Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: a67206ea18a28342b70178d269bb24ad --

Hashes
MD5: a67206ea18a28342b70178d269bb24ad
SHA1: 3dc6ad417c1521b57075a94dd8c709ecc8e14687
SHA256: a714d247f7b71ee7a90f5a6957d1d4ec93186ab72b401d2843c2ce7e511c70a8
SSDEEP: 192:Ve3RJ14eAs/zcIAHcIbjWrnJk5E5WNFXb71IoIbMlK7XULtIvcHwZyp1jCdua6J/:aR0eAsADfInJk5E5WHFtMARNaj6l
Details
File Type: 80386
Yara Hits
CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Full/Objs/Release%20DEBUGCONFIG/ScreenShots.obj
Strings
		.drectve
.debug$S
P`.text
P`.text
P`.text
P`.rdata
0@.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\Full\Objs\Release DEBUGCONFIG\ScreenShots.obj
Microsoft (R) Optimizing Compiler
@comp.id	x
@feat.00
.drectve
.debug$S
_dcSavedX
.rdata
_wndRect
?Real_EndPaint@@3P6GHPAUHWND__@@PBUtagPAINTSTRUCT@@@ZA
?Real_BeginPaint@@3P6GPAUHDC__@@PAUHWND__@@PAUtagPAINTSTRUCT@@@ZA
?Real_GetDCEx@@3P6GPAUHDC__@@PAUHWND__@@PAUHRGN__@@K@ZA
_GenericSansSerifFontFamily
_GenericSerifFontFamily
_GenericMonospaceFontFamily
_GenericSansSerifFontFamilyBuffer
_GenericSerifFontFamilyBuffer
_GenericMonospaceFontFamilyBuffer
_GenericTypographicStringFormatBuffer
_GenericDefaultStringFormatBuffer
_wndScreenShot
_dcScreenShot
??_H@YGXPAXIHP6EPAX0@Z@Z
?ScreenShotDrawCursor@@YAXPAUHDC__@@HHPAUTDrawCursorInfo@@@Z
?Make@ScreenShot@@YA_NPAUHWND__@@HHKKPAUTDrawCursorInfo@@PA_W@Z
?m_memset@@YAPAXPAXKK@Z
?SaveScreenShotToPng@@YAXPAUHBITMAP__@@PA_W@Z
?png@?1??SaveScreenShotToPng@@YAXPAUHBITMAP__@@PA_W@Z@4U_GUID@@B
??0GdiplusStartupInput@Gdiplus@@QAE@P6GXW4DebugEventLevel@1@PAD@ZHH@Z
?MakeToMem@ScreenShot@@YA_NPAUHWND__@@HHKKPAUTDrawCursorInfo@@AAPAEAAK@Z
?MemFree@@YAXPAX@Z
?ReadToBufferW@File@@YAPAEPA_WAAK@Z
?GetTempName@@YAPA_WXZ
?GetSavedDC@@YAPAUDCScrShot@@PAUHWND__@@@Z
?DrawWindow@ScreenShot@@YA_NPAUHWND__@@PA_W@Z
?UnhookBeginEndPaint@@YAXXZ
?Free@HEAP@@YAXPAX@Z
?HookApi@@YAPAXKKPAX0@Z
?Alloc@HEAP@@YAPAXK@Z
?FillBackground@@YAXPAUHWND__@@PAUHDC__@@@Z
?HookBeginPaint@@YGPAUHDC__@@PAUHWND__@@PAUtagPAINTSTRUCT@@@Z
__imp__BitBlt@36
?GetScreenClientRect@@YAXPAUHWND__@@PAUtagRECT@@@Z
?HookEndPaint@@YGHPAUHWND__@@PBUtagPAINTSTRUCT@@@Z
?DrawSavedDC@@YAX_NPAUHWND__@@PAUHDC__@@HHHH@Z
?HookGetDCEx@@YGPAUHDC__@@PAUHWND__@@PAUHRGN__@@K@Z
?EnumChildProc@@YGHPAUHWND__@@J@Z
?DrawWindow@ScreenShot@@YA_NPAUHWND__@@AAPAEAAK@Z
?DrawWindow2@ScreenShot@@YA_NPAUHWND__@@PA_W@Z
__imp__PrintWindow@12
?DrawWindow2@ScreenShot@@YA_NPAUHWND__@@AAPAEAAK@Z
??$pushargEx@$0BA@$0FFPHEJGC@PAKPAUGdiplusStartupInput@Gdiplus@@H@@YAPAXPAKPAUGdiplusStartupInput@Gdiplus@@H@Z
