Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4f038835c12562512613d0dab8be3ca7 --

Hashes
MD5: 4f038835c12562512613d0dab8be3ca7
SHA1: bba1c88bb9ac1ecdf30e500db9f675c238211f64
SHA256: c6a91a06709db7b5399cf101a74fa029f1a7d9fe2cc36b0ac01d0d05b847099c
SSDEEP: 48:/4upjyTplz2RcmKQQUOkaYhHsnP19X52zRgeFkLvMMNgx0ODbUF8bfFri5LboY4r:nyTpxocmKQ/02Rg6k7RINIo6DafH
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitDropper/Objs/Release%20DEBUGCONFIG/spooler.obj
Strings
		.drectve
.debug$S
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.text
`   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper\Objs\Release DEBUGCONFIG\spooler.obj
Microsoft (R) Optimizing Compiler
spooler
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
??$pushargEx@$00$0BCJHIBCM@$0ME@@@YAPAXXZ
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$01$0KAGOEFJM@$0OE@HHH@@YAPAXHHH@Z
??$pushargEx@$01$0IDJGJJGE@$0OA@PAUSC_HANDLE__@@PBDH@@YAPAXPAUSC_HANDLE__@@PBDH@Z
??$pushargEx@$01$0BMKBPNCP@$0OC@PAUSC_HANDLE__@@HH@@YAPAXPAUSC_HANDLE__@@HH@Z
??$pushargEx@$01$0PGMHBCPE@$0PP@PAUSC_HANDLE__@@W4_SC_STATUS_TYPE@@PAEIPAK@@YAPAXPAUSC_HANDLE__@@W4_SC_STATUS_TYPE@@PAEIPAK@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
??$pushargEx@$01$0HIMOMDFH@$0BAB@PAUSC_HANDLE__@@@@YAPAXPAUSC_HANDLE__@@@Z
??$pushargEx@$00$0JIDFNFKB@$0GI@PADPADI@@YAPAXPAD0I@Z
??$pushargEx@$0BF@$0ELBCLENP@$0CDB@PADHPAE@@YAPAXPADHPAE@Z
??$pushargEx@$0BF@$0DNDGJMEC@$0CDC@HHPAD@@YAPAXHHPAD@Z
?pGetLastError@@YAKXZ
?SpoolerStart@@YAHXZ
??_C@_07JEEPGBNJ@spooler?$AA@
?SpoolerBypass@@YAHPAD@Z
?MakeMachineID@@YAPADXZ