Sample details: 8a57297844825b961282d40fdebc4879 --

Hashes
MD5: 8a57297844825b961282d40fdebc4879
SHA1: a077e179c69461bd702d60133ed0b7201661e82b
SHA256: 3b2cc469e27aca58abc43a3eaa94dab4bee615c29f7995814e0b0a3d238f5408
SSDEEP: 3072:rVn8QOXmQaDIJEGp8Wtvv6j2KD+qmk5V4gzj1BuYH5V98YC/7K/XRlCHy:r9cQIvXtvE20LggDuYH5VCX++S
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/screenshot | YRP/spreading_share | YRP/win_files_operation |
Source
http://flavosoftorrent.ml/ffplug
http://flavosoftorrent.ml/ffplug
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
.data1
RVSQSWV
;t$,v-
UQPXY]Y[
QQSVWd
~pjCXf
HHtVHHt
,SVWj0X
Wj0XPV
j@j _W
Z} j@W
< t8<	t4
URPQQh`
PWWWWV
PSSSSV
v	N+D$
PP9E u
jA[jZZ+
v	N+D$
~';_t|%3
+t"HHt
Ht+Ht$Ht
list<T> too long
vector<T> too long
Create
%d %d %d
Tahoma
CHAPTER
Zbad allocation
Zgeneric
unknown error
Ziostream
iostream stream error
Zsystem
string too long
invalid string position
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
ZUnknown exception
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Zbad exception
(null)
`h````
xpxxxx
CorExitProcess
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
_hypot
_nextafter
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
Z__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
1#SNAN
1#QNAN
`h`hhh
xppwpp
C:\bin\grow\year?s\Csh\trans.pdb
)WMb\Q
,%}3!7
rc:L7e
]/r0r|j
	aK$zjtZD
?&m|>8
 tm^h{
Y1lHk$
f@C<H>
7bvE*R
_jK2_%O
7qg'-B
$pR<pJ
GetLocalTime
GetLastError
LoadLibraryW
GetProcAddress
CreateEventA
GetEnvironmentStrings
WaitForSingleObject
HeapAlloc
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
lstrlenA
lstrcpynA
lstrcatA
EnumSystemLanguageGroupsA
LocalAlloc
KERNEL32.dll
LoadImageA
SetScrollInfo
UpdateWindow
GetDesktopWindow
GetWindowRect
ReleaseDC
GetDlgItem
GetDlgItemTextA
GetSubMenu
GetMenuItemID
CreateMenu
CreatePopupMenu
AppendMenuW
SetMenu
GetCursorPos
GetWindowTextA
SetFocus
SetForegroundWindow
InsertMenuItemA
GetSystemMetrics
SendInput
SetCursorPos
BeginPaint
EndPaint
DefWindowProcA
DrawFrameControl
GetMenu
GetMenuItemInfoA
GetWindowRgn
GetDCEx
wsprintfA
PostQuitMessage
GetWindowDC
SendMessageA
CreateWindowExW
SetWindowLongA
GetWindowLongA
SetWindowPos
RedrawWindow
CallWindowProcA
CopyRect
IsWindowEnabled
GetParent
CharLowerA
MapWindowPoints
GetClientRect
OffsetRect
FillRect
SetScrollPos
SetDlgItemInt
LoadStringA
USER32.dll
GetObjectA
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
GetPixel
DeleteDC
GetStockObject
CreateFontA
GetCurrentObject
GetTextAlign
SetTextAlign
MoveToEx
TextOutW
CreatePatternBrush
DeleteObject
BeginPath
Ellipse
EndPath
FillPath
CombineRgn
SetTextJustification
SetBkMode
ExtTextOutA
SetTextColor
ExcludeClipRect
GdiGradientFill
CreateDIBSection
CreateSolidBrush
SelectClipRgn
Polyline
GDI32.dll
SHGetMalloc
SHELL32.dll
CoCreateInstance
ReleaseStgMedium
StgOpenStorage
ole32.dll
NetShareGetInfo
NETAPI32.dll
WNetOpenEnumA
MPR.dll
GetRTTAndHopCount
GetTcpStatistics
GetUdpStatistics
IPHLPAPI.DLL
PathFindExtensionA
PathRemoveFileSpecA
StrCSpnA
StrTrimA
StrCmpNIA
StrToIntA
ChrCmpIA
StrToIntExA
StrChrA
SHLWAPI.dll
CreateStatusWindowW
COMCTL32.dll
PdhAddCounterW
PdhCollectQueryData
PdhBrowseCountersA
pdh.dll
UuidFromStringA
UuidToStringA
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RPCRT4.dll
IsThemeActive
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeBackground
CloseThemeData
GetThemeBackgroundContentRect
UxTheme.dll
ScriptStringAnalyse
ScriptStringOut
ScriptStringFree
USP10.dll
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
RaiseException
GetCommandLineA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
LCMapStringW
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
WriteConsoleW
CreateFileW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
?7W2&?l
^4v*f7
>OH_zX
n<l?E5
v}CDs4
(K<IU%wW
8T(UfO
;VI`Z)Wt
Bo0Ty>Q
A^v##j
^2!"Z$
pG3_#\
td>Aqc
Hpt2m.
