Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: adfa03e158bab496b11ae6804560284a --

Hashes
MD5: adfa03e158bab496b11ae6804560284a
SHA1: aa6c9f141b2d3737e32ce5024f105d349e61776c
SHA256: 71023ee91aeab712950a03cf40ae81ae8c0f3142bdc94d8937886c2778e50bec
SSDEEP: 384:Gfk0yayYtZdkzluK9Z2LKXD+3kPRXM6FfHSqSRwVRI3SwfGynEB48UzL6e3S:GdyD0kxuK9KgDJFfDXwfGynEB1eC
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Antivirus |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BootkitDropper/Objs/Release%20BK%20exe/DbgRpt.obj
Strings
		.drectve
.debug$S
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
0@.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
@.rdata
0@.text
`.text
`.rdata
0@.text
`.text
`.rdata
0@.text
`.debug$F
B.text
`.text
`.debug$F
B.text
`.rdata
0@.text
`.rdata
0@.text
`.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
0@.text
`.rdata
0@.rdata
0@.rdata
0@.text
`.rdata
0@.text
`.text
`.text
`.rdata
0@.rdata
@@.text
`.debug$F
B.text
`.debug$F
B.text
`.rdata
0@.rdata
0@.rdata
0@.rdata
0@   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper\Objs\Release BK exe\DbgRpt.obj
Microsoft (R) Optimizing Compiler
h'`+9j
msinfo32.exe
\Common Files\Microsoft Shared\MSInfo\
storefile
Software\Classes\CLSID\
beforerbt
bkinstall
QSSSSSSV
sysinfo.txt
 /report "
170_dr
100_trtr
BkDrop.plug
BkDrop.plug bktestt http://test.orh/gettes/tetst.php
param1 param2 param3
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.debug$F
.rdata
.debug$F
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.rdata
.debug$F
.debug$F
.rdata
.rdata
.rdata
.rdata
_DbgRptSettings
??1TBotObject@@UAE@XZ
??_7TBotObject@@6B@
??_GTBotObject@@UAEPAXI@Z
??_ETBotObject@@UAEPAXI@Z
??_GTBotObject@@UAEPAXI@Z
??3TBotObject@@SAXPAX@Z
?DebugReportAllocSettings@@YAPAUDebugReportSettings@@_NPBD1@Z
?New@STR@@YAPADPADK@Z
?Alloc@HEAP@@YAPAXK@Z
?DebugReportFreeSettings@@YAXPAUDebugReportSettings@@@Z
?Free@HEAP@@YAXPAX@Z
?Free@STR@@YAXPAD@Z
_DbgRptSettingDefault
??0TBotObject@@QAE@XZ
?t_str@?$TString@D@@QBEPADXZ
??_C@_11LOCGONAA@?$AA?$AA@
?Length@?$STRUTILS@D@@SAKPBD@Z
??$DBGOutMessage@PBDPBDPAUDebugReportSettings@@@DBGRPTDEBGTEMPLATES@@YAXPBD0PAUDebugReportSettings@@@Z
??$pushargEx@$00$0NKIBLMFI@$0IP@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$01$0JAKAJHOG@$0OK@PAUHKEY__@@PADHHHJHPAPAU1@PAK@@YAPAXPAUHKEY__@@PADHHHJHPAPAU0@PAK@Z
??$DBGOutMessage@PBDPBDPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD@Z
??$DBGOutMessage@PBDPBDPAUHKEY__@@@DBGRPTDEBGTEMPLATES@@YAXPBD0PAUHKEY__@@@Z
??$pushargEx@$01$0BIACOHMI@$0NC@PAUHKEY__@@PADHPAKPAEPAK@@YAPAXPAUHKEY__@@PADHPAKPAE2@Z
??$pushargEx@$01$0NLDFFFDE@$0NE@PAUHKEY__@@@@YAPAXPAUHKEY__@@@Z
??$DBGOutMessage@PBDPBDKK@DBGRPTDEBGTEMPLATES@@YAXPBD0KK@Z
??$pushargEx@$01$0DOEAAPNG@$0NH@PAUHKEY__@@PADHHPBEK@@YAPAXPAUHKEY__@@PADHHPBEK@Z
??$DBGOutMessage@PBDPBDK@DBGRPTDEBGTEMPLATES@@YAXPBD0K@Z
??$DBGOutMessage@PBDPBD_NPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0_NPAD@Z
