Sample details: 47ad8aabf1c725cc69b9d772484bea02 --

Hashes
MD5: 47ad8aabf1c725cc69b9d772484bea02
SHA1: a9d73601b9501963c735bccb1932147fe68e17e0
SHA256: 7eb33cf0df25bba6c23b5de4ddf804679af0b91b8b10057dca54dc38d7eefc38
SSDEEP: 6144:jlDnQeS2nwwuD4bNSZGeDgIBEb1tzbMAS9zWssHjBWFgC:jtnQsnTuDhseDP2RbDS9zP4MFg
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/win_hook |
Source
http://103.59.167.38:3952/csrss.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
xSVWhDiC
@SVWh@!@
LSVWjP
LSVWj@
t_h4}C
tNh$}C
HtYHt6H
9G4_^d
9x u	f
F8+N,+F0
N8+F,+N0
9u ^t	
9^@t53
V@W@PQ
9^Ht}3
9~@St99~8~
VVVPQR
t*Ht"Ht
Zt(Ht Ht
@u+;t$
QQSVWd
t.;t$$t(
uRFGHt
_9=0VE
sO;>|C;~
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VC20XC00U
PPPPPPPP
PPPPPPPP
PPPPPPPP
QQSVWj
>:uNFV
>:u#FV
,f9=tXE
HSVHWtgHHtF
+ttHHtd
t/WWUPj
QQSVW3
D$0f9D$,t
T$ PQR
SVWUu	3
SVWUu	3
SVWUu	3
\$XRSVP
T$XPRV
T$ )L$$j
L$4+D$$
L$,+D$ Q+
(SVWh@mE
t"h\4E
SVWu	3
D$49D$ u
tSf@f=
t$4SWV
\$4USWVj
l$8USWVj
\$8USWV
\$4USWVj
\$4USWVP
u,h@mE
L$0QSWPV
D$,+D$$PSQRV
T$(QRV
T$$PQRV
D$,+D$$PQRV
\$<PQSV
D$8+D$0+D$(
D$$+D$
L$DPQSV
;D$0u,
D$8QRPV
D$D+D$<PQRV
D$HSQRPVW
T$dPQRV
L$TPQhp4E
T$lQRV
D$LQPV
T$lQRV
T$dPQRV
D$P+D$H+D$@
t$dSWV
\$dPSWVj
\$dPSWVj
\$dPSWVj
D$h]_^[
t$PWUj
D$H+D$@
D$$UPS
\$,PWVSVt
|$4QRVW
T$@PQVWRW
T$@PQVWRW
L$8PQVWSW
T$@QPVWRW
L$(9L$
D$<_^[
t$ WUj
t$XSWV
\$XPSWVj
\$XPSWVj
D$\_^[
F`jBWP
F\jLSP
u$SShe
PQQQQQ
t	9p$u
u*9] t
PPPPhd
tvWWWWU
F,_^][
tShx~C
t	9A8u
(wqt\HHtS
t>Ht Ht
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
hWj@_;
Ht#HHt
@t4Ht1Ht_Ht
^$_^[]
f95xUE
F\9~`u	
t2Ht*Ht"Ht
t2It*It"It
t	9ppu
9^pu"3
jWWWWWW
~,9Oxu'+
~-9Oxu(+E
V+5XOE
RSSSSS
QRRRRR
WWWWh0NE
CX+C`+E
C\+Cd+E
Nh+V8jB
9C|t	3
t^HtF-
<A|2<Z
<A|@<Z
jTSSSSS
9FDu/W
WWWWSWh
X_^[]Y
SUVWtT
9nPtWSW
9HPtL9L$
PSSSSS
t1Ht'Ht
D$$	D$
VHtNHteHub3
tP9^xtK
	t5Ht%+
Q#5XUE
QQSVW3
PUUUUU
E 9]$u
u4SSSS
uvSUVW3
_xX_^[
^XX_^[
PWVWWW
VVUSVV
t$ PUSVV
VVUSVV
N(;N,r
tq9w(tlSj
HtjHt>Ht4HHt
R,_][^
SVVVVP
^,_^][
CChildFrame
CMainFrame
kernel32.dll
HeapFree
KERNEL32.dll
VirtualProtect
VirtualFree
Local AppWizard-Generated Applications
CWzdDoc
CWzdView
CMDIChildWnd
CMDIFrameWnd
mdiclient
CControlBar
CFrameWnd
MSWHEEL_ROLLMSG
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CCmdTarget
msctls_statusbar32
DllGetVersion
Marlett
ToolbarWindow32
CMiniDockFrameWnd
CDockBar
CDialog
MS Sans Serif
MS Shell Dlg
CWinApp
PreviewPages
Settings
File%d
Recent File List
CWinThread
software
CAnimateCtrl
CDocument
 #%;/\
ReplaceFile
KERNEL32
CPreviewView
CSplitterWnd
CTempMenu
combobox
CObject
CPtrList
CNotSupportedException
CMemoryException
CException
CMapPtrToPtr
CTempGdiObject
CTempDC
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
GetLayout
GDI32.DLL
SetLayout
CMapStringToPtr
CMiniFrameWnd
Small Fonts
Terminal
CPtrArray
CToolTipCtrl
tooltips_class32
System
CPrintDialog
CMemFile
CFileException
CArchiveException
CScrollView
MouseZ
Magellan MSWHEEL
WheelScrollLines
Control Panel\Desktop
MSH_SCROLL_LINES_MSG
CDialogBar
CPreviewDC
CFileDialog
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
COleDispatchException
RichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
COleException
COleBusyDialog
COleDialog
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
?H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
_hypot
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
Dw=|:s
Dw=U:s
Dw=}:s
Dw=~:s
Dw=m:s
Dw=	:s
Dw=c:s
Dw=&:s
Dw=y:s
Dw=':s
Dw=d:s
Dw=]:s
Dw=z:s
Dw=h:s
Dw=i:s
Dw={:s
Dw=g:s
Dw=f:s
Dw=t:s
Dw=u:s
Dw=_:s
Dw=^:s
Dw=`:s
Button
ListBox
