Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4d3874480110ba537b3839cb8b416b50 --

Hashes
MD5: 4d3874480110ba537b3839cb8b416b50
SHA1: 9345dd115b6493f95e95f9ac6591e1627b1fd73a
SHA256: 3bc9ed1db88d60d734c16f4c5d7bc5d4c5b0946a743e3e28ea7c56b3b69f030c
SSDEEP: 768:UyI8+EewvNnRCcaQ6xK4zee5yNaR7xy4+tKJqgfViEC39FJGuB:hI8+EewFOxKIee5yNor1JvVifJGu
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsConsole | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/create_service | YRP/win_registry | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | FlorianRoth/Pirpi_1609_B | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
L$4PQR
D$$RUP
@PSUh`
D$TQRh
D$ RPV
L$ PQV
D$ RPS
tLHt5-
L$DPQR
D$ RPU
T$DUQRh
D$$WPU
t$<[u	
T$Dj 3
D$6QRP
UVWSh@
T$ j=R
D$(j&P
L$4PQR
L$4PQW
L$HPQW
D$<RPh<
T$<QRh<
L$8PQh
T$0j\R
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
TerminateThread
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileA
WriteFile
CreateThread
GetModuleFileNameA
SetFileTime
GetFileTime
SystemTimeToFileTime
SetLastError
FileTimeToSystemTime
GetLocalTime
WaitForMultipleObjects
WaitForSingleObject
OutputDebugStringA
GetSystemDirectoryA
CopyFileA
ExpandEnvironmentStringsA
DeleteFileA
KERNEL32.dll
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
ControlService
QueryServiceStatus
ChangeServiceConfigA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
__CxxFrameHandler
sprintf
strstr
malloc
??3@YAXPAX@Z
_snprintf
_splitpath
strchr
??2@YAPAXI@Z
printf
strncmp
_strdate
_strtime
_stricmp
strrchr
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
WS2_32.dll
_strnicmp
HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Content-Length: %d
 HTTP/1.1
Cookie: 
Content-Length: 
E* filesize==0 or filehandle or mRetransStartOff(%d:%d) error
E* ReadFile(%s) Error(%d)
E* FileDataSend(%s) Error(%d)
L* TransSize(%dKb) Speed(%dK)Max(%dKbps) Minutes(%dS)
E* SetFilePointer(%s-%d) Error(%d)
E* GetFileSize(%s) Error(%d)
E* CreateFile(%s) Error(%d)
E* WriteFile(%s) Error(%d)
L* FileTrans Closed.
Begin Trans File ...
E* Create FileTransThread Err(%d)
L* FileTrans Success.
\\127.0.0.1
\\localhost
<%s> Input err
 Input err
ge-12:1.3
HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Content-Type: image/gif
Content-Length: %d
>LTime: %2d:%2d:%2d
>Cback: %s:%d
>Soft: T:%d V:%d.%d K:%d P:%d
>host: %s
>Ltime %2d:%2d:%2d Disconnect
K:%dP:%d S%d:%d.%d H:%s
Failed
Post Ip Back 0x%X 0x%X 
POST /
Success
Get Ip Back 0x%X 0x%X 
>RTime: %2d:%2d:%2d
>Cback: %s:%d
>Soft: T:%d V:%d.%d K:%d P:%d
>host: %s
tssltest
tdelay
	%4d/%2d/%2d-%2d:%2d:%2d
%s-%s Http Closed.
%s-%s Http Ok (%s:%d) (%d:%d.%d K:%d P:%d)
PostSession Ok
PostSession1 Err
PostSession Err
GetSession Ok
GIF89A
GetSession Err
%s-%s New  Closed.
%s-%s New Connect Ok (%s:%d).
key %d
%s-%s Old  Closed.
%s-%s Old Connect Ok (%s:%d).
%s-%s Accept:%s:%d
Listen On %d Ok.
 HTTP/1.0
Content-length: 
POST****** %s
GET****** %s
SetTime %4.4d/%2.2d/%2.2d - %2.2d:%2.2d:%2.2d
	tconn <ip> <port> //set temp connect value, and disconnect.
tdelay %d
tdelay <value>
	tdelay <n>
	tconn <ip> <port>
	clean
a1b2cd3*x#j@n$q
OLMJ~~~
~~~~~~~~~~~
1234567
Info :
	Port:%s
	Name:%s
OnlyListenFrom 0x%X
InputError %d
Input Error
Input error
input Error
RegisterServiceCtrlHandler Error !
E* InputError
In -R Ok. 
E* ServiceConfig (%s) Err(%d)
In Err3(%s -- %s).
In Err2(%s).
In Ok.
\kernel32.dll
E* CopyFile (%s -- %s) Err(%d)
In Err1(%d)
LocalSystem
%s Manager Service
%SystemRoot%\System32\
ImagePath
SYSTEM\CurrentControlSet\Services\
Re -R Ok.
Re Err(%s -- %s).
Re Ok.
E* RemoveSvc %s Err(%d).
E* DeleteFile (%s) Err(%d)
E* Stop %s failed.
Re Err(%d)