Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: ad5e9b8b6c41e15e485fb16a493480e5 --

Hashes
MD5: ad5e9b8b6c41e15e485fb16a493480e5
SHA1: c6110b82e2561ce1bf6791a4acc2032112865a84
SHA256: 1dc244cbc0ee749a1a727e1fb6cb2c40e0c900e072e45a3275cc78e8cbe9b84f
SSDEEP: 384:XWL/ryMnvKOXTVUD1WTbTIH5QNKvqyV0GXefOOguQTURVMHfWFd88mZMpI71Sb4A:XWHvPSDYDBN7WX+ZguecmHHO0L
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/VM_Generic_Detection | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/network_tcp_socket | YRP/network_dns | YRP/win_token | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library |
Source
http://wuenschejetzterfuellen.com/Plugins/info.dll
http://wuenschejetzterfuellen.com/Plugins/info.dll
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
t+Ft(Vj@
t0At-Qj@
Ht$HuU
<\u_G;
<a|*<f
PVVVVVVh 
t093v%
98vk93vg
%u.%u.%u.%u
User-Agent
Max-Forwards
Mozilla/4.0 (IE 11.0; Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Mozilla/4.0 (IE 11.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Mozilla/2.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; Ant.com Toolbar 1.6; MSIECrawler)
Mozilla/2.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Iceweasel/35.0a2
Mozilla/3.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-4)
Mozilla/3.0 (X11; U; Linux i686; pt-PT; rv:1.9.2.3) Gecko/20100402 Iceweasel/3.6.3 (like Firefox/3.6.3) GTB7.0
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
User-Agent: 
Max-Forwards: 
connect
socket
closesocket
gethostbyname
WSAStartup
inet_addr
inet_pton
Transfer-Encoding: 
Content-Length: 
chunked
 HTTP/1.1
Host: 
Cookie: 
Connection: 
keep-alive
aegislabs
agnitum
ahnlab
alibaba
antiy-avl
avast!
arcabit
antivir
avware
bitdefender
bytehero
quick heal
zonealarm
clamav
comodo
crowdstrike
endgame
emsisoft
fortinet
f-prot
the hacker
virobot
ikarus
invincea
nprotect
f4cky0ukasperskyyouwillnevergetfr3shsampleofthisbl4cken3rgy
jiangmin
k7antivirus
kingsoft
ad-aware
malwarebytes
mcafee
panda platinum
qihoo 360
rising
sentinelone
sophos
superantispyware
symantec
tencent
totaldefense
kaspersky
trendmicro
trustlook
zillya
webroot
whitearmor
nil/nil
ip-api.com
country
regionName
timezone
%.2d:%.2d %.2d-%.2d-%.4d
laptop;
desktop
n1ghtly
{"Version": "
", "Type": 
, "OsInfo": {"Major": 
, "Minor": 
, "BuildNumber": 
, "Platform": 
, "SuiteMask": 
, "Architecture": 
, "ProductType": 
, "ServicePack": 
}, "Specs": {"UserCompName": "
", "CPU": "
", "Processors": 
, "GPU": "
", "RAM": 
, "Displays": 
, "HDD": "
"}, "System": {"UserAdmin": 
, "ProcessAdmin": 
, "Time": "
", "Software": "
", "Antivirus": 
, "Status": "
", "Jre": "
", "Jdk": "
", "DotNET": "
", "Process": "
", "BIOS": "
"}, "Network": {"Ports": "
", "Adapters": "
", "Latency": 
185.177.59.179
}, "Geo": {"IP": "
", "Longitude": "
", "Latitude": "
", "Organization": "
", "City": "
", "Region": "
", "Country": "
", "Assigner": "
", "Timezone": "
{"Type": 
, "Specs": {"HDD": "
"}, "System": {"Software": "
"}, "Geo": {"IP": "
{"Time": "
@USAVAWH
D8!t4H
hA_A^[]
NtQueryKey
RtlExpandEnvironmentStrings_U
NtEnumerateKey
RtlEnterCriticalSection
NtOpenKey
NtQuerySystemInformation
RtlEqualSid
NtQueryInformationProcess
NtPowerInformation
NtQueryVolumeInformationFile
NtCreateFile
NtClose
RtlTimeToTimeFields
RtlLeaveCriticalSection
NtOpenProcessToken
NtQueryInformationToken
LdrLoadDll
NtOpenProcess
NtQueryValueKey
NtOpenFile
RtlInitializeCriticalSection
RtlDosPathNameToNtPathName_U
ntdll.dll
WS2_32.dll
GlobalSize
GlobalAlloc
ReadProcessMemory
IsDBCSLeadByte
GlobalFree
GlobalReAlloc
KERNEL32.dll
wsprintfW
wsprintfA
EnumDisplayMonitors
USER32.dll
LsaLookupSids
LsaOpenPolicy
AllocateAndInitializeSid
ADVAPI32.dll
GetExtendedTcpTable
GetAdaptersAddresses
IPHLPAPI.DLL
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
_allmul
_chkstk
memcpy
memset
Info.dll
GetInfo
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
9$9.9K9
:,:5:\:_;q;
?7?_?y?
.0T0q0
111C1J1
7$8j8B9
; ;';.;5;<;C;J;
<)=5=<=F=M=W=^=h=o=y=
>*>7>A>W>y>
222P2^2
<)<C<Z<
>6>J>w>
4,4H4d4
5A5I5q5
536P6W6
=C>`>d>
3*4z4:5
9#9-9o9
;:;p;x;
;?<j<~<
<'=J=O=
2+2F2V2q2
373Y3{3
4&444B4`4~4
<7<j<|<
=%=-=5=A=J=O=U=_=i=y=
>">*>2>:>E>J>P>Z>d>w>|>
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1