Sample details: 4ca97ff9d72b422589266aa7b532d6e6 --

Hashes
MD5: 4ca97ff9d72b422589266aa7b532d6e6
SHA1: f1ed1d749480c4aa2d3e7610abb1341739492f07
SHA256: 4f677060d25a5e448be986759fed5a325cd83f64d9fef13fb51b18d1d0eb0f52
SSDEEP: 768:upDXq+ptznrkes96sMjTdfAc5HcrjkmDsecbMCtYWKWGeuWDy6z4n9jF/vEPKMhU:uX8QdfFZckOQVC/EuqKzP2Q
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dropper | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/GenerateTLSClientHelloPacket_Test |
Strings
		!This program cannot be run in DOS mode.
HRichQ
`.rdata
@.data
@.reloc
UPQVRS
[Z^YX]
\$0t$8
D$@PVW
<Vt1VW
fCYX][
WVRPSQf
Y[XZ^_
D$8SPj
SVHWuj
QRPSUV
^][XZY
<gtA<Gt=<pt
D$ SUV
D$ _^][
L$(PQj
UPQVRS
[Z^YX]
WVRPSQf
Y[XZ^_
D$LUVWj
WVRPSQf
Y[XZ^_
fCYX][
fCYX][
D$(VPQ
D$(VPQ
L$(QRh
L$(QRh
D$,SPQ
L$$PQh
L$ j Q
D$Pj\P
D$ RPV
L$ PQV
D$8RPh
D$(QRP
D$$Pj@
L$ Qj@
URPPhP
UPQVRS
[Z^YX]
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateThread
LocalFree
LocalAlloc
DisableThreadLibraryCalls
DeleteFileA
GetVersionExA
GetTempPathA
SetCurrentDirectoryA
ReadFile
CloseHandle
GetFileSize
CreateFileA
CopyFileA
SetFileTime
GetFileTime
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateProcessA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
SetEndOfFile
FlushFileBuffers
WriteFile
SetFilePointer
WinExec
GetSystemDirectoryA
GetWindowsDirectoryA
SetLastError
GetVersion
GetSystemInfo
GetCurrentProcess
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
GetSystemTime
KERNEL32.dll
FreeSid
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ChangeServiceConfigA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA
StartServiceA
RegQueryValueExA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
CoTaskMemAlloc
ole32.dll
InternetSetCookieA
DeleteUrlCacheEntry
WININET.dll
__CxxFrameHandler
??3@YAXPAX@Z
wcscpy
wcslen
??2@YAPAXI@Z
strstr
sprintf
_except_handler3
malloc
strchr
strncpy
_snprintf
printf
strncat
asctime
localtime
fclose
fflush
fprintf
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
WS2_32.dll
URLDownloadToCacheFileA
urlmon.dll
Netbios
NetApiBufferFree
NetUserEnum
NetServerEnum
NETAPI32.dll
GetTcpTable
GetAdaptersInfo
GetNetworkParams
iphlpapi.dll
_memicmp
_stricmp
_strnicmp
IePorxyv.dll
IePramGet
vv;expires = Sat,01-Jan-2000 00:00:00 GMT
</label>
</span>
</div>
</form>
AutomaticLayoutRecovery
%s\Software\Microsoft\Internet Explorer\BrowserEmulation
AutoRecover
%s\Software\Microsoft\Internet Explorer\Recovery
http://%s/
http://%s/%s/
hidden
NAME="
name="
type="
<input
ACTION="
action="
METHOD="
method="
</FORM>
<form 
<img src="
http://%s%s
abcdefhirstuvwxz
update
research
history
health
safety
government
expand "%s" "%s"
Program Files\Windows NT\Accessories\
%sindex%2.2d_%d.html
#N!:"q
x13UuwRx8:
Mm	9ULJb
P[o1V?
