Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 6bdee405ed857320aa8c822ee5e559f2 --

Hashes
MD5: 6bdee405ed857320aa8c822ee5e559f2
SHA1: 019bfda1ed13ba4ad81e30dcceb7ac24234d96b1
SHA256: 5ce0fa2f79d7095ffacd8ca6effc37c72311b9b135439e8095887d2fe02fcb06
SSDEEP: 768:j+lgupF39+9UOM8yCSKXoAyzWqAeQb9U+nVjeFzz+7:KlgupF5iyCJ49CUQRU+nVyFu
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/escalate_priv | YRP/win_token | YRP/win_files_operation | FlorianRoth/Pirpi_1609_A | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
D$ RPV
L$ PQV
L$@SU3
L$LVW3
FD_^][
GetSystemTime
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
CloseHandle
FlushFileBuffers
WriteFile
SetEndOfFile
SetFilePointer
CreateFileA
CopyFileA
GetTickCount
CreateProcessA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
GetLastError
SetFileAttributesA
SetFileTime
GetFileTime
SystemTimeToFileTime
SetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetVersionExA
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
OpenProcess
KERNEL32.dll
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ADVAPI32.dll
sprintf
malloc
_snwprintf
rename
strrchr
strchr
wcslen
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
GetStartupInfoA
_stricmp
_strnicmp
_wcsnicmp
ms*as.dll
\msasn1.dll
as.dll
rundll32 %s in 111432
@echo off
del %s
if exist %s goto loop
del %%0
rundll32 %s GetFile 
tmp.exe
_cLNX7\
~m\kF0
@<"ZYF
	Y,LsU
tE,5HC!~,
u).ew'
?8"e8O
:'icT+
}0~jjoI|
]V=~$u
ZV[x	)
\6/Gae
X(=49:l
	8"6y&
H!fVK 
-@^ M|
eayQti;
tZ)a@A
T*a;Fc
{ey`wu8&N=
D:bKA4
a}A#7D
Zt}jD~
.tw&S=
,0u:%=UJl
}NnzZ`
C5#p	J
+VLg1(;
8R 3[&
$/%Xs?q
sjsCbK
RE|5)<
9Dy7-js&b
!u(j3C
a5/Sj 
nj@)nE/n
W.@Q2E
.N Fc8
qf*G&?138
&L(cUc
(NX6lZ
!xG@rAoi
_cLNX7\
z}Y9o^ I}\
X(`A/$
os46n*{
9va~Y4w
t1"8Sa
Pj@1<_
Lrd\MnM
Cv*rQiN
:"lPnf
Z+9R 3
)'f%U$rz
{/,hvQ8
_cLNX7\
\user32.dll
XXXXaX
\\127.0.0.1
\\localhost
DisableThreadLibraryCalls
LoadLibraryW
LoadLibraryA
kernel32.dll
user32.dll
xmlhlp
wups32
kdbg32
gdim32
helpnt
even32
dmsvct
biosnt
msexec
msdtcs
mscmsr
msctfp
sensnt
msasno
msfont
dhcpcsvc
tapisrv
wuauserv
netman
wzcsvc
Tapisrv
aaaaaa
NtQuerySystemInformation
NtQueryInformationProcess
winlogon.exe
sfc_os.dll
sfc.dll
SeTcbPrivilege
SeShutdownPrivilege
SeLoadDriverPrivilege
SeDebugPrivilege