Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 53eaae7526a9e8d31519df153bdc4156 --

Hashes
MD5: 53eaae7526a9e8d31519df153bdc4156
SHA1: 1db59a42421a2b8c245bc9a26938fff05f379c43
SHA256: f3669e5f2ceda3167a0562932f0892df8453cb23541556007be4d150329ce74f
SSDEEP: 3072:TROzoTq0+RO7IwnY3GdPxm0YZOLK/aw5:1kdNwBgsx+aK/Z5
Details
File Type: PE32
Yara Hits
YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | YRP/win_files_operation | YRP/UPX | YRP/suspicious_packer_section |
Source
http://122.114.215.99/wSrv.exe
Strings
		.rmnet
p	6361
{2J/l[o
<O22@|
-u8NUW
SKI3gMj<
w$XUM=\
 *wVG-
5i8=}K
HKQW1f3
\Xau`H 
O.Cp}l
3*4&~X3
jX4SQ!
jt^*S$
roD	U9f
OO.sJD
,84h2457
O`B7473
182wOoe$
b@I0{C
{Wch3J4
46`	|yK
x5h83L&
ah|;<C
de3b3f
QU'#(B
$	(P02
foVAO 
X,)Y,p
AM6d%X
$D-Z_Mb8
@l+!)k
pakm#|0q
<y;FuV8X
o[lU|3%I
irGIf:
@#Wa([\
sXfaM[
 d7nQh
Vzh>&a
A&e*moj
e`]."!	
iU	T*UZ
3qjtu7m
YN64i`o
O^z"Jq
B*TBrt
o	lT3q#
&x	83;u
{PQ+{B
@oZx6v
i@g6.i
z~!*D\
$_6`F/
Fwq0])
EFA+@;
o$sp_w<
-z|Q`,C
rW|Ar[lm[+
/S|_8V
FFq<+L
0]hD!"KP
\Zlsa.
,;c$b+X
&nm8{r
`j+\*U}
owu/Sf
7jk(qt
 8,CA/
yP M u
j(oRHT
)=Li*!
~ET{F[
[ScNAt
7JhGRs
6t)z)~
Xvi%2x
->(35`[
U"rBOw%
KtD[\a
wQ4PyF
=FaCiy1
4u@}~5*}
lA8`xp*^
Kl-@8[
mLocalFree
ExitPr
GetCurn
QueryP
forman
m?iMSec
cKmMYS?
/LastE\EgModul
adLibraj
Unh0de
ToWidz
}aYXkaF
Sings<3
N9De3t
 Il,cp
aBa	!e
[	#,4FB
SsnDlgI
1>wspr:f
ys"MNr
8KeysX
XPTPSW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 <security>
 <requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges>
 </security>
 </trustInfo>
</assembly>
KERNEL32.DLL
SHELL32.DLL
USER32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
DragFinish
WinHelpW
KyUffThOkYwRRtgPP
Srv.exe
FreeLibrary
CreateMutexA
CloseHandle
ReleaseMutex
GetLastError
CreateFileA
WriteFile
GetModuleFileNameA
CreateProcessA
kernel32.dll
F}/wy#
5Ay(*5
fG9D	j
*MC_+YP
3uj0hq
oiGmUqq
n#db}{
@z$>|P
?ss#"t
6fD`.Z
@fw\8s/r
8.)?}Zho
+ X/-P
LzwjZ@
6P}kVC
 ~xx2dm
]:v}u@
YS0y)Y
1^z?n,
HOPS)E
UW\a3R
{7Ul$U5
{p\IH0D=6
"To@5_
(c2#HdEf
X/$3Kx
dN2?g#
iGeOZNI
	#hu[<
s~2H6N
SG2D64
#:4	rZ]pH
bB3_Ef
?`!?zR
&I\wV.Pf
#@b*|t)
z	O~}\
*|l6g'
d1|jc5
Ec{tgb
%q<a-6v+
QY dHZ
\*sP+\U
E2[6Cq[
os)6.$
R(d}um
rh2ZYt"IKX
?ZAXlD
2O-"JP
A"ZXHCA
ID!{z}
IJ@)bk2
MKFQ/5
F-*bd=
OA}V20JgO
-VEqI8
NI 6KJ
+@rWzF
G7_(,k
[=k>/zYP
IxtF@Dj#
W 2pYH
G[8o(q
v&^@Mg
nHVD@i
?<=6xR
=ql>=j
Wvca)Lk
8~^Sxr
Ls$[p^
TA}b$5
4zC[(s
\XH' I
4g\:nu
<is+Xz
MN0!b1B
-xTT@Q
	~~PM8
5N"\77
-	Vq4*mLo
Z\G9h:
j-4{@6F
2N\~[k
Vq?*<!
NW6r8c
PJFY3!V
/ed=xU
p$&}{'a
_]o21!
a/'3  
I-qrT3
,W	nhx
M,Q?	{p
8;:F}w
tOL=t,
INe@5k