Sample details: 5d33f303e54cda07d1d77e9ec7297070 --

Hashes
MD5: 5d33f303e54cda07d1d77e9ec7297070
SHA1: 2b1b1ae5aead4cbbfe61f741f485ee5709ea479d
SHA256: 2ea331244fcfa96a6bac98c14b026c57bce4aaa5ab6c8df638a3be55f5e4a17e
SSDEEP: 768:/0qcP9r8umeWo7DgT/LWsI0ZDcWdya+7S1GVITftK:sq2ZxhT4/1ZDyqrTftK
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/DebuggerException__SetConsoleCtrl | YRP/win_files_operation | YRP/android_meterpreter |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Bin/Release/BinToHex.exe
http://103.68.190.250/Sources//Advance/FakeDllAutorun/tools/BinToHex.exe
Strings
		!This is a Windows NT character-mode executable
`.idata
DGROUP
.reloc
<cs\<b
Open Watcom C/C++32 Run-Time system. Portions Copyright (C) Sybase, Inc. 1988-2002.
SQRVWU
]_^ZY[
Not enough memory to allocate file structures
SQRVWU
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
8888888888
XXXXXXHHHHHHHHHHHHHHHHHHHH
USER32.DLL
The instruction at 0x00000000 caused a division by zero floating point
exception.
FS =0x00000000 
A privileged instruction was executed at address 0x00000000.
written.
address 0x00000000 and
cannot continue.
The instruction at 0x00000000 caused a denormal operand floating point
exception.
CS =0x00000000 
at 0x00000000.
The memory could not be 
The instruction at 0x00000000 caused an underflow floating point exception.
The instruction at 0x00000000 caused an overflow floating point exception.
GS =0x00000000
A stack overflow was encountered at address 0x00000000.
SS =0x00000000
EIP=0x00000000 
An integer divide by zero was encountered at address 0x00000000.
The instruction at 0x00000000 referenced memory 
EFL=0x00000000 
EDI=0x00000000 
An illegal instruction was executed at address 0x00000000.
ECX=0x00000000 
EDX=0x00000000
EBP=0x00000000 
The instruction at 0x00000000 caused a stack overflow floating point
exception.
EBX=0x00000000 
-stack end
EAX=0x00000000 
DS =0x00000000 
The program encountered exception 0x00000000 at 
The instruction at 0x00000000 caused an inexact value floating point
exception.
0x00000000 
ESI=0x00000000 
Stack dump (SS:ESP)
The instruction at 0x00000000 caused an invalid operation floating point
exception.
ESP=0x00000000
ES =0x00000000 
The instruction at 0x00000000 caused a stack underflow floating point
exception.
GetActiveWindow
Exception fielded by 0x00000000
D$p)D$P
+P +P$+P(
conout$
conin$
Floating-point support not loaded
WVIDEO
C_FILE_INFO
C_FILE_INFO=
SQRVWU
]_^ZY[
ABNORMAL TERMINATION
SQRVWU
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
]_^ZY[
SQRVWU
]_^ZY[
]_^ZY[
USER32.DLL
KERNEL32.DLL
CharUpperA
CloseHandle
CreateEventA
CreateFileA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
MultiByteToWideChar
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointer
SetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteConsoleA
WriteFile
BinToHex.exe 'in file' 'out file' 'name array' 'add head _DLL_DATA_ (0 or 1)' 
not open file %s
not create file %s
unsigned char %s[] =
_DLL_DATA_
0x%02x, 
// _DLL_DATA_
0x%02x, 
0x%02x
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdef
	^B{	I
0<0S0r0
1%1+191E1Y1
1"2a2w4|4
9+9<9K9
=!=.=8=G=M=V=\=
>">1>X>^>i>n>u>{>
?-?:?d?j?
