw
">J:V^
(23OYp
%0O6@b
+9EYKVf
 6GW[n
$:Sv*P~
!.;LbuUq
@Ui -@
*1Hi0Rs
 /I0<W
#/AO]t
7U1>c	
3T-Jh[s
.W"?{!E~
'+Ad3Ow
>Y/Yv!@V
%/B8Lb
Ccl0]j
'0BCYq
(,A3A[
+<Mk0Jl
5Dl%?a
!"2*(M5;g
&&AAJo
&+5[ 0P
2Jp0<m
1Kr*L{
9\0Vy!@Y
7B]AZw
(,I8Hd
1Fi2Ah
KERNEL32.dll
CloseHandle
ExitProcess
CreateFileA
GetModuleHandleA
ExitThread
GetLastError
CreateMutexA
CompareStringW
CompareStringA
WriteFile
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
SetFilePointer
ReadFile
GetDiskFreeSpaceA
GlobalMemoryStatus
FlushFileBuffers
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
MultiByteToWideChar
GetStringTypeA
SetEnvironmentVariableA
USER32.dll
MessageBoxA
GetDlgItemTextA
IsDlgButtonChecked
DialogBoxParamA
SetDlgItemTextA
EndDialog
CheckDlgButton
EnableWindow
GetDlgItem
GetWindowTextLengthA
comdlg32.dll
GetOpenFileNameA
ADVAPI32.dll
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
WS2_32.dll
wFaatu
CKERsN
1ruFim
a bl=to=ir
"cky0[
!7^0qS9P
z	G	etLa
`L	1#QNrA
KERN0L32.8dl
oseHan
xitProc
Mo>duS+)A,
LCMap])
PTyzho
u##Fl(
h2~Bqf
fT2jmL
NaQmoH
a&ag%	ox0
#ms!!A
Dq$oi6
:RpoM&}
l&wxE~
2)93,3
4{$A2$+/{
_tukS1
`2[+7m
.vl_yb=A
LG$v"XEa
}7Ycv:
7+)t}o
lK]Vpi
oxj1f'
	lhDOQb
Bw`q+:M'
q!x$ j
xNT*Cr
[sJV#aj
==p<cL
-}4;]P
xkZz	Q
zLwS}~
S}~_>~
9WsyJc
S<Itzi4
FhYTozM
n	cFIG(
g{DqTP
OE,h="
{9-& s
vrEnws/H/
Yo\.v"
<668m+
]G-vfk9
0(4+Dh
&^[VR*
>nHJug
J8Ku`;
T5F/Y5
mRwlT@
0BcNm!
3{Id,s
.sK27Y1
pa153y
5{[R7g	
L>IS4S
nG})t~
8VE((N
MFuQgZ
E|Bj	G(h
9(%JQD
SzQ$Am
x'9k9,@Wb"T
P>DAqp
1murze
_'zaJ 
^`zi3t]'?Q+
dOmP#t
OuY5C%
F+JvmI
oJ"P_?
RdJ!_s5)7
DWRdX\v
{Z1+Qo
W s89$I
.]m5X%
c@6VL'#Y
6_52 :
MyX@(I
Z%PDwrj
lk.\[:%d2~
T4nDp.N
[ZlM(7O8
%H/>""
VZiE^h
IU-eB&
@dR@l2
gK{%a?,,r:
SZ(U|gN
"~ IKc
&Q'Z|N
pq1A&N
+!*|nSZT
G&chVd"
Hsd`]5_
-n*WqC
oz-tU>;
Jja"L)
_4P?g<
3a2u%Cv
R>fok/
)Kj63#
w'l=xC
y03Z<4!
y4*.q]
'CAZvT
z>vi.;
2l_rMf{2
t^lj{0
3<sE@7[
	briq1
b-3L&l
ezT8hJ
#Tu1C=
hJp\5.5
n"m])z1
EtQVbdN
EJX2-c
S)mB[5
B+9n.D
 U~7z6Q
g:;	}_
#$Z:FXK
W)a'?@y
%GSI.(
y10.:t
(c"|*K)\
 'rdQE9
M8@R'Z
%co:Al
 Wa%%)
@|9sa%
[H{U'L
{x	|41
X*6nhI[
z7,giRJ<_
HSMATM
a{M%wz
aY#k%wy
y:Wi]<
kernel32.dll
LoadLibraryA
GetProcAddress
advapi32.dll
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
kernel32.dll
CloseHandle
ExitProcess
CreateFileA
GetModuleHandleA
ExitThread
GetLastError
CreateMutexA
CompareStringW
CompareStringA
WriteFile
LCMapStringW
LCMapStringA
SetStdHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
SetFilePointer
ReadFile
GetDiskFreeSpaceA
GlobalMemoryStatus
FlushFileBuffers
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LockResource
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
MultiByteToWideChar
GetStringTypeA
SetEnvironmentVariableA
user32.dll
MessageBoxA
GetDlgItemTextA
IsDlgButtonChecked
DialogBoxParamA
SetDlgItemTextA
EndDialog
CheckDlgButton
EnableWindow
GetDlgItem
GetWindowTextLengthA
ws2_32.dll
inet_addr
comdlg32.dll
GetOpenFileNameA