Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 60ac7ad7eccc1cdc8e2fcd21cf42e068 --

Hashes
MD5: 60ac7ad7eccc1cdc8e2fcd21cf42e068
SHA1: 0d1b45bcbdbd9699bde81e984edbac26e6e39b11
SHA256: 52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869
SSDEEP: 1536:b2giUJrMJvmpUMyB43RWKRaQ71XubjyKhkkIs1ZZsNIT/3Dhw:b2LiQmpUbB4kKP1Xubjy4Is1ZwIhw
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Advapi_Hash_API | YRP/MD5_Constants | YRP/BASE64_table |
Source
http://193.124.117.153/crypt/without/Host.exe
http://193.124.117.153/crypt/without/Host.exe
Strings
		!This program cannot be run in DOS mode.
0`.data
.idata
T4 C2W
l$,;T$(
D$(;D$|}9
#D$ ;D$ 
D$(;\$(
t$`u$f
D$(t61
D$,t41
9L$Dr@
9D$H~M;|$P}G
L$8<Uu
D$0;D$Pr
D$0;D$Pr
\$,;|$0
L$,9L$$
;t$ }3A
D$(9D$`
D$`9D$(s6
D$`daA
D$FBMf
;L$8s	
t/;L$ 
;|$4}6
D$d DA
%c%.8x%s
%s @ %s
%s\%s.%s
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
8ccccc/Bcccccccccccccccccccccccccccccccccccccc
%8DmgM
#7@Qhq\1@NWgyxeH\_bpdgc%.2d/%.2d/%d %.2d:%.2d:%.2d
_BqwHaF8TkKDMfOzQASx4VuXdZibUIeylJWhj0m5o2ErLt6vGRN9sY1n3Ppc7g-C%.4d-%.2d-%.2d %.2d:%.2d:%.2d
socks=
@echo off
ping 192.0.2.2 -n 1 -w %d >nul 2>&1
DEL /s "%s" >nul 2>&1
call :deleteSelf&exit /b
:deleteSelf
start /b "" cmd /c del "%%~f0"&exit /b
http://%s%s
wcnwClass
%.2d/%.2d/%d %.2d:%.2d:%.2d
%6\%6.dfd
iphlpapi.dll
psapi.dll
kernel32.dll
Ed5jf5dRSdSqYsqCVid
Ed5jf5dRSdSuSsqCVid
Ed590WYd66XlCnd_4idLCldD
PiW6dS
m465dR4Rn...
MvL MdR5
MvL rdYd42dS
j65CVi46IdS
_4R UC45 (G)
_4R UC45 (h)
PiW6d UC45
PiW64Rn...
mC65 DPH
q4ld UC45
adid5d qPc
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
!&.37<
"%/28;=#$019:>?
PTLLjPq %6:%S -qq9/G.y
R-W65: %6:%S
200 OK
mWYCi a46w
%s (%s)
U4R-55sTsdR
winhttp.dll
U4R-55sEd590WfZ_W0u0i
U4R-55sEd5Xj90WfZPWR84n_W0PQ00dR5u6d0
%s\%s.bat
ComSpec
%s /c "%s"
MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56
Settings.ini
%rCRS%
-m "%s"
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56\%6
M5QV9C5I
GET %s HTTP/1.1
Host: %s 
User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.8
Connection: close
200 OK
%s%.2d-%.2d-%.4d
[Log Started] - [%.2d/%.2d/%d %.2d:%.2d:%.2d]
[%s] - [%.2d/%.2d/%d %.2d:%.2d:%.2d]
[cCYw6sCYd]
[jR5d0]
[D00Wg md85]
[D00Wg us]
[D00Wg r4nI5]
[D00Wg aWgR]
[-Wld]
[9Cnd us]
[9Cnd aWgR]
[c0dCw]
[adid5d]
[XR6d05]
[904R5 MY0ddR]
[MY0Wii mWYw]
[PCs6 mWYw]
[P50i+%Y]
rdn465d0rCgXRsQ5ad24Yd6
user32.dll
Ed5rCgXRsQ5aC5C
%.2d-%.2d-%.4d
MdYQ0Nh.Sii
m6CEd5mWnWRMd664WRaC5C
m6C_0ddrd5Q0RcQ88d0
m6CjRQld0C5dmWnWRMd664WR6
MT_qUDrj\FWk4iiC\%6\
PQ00dR5zd064WR