0 060@0S0Y0p0{0
1!1:1c1
2 2.2{2
373=3c3
5T6e6q6
9-9;9Y9x9
:2:7:M:l:r:x:}:
;%;+;8;T;t;
< <%<0<6<C<P<m<
=!=5=<=K=X=]=J>n>w>
?2?7?<?D?O?U?Y?^?d?u?
2:2J2j2
<0<B<T<f<
=,=_=f=|=
?$?.?<?H?c?i?w?
0$1:1a1h1n1
282F2o2
3%3W3i3
2-222]2m2
2N3c3p3
4-4?4X4b4q4
5&5+5d5k5
:);/;];
;V<\<e<p<
=*=4=`=h=
b0l0|0
0$1+1e1
2R3x3~3
3,414O4
6&6,62686U6Z6~6
6!7j7j8
8'9+939>9P9m9r9w9
:':Y:^:f:
1%1;1r1
1+2C2P2l4
627B7t7}7
8F9R;L;F;@;:;4;.;(;";
:z:t:n:h:b:
6,3034383<3@3D3H3L3P3T3X3\3`3d3h3
E:\Projects\progs\Petrosjan\BinToHex\BinToHex.cpp
LINKER MODULE
_CreateFileA@28
_GetEnvironmentStringsA@0
_GetVersion@0
_GetModuleFileNameA@12
_GetCommandLineA@0
_GetCommandLineW@0
_FreeEnvironmentStringsA@4
_GetModuleHandleA@4
_ExitProcess@4
_ReadFile@20
_GetLastError@0
_SetStdHandle@8
_CreateEventA@16
_GetStdHandle@4
_CloseHandle@4
_GetFileType@4
_GetModuleFileNameW@12
_MultiByteToWideChar@24
_LoadLibraryA@4
_GetProcAddress@8
_WriteFile@20
_SetUnhandledExceptionFilter@4
_UnhandledExceptionFilter@4
_VirtualQuery@12
_SetFilePointer@16
_ReadConsoleInputA@16
_GetConsoleMode@8
_SetConsoleMode@8
_WriteConsoleA@20
_FlushFileBuffers@4
_GetCurrentThreadId@0
_VirtualAlloc@16
_SetConsoleCtrlHandler@8
_WideCharToMultiByte@32
_VirtualFree@12
_GetACP@0
_GetOEMCP@0
_GetCPInfo@8
_SetEnvironmentVariableA@8
_CharUpperA@4
_SetEnvironmentVariableW@8
fopen.c
__open_flags_
__doopen_
_fsopen_
fopen_
close_file_
freopen_
fprintf.c
fprintf_
fgetc.c
__fill_buffer_
__filbuf_
fgetc_
printf.c
printf_
fseek.c
__update_buffer_
__reset_buffer_
fseek_
ftell.c
ftell_
cstrtwnt
_cstart_
mainCRTStartup
argcv.c
__argc
__argv
___argv
___argc
___anon44
___anon45
fsroot.cpp
W?fs_root$n()v
___wcpp_4_data_init_fs_root_
cppdata.cpp
__wint_thread_data
__compiled_under_NT
comtflag.c
__set_commode_
__commode
___iob
__fmode
___OpenStreams
___ClosedStreams
___anon61
___anon62
seterrno.c
__set_errno_
__set_EDOM_
__set_ERANGE_
__set_EINVAL_
__set_doserrno_
tolower.c
tolower_
openwnt.c
__sopen_
sopen_
chktty.c
__chktty_
freefp.c
__freefp_
__purgefp_
allocfp.c
__allocfp_
mainwnt.c
__wcmd_ptr
__cmd_ptr
___TlsIndex
___FirstThreadData
___GetThreadPtr
__AccessFileH
__ReleaseFileH
__AccessIOB
__ReleaseIOB
__AccessNHeap
__AccessFHeap
__ReleaseNHeap
__threadid_
__SingleThread_
__sig_null_rtn_
__NullAccTDListRtn_
__NullAccHeapRtn_
__NullAccIOBRtn_
__NullExitRtn_
__NullAccessRtn_
__NTInit_
__NTFini_
__NTMainInit_
__exit_
__ReleaseFHeap
__AccessTDList
__ReleaseTDList
__AccessFList
__ReleaseFList
__ThreadExitRtn
___sig_init_rtn
___sig_fini_rtn
___process_fini
___Is_DLL
fclose.c
