Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: aaa540846fb0e667839d79864438ae26 --

Hashes
MD5: aaa540846fb0e667839d79864438ae26
SHA1: 63c96687cb2a81d8aa6d3b510445e6bed7b32231
SHA256: 8ff5a7d03347f6c33f48587394b2078578b7ca0558eabebd175c0051b34029bb
SSDEEP: 384:zzpeAKM6+NCObq9HdFedujwPGtpdxpPEBKucHE1RRNvrsDifM370Sdw1y465PdM8:xv6mCotPEbPEBrcOwRwYMJmpeVpYz
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Browsers | YRP/Antivirus | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/create_service | YRP/network_dropper | YRP/network_tcp_socket | YRP/network_dns | YRP/escalate_priv | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Source
http://119.29.236.22/1.exe
Strings
		!This program cannot be run in DOS mode.
Rich3H
`.rdata
@.data
VirtualFree
VirtualAlloc
InterlockedExchange
lstrcpyA
LocalFree
LocalSize
LocalAlloc
GetTickCount
lstrcatA
WriteFile
CreateFileA
lstrlenA
GetLocalTime
GetProcAddress
LoadLibraryA
GetLastError
FreeLibrary
GetCurrentProcess
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExA
GetModuleFileNameA
CloseHandle
WaitForSingleObject
VirtualProtect
GetSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
CreateEventA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
KERNEL32.dll
wsprintfA
USER32.dll
CloseEventLog
ClearEventLogA
OpenEventLogA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_CxxThrowException
memset
??2@YAPAXI@Z
memcmp
strlen
strstr
strcpy
strncpy
strrchr
strcspn
sprintf
_except_handler3
realloc
_beginthreadex
fclose
fprintf
strchr
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
URLDownloadToFileA
urlmon.dll
GetStartupInfoA
_strupr
_stricmp
_strcmpi
bad buffer
bad Allocate
PluginMe
OpenProxy
CloseProxy
SeShutdownPrivilege
SeShutdownPrivilege
Application
Security
System
SYSTEM\CurrentControlSet\Services\%s
Remark
%s\%d.bak
%s\shell\open\command
WinSta0\Default
Applications\iexplore.exe\shell\open\command
WinSta0\Default
WinSta0\Default
360tray.exe
360sd.exe
avp.exe
KvMonXP.exe
RavMonD.exe
Mcshield.exe
egui.exe
kxetray.exe
avcenter.exe
Avira(
ashDisp.exe
rtvscan.exe
ksafe.exe
QQPCRTP.exe
K7TSecurity.exe
QQ.exe
knsdtray.exe
TMBMSRV.exe
Miner.exe
AYAgent.aye
patray.exe
V3Svc.exe
QUHLPSVC.EXE
QUICK HEAL
mssecess.exe
1433.exe
DUB.exe
ServUDaemon.exe
BaiduSdSvc.exe
jia66.iok.la
Default
%SystemRoot%\system32\
ADVAPI32.dll
RegCloseKey
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyA
RegSetValueExA
LoadLibraryA
FreeLibrary
StartServiceCtrlDispatcherA
GetModuleFileNameA
CopyFileA
%s:%d:%s
SYSTEM\CurrentControlSet\Services\%s
Remark
%4d-%.2d-%.2d %.2d:%.2d
InstallTime
SYSTEM\CurrentControlSet\Services\%s
Ole32.dll
CoInitialize
CoUninitialize
CoCreateInstance
Oleaut32.dll
SysFreeString
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%d*%sMHz
Remark
WinSta0\Default
IsWow64Process
kernel32.dll
ntdll.dll
RtlGetNtVersionNumbers
SYSTEM\CurrentControlSet\Services\%s
%s Win7
kernel32.dll
IsBadReadPtr
kernel32.dll
CreateProcessA
GetModuleFileNameA
CreateMutexA
ReleaseMutex
GetLastError
CloseHandle
lstrcatA
GetTickCount
WaitForSingleObject
GetFileAttributesA
CreateEventA
ResetEvent
CancelIo
SetEvent
TerminateThread
GetVersionExA
GetExitCodeProcess
ExpandEnvironmentStringsA
GetSystemInfo
GetSystemDirectoryA
MoveFileA
MoveFileExA
WTSGetActiveConsoleSessionId
GetCurrentProcess
User32.dll
wsprintfA
ExitWindowsEx
MessageBoxA
IsWindowVisible
SendMessageA
EnumWindows
MSVCRT.dll
strcmp
strlen
memcpy
memset
strstr
ws2_32.dll
WSAStartup
WSACleanup
socket
gethostbyname
connect
closesocket
setsockopt
WSAIoctl
select
getsockname
gethostname
ADVAPI32.dll
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
QueryServiceStatus
ControlService
CreateServiceA
ChangeServiceConfig2A
DeleteService
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
wininet.dll
user32.dll
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
kernel32.dll
GetCurrentThreadId
user32.dll
OpenDesktopA
CloseDesktop
wininet.dll
InternetOpenA
MSIE 6.0
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
ADVAPI32.dll
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
kernel32.dll
GetCurrentProcess
KERNEL32.dll
GetLastError
C:\2.txt
kernel32.dll
CreateToolhelp32Snapshot
Process32First
Process32Next
ADVAPI32.dll
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegCloseKey
ADVAPI32.dll
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
.?AVtype_info@@