?GetProcAddressEx@@YAPAXPADKK@Z
??$pushargEx@$0BA@$0LHPALFHC@PAUHBITMAP__@@HPAPAVGpBitmap@Gdiplus@@@@YAPAXPAUHBITMAP__@@HPAPAVGpBitmap@Gdiplus@@@Z
??$pushargEx@$0BA@$0OEBALDOL@PAVGpBitmap@Gdiplus@@PA_WPAU_GUID@@H@@YAPAXPAVGpBitmap@Gdiplus@@PA_WPAU_GUID@@H@Z
??$pushargEx@$0BA@$0CCGPKJCD@PAVGpBitmap@Gdiplus@@@@YAPAXPAVGpBitmap@Gdiplus@@@Z
??$pushargEx@$0BA@$0JJKCECGE@K@@YAPAXK@Z
??$pushargEx@$0P@$0OPJKMAGO@K@@YAPAXK@Z
??$pushargEx@$02$0MKNENGJC@PAUHDC__@@PAUtagRECT@@PAUHBRUSH__@@@@YAPAXPAUHDC__@@PAUtagRECT@@PAUHBRUSH__@@@Z
??$pushargEx@$0P@$0EILIHOPM@PAUHBRUSH__@@@@YAPAXPAUHBRUSH__@@@Z
??$pushargEx@$02$0LJFCFEMH@PAUHWND__@@@@YAPAXPAUHWND__@@@Z
??$pushargEx@$02$0JHPIFPKA@PAUHWND__@@PAUtagRECT@@@@YAPAXPAUHWND__@@PAUtagRECT@@@Z
??$pushargEx@$0P@$0DJOJGCEP@PAUHDC__@@H@@YAPAXPAUHDC__@@H@Z
??$pushargEx@$0P@$0GLDEHANF@PAUHDC__@@KK@@YAPAXPAUHDC__@@KK@Z
??$pushargEx@$0P@$0FKPAABHM@PAUHDC__@@@@YAPAXPAUHDC__@@@Z
??$pushargEx@$0P@$0EIJENKPM@PAUHDC__@@PAUHBITMAP__@@@@YAPAXPAUHDC__@@PAUHBITMAP__@@@Z
??$pushargEx@$0P@$0JOJALEGC@PAUHDC__@@HHKKPAU1@HHK@@YAPAXPAUHDC__@@HHKK0HHK@Z
??$pushargEx@$0P@$0FOBAPFCF@PAUHDC__@@@@YAPAXPAUHDC__@@@Z
??$pushargEx@$0P@$0EILIHOPM@PAUHBITMAP__@@@@YAPAXPAUHBITMAP__@@@Z
??$pushargEx@$02$0EMLCNBGN@PAUHWND__@@PAUHDC__@@@@YAPAXPAUHWND__@@PAUHDC__@@@Z
??$pushargEx@$00$0IBPAPAMJ@PA_W@@YAPAXPA_W@Z
??$pushargEx@$02$0KCPGFLKC@PAUHWND__@@PAUtagRECT@@@@YAPAXPAUHWND__@@PAUtagRECT@@@Z
??$pushargEx@$02$0FEDNPFAF@PAUHWND__@@PAUtagPOINT@@@@YAPAXPAUHWND__@@PAUtagPOINT@@@Z
??$pushargEx@$0P@$0JOJALEGC@PAUHDC__@@JJHHPAU1@HHK@@YAPAXPAUHDC__@@JJHH0HHK@Z
??$pushargEx@$02$0CFEEMBHM@PAUHWND__@@H@@YAPAXPAUHWND__@@H@Z
??$pushargEx@$0P@$0GLDEHANF@PAUHDC__@@HH@@YAPAXPAUHDC__@@HH@Z
??$pushargEx@$02$0HMLNCCEH@PAUHWND__@@@@YAPAXPAUHWND__@@@Z
??$pushargEx@$02$0MPKKNHLP@PAUHWND__@@@@YAPAXPAUHWND__@@@Z
??$pushargEx@$02$0FIKIBMCJ@PAUHWND__@@HIH@@YAPAXPAUHWND__@@HIH@Z
??$pushargEx@$02$0FIKIBMCJ@PAUHWND__@@HHH@@YAPAXPAUHWND__@@HHH@Z
??$pushargEx@$0P@$0FKPAABHM@H@@YAPAXH@Z
??$pushargEx@$02$0DNGIHKKN@PAUHWND__@@@@YAPAXPAUHWND__@@@Z
??$pushargEx@$02$0OAGJICMO@PAUHWND__@@PAUtagWINDOWPLACEMENT@@@@YAPAXPAUHWND__@@PAUtagWINDOWPLACEMENT@@@Z
??$pushargEx@$0P@$0GLDEHANF@PAUHDC__@@JJ@@YAPAXPAUHDC__@@JJ@Z
??$pushargEx@$02$0KOIKFFDC@PAUHWND__@@P6GHPAU1@J@ZH@@YAPAXPAUHWND__@@P6GH0J@ZH@Z
??$pushargEx@$0P@$0EIJENKPM@PAUHDC__@@PAX@@YAPAXPAUHDC__@@PAX@Z
??$pushargEx@$0P@$0EILIHOPM@PAUHDC__@@@@YAPAXPAUHDC__@@@Z
??$pushargEx@$02$0FIKIBMCJ@PAUHWND__@@H_NH@@YAPAXPAUHWND__@@H_NH@Z