:pOaU(f
L>OWkz
|sr#:i&
~JH%x/
|u6Pw4	
@M!4+a;b.
KAN5A?
,pZDon
5,~wVs
E#^"h^J
POOU[8
2QY1&l/)'LI
5?rgAZp
D:Q;_A
6L0&qn
*@9 OM=
kM*]w['
.Kq^/2
Q]m6{w|=b
h.0/OZF
3wx0*qM
:{:I,H
(>r^kU^r
)hJt6}
M.41M1#^
zZ~gZaA-
W\yj4M
(O%vcU
PJ AyX2B
h87t+#3
+XH-3o
=FJT@%
[ny|}#
KHkq1F
SWN n)\
/~FO'A
/=UJd9"G
xpuP8X
*juD;6
|Bz5pU
PmcANS0
!@VL,V
kJ	Bq&h
D)_CBa
NI<,b7{
>o!_lgq
pd8Eur
7_r=aS
`U{L|s
B++.0^
VLi"2k
n{Qesi
!Pf/1.
x%DDv`
@*XZ0;
t~Jd)1W6
>rO=&O
x9O+$u
vYbA1z
0a,68h`
B~@BwF
)/uWx 
ZMNbM5A
edY;2<
;3#B1V
fLSUPUQ
PjJkp|
 ]==$F0
*8}T?/
}RD>8ZI%2
OtR>enr
wba2y,!
5ZVF2T
?D|O0k
L9MxI^
C@Dz)5
0i:KBx
%MrKX;ynpH
NE1rsWp2-
8l2'<_
m$1Vxt
<)WLyS
bz2XhvCL
tOzGr/
,E4`\#
=XN	L!
#PodN7_
]6#Rs3
8"/]>3P
T|TFfZ
.:STI?
I=6Dd4
8OvSf<Le
:5&!6Q
~V'Sw)
)fhN4K3
vPYksG`
,p	gY'
3[:[5L
kBM,YzE]
a%%L@V
I7H)kt
;["(d6
1cV]W)
/)0Gk\
v64Q9%U
obI4/`
B`D?su
\8S}?c
pH(85D
\J2;iB
W'Kf-Y5
9WD4E>
lg/aNBZ
33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
333333333
3333333
ffffffffffffffffffffffffffffffffffk
33333>
33333 
C333339
333333?
3333333
	3333333
	3333333
3333333
33333<
33333 
33333=
333335
3333333
3333333333333333
3333333333333334
33333333333333
S3333333333333
S333333333333
333333333332
T333335
333333 
S33333P
333332
33333<
o333333
333333
333333P
	3333336
333333=
333333<
333333?`
3333333
3333333 
3333333
3333333
	3333333P
3333333@
3333333
33?b333
o333@	333@
333?5 
c33332
#33335
33333S
S33333<`
333333333335
S333335S333? 
33333? 
333333:
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDO
33333333:
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwq
33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333
 !B$$%J$$%K$$%K$$%K$$%K$$%K$$%K##$J##$J$$%K$$%K#$$K##$J#$$K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K$$%K##$K##$J##$J##$J#$$K$$%K$$%K$$%K$$%K$$%K$$%K#$$K##$J##$J##$J##$K$$%K$$%K$$%K$$%K#$$K##$J#$$K$$%K$$%I
JJLk/+&
1.*	MMOn
''(I'#
8778Z@@Ce@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bf@@Bd--.R
$@@A`kkm
CCDd&"
>>?`JE>
%%'Gc_[
WWZuRPN
[\^yUSP
**+L`\X
PPRo?:3
<:7	<:7
;:7	HFB
:9:/>>>3?>>3?>>3?>>3>>=3>>=3?>>3>>=3>>=3?>>3?>>3?>>3?>>3?>>3?>>3?>>3?>>3?>>3>==3>==3>==3?>>3?>>3?>>3?>>3>>=3>==3>==3?>>3?>>3?>>3>>=3>>=3>=>3777,.-,
hhh~LHD
1/, :99A:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99G:99F:98<2/,
Kffffff
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX