Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 7ac45effd43af2f21f91141c735c4590 --

Hashes
MD5: 7ac45effd43af2f21f91141c735c4590
SHA1: 0291e84c80bca913adb795f5227b3cb5567463d3
SHA256: 3ed186065b25e04e07b3d65cc372ff8037cfe233210ffc1cfb63ee535649514c
SSDEEP: 48:9wnorqjId68KQQQvOIHK1p3Lcv4BEOc/NkWvu341rabCUFMsUjWSU1fodVHmVeTb:9IR8KQ9o2POKkg+qd3mMDrNAkv
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release/RuBnk.obj
Strings
		.drectve
.debug$S
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.rdata
0@.debug$F
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release\RuBnk.obj
Microsoft (R) Optimizing Compiler
j\Xjrf
Vj\XjHf
@comp.id	x
@feat.00
.drectve
.debug$S
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
?IbankHooksMain@@YA_NXZ
?IsBank@@YAXPAX@Z
?HookCyberplatPCMain@@YA_NXZ
??$pushargEx@$06$0NOKKJFFH@$0BMF@HHHHPA_W@@YAPAXHHHHPA_W@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0CMKBLFPA@$0HP@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0KAHDFGB@$0KI@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
??$pushargEx@$00$0CNEALIOG@$0IC@PAD@@YAPAXPAD@Z
?IBlockThread@@YGKPAX@Z
?DownloadInFile@@YA_NPADPA_W@Z
?ExecuteIblock_Url@@YA_NPAXPAD1@Z
?StartThread@@YGPAXPAX0@Z
?New@STR@@YAPADPADK@Z
?IBlockProcessThread@@YGKPAX@Z
?Free@STR@@YAXPAD@Z
?MemFree@@YAXPAX@Z
?AnsiToUnicode@@YAPA_WPADK@Z
?ExecuteIblock_processblock@@YA_NPAXPAD1@Z
?GetRightStr@STR@@YAPADPAD0_N@Z
?GetLeftStr@STR@@YAPADPAD0_N@Z
??_C@_01CLKCMJKC@?5?$AA@
?Alloc@HEAP@@YAPAXK@Z