Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: a30682839554122f3c2c27f8f6bc3258 --

Hashes
MD5: a30682839554122f3c2c27f8f6bc3258
SHA1: 6adb686b2a9cbad1f3dfe3035bcb30fda691e636
SHA256: 984760954bcb9062cb04b14c1b0848719b84bf97e898c9e22496d30fa6842404
SSDEEP: 768:IGCQvDJA8Z5sXb4RXXLs7Ju2Q1WHdWwdJ9lVgPkODWyZmP237c:IFQvDXsXbcY7fkO3HyX34
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Parent Files
a2edd0eaeef129e19b9da124291d1591
Source
Strings
		!This program cannot be run in DOS mode.
P`.data
.rdata
p@.bss
.edata
0@.idata
.reloc
J 9J$~
D$,9D$l
T$l9T$,
\$$9\$,w
9l$Xv,
9|$Xv8
PS)<$V
XYXZ`RQ
ZXXYQQQ
QRAPAQARAS1
A[AZAYAXZY]X
AWAVWVSPL
X[^_A^A_
USWVAWI
A_^_[]
NT LM 0.12
libgcj-13.dll
_Jv_RegisterClasses
Windows 7
Windows 5
\\%s\IPC$
SystemRoot
%s\system32
Size - %d kB
infect
InfectMachine
lMingw-w64 runtime failure:
Address %p has no image-section
  VirtualQuery failed for %d bytes at address %p
  VirtualProtect failed with code 0x%x
  Unknown pseudo relocation protocol version %d.
  Unknown pseudo relocation bit size %d.
(null)
PRINTF_EXPONENT_DIGITS
lInfinity
_set_output_format
_get_output_format
___lc_codepage_func
__lc_codepage
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 6.3.0 20170516
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
GCC: (GNU) 4.9.1
module32.dll
Control
FreeBuffer
Release
ADsOpenObject
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
SetCurrentDirectoryA
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_onexit
_snwprintf_s
calloc
fwrite
getenv
localeconv
malloc
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
strncpy
strstr
_unlock
vfprintf
wcslen
NetApiBufferFree
NetServerEnum
CoInitialize
CoUninitialize
IIDFromString
VariantClear
wvsprintfW
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
inet_addr
inet_ntoa
ioctlsocket
select
setsockopt
socket
ACTIVEDS.dll
KERNEL32.dll
msvcrt.dll
NETAPI32.dll
ole32.dll
OLEAUT32.dll
USER32.dll
WS2_32.dll
0"0O0b0g0
1 161\1
2!2H2O2Z2
4Q4b4h4|4
5'555b5y5
5C6L6\6
;0;G;f;
;:<U<t<
=/>g?o?
7&7.7W7g7
414H4N4e4{4
5+5`5t5
7&767B7\7q7
8#8H8X8i8n8s8{8
8&939R9X9m9
<#<8<J<^<v<
=1=B=K=n=
>0>J>T>u>
?'?;?Z?`?f?o?u?
0"0E0c0i0o0
1%1+151?1S1Y1
212?2E2L2
3&3A3O3U3\3
3;4Q4_4e4t4
5"5*525:5B5J5R5Z5b5j5r5z5
2<3d3p6
)3=3L3j3t3{3
4I4S4]4f4l4
5&5-5S5Y558
9!9/959b9p97?z?
5+5F5L5W5`5e5r5
6&656D6K6R6W6q6
t3x3|3
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6(6,6064686
<moduleconfig><autostart>yes</autostart><sys>yes</sys><needinfo name="id"/><needinfo name="ip"/></moduleconfig>kGN>