Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 51d090005adf8e5bd7a590f0b613c4c6 --

Hashes
MD5: 51d090005adf8e5bd7a590f0b613c4c6
SHA1: 784acfe54de4e1c3dba71d79e134a5a350be6430
SHA256: 13f2385d26695735ff1db4ac0143f9029c3a28683feecb7b8ac172faeffa8446
SSDEEP: 384:whZKACpM/VINTUwIHf4eWDPot3Mg1Wy0w4hbJ4i3ThrfMuiyoLeoqDwDf3c3rWW5:XACm/y+wIDWDwtF0ZJ4GT6ViwDXY
Details
File Type: 80386
Yara Hits
CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Full/Objs/Release/Grabbers.obj
Strings
		.drectve
.debug$S
B.rdata
0@.rdata
0@.rdata
0@.rdata
0@.bss
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.rdata
0@.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.rdata
0@.text
`.rdata
0@.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.rdata
0@.rdata
0@.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.rdata
@   /manifestdependency:"type='win32' name='Microsoft.VC90.CRT' version='9.0.21022.8' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b'" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"MSVCRT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\Full\Objs\Release\Grabbers.obj
Microsoft (R) Optimizing Compiler
eu#9N@u
dt0It-It"@P
QQSVj 
8^,tVW
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
??_C@_05IPBBJDFB@?4ngdf?$AA@
??_C@_04BHANFOPI@NGWF?$AA@
?Hibernation@TVideoRecDLL@@2HB
?RunCallback@TVideoRecDLL@@2HB
?GrabberPassword@@3PADA
?GrabbersWorkWolder@@3PBDB
?GrabbersFileExt@@3PBDB
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
??0TMemory@@QAE@K@Z
?MemAlloc@@YAPAXK@Z
??1TMemory@@QAE@XZ
?MemFree@@YAXPAX@Z
?Write@TMemory@@QAEKPBXK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
?Buf@TMemory@@QAEPAXXZ
?IsExists@File@@YA_NQAD@Z
?FileExistsA@@YA_NQAD@Z
?Handle@TBotFileStream@@QAEPAXXZ
??0TBotObject@@QAE@XZ
?Active@TGrabberFile@@QAE_NXZ
?CloseFile@TGrabberFile@@QAEXXZ
?WriteData@TGrabberFile@@IAE_NPAXK_N1@Z
?Crypt@XORCrypt@@YAKPADPAEK@Z
?ReadData@TGrabberFile@@IAE_NPAXK@Z
?Initialize@TGrabberBlock@@AAEXXZ
?LogSenderSearchFiles@@YAXPAU_WIN32_FIND_DATAA@@PADPAXAA_N@Z
?Add@TBotStrings@@QAEHPBD@Z
??0?$TString@D@@QAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Length@?$STRUTILS@D@@SAKPBD@Z
??$pushargEx@$00$0CAOEOJON@$0BP@PADPAD@@YAPAXPAD0@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
??$Alloc@D@STRBUF@@YAPADK@Z
?Alloc@HEAP@@YAPAXK@Z
?Hash@?$STRUTILS@D@@SAKPBDK_N@Z
?LongToString@?$STRUTILS@D@@SAXKPADAAH@Z
??$pushargEx@$02$0GLDKPAOM@$0BFK@PADPBDPAD@@YAPAXPADPBD0@Z
??$pushargEx@$02$0GLDKPAPK@$0BFL@PADPBDPAD@@YAPAXPADPBD0@Z
?CompareEx@?$STRUTILS@D@@SAHPBD0K@Z
?DeleteFileA@TGrabberFile@@QAEXXZ
?DoPackFilesToCab@TGrabberFile@@AAE_NPAX@Z
?AddFileToCab@@YA_NPAXPBD1@Z
?Items@TBotCollection@@QAEPAVTBotCollectionItem@@H@Z
?Count@TBotCollection@@QAEHXZ
?IsEmpty@?$TString@D@@QBE_NXZ
?Hash@?$STRUTILS@D@@SAKPBD@Z
??0?$TString@D@@QAE@K@Z
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
?Free@HEAP@@YAXPAX@Z
??$Length@D@STRBUF@@YAKPAD@Z
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
?Compare@?$STRUTILS@D@@SAHPBD0@Z
??0?$TString@D@@QAE@PBD@Z
??0?$TString@D@@QAE@ABV0@@Z
??1?$TString@D@@UAE@XZ
?Length@?$TString@D@@QBEKXZ
?SetLength@?$TString@D@@QAEXK@Z
?Clear@?$TString@D@@QAEXXZ
?Format@?$TString@D@@QAAAAV1@PBDZZ
?LongToStr@?$TString@D@@QAEAAV1@K@Z
?Hash@?$TString@D@@QAEKXZ
??4?$TString@D@@QAEAAV0@PBD@Z
??4?$TString@D@@QAEAAV0@ABV0@@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