ComboBox
Static
ComboLBox
CloseHandle
WriteFile
CreateFileA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
GetProcessHeap
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr
ExitProcess
lstrlenA
lstrcpyA
GetVersion
GlobalAddAtomA
GlobalGetAtomNameA
GlobalUnlock
lstrcpynA
GlobalLock
lstrcatA
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
lstrcmpiA
GetCurrentThreadId
LockResource
LoadResource
FindResourceA
GlobalFree
lstrcmpA
GetCurrentThread
GlobalAlloc
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
GetTempFileNameA
GetFullPathNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GetLastError
MultiByteToWideChar
MulDiv
InterlockedDecrement
GetProcessVersion
GlobalFlags
InterlockedIncrement
WideCharToMultiByte
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetLastError
GetCPInfo
GetOEMCP
FormatMessageA
SizeofResource
GetCurrentDirectoryA
GetThreadLocale
DuplicateHandle
GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetStringTypeExA
GetFileSize
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapFree
TerminateProcess
HeapSize
GetACP
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
KERNEL32.dll
EnableWindow
SendMessageA
GetSubMenu
GetMenuItemCount
GetMenu
BringWindowToTop
CreateWindowExA
DefFrameProcA
TranslateMDISysAccel
TranslateAcceleratorA
DrawMenuBar
DefMDIChildProcA
IsWindow
SetWindowLongA
GetWindowLongA
GetClientRect
SetWindowPos
RedrawWindow
AdjustWindowRectEx
GetMenuItemID
GetParent
wsprintfA
GetActiveWindow
RegisterWindowMessageA
SetRectEmpty
LoadAcceleratorsA
ReleaseCapture
GetCapture
PostMessageA
PeekMessageA
SetCursor
IsWindowEnabled
GetWindow
GetDesktopWindow
ShowWindow
SetFocus
DestroyMenu
LoadMenuA
GetClassInfoA
LoadIconA
SetMenu
WinHelpA
SetActiveWindow
ReuseDDElParam
UnpackDDElParam
UpdateWindow
GetDlgCtrlID
GetKeyState
InvalidateRect
GetDlgItem
CopyRect
EqualRect
GetFocus
IsIconic
IsWindowVisible
GetLastActivePopup
GetSystemMetrics
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
DestroyWindow
GetWindowTextA
GetWindowTextLengthA
RegisterClassA
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
ScreenToClient
DispatchMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
IsZoomed
ReleaseDC
PtInRect
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
SetTimer
KillTimer
WindowFromPoint
ClientToScreen
GetCursorPos
SetRect
CreateDialogIndirectParamA
EndDialog
PostQuitMessage
ShowOwnedPopups
ValidateRect
TranslateMessage
GetMessageA
SetWindowContextHelpId
MapDialogRect
DestroyCursor
LoadCursorA
FillRect
GetSysColorBrush
GetClassNameA
LoadStringA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
InflateRect
SetCapture
InvertRect
GetDCEx
LockWindowUpdate
InsertMenuA
GetMenuStringA
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
CharUpperA
FindWindowA
GetTabbedTextExtentA
RegisterClipboardFormatA
PostThreadMessageA
USER32.dll
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
GetTextExtentPoint32A
SelectObject
GetTextMetricsA
DeleteDC
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetCharWidthA
CreateFontA
PatBlt
CreateRectRgnIndirect
GetDeviceCaps
GetStockObject
Rectangle
DPtoLP
CreatePen
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
CreateDCA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontIndirectA
BitBlt
GetMapMode
SetRectRgn
CombineRgn
GetTextColor
GetBkColor
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
GDI32.dll
CommDlgExtendedError
PrintDlgA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
ADVAPI32.dll
DragFinish