??$DBGOutMessage@PBDPBDPADPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD11@Z
??$pushargEx@$00$0PDLIEPAF@$0JA@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
??$pushargEx@$00$0DJCLGACH@$0JB@PAU_RTL_CRITICAL_SECTION@@@@YAPAXPAU_RTL_CRITICAL_SECTION@@@Z
??$DBGOutMessage@PBDPBD@DBGRPTDEBGTEMPLATES@@YAXPBD0@Z
??$pushargEx@$00$0DNJJHCPF@$0CP@H@@YAPAXH@Z
??$DBGOutMessage@PBDPBDPBD@DBGRPTDEBGTEMPLATES@@YAXPBD00@Z
??$DBGOutMessage@PBDPBD_NPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0_NPAD2@Z
??$pushargEx@$02$0GLDKPAOM@$0BFB@PADPBDPAD@@YAPAXPADPBD0@Z
??$pushargEx@$00$0HILAAMHO@$0IH@PADH@@YAPAXPADH@Z
??$pushargEx@$00$0JMEIAOCE@$0DO@PAU_OSVERSIONINFOEXA@@@@YAPAXPAU_OSVERSIONINFOEXA@@@Z
??$pushargEx@$06$0MJFNIFFA@$0BLE@HPADH_N@@YAPAXHPADH_N@Z
??$DBGOutMessage@PBDPBD_N@DBGRPTDEBGTEMPLATES@@YAXPBD0_N@Z
??$DBGOutMessage@PBDPBDPADPAD@DBGRPTDEBGTEMPLATES@@YAXPBD0PAD1@Z
??$pushargEx@$00$0EGDBIKMH@$0DM@PADPADHHHHHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@@YAPAXPAD0HHHHHHPAU_STARTUPINFOA@@PAU_PROCESS_INFORMATION@@@Z
??$DBGOutMessage@PBDPBDHPAXK@DBGRPTDEBGTEMPLATES@@YAXPBD0HPAXK@Z
??$pushargEx@$00$0MFEDHEPD@$0CO@PAXI@@YAPAXPAXI@Z
??$pushargEx@$00$0HCDOLANF@$0BB@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0EHFFIHLH@$0FE@PAD@@YAPAXPAD@Z
??$DBGOutMessage@PBDPBDPADK@DBGRPTDEBGTEMPLATES@@YAXPBD0PADK@Z
??$DBGOutMessage@PBDPBDPAX@DBGRPTDEBGTEMPLATES@@YAXPBD0PAX@Z
??$pushargEx@$00$0IBPAPANP@$0CD@PAD@@YAPAXPAD@Z
??$DBGOutMessage@PBDPBDPADKK@DBGRPTDEBGTEMPLATES@@YAXPBD0PADKK@Z
??$pushargEx@$01$0JAKAJHPA@$0OJ@PAUHKEY__@@PA_WHHHJHPAPAU1@PAK@@YAPAXPAUHKEY__@@PA_WHHHJHPAPAU0@PAK@Z
??$pushargEx@$00$0CNEALIOG@$0IC@PAD@@YAPAXPAD@Z
??$pushargEx@$01$0DOEAAPMA@$0NI@PAUHKEY__@@PB_WHHPBEK@@YAPAXPAUHKEY__@@PB_WHHPBEK@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
??$Alloc@D@STRBUF@@YAPADK@Z
??$GetRec@D@STRBUF@@YAAAUTStrRec@0@PAD@Z
?DbgRptSprintfA@@YAXPADPBDZZ
?GetPathToMsInfo32@@YAPADXZ
??_C@_0N@MINNKPCJ@msinfo32?4exe?$AA@
?m_lstrcat@@YGXPADPBD@Z
?Length@STR@@YAKPAD@Z
?Alloc@STR@@YAPADK@Z
??_C@_0CH@IOEBHBIP@?2Common?5Files?2Microsoft?5Shared?2M@
?m_memset@@YAPAXPAXKK@Z
??_C@_01KICIPPFI@?2?$AA@
?DebugReportSendSysInfo@@YAXPAD00@Z
?Free@Strings@@YAXPAX@Z
?Free@MultiPartData@@YAXPAUTMultiPartDataRec@@@Z
?Post@HTTP@@YA_NPADPAUTMultiPartDataRec@@PAPADPAUTHTTPResponseRec@@@Z
?AddFileField@MultiPartData@@YAPAUTMultiPartItem@@PAUTMultiPartDataRec@@PAD11@Z
??_C@_03HOKODIMJ@rep?$AA@
?Create@MultiPartData@@YAPAUTMultiPartDataRec@@XZ
?New@STR@@YAPADKPADZZ
?GetText@Strings@@YAPADPAXPAD@Z
??_C@_01HNPIGOCE@?$CG?$AA@
??_C@_03MEMNCOEB@uid?$AA@
?AddURLParam@@YAXPAXPAD1K@Z
??_C@_03LGLGIONO@cmd?$AA@
??_C@_09IPFKEBPF@storefile?$AA@
?Create@Strings@@YAPAXXZ
??0?$TString@D@@QAE@XZ
??_7?$TString@D@@6B@
??_G?$TString@D@@UAEPAXI@Z
??_E?$TString@D@@UAEPAXI@Z
?IsEmpty@?$TString@D@@QBE_NXZ
??$CreateFromStr@D@STRBUF@@YAPADPBDKK@Z
?