Sample details: a1fd3e93e30fb89b1206abf460126214 --

Hashes
MD5: a1fd3e93e30fb89b1206abf460126214
SHA1: 68549e5b9c62b8b9cb7a975bf0446c12e072e1e0
SHA256: 94313cefde5a2eb4345760d39689feaea4f2ad8684f106f33cb0d0f7b44720d2
SSDEEP: 768:llJvFx2qYqSeOlE2e9ySi9yE89yE3hDAdscw7ODy4X+439nTim6s:9Fx2qYqSeOlEby58v8Ah2scwWykv9n+L
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_V3X | YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/Zeus_Panda |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
554ddb
0d5a89e6295c01b7cb6a2db41e520bc6
ekJSQmdeYxA8BXlfYE9lT31NZEtgWWFPYEh2Xj1dYAViBXpEd09rBGNCYw==
AppData
/index.php
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
GetSidSubAuthority
GetTokenInformation
GetUserNameA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetFileAttributesA
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetTempPathA
LoadLibraryA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
WaitForSingleObject
WinExec
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
malloc
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteA
ShellExecuteExA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
WININET.DLL
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="q" type="win32"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
!This program cannot be run in DOS mode.
.M_k2C_
.M_/(K_
.M_Rich
:2 <%QjT&
	3VrZI"n	
pA(gqC 
KU$rj(
WRTDx=
fSTRUDC.
/a)s<T
L,X	PNY
B.]C1;
SF]8Gx0B
l8tn=N:
Q&XhH<u<8FR
P\ou#K
dBf1`ceR^,
..C,d0Wt
qlh NWm
,(~P$h
"M,u;g
l:Q8x<
0~d2!'
D(L5x2
SwE(|+
\b9UVW
`5]kS\
-l7x"X
uvHH0J-
./0123
 ~\`]H
}t]H?D]Pfdx
|xddddtplhddddd`\X
 dddd$(,0dddd48<@fdddDHLPT
XPVSZt
\|``Lr
\rTTXX
hll\rr
pptt	'
DD4Lfd
;x4u v
l'f`Z4M
nQhb\`
4M82,& 
kpcjd^X
ixrlf`
ZTNHGET ^&
.htm0ep($
yPTJTD<y
T>T8T2T
,&T `>
SER32.dll
ADVAPI
$p`@2 
`1pdateWindowws;t
Enabld
MessageA
KicTimer9
GD&ktop
a#InputSt
m;%Cl&e
ipboard!
D$aYEmpty
%GOpen$o
Form%Ava
o3eg00
Local A
z{-Gener
tions+
ChildF.me<\Prog
es\InFrMt Ex
about:blank
en-UK;q=0.8,
 4zh-CN
k	9v53cn
compPs
? gzip?1.0*w
defl~[
avascr.t
*/*; q011l
/5u (%7m
Yahoo! Slurp
ouelp.y
/yse41/s,)o
* G#gG2
s#{.67
X13Ubu
ux x86_64
rv:16#)
aecko]
MSIE 9
s NT 6
 OS X :_8)V
~KHTML
kekax,
afei-[
s+0727)K8
&7.36[m
iPadqCPU
9vd%b>
-En+db{
x-xbitp
.ms-*nl
GH(KexY
n+|SoftzO\
OFTWARE\Mi.
\	\C~r"
+D/DESCRIPTION\SW
hsKUck
ukB? &{n
 | CO 
nddX"o
/62kMc
a=g;I1o
7Xhwc=-=a
I 9}<s7f
5Qb1k;m
scP)kH
ElAg;f
GetLastError
(TickCoHa
V;tualAll~
Termin
Librarr
~4riCM
Un;K6kk
ModuHandl!O
+fdiv7
rgs9cmnn
_bfniX
M:Qw>Cxx
4iUReque^H
)b!?Send
# :.rd
XPTPSW
KERNEL32.DLL
iphlpapi.dll
MFC42.DLL
MSVCRT.dll
OLEAUT32.dll
SHELL32.dll
WININET.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
GetNetworkParams
ShellExecuteA
InternetOpenA