??Y?$TString@D@@QAEAAV0@ABV0@@Z
?Equal@?$STRUTILS@D@@SA_NPBD0@Z
??ATBotStrings@@QAE?AV?$TString@D@@H@Z
?GetItem@TBotStrings@@QAE?AV?$TString@D@@H@Z
?AddStringToCab@@YA_NPAXABV?$TString@D@@1@Z
?AddBlobToCab@@YA_NPAX0KPAD@Z
?GetGrabbersPath@@YA?AV?$TString@D@@XZ
?MakeFileName@BOT@@YA?AV?$TString@D@@PBD0@Z
?GetGrabberFileName@@YA?AV?$TString@D@@ABV1@@Z
?RandomString2@Random@@YA?AV?$TString@D@@KDD@Z
?MakeGrabberFilePassword@@YAPADXZ
??_C@_02EMFKHFLK@?$CFX?$AA@
?MakeMachineID@@YAPADXZ
?m_memset@@YAXPBXEI@Z
??1TGrabberFile@@UAE@XZ
??_7TGrabberFile@@6B@
??_GTGrabberFile@@UAEPAXI@Z
??_ETGrabberFile@@UAEPAXI@Z
?WriteSizedString@TGrabberFile@@IAE_NABV?$TString@D@@@Z
?ReadString@TGrabberFile@@IAE_NKAAV?$TString@D@@@Z
?ReadSizedString@TGrabberFile@@IAE_NAAV?$TString@D@@@Z
?DoPackTextData@TGrabberFile@@AAE?AV?$TString@D@@XZ
??1TBotStrings@@UAE@XZ
?GetText@TBotStrings@@QAE?AV?$TString@D@@XZ
?Count@TBotStrings@@QAEHXZ
?AddValue@TBotStrings@@QAEHABV?$TString@D@@0@Z
??_C@_02LMMGGCAJ@?3?5?$AA@
??0TBotStrings@@QAE@XZ
??0TGrabberBlock@@QAE@PAVTGrabberFile@@@Z
??_7TGrabberBlock@@6B@
??0TBotCollectionItem@@QAE@PAVTBotCollection@@@Z
??_GTGrabberBlock@@UAEPAXI@Z
??_ETGrabberBlock@@UAEPAXI@Z
?Write@TGrabberBlock@@AAE_NPAXK_N@Z
?Clear@TGrabberBlock@@QAEXXZ
?WriteText@TGrabberBlock@@QAE_NABV?$TString@D@@0_N@Z
?WriteFile@TGrabberBlock@@QAE_NABV?$TString@D@@0PAD1@Z
?CombineFileName@@YA?AV?$TString@D@@PBD0@Z
?ExtractFileNameA@File@@YAPADPAD_N@Z
?ReadToBufferA@File@@YAPAEPBDAAK@Z
??0TGrabberFileSender@@QAE@XZ
??_C@_01NBENCBCI@?$CK?$AA@
??_7TGrabberFileSender@@6B@
??_GTGrabberFileSender@@UAEPAXI@Z
??_ETGrabberFileSender@@UAEPAXI@Z
??1TGrabberFileSender@@UAE@XZ
??_G?$TString@D@@UAEPAXI@Z
??8?$TString@D@@QAE_NABV0@@Z
??_GTGrabberFile@@UAEPAXI@Z
?Open@TGrabberFile@@QAE_NXZ
?Position@TBotStream@@QAEKXZ
?Valid@TBotFileStream@@QAE_NXZ
??0TBotFileStream@@QAE@PBDG@Z
??2TBotObject@@SAPAXI@Z
?CanSend@TGrabberFile@@QAE_N_N@Z
?LastWriteTime@File@@YAKPAX@Z
?UpdateFileHeader@TGrabberFile@@AAE_N_N@Z
?SetSendInterval@TGrabberFile@@QAEXK@Z
?SetSendAsCAB@TGrabberFile@@QAEX_N@Z
?GetBlockByName@TGrabberFile@@IAEPAVTGrabberBlock@@ABV?$TString@D@@@Z
??1TGrabberBlock@@UAE@XZ
??1TBotCollectionItem@@UAE@XZ
?DoReadTextData@TGrabberBlock@@AAE_NXZ
?DoReadFileData@TGrabberBlock@@AAE_NXZ
?GetTempName2A@File@@YA?AV?$TString@D@@XZ
?WriteBufferA@File@@YAKPBDQAXK@Z
??_GTGrabberFileSender@@UAEPAXI@Z
?CloseLog@TGrabberFile@@QAEXXZ
?Create@TGrabberFile@@QAE_NXZ
?Activate@TGrabberFile@@QAE_NPA_N@Z
?AddText@TGrabberFile@@QAE_NABV?$TString@D@@0@Z
?AddTextPart@TGrabberFile@@QAE_NPAUHWND__@@ABV?$TString@D@@1@Z
?AddFile@TGrabberFile@@QAE_NABV?$TString@D@@0PAD1@Z
??_GTGrabberBlock@@UAEPAXI@Z
?ReadBlockData@TGrabberBlock@@AAE_NXZ
?Initialize@TGrabberFile@@AAEXABV?$TString@D@@PBD_N@Z
?PID@TBotApplication@@QAEKXZ
?Bot@@3PAVTBotApplication@@A
??0TBotCollection@@QAE@XZ
?Read@TGrabberBlock@@AAE_NXZ
??0TGrabberFile@@QAE@ABV?$TString@D@@PBD_N@Z
??0TGrabberFile@@QAE@ABV?$TString@D@@@Z
?ReadBlocks@TGrabberFile@@AAE_NXZ
?SetOwner@TBotCollectionItem@@QAEXPAVTBotCollection@@@Z
?PackToCAB@TGrabberFile@@QAE?AV?$TString@D@@XZ
?CloseCab@@YAXPAX@Z
?GetStr@@YA?AV?$TString@D@@PBD@Z
?StrLogFileTextData@@3PADA
?CreateCab@@YAPAXPBD@Z
?SendLog@TGrabberFile@@QAE_N_N@Z
?SendCab@DataGrabber@@YA_NPAD00PA_N@Z
?SendFiles@TGrabberFileSender@@QAEXXZ
??_C@_00CNPNBAHC@?$AA@
?SearchFiles@@YA_NPAD0_NKPAXP6AXPAU_WIN32_FIND_DATAA@@02AA_N@Z@Z