Sample details: 470797a25a6b21d0a46f82968fd6a184 --

Hashes
MD5: 470797a25a6b21d0a46f82968fd6a184
SHA1: dac7867ee642a65262e153147552befb0b45b036
SHA256: ce80b839411b1541d09b0ede82f1477b516da0c60760079f46ba4443e1a6f419
SSDEEP: 768:3m6nuSdGE6vpOG7/RaPWViEK44gn15BSF4sKbABRSzmG0bCqVDBtOckKYIo/V:9ucX6vpOcGIiJg1XyhnSzm3BVhklIot
Details
File Type: PE32+
Added: 2018-03-07 03:20:39
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/MinGW_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Dos_NC |
Parent Files
9e823aab12266de1e7c2fd729696946c
Strings
		!This program cannot be run in DOS mode.
P`.data
.rdata
P@.bss
.idata
[^_]A\A]
ATWVSH
p[^_A\
AUATWVSH
8[^_A\A]
AUATWVSH
x[^_A\A]
L3d$ H
fffff.
fffff.
ffffff.
(UNKNOWN)
 sent %d, rcvd %d
0123456789abcdef  
msvcr80.dll
msvcr70.dll
msvcrt.dll
_set_invalid_parameter_handler
POSIXLY_CORRECT
%s: option `%s' is ambiguous
%s: option `--%s' doesn't allow an argument
%s: option `%c%s' doesn't allow an argument
%s: option `%s' requires an argument
%s: unrecognized option `--%s'
%s: unrecognized option `%c%s'
%s: illegal option -- %c
%s: invalid option -- %c
%s: option requires an argument -- %c
Failed to create shell stdout pipe, error = %s
Failed to create shell stdin pipe, error = %s
Failed to execute shell
Failed to create ReadShell session thread, error = %s
WaitForMultipleObjects error: %s
Failed to execute shell, error = %s
SessionReadShellThreadFn exitted, error = %s
INTR          
BADF          
ACCES         
FAULT         
INVAL         
MFILE         
WOULDBLOCK    
INPROGRESS    
ALREADY       
NOTSOCK       
DESTADDRREQ   
MSGSIZE       
PROTOTYPE     
NOPROTOOPT    
PROTONOSUPPORT
SOCKTNOSUPPORT
OPNOTSUPP     
PFNOSUPPORT   
AFNOSUPPORT   
ADDRINUSE     
ADDRNOTAVAIL  
NETDOWN       
NETUNREACH    
NETRESET      
CONNABORTED   
CONNRESET     
NOBUFS        
ISCONN        
NOTCONN       
SHUTDOWN      
TOOMANYREFS   
TIMEDOUT      
connection refused
LOOP          
NAMETOOLONG   
HOSTDOWN      
HOSTUNREACH   
NOTEMPTY      
PROCLIM       
USERS         
DQUOT         
STALE         
REMOTE        
DISCON        
SYSNOTREADY    
VERNOTSUPPORTED
NOTINITIALISED 
HOST_NOT_FOUND 
TRY_AGAIN      
NO_RECOVERY    
NO_DATA        
unknown socket error
 punt!
spurious timer interrupt!
Hmalloc %d failed
DNS fwd/rev mismatch: %s != %s
gethostpoop fuxored
Can't parse %s as an IP address
%s: forward host lookup failed: h_errno %d
Warning: inverse host lookup failed for %s: h_errno %d
%s: inverse host lookup failed: h_errno %d
Warning: forward host lookup failed for %s: h_errno %d
Warning: port-bynum mismatch, %d != %d
loadports: no block?!
loadports: bogus values %d, %d
Can't get socket
nnetfd reuseaddr failed
retrying local %s:%d
Can't grab %s:%d with bind
Warning: source routing unavailable on this machine, ignoring
UDP listen needs -p arg
local listen fuxored
local getsockname failed
listening on [
] %d ...
post-rcv getsockname failed
invalid connection to [%s] from %s [%s] %d
connect to [%s] from %s [%s] %d
udptest first write failed?! errno %d
oprint called with no open fd?!
%8.8x 
ofd write err
select fuxored
net timeout
Preposterous Pointers: %d, %d
too many output retries
Cmd line: 
all-A-records NIY
invalid hop pointer %d, must be multiple of 4 <= 28
too many -g hops
invalid interval time %s
invalid local port %s
invalid wait-time %s
nc -h for help
ade:g:G:hi:lLno:p:rs:tuvw:z
can't open %s
invalid port %s
no connection
no destination
no port[s] to connect to
%s [%s] %d (%s) open
%s [%s] %d (%s)
sent %d, rcvd %d
[v1.11 NT www.vulnwatch.org/netcat/]
connect to somewhere:	nc [-options] hostname port[s] [ports] ... 
listen for inbound:	nc -l -p port [options] [hostname] [port]
options:
	-d		detach from console, background mode
	-e prog		inbound program to exec [dangerous!!]
	-g gateway	source-routing hop point[s], up to 8
	-G num		source-routing pointer: 4, 8, 12, ...
	-h		this cruft
	-i secs		delay interval for lines sent, ports scanned
	-l		listen mode, for inbound connects
	-L		listen harder, re-listen on socket close
	-n		numeric-only IP addresses, no DNS
	-o file		hex dump of traffic
	-p port		local port number
	-r		randomize local and remote ports
	-s addr		local source address
	-t		answer TELNET negotiation
	-u		UDP mode
	-v		verbose [use twice to be more verbose]
	-w secs		timeout for connects and final net reads
	-z		zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
Partial loss of significance (PLOSS)
Total loss of significance (TLOSS)
The result is too small to be represented (UNDERFLOW)
Unknown error
_matherr(): %s in %s(%g, %g)  (retval=%g)
Mingw-w64 runtime failure:
  VirtualQuery failed for %d bytes at address %p
  Unknown pseudo relocation protocol version %d.
  Unknown pseudo relocation bit size %d.
.pdata
msvcr80.dll
msvcr70.dll
msvcrt.dll
longjmp
CloseHandle
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitThread
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PeekNamedPipe
QueryPerformanceCounter
ReadFile
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WriteFile
_close
_kbhit
_strcmpi
_strnicmp
_write
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_isatty
_onexit
_setjmp
_setmode
_sleep
_time64
_unlock
calloc
fflush
fprintf
fwrite
getenv
malloc
memcmp
memcpy
memset
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
vfprintf
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
inet_addr
inet_ntoa
listen
recvfrom
select
setsockopt
shutdown
socket
KERNEL32.dll
msvcrt.dll
msvcrt.dll
WSOCK32.dll
Unizeto Sp. z o.o.1
	Certum CA0
090303125815Z
240303125815Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1'0%
Certum Time-Stamping Authority0
http://crl.certum.pl/ca.crl0
http://tsa.certum.pl0
Unizeto Sp. z o.o.1
	Certum CA0
090303125356Z
240303125356Z0x1
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum Level III CA0
\K|.IG
*j^XhM
Unizeto Sp. z o.o.1
	Certum CA
http://crl.certum.pl/ca.crl0:
https://www.certum.pl/CPS0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum Level III CA0
100831145611Z
110901145611Z0
Open Source Developer1
'Jernej Simoncic - Open Source Developer1
jernej@ena.si0
http://crl.certum.pl/l3.crl0Z
http://ocsp.certum.pl0'
http://www.certum.pl/l3.cer0
https://www.certum.pl/CPS0
Unizeto Technologies S.A.0
Usage of this certificate is strictly subjected to the CERTUM Certification
Practice Statement (CPS) incorporated by reference herein and in the repository
at https://www.certum.pl/repository.0
'lGuL8$
n>f+Hh
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum Level III CA
Unizeto Sp. z o.o.1
	Certum CA
101226123114Z0#
1g0e0c0a
Unizeto Sp. z o.o.1
	Certum CA