DragQueryFileA
SHELL32.dll
COMCTL32.dll
oledlg.dll
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
ole32.dll
OLEPRO32.DLL
OLEAUT32.dll
GetProfileStringA
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetTextExtentPointA
CreateDIBitmap
222222222222
;22222222222222
222222222
;2222222
u>ejMu6
222222222222
22222222222222
222222
22222222222222
22222222222222sM
222222s
2222222222222&
222222M
kjhkjh
kjhenh
kjhkjh
Shellex
mdzz2018.msns.cn
Jklmno
Jklmno Qrstuvwx Abcdefgh Jklm
Jklmnopq Stuvwxyab Defghij Lmnopqrs Uvw
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWnd@@
.?AVCFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWnd@@
.PAVCException@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.?AVCTempWnd@@
.?AVCNoTrackObject@@
.?AV_AFX_CTL3D_STATE@@
.?AVCControlBar@@
.?AVCDockBar@@
.?AVCMiniFrameWnd@@
.?AVCMiniDockFrameWnd@@
.?AVCDialog@@
.?AV_AFX_WIN_STATE@@
.?AVCWinThread@@
.?AVCWinApp@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCOccManager@@
.?AVCRgn@@
.?AVCGdiObject@@
.?AVCAnimateCtrl@@
.?AVCFile@@
.?AVCMirrorFile@@
.?AVCException@@
.?AVCFileException@@
.?AVCView@@
.?AVCScrollView@@
.?AVCPreviewView@@
.?AVCPen@@
.?AVCPrintingDialog@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCPtrList@@
.?AUCThreadData@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCHandleMap@@
.?AVCMapPtrToPtr@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AVCBrush@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCResourceException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCMapStringToPtr@@
.?AVCPtrArray@@
.?AVCDockContext@@
.?AVCToolTipCtrl@@
.?AVCCommonDialog@@
.?AVCPrintDialog@@
.?AVCRecentFileList@@
.?AUIOleWindow@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleInPlaceFrame@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVCOleControlContainer@@
.?AUIUnknown@@
.?AUIParseDisplayName@@
.?AUIOleContainer@@
.?AVXOleContainer@COleControlContainer@@
.?AVCFont@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AUIRowsetNotify@@
.?AVXRowsetNotify@COleControlSite@@
.?AUIOleInPlaceSite@@
.?AVXOleIPSite@COleControlSite@@
.?AUINotifyDBEvents@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AUIOleClientSite@@
.?AVXOleClientSite@COleControlSite@@
.?AUIBoundObjectSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEventSink@COleControlSite@@
.?AVCOleControlSite@@
.?AUIPropertyNotifySink@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AUIDispatch@@
.?AVXAmbientProps@COleControlSite@@
.?AUIOleControlSite@@
.?AVXOleControlSite@COleControlSite@@
.?AVCDataSourceControl@@
.?AVCMemFile@@
.?AUISequentialStream@@
.?AUIStream@@
.?AVCArchiveStream@@
.PAVCFileException@@
.?AVCDialogBar@@
.?AVCPreviewDC@@
.?AVCFileDialog@@
.PAVCOleException@@
.?AVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AUIEnumVOID@@
.?AVXEnumVOID@CEnumArray@@
.?AVCOleException@@
.?AVCOleMessageFilter@@
.?AUIMessageFilter@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVCOleDialog@@
.?AVCOleBusyDialog@@
.?AV_AFX_OLE_STATE@@
.?AVtype_info@@
hangeul
english
hangeulmenu
kanjimenu
windows
C3dHNew
C3dLNew
C3dNew
#32770
DisableThreadLibraryCalls
KERNEL32.DLL
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwtGwwwwwwwwwwwwwwwtDDDDw
wwGtwDwwwwwtDDDDw
pwwwwppwwww
wwGttwGwwwwt
33330wp3
wwGttwGwwwwt
wwtDtwGwp
33330p333333
wwwttDwwp
wwwwpppwww
wwp0wwww
wwp0wwww
OGp888888
wwp0wwww
wwwppwwwp
p0wwww
DDGwp8
wwwwwwww
p0wwww
wwwwwwpwppp0wwww
wwwwwww
wwwwwww
wwwwwp
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww
wwwwww