Sample details: 8041e723f6823fe8b0dc93321ec47961 --

Hashes
MD5: 8041e723f6823fe8b0dc93321ec47961
SHA1: 52471ef2dcfbadd35b2a69ad284afe4fa0360f09
SHA256: 40a4b5f017a59ba2e959bd7b2d4d3165388e98ef98a1a804fa16b750e6834bbc
SSDEEP: 384:tw3EB9LqnGHAYaBf+57skVHArXoTvzpjrSA6DzY7gbT:fBpqnqAeR9EXAzpjrShDA
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
75490e
871806ab0a390607f3da446a8407c104
ekJSQmdeYxA8BWRLYFlhRX1Gdk58WHtLdwR6RDxbIQV6RHdPawRjQmM=
AppData
/index.php
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
:Zone.Identifier
00000000
urlmon
URLDownloadToFileA
netsh advfirewall firewall add rule name="
" program="
" dir=Out action=allow
84547437
http://wassronledorhad.in/q2/index.php
http://wassronledorhad.in/q2/index.php
c:\users\wmji\desktop\gu7tliu6j0.exe
C:\Users\WMJI\AppData\Roaming\z\
C:\Users\WMJI\AppData\Roaming\84547437\
c:\users\wmji\appdata\roaming\84547437\dwm.exe
C:\Users\WMJI\AppData\Local\Temp\_
84547437\
84547437
C:\Users\WMJI\AppData\Roaming
C:\Users\WMJI\AppData\Local\Temp\
704c28aa-4547-4377-ab6a-d0afe72f3f70
7042845474377607237
SOFTWARE\Microsoft\Cryptography
MachineGuid
netsh advfirewall firewall add rule name="Quant" program="c:\users\wmji\appdata\roaming\84547437\dwm.exe" dir=Out action=allow
ProgramFilesDir (x86)
http://
https://bdns.at/r/
http://wassronledorhad.in/q2/index.php
HKEY_CURRENT_USER
Keyboard Layout\Preload
00000419
00000422
0000043f
GetSidSubAuthority
GetTokenInformation
GetUserNameA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetFileAttributesA
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetTempPathA
LoadLibraryA
LocalAlloc
LocalFree
SetCurrentDirectoryA
SetUnhandledExceptionFilter
WaitForSingleObject
WinExec
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fflush
fprintf
malloc
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteA
ShellExecuteExA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
WININET.DLL
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="q" type="win32"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>