Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: a033c3e642698410573ccdb37e1e8616 --

Hashes
MD5: a033c3e642698410573ccdb37e1e8616
SHA1: 184ecc162a0ed6a7d9a6fe9ac64426589ae06598
SHA256: 3f894ba438bf9d1fdd87b3e264688166984aa32ca590288ad90448fe51a799c7
SSDEEP: 768:NMi7zjMbaGyS8oNxDGk/4gSI0APaylhgOhf2Ih8VStbc:WEj0VyS88c6PxgWRtbc
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Armadillo_v4x | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsConsole | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/migrate_apc | YRP/win_token | YRP/win_files_operation | YRP/Dos_1 | YRP/churrasco | FlorianRoth/Dos_1 | FlorianRoth/churrasco |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.sxdata
t-Ht"HHu
t/Ht HH
YYu[9E
QQSVWd
t.;t$$t(
F;5`+A
uRFGHt
HHtpHHtl
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
DSUVWh
VC20XC00U
sO;>|C;~
^95`+A
F;5`+A
HHtYHHtF
ios::eofbit set
ios::failbit set
ios::badbit set
invalid string position
string too long
Unknown exception
`h````
ppxxxx
(null)
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
GetTokenInformation
CreateProcessAsUserA
DuplicateTokenEx
OpenThreadToken
SetThreadToken
LookupAccountSidA
ImpersonateSelf
GetUserNameA
ADVAPI32.dll
DtcGetTransactionManagerExA
XOLEHLP.dll
GetProcAddress
LoadLibraryA
CloseHandle
GetEnvironmentVariableA
GetCurrentThread
HeapFree
GetProcessHeap
DuplicateHandle
GetCurrentProcess
OpenProcess
QueueUserAPC
GetProcessIdOfThread
OpenThread
MultiByteToWideChar
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
GetModuleHandleA
GetModuleFileNameA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetLastError
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
KERNEL32.dll
/currasco/-->MSDTC service seems to have problems
iphlpapi.dll
AllocateAndGetTcpExTableFromStack
WinSta0\Default
comspec
SYSTEM
/churrasco/-->Found SYSTEM token 0x%x
/churrasco/-->Found %s Token
/churrasco/-->Couldn't open Rpcss process
NETWORK SERVICE
/churrasco/-->Found NETWORK SERVICE token 0x%x
/churrasco/-->Found %s Token
/churrasco/-->Usage: Churrasco.exe "command to run"
/churrasco/-->Current User: %s 
NETWORK SERVICE
/churrasco/-->Process is not running under NETWORK SERVICE account!
/churrasco/-->Getting NETWORK SERVICE token ...
/churrasco/-->Couldn't find NETWORK SERVICE token
/churrasco/-->Couldn't get current user name
/churrasco/-->Getting Rpcss PID ...
/churrasco/-->Found Rpcss PID: %d 
/churrasco/-->Searching for Rpcss threads ...
/churrasco/-->Found Thread: %d 
/churrasco/-->Thread impersonating, got NETWORK SERVICE Token: 0x%x
/churrasco/-->Getting SYSTEM token from Rpcss Service...
/churrasco/-->Running command with SYSTEM Token...
/churrasco/-->Done, command should have ran as SYSTEM!
/churrasco/-->Couldn't run command, try again!
/churrasco/-->Thread not impersonating, looking for another thread...
/churrasco/-->Couldn't find Rpcss PID!
.?AVios_base@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@GU?$char_traits@G@std@@@std@@
.?AV?$basic_ostream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_istream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_streambuf@GU?$char_traits@G@std@@@std@@
.?AV?$basic_filebuf@GU?$char_traits@G@std@@@std@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AVexception@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVlength_error@std@@
.?AVtype_info@@