__doclose_
__shutdown_stream_
fclose_
___RmTmpFileFn
fprtf.c
file_putc_
__fprtf_
flushall.c
__flushall_
flushall_
gtchewnt.c
getche_
ioalloc.c
__ioalloc_
qread.c
__qread_
lseek.c
lseek_
flush.c
__flush_
tell.c
fflush.c
fflush_
main2wnt.c
__NTMain
segdefns
___begtext
__nullarea
__Start_XI
__End_XI
__Start_YI
__End_YI
initargv.c
__Init_Argv_
_getargv_
_SplitParms_
__Fini_Argv_
___CmdLine
initfile.c
__InitFiles_
ioexit.c
docloseall_
fcloseall_
__full_io_exit_
hdlman.c
___NHandles
___OSHandles
___FakeHandles
__growPOSIXHandles_
__allocPOSIXHandle_
__freePOSIXHandle_
__getOSHandle_
__setOSHandle_
__NTGetFakeHandle_
__initPOSIXHandles_
__finiPOSIXHandles_
__set_handles_
_grow_handles_
___topFakeHandle
___anon240
ntfio.c
__GetNTCreateAttr_
__GetNTAccessAttr_
__GetNTShareAttr_
umaskval.c
___umaskval
isattwnt.c
isatty_
stiomode.c
__grow_iomode_
__shrink_iomode_
__SetIOMode_
__init_NFiles
___anon99
dosret.c
_dosretax_
_dosret0_
__set_errno_dos_
__set_errno_dos_reterr_
__set_errno_nt_
__set_errno_nt_reterr_
nfree.c
_nfree_
___MiniHeapFreeRover
nmalloc.c
_nmalloc_
malloc_
___nheapbeg
___MiniHeapRover
___LargestSizeB4MiniHeapRover
memset.c
memset_
crwdata
__osmajor
__osminor
__osbuild
__osver
__winmajor
__winminor
__winver
__LpDllName
__LpwCmdLine
__LpwPgmName
__LpwDllName
__LpCmdLine
__LpPgmName
__dynend
__curbrk
__STACKLOW
__STACKTOP
__ASTACKSIZ
__ASTACKPTR
__cbyte
__cbyte2
__child
__Envptr
__Envseg
__no87
___FPE_handler
__null_FPE_rtn
environ.c
___env_mask
_environ
__wenviron
___anon43
___anon50
getmodfn.c
__lib_GetModuleFileNameW_
strdup.c
__clib_strdup_
istable.c
__IsTable
ustrdup.c
__clib_wcsdup_
excptwnt.c
_my_GetActiveWindow_
fmt_hex_
___ReportException@4
__DefaultExceptionHandler_
___ExceptionFilter
__NewExceptionFilter_
__DoneExceptionFilter_
___oscode_check_func
___raise_func
___ExceptionHandled
___ReportInvoked
stklmwnt.c
__init_stack_limits_
initrtns.c
callit_
__InitRtns
__FiniRtns
__lseek.c
__lseek_
_clsewnt.c
__close_
fputc.c
fputc_
prtf.c
__prtf_
getprintspecs_
evalflags_
far_strlen_
far_other_strlen_
fmt4hex_
FixedPoint_Format_
SetZeroPad_
write_wide_string_
formstring_
getchwnt.c
do_getch_
getch_
putchwnt.c
putch_
iomode.c
__GetIOMode_
__SetIOMode_nogrow_
___NFiles
___init_mode
___io_mode
fsync.c
fsync_
qwrit.c
__qwrite_
mthrdini.c
__InitThreadData_
___ThreadDataSize
cmain386.c
__CMain
dosseg
histsplt.c
___historical_splitparms
___argc.c
____Argc
____Argv
xmsgwnt.c
__exit_with_msg_
__fatal_runtime_error_
nrealloc.c
_nrealloc_
realloc_
iomodtty.c
__ChkTTYIOMode_
__IOMode_
__MemAllocator
__MemFree
nmemneed.c
__nmemneed_
grownear.c
__LinkUpNewMHeap_
__AdjustAmount_
__CreateNewNHeap_
__ExpandDGROUP_
__stos
__STOSB
__STOSD
setenvp.c
__setenvp_
__freeenvp_
__free_ep
ustrlen.c
wcslen_
memcpy.c
memcpy_
conutwnt.c
__NTRealKey_
initConsoleHandles_
__NTConsoleInput_
__NTConsoleOutput_
_console_in
_console_out
fclex387.c
_ClearFPE_
signlwnt.c
__SignalTable
__SetSignalFunc_
__GetSignalFunc_
__GetSignalOSCode_
__CheckSignalExCode_
_CtrlSignalHandler@4
CtrlHandlerIsNeeded_
StartCtrlHandler_
KillCtrlHandler_
__sigabort_
__sigfpe_handler_
signal_
raise_
__SigInit_
__SigFini_
__sig_init_
_CtrlHandlerRunning
___anon290
wctomb.c
wctomb_
itoa.c
strupr.c
strupr_
noefgfmt.c
_no_support_loaded_
___EFG_printf
___EFG_scanf
lltoa.c
ulltoa_
lltoa_
ltoa.c
ultoa_
mbisdbcs.c
___IsDBCS
mbislead.c
_ismbblead_
__mbInitOnStartup_
___MBCSIsTable
___anon58
cinit.c
__CommonInit_
exit.c
_null_exit_rtn_
__null_int23_exit_
_exit_
___int23_exit
___FPE_handler_exit
enterdb.c
__EnterWVIDEO_
___WD_Present
nmsize.c
_nmsize_
_msize_
nexpand.c
_nexpand_
_expand_
__HeapManager_expand_
amblksiz.c
__amblksiz
heapen.c
_heapenable_
___heap_enabled
nheapmin.c
_nheapshrink_
_nheapmin_
_heapmin_
_heapshrink_
__ReturnMemToSystem_
__ReleaseMiniHeap_
dofilstr.c
__ParsePosixHandleStr_
clearenv.c
clearenv_
abort.c
abort_
__terminate_
___abort
mbinit.c
set_dbcs_table_
clear_dbcs_table_
__mbinit_
___MBCodePage
alphabet.c
___Alphabet
getenv.c
getenv_
strncpy.c
strncpy_
strtol.c
radix_value_
_stol_
strtoul_
strtol_
_nearly_overflowing
putenv.c
putenv_
findenv_
__putenv_
mbterm.c
_mbterm_
mbsnextc.c
_mbsnextc_
mbcupper.c
_mbctoupper_
mbsinc.c
_mbsinc_
mbschr.c
_mbschr_
mbslen.c
_mbslen_
mbstowcs.c
mbstowcs_
uputenv.c
_wputenv_
findenv_
__wputenv_
toupper.c
toupper_
memmove.c
memmove_
mbconv.c
_mbvtop_
mbclen.c
_mbclen_
mbccmp.c
_mbccmp_
mbtowc.c
mbtowc_
ustrchr.c
wcschr_
setenvar.c
__lib_SetEnvironmentVariableW_
crtwenv.c
__create_wide_environment_
wcstombs.c
wcstombs_
utoupper.c
towupper_
E:\Projects\progs\Petrosjan\BinToHex\BinToHex.cpp
$d(D(4pD
.debug_info
.debug_abbrev
.debug_line
.debug_aranges
.shstrtab