=D=O=`=z=
<G<S<`<u<
>\>g>b>
9/959:9
8D8O8%8,8
;E;N;Z;
:%:-:5:>:
ig78-4
Q:pAd~
="9+[,G
InstallDate
SOFTWARE\Microsoft\Windows NT\CurrentVersion
kernel32
IsWow64Process
 %s %d.%d 
unkstate
DELETE-TCB
TIME-WAIT
LAST-ACK
CLOSING
CLOSE-WAIT
FIN-WAIT-2
FIN-WAIT-1
ESTABLISHED
SYN-RECV
SYN-SENT
LISTEN
CLOSED
TCP 	 %s:%d 	 %s:%d 	 %s
	Lease Obtained. . . . . . . . . . : %s	Lease Expires . . . . . . . . . . : %s
	Primary WINS Server . . . . . . . : %s
	Secondard WINS Server . . . . . . : %s
					    %s
	DNS Servers . . . . . . . . . . . : %s
	DHCP Server . . . . . . . . . . . : %s
	IP Address. . . . . . . . . . . . : %s
	Subnet Mask . . . . . . . . . . . : %s
	Default Gateway . . . . . . . . . : %s
	Description . . . . . . . . . . . : %s
	Physical Address. . . . . . . . . : %s
	DHCP Enabled. . . . . . . . . . . : %s
	Autoconfiguration Enabled . . . . : 
	Connection-specific DNS Suffix. . : %s
	Media State . . . . . . . . . . . : Media disconnected
0.0.0.0
%s ...... : 
	Host Name . . . . . . . . . . . . : %s
	Primary DNS Suffix. . . . . . . . : 
	Node Type . . . . . . . . . . . . : %s
	IP Routing Enabled. . . . . . . . : %s
	WINS Proxy enabled. . . . . . . . : %s
	DNS Suffix Search List. . . . . . : %s
unknown
Hybrid
Peer To Peer
Broadcast
SLIP Adapter
Loopback Adapter
PPP Adapter
FDDI Adapter
Token Ring Adapter
Ethernet Adapter
Other Type Of Adapter
%02x-%02x-%02x-%02x-%02x-%02x
Dir %dk (%d)
Copy Ok
Echo Err
Echo Ok
vcl.tmp
http://%s/%s.%s
default
666p6w6
2&3H3~3
4$444>4Y4^4n4x4
5&5A5F5V5c5
6,6M6R6b6o6
8(8<8P8d8{8
9-9A9U9
<1<7<A<Q<W<v<{<
=J=T=Y=b=
>+>Z>p>
?!?,?C?}?
3^4e4e6l6
<<=X=i=z=
>">2>H>M>`>w>
0'0,0=0R0l0x0
081?1R1_1
3C4Z4f4v4
8b8z8c;4?@?G?N?Y?
0+1F1m1
2%2*2X2k2
7$8d8x8
:):=:G:Q:^:h:u:
:';4;o;|;
<1<U<i<w<
?:?`?p?t?x?|?
2)3%5-5
5B8d8n8
90969>9G9P9s9
:3:L:a:|:
>1>>>N>j>w>
>3?K?R?Y?`?g?
4$52797d7k7y8
= =$=(=,=0=4=8=<=@=D=H=L=
3T4[4h4.585]5m5v5
>%?5?>?
j0q0z0
2G2Q2X2_2
4	5&535
6<6w6}6
7.747\7j7
<-<D<z<
=#=;=H=R=_=
10N0S0
1+2T2[2
53585F5M5^5
<4<\<.=5=
?"?Q?j?
0(1/1V1]1
2'2.2x2
2(373W3^3
4]4b4j4r4z4
5 5$5(5
6;7P7j7
7C8V8[8`8h8
9%989?9F9M9R9W9_9s9x9
9<:J:X:
;+;9;I;Y;i;y;
<%<5<B<V<
6:7C7L7W7p7
:!:R:X:^:d:r:x:~:
;';5;:;?;D;O;\;f;{;
<:<@<R<X<^<d<j<p<v<|<
=8=D=P=\=h=q=z=
=->L>l>
H2L2P2T2X2\2`2d2h2l2p2t2x2|2
343@3\3h3
4,484T4\4h4
5,585T5