MT_qUDrj\FWk4iiC\%6\%6\FC4R
XR65Cii a40dY5W0Z
lWkQ54i6.Sii
lWkniQd.Sii
lWk67i45dN.Sii
R66N.Sii
%6\R66N.Sii
Mozilla Firefox
APPDATA
%6\FWk4iiC\_40d8Wf\s0W84id6.4R4
%6\FWk4iiC\_40d8Wf\%6
Mozilla Thunderbird
%6\qIQRSd0V40S\s0W84id6.4R4
%6\qIQRSd0V40S\%6
SeaMonkey
%6\FWk4iiC\MdCFWRwdZ\s0W84id6.4R4
%6\FWk4iiC\MdCFWRwdZ\%6
%6\64nRWR6.67i45d
%6\iWn4R6.e6WR
LMMpXR45
9HGGpEd5XR5d0RCiHdZMiW5
9HGGpDQ5IdR54YC5d
9mpcC6doOadYWSd
MjPXqjFpx80ddX5dl
9HGGMarpadY0Zs5
9HGGp_0ddMiW5
LMMpMIQ5SWgR
67i45dNpWsdR
67i45dNpYiW6d
67i45dNps0dsC0dp2h
67i45dNp65ds
67i45dNpYWiQlRp5df5
6didY5 *  80Wl lWkpiWn4R6
IW65RCld
dRY0Zs5dSu6d0RCld
dRY0Zs5dS9C66gW0S
%6\Tsd0C\Tsd0C\gCRS.SC5
%6\Tsd0C\Tsd0C\s0W84id\gCRS.SC5
%6\.sQ0sid\CYYWQR56.fli
<s0W5WYWi>
<RCld>
<sC66gW0S>
CS2Cs4Nh.Sii
P0dSjRQld0C5dD
P0dS_0dd
U4RSWg6m42d:RCld=*
9T9N u6d0
9T9N Md02d0
9T9N 9C66gW0S
XFD9 u6d0
XFD9 Md02d0
XFD9 9C66gW0S
-qq9 u6d0
-qq9 Md02d0
-qq9 9C66gW0S
MFq9 u6d0
MFq9 Md02d0
MFq9 9C66gW0S
jDM u6d0
jDM Md02d0 urm
jDM 9C66gW0S
%c%c%S
%c%c%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Y0Zs5Nh.Sii
P0Zs5uRs0W5dY5aC5C
abe2869f-9b47-4cd9-a358-c22904dba7f7
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
%s\*.*
4RSdf.SC5
2CQi5Yi4.Sii
zCQi5TsdRzCQi5
zCQi5PiW6dzCQi5
zCQi5jRQld0C5dX5dl6
zCQi5Ed5X5dl
zCQi5_0dd
History
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
LOCALAPPDATA
%6\EWWnid\PI0Wld\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%6\PI0Wl4Ql\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%6\PWlWSW\a0CnWR\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%6\vCRSdf\vCRSdfc0Wg6d0\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%6\Tsd0C MW85gC0d\Tsd0C M5CVid\mWn4R aC5C
l62Y0Gyy.Sii
l62YsGyy.Sii
l62Y0Ghy.Sii
l62YsGhy.Sii
Cs43l63g4R3YW0d354ldkWRd3iG3G3y.Sii
Cs43l63g4R3YW0d384id3iG3G3y.Sii
Cs43l63g4R3YW0d384id3ih3G3y.Sii
Cs43l63g4R3YW0d3iWYCi4kC54WR3iG3h3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3h3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3G.Sii
Cs43l63g4R3YW0d384id3iG3h3y.Sii
Cs43l63g4R3Y0530QR54ld3iG3G3y.Sii
Cs43l63g4R3Y0536504Rn3iG3G3y.Sii
Cs43l63g4R3Y053IdCs3iG3G3y.Sii
Cs43l63g4R3Y05365S4W3iG3G3y.Sii
Cs43l63g4R3Y053YWR2d053iG3G3y.Sii
Cs43l63g4R3Y053iWYCid3iG3G3y.Sii
Cs43l63g4R3Y053lC5I3iG3G3y.Sii
Cs43l63g4R3Y053lQi54VZ5d3iG3G3y.Sii
Cs43l63g4R3Y05354ld3iG3G3y.Sii
Cs43l63g4R3Y05384id6Z65dl3iG3G3y.Sii
Cs43l63g4R3Y053dR240WRldR53iG3G3y.Sii
Cs43l63g4R3Y053Q54i45Z3iG3G3y.Sii
Cs43l63g4R3YW0d36504Rn3iG3G3y.Sii
Cs43l63g4R3YW0d3RCldSs4sd3iG3G3y.Sii
Cs43l63g4R3YW0d3ICRSid3iG3G3y.Sii
Cs43l63g4R3YW0d3IdCs3iG3G3y.Sii
Cs43l63g4R3YW0d3i4V0C0ZiWCSd03iG3G3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd66dR240WRldR53iG3G3y.Sii
Cs43l63g4R3YW0d3SC5d54ld3iG3G3y.Sii
Cs43l63g4R3YW0d36Z64R8W3iG3G3y.Sii
Cs43l63g4R3YW0d3YWR6Wid3iG3G3y.Sii
Cs43l63g4R3YW0d3SdVQn3iG3G3y.Sii
Cs43l63g4R3YW0d3s0W84id3iG3G3y.Sii
Cs43l63g4R3YW0d3ldlW0Z3iG3G3y.Sii
Cs43l63g4R3YW0d3Q54i3iG3G3y.Sii
Cs43l63g4R3YW0d305i6QssW053iG3G3y.Sii
Cs43l63g4R3YW0d34R5d0iWYwdS3iG3G3y.Sii
QY05VC6d.Sii
2Y0QR54ldGOy.Sii
l62YsGOy.Sii
lWkY05Gt.Sii
67i45dN.Sii
R6s0O.Sii
siYO.Sii
siS6O.Sii
R66Q54iN.Sii
6W85WwRN.Sii
R66SVlN.Sii
Ed5FWSQid_4idLCldjfD
psapi.dll
kernel32.dll
%.2d/%.2d/%d %.2d:%.2d:%.2d
0x%.8X (%d)
0x%.16llX (%I64d)
%c%.8x%s
%c%.8x%s%s
%c%.8x%s\%s
%c%.8x%s\%s
ComSpec
WINDIR
%6\6Z65dlNh\YlS.dfd
localhost
CS2Cs4Nh.Sii
Ed5u6d0LCldD
uMjrLDFj
Unknown
Ed5LC542dMZ65dlXR8W
wd0RdiNh.Sii
MvMqjF\PQ00dR5PWR50WiMd5\PWR50Wi\90WSQY5Ts54WR6
90WSQY5qZsd
mDLFDLLq
MjrzjrLq
EiWVCiFdlW0ZM5C5Q6jf
kernel32.dll
-DraUDrj\ajMPrX9qXTL\MZ65dl\PdR50Ci90WYd66W0\y
ProcessorNameString
DiiWYC5dDRSXR454Ci4kdM4S
advapi32.dll
PIdYwqWwdRFdlVd06I4s
_0ddM4S
WINDIR
%d:%s%s;
%d:%I64u:%s%s;
%c%llu
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CryptUnprotectData
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileA
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesA
GetFileAttributesExA
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetSystemInfo
GetSystemTime
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
MoveFileA
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReleaseMutex
ResumeThread
SetErrorMode
SetFileAttributesA
SetFilePointer
TerminateProcess
WideCharToMultiByte
WriteFile
_beginthreadex
_filelengthi64
_vscprintf
_vsnprintf
calloc
fclose
fflush
fgetpos
fsetpos
fwrite
getenv
malloc
realloc
strcat
strchr
strcpy
NetApiBufferFree
NetWkstaGetInfo
SHFileOperationA
CreateWindowExA
DefWindowProcA
DispatchMessageA
EnumWindows
GetDesktopWindow
GetForegroundWindow
GetKeyNameTextA
GetKeyState
GetKeyboardState
GetMessageA
GetSystemMetrics
GetWindowTextA
IsWindowVisible
MapVirtualKeyA
PostQuitMessage
RegisterClassExA
ReleaseDC
SendMessageA
SetCursorPos
SetWindowTextA
ShowWindow
ToAscii
TranslateMessage
keybd_event
mouse_event
WSACleanup
WSAGetLastError
WSAIoctl
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
gethostname
inet_ntoa
ioctlsocket
select
setsockopt
shutdown
socket
ADVAPI32.DLL
CRYPT32.DLL
GDI32.dll
KERNEL32.dll
msvcrt.dll
NETAPI32.DLL
SHELL32.DLL
USER32.dll
WS2_32.dll