Sample details: acd8d34d8360129df1c8d03f253ba747 --

Hashes
MD5: acd8d34d8360129df1c8d03f253ba747
SHA1: 8ef3749d00526ab5106334e01247177636716929
SHA256: 595e47500014ab50ed0060f9e4b22b00edffbb0169adfd0413aadcdf523aa544
SSDEEP: 1536:jBfs7cvIzJkOeUTrDuMfEBFZZgDzoxQO1bbbbbbbgbh:VfysMFMBHZgDzoxQOGb
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/win_registry | YRP/win_files_operation | YRP/BASE64_table | YRP/VC8_Random | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
\$(VW3
D$8_^]
D$ RPV
L$ PQV
L$(QShd
SUVWhHL
D$4<0~
L$TQWj
<9~"<a|
QQSVWd
t.;t$$t(
VC20XC00U
sO;>|C;~
HHtpHHtl
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
PPPPPPPP
PPPPPPPP
VWuBh`
HSVHWtgHHtF
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
?456789:;<=
 !"#$%&'()*+,-./0123
`h````
ppxxxx
(null)
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
TerminateThread
CloseHandle
TerminateProcess
GetExitCodeProcess
ReadFile
PeekNamedPipe
CreateProcessA
CreatePipe
GetSystemDirectoryA
GetModuleFileNameA
SetFileTime
GetFileTime
CreateFileA
GetSystemTime
SetLastError
GetLastError
OutputDebugStringA
FreeConsole
CopyFileA
FindClose
DeleteFileA
FindFirstFileA
WriteFile
CreateThread
KERNEL32.dll
CloseServiceHandle
OpenSCManagerA
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ADVAPI32.dll
WS2_32.dll
RtlUnwind
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RaiseException
ExitProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
rasauto32.dll
ServiceMain
>Create Cmd Error
\cmd.exe
a1b2cd3*x#j@n$q
OLMJ~~~
KM~~~~~
O~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~
abc123d
SvcHostDLL: ServiceMain done
SetServiceStatus in CmdStart Error !
SvcHostDLL: RegisterServiceCtrlHandler %S failed
SvcHostDLL: ServiceMain(%d, %s) called
SetServiceStatus in CmdControl in Switch Error !
SetServiceStatus in CmdControl SERVICE_CONTROL_STOP !
SetServiceStatus in CmdControl out Switch Error !
SetServiceStatus in CmdControl SERVICE_RUNNING !
%s error %d
RegSetValueEx(ServiceDll)
ServiceDll
RegOpenKeyEx(%s) KEY_SET_VALUE error %d.
\Parameters
SYSTEM\CurrentControlSet\Services\
\kernel32.dll
Copy: %s => %s
32.dll
OpenSCManager()
you specify service name not in Svchost\netsvcs, must be one of following:
RegQueryValueEx(Svchost\netsvcs)
netsvcs
RegOpenKeyEx(%s) KEY_QUERY_VALUE error %d.
rasauto
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
Exception Catched 0x%X
DeleteService(%s) SUCCESS.
Success !
Failure !
no Exists !
OpenService(%s) error %d
OpenSCManager() error %d
WritePile Error Shell Exit 
>Enter Cmd Shell Failed !
192.168.1.104
.?AVtype_info@@
0!0'0-050;0L0R0[0d0q0
2,222B2H2T2Z2c2h2u2
2C3Q3c3
4	4a4m4z4
5)5:5Y5e5
6"6:6`6l6
;!;';:;C;x;~;
< <.<=<H<O<U<Z<_<e<n<t<y<~<
='=,=>=C=a=o=~=
>O>b>n>v>
%090Q0
0 1&181=1e1l1x1
4M4i4{4
979H9w9
9	:(:0:7:@:J:Y:k:x:
;2;L;\;k;w;
<!<;<C<Q<Y<g<o<}<
=&=N=[=b=
2$2/2C2P2[2k2x2
3C;M;S;y;
<*<?<T<k<
=,=0=4=8=9>L>b>=?
;';.;>;D;K;U;n;v;{;
<%</<G<L<V<p<~<
<==X=g=
=Z>`>{>
?(?.???V?`?y?
0C0H0a0o0
:':g:v:V;^;
405B5Q5r5x5
666B6L6W6a6k6q6
8"8.8@8N8]8n8
9$929=9Q9W9e9n9
:3:V:^:d:l:t:|:
;/;J;Z;`;u;
="=D=X=
><>f>t>
232?2O2
5#5*51575^5j5r5z5
6(6;6b6q6
7"787?7O7U7\7i7p7x7~7
:):/:?:J:\:o:z:
>%>*>0>@>I>c>t>z>
0!0*030
1"1*191q1~1
2O3\3k3
6!7=7U7
8+8E8L8P8T8X8\8`8d8h8
8*959P9W9\9`9d9
:J:P:T:X:\:
;';8;K;c;
?.?@?H?N?V?
1)131=1E1S1q1
2E3M3v3
3[4b4{4
757[7u7|7
9 9$9(9,909z9
:&;=;U;h;
=$=+=0=A=]=
>/?>?^?
0(0@0Z0e0
455?5[5
t2x2|2
3(30343@3H3L3
7 7(7,7
9 9<9D9L9l9
0 0,0`2p2`7
:4=T=d=t=
1$1(1,10141
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2