Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 6c73501e4d5953f29fe913ddcbc9f88b --

Hashes
MD5: 6c73501e4d5953f29fe913ddcbc9f88b
SHA1: 470212596ac07b3757b747e60d1ccc876baf7df0
SHA256: 315e15d3ba8b0d75c7ca9fa63bbd3a7a4bb2c1abb644ad8f0eca64e6c2eb7fe0
SSDEEP: 192:zxziHp2VTXi7Co7nzpXt6lT94SXAWEnCzBVtW97F7IQ6c0:zp2p2lX6zFI74SXAe1VG7Iz
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitDropper/Objs/Release%20BK%20exe/CabPacker.obj
Strings
		.drectve
.debug$S
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.text
`.text
`.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.rdata
0@.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.text
`.text
`.text
`   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper\Objs\Release BK exe\CabPacker.obj
Microsoft (R) Optimizing Compiler
hD$C2j
CABINET
hz\?jj
SVWhz\1jj
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
?FN_FCIALLOC@@YAPAXK@Z
?MemAlloc@@YAPAXK@Z
?FN_FCIFREE@@YAXPAX@Z
?MemFree@@YAXPAX@Z
?FN_FCISTATUS@@YAJIKKPAX@Z
?FN_FCIFILEPLACED@@YAHPAUCCAB@@PADJHPAX@Z
?FN_FCIGETNEXTCABINET@@YAHPAUCCAB@@KPAX@Z
?CloseCab@@YAXPAX@Z
?GetProcAddressEx@@YAPAXPADKK@Z
?FreeList@@YAXPAPAUFILEENTRY@@@Z
??$pushargEx@$00$0BCJHIBCM@$0A@@@YAPAXXZ
?GetProcAddressEx2@@YAPAXPADKKH@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
??$pushargEx@$00$0IPIPBBE@$0BE@PADKHHKHH@@YAPAXPADKHHKHH@Z
??$pushargEx@$00$0EIHPOBGL@$0BK@PAXPAXIPAKH@@YAPAXPAX0IPAKH@Z
??$pushargEx@$00$0PDPNBMD@$0BG@PAXPAXIPAKH@@YAPAXPAX0IPAKH@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0OPEIOADK@$0BL@PAXJHH@@YAPAXPAXJHH@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$pushargEx@$00$0PBEJLMME@$0JN@PAXPAU_BY_HANDLE_FILE_INFORMATION@@@@YAPAXPAXPAU_BY_HANDLE_FILE_INFORMATION@@@Z
??$pushargEx@$00$0OFHJCOJE@$0JO@PAU_FILETIME@@PAU1@@@YAPAXPAU_FILETIME@@0@Z
??$pushargEx@$00$0LGIOLOPI@$0JP@PAU_FILETIME@@PAGPAG@@YAPAXPAU_FILETIME@@PAG1@Z
??$pushargEx@$00$0FIPOHKLO@$0DG@HPAD@@YAPAXHPAD@Z
??$pushargEx@$00$0PKEPFAC@$0GG@PADPBDHPAD@@YAPAXPADPBDH0@Z
??$pushargEx@$00$0CMKFPDGG@$0IA@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0CMKBLFOG@$0HO@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0DCEDCEEE@$0IJ@PADPAU_WIN32_FIND_DATAA@@@@YAPAXPADPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0CMKCLHOG@$0HM@PADPBD@@YAPAXPADPBD@Z
??$pushargEx@$00$0CMKBLFOG@$0HO@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0CMKFPDGG@$0IA@PADPAD@@YAPAXPAD0@Z
??$pushargEx@$00$0CHJNOKNH@$0IL@PAXPAU_WIN32_FIND_DATAA@@@@YAPAXPAXPAU_WIN32_FIND_DATAA@@@Z
??$pushargEx@$00$0HLEIECMB@$0IN@PAX@@YAPAXPAX@Z
??$pushargEx@$0BD@$0EFLGBFNF@$0CAG@PADPBDPBD@@YAPAXPADPBD1@Z
??$pushargEx@$0BD@$0OGODOOAB@$0CAJ@PAD@@YAPAXPAD@Z
??$pushargEx@$0BD@$0OONFDJIM@$0CAE@PBD@@YAPAXPBD@Z
?pGetLastError@@YAKXZ
?FN_FCIOPEN@@YAHPADHHPAHPAX@Z
?FN_FDIOPEN@@YAHPADHH@Z
?FN_FCIREAD@@YAIHPAXIPAH0@Z
?FN_FDIREAD@@YAIHPAXI@Z
?FN_FCIWRITE@@YAIHPAXIPAH0@Z
?FN_FDIWRITE@@YAIHPAXI@Z
?FN_FCICLOSE@@YAHHPAHPAX@Z
?FN_FDICLOSE@@YAHH@Z
?FN_FCISEEK@@YAJHJHPAHPAX@Z
?FN_FDISEEK@@YAJHJH@Z
?FN_FCIDELETE@@YAHPADPAHPAX@Z
?FN_FCIGETOPENINFO@@YAHPADPAG11PAHPAX@Z
?FN_FCIGETTEMPFILE@@YAHPADHPAX@Z
??_C@_07BLINPCHP@CABINET?$AA@
?CreateCab@@YAPAXPBD@Z
?AddFileToCab@@YA_NPAXPBD1@Z
?ScanFiles@@YAXPBD0PAPAUFILEENTRY@@@Z
??_C@_02DJGKEECL@?4?4?$AA@
??_C@_01LFCBOECM@?4?$AA@
??_C@_01KICIPPFI@?2?$AA@
??_C@_04FGAJMCLA@?2?$CK?4?$CK?$AA@
?m_memset@@YAPAXPAXKK@Z
?AddDirToCab@@YA_NPAXPBD1@Z
?AddBlobToCab@@YA_NPAX0KPAD@Z
?Free@STR@@YAXPAD@Z
?WriteBufferA@File@@YAKPBDQAXK@Z
?GetTempNameA@File@@YAPADXZ
?ExtractCabNotify@@YAHW4FDINOTIFICATIONTYPE@@PAUFDINOTIFICATION@@@Z
?StrSame@@YA_NPAD0_NK@Z
?ExtractCab@@YA_NPBD0PAPBD@Z
?m_lstrlen@@YGKPBD@Z
?m_lstrcpy@@YGXPADPBD@Z