Sample details: 569879f9f65d50a1a8646625bcebd952 --

Hashes
MD5: 569879f9f65d50a1a8646625bcebd952
SHA1: 619c23a1c4f5411a76dbc23a4874cbf4623c341a
SHA256: 649ffe47bc6dce71a8db9796ee7bdb675691db5407ea4ab142642d79c2c2c3fb
SSDEEP: 1536:z2VbdAuoi6lvdsQFnToIf7Yh3Gr5ZieK6m:/lvdsQtTBf7Yh3Gr5ZieK6m
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/create_service | YRP/network_dropper | YRP/escalate_priv | YRP/screenshot | YRP/rat_webcam | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/nAspyUpdateStrings | YRP/nAspyUpdate | YRP/apt_c16_win_memory_pcclient | YRP/IronTiger_NBDDos_Gh0stvariant_dropper | FlorianRoth/CN_Honker_T00ls_Lpk_Sethc_v4_LPK |
Strings
		Rich7L
`.rdata
@.data
D$TSUVWh
L$ PQj
PQhH0@
GetTickCount
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
CloseHandle
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
GetTempPathA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
KERNEL32.dll
wsprintfA
USER32.dll
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleHandleA
GetStartupInfoA
%s\%d_res.tmp
 /c del %s > nul
COMSPEC
Install
%s\R%cm%ct%cC.dll
!This program cannot be run in DOS mode.
%mRich9
`.rdata
@.data
@.reloc
T$|PQj
SUVWPh
%wetI=
SUVWPf
T$$RVU
D$$PVU
T$0PWU
L$t_^]3
t$(RSW
D$(PQW
D$8PSW
L$`_^][d
D$$RPV
T$$QRV
T$$QRV
L$(PQj
L$@jdQV
0SUVW3
WWURPWWV
W(9W$u
ts9_ tn9_$ti
Flf+Fp
D$(8D*
Nxf+Fd
|$ WUSV
D$$SUV
 deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly 
								
Qkkbal
[-&LMb#{'
w+OQvr
)\ZEo^m/
H*0"ZOW
l!;b	F
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
ReadFile
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
CloseHandle
CreatePipe
FreeLibrary
GetProcAddress
LoadLibraryA
FindClose
FindNextFileA
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeleteFileA
CopyFileA
MoveFileA
GetCurrentProcess
WinExec
SetLastError
lstrlenA
Process32Next
GetPriorityClass
OpenProcess
Module32First
Process32First
CreateToolhelp32Snapshot
TerminateProcess
lstrcpyA
WaitForSingleObject
CreateThread
lstrcpynA
MoveFileExA
GetModuleFileNameA
GetTickCount
SetThreadPriority
GetCurrentThread
GetFileSize
CreateFileA
WriteFile
FreeConsole
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetComputerNameA
InterlockedExchange
GetCurrentThreadId
KERNEL32.dll
wsprintfA
GetDesktopWindow
SetCursorPos
keybd_event
ExitWindowsEx
mouse_event
CreateWindowExA
CloseWindow
SendMessageA
IsWindow
GetSystemMetrics
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
CloseWindowStation
USER32.dll
DeleteObject
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
GDI32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
QueryServiceStatus
CloseServiceHandle
StartServiceA
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
ControlService
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryValueExA
ADVAPI32.dll
SHGetFileInfoA
ShellExecuteA
SHELL32.dll
strncat
sprintf
strncpy
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
_except_handler3
strcspn
strstr
??3@YAXPAX@Z
wcstombs
MSVCRT.dll
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
capCreateCaptureWindowA
capGetDriverDescriptionA
AVICAP32.dll
WSAIoctl
WS2_32.dll
_strlwr
NBVip.dll
Install
RundllInstall
RundllUninstall
ServiceMain
\cmd.exe /c 
GetDriveTypeA
Kernel32.dll
SHGetFileInfoA
Shell32.dll
%4d-%02d-%02d %02d:%02d:%02d
Kill You
%4.2f GB
%4.2f MB
%4.2f  KB
%d Bytes
WinSta0\Default
cmd.exe /c "%s"
RiSing
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
wininet.dll
c:\1.exe
GetUrlCacheEntryInfoA
URLDownloadToCacheFileA
urlmon.dll
ShellExecuteA
RegSetValueEx(ServiceDll)
ServiceDll
SYSTEM\CurrentControlSet\Services\%s\Parameters
RegSetValueEx(Svchost\krnlsrvc)
krnlsrvc
RegOpenKeyEx(Svchost)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
%SystemRoot%\System32\svchost.exe -k krnlsrvc
Description
SYSTEM\CurrentControlSet\Services\%s
SeDebugPrivilege
shou.mpc.cn:6494
20170520
MediaCenter
MS Media Control Center
Provides support for media palyer. This service can't be stoped.
SeShutdownPrivilege
Rundll32 %s,RundllUninstall
ReadFile
kernel32.dll
%d*%u%s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%s SP%d (Build %d)
Win 98
Win 95
Win NT
Win 2000
Win XP
Win 2003
Win 2008
Win 2012
CVideoCap
#32770
DISPLAY
default
winsta0
.?AVtype_info@@
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
2%3K3U3
4;4C4S4`4l4}4
5*6/6l6
7=7E7z7
<!<&<.<8<B<V<
>,>Q>\>f>s>
?1?7?X?i?
0%01090Y0`0i0u0}0
00191R1^1f1
2<2C2L2X2`2o2
3/3>3R3f3l3y3
4,4E4K4X4
4"5P5e5
6C6^6u6
8$8)818:8A8H8T8e8
9"9?9O9|9
:":g:n:w:
; ;,;>;o;
>&>4>P>T>X>\>`>d>h>l>p>t>x>|>
1H1P1W1
282Y2x2
333J3_3d3
999N9U9^9e9
;&;-;Q;_;t;y;~;
< <,<3<:<B<f<p<{<
<"=8=<=@=D=H=\=q=
=">Z>y>
1%1E1c1h1p1
3\3f3}3
3P4l4,5G5
6_7e7n7
8)8E8T8[8p8v8
9$929T9Z9`9
:#:8:D:J:l:~:
;:;+<a<p<
5p7H9W9f9u9
0m1|1/5a5j5~5
6+646F6R6k6r6
747=7O7X7
H2X2\2`2d2
3 3$3(3,3034383<3@3D3
>(>0>`>l>t>
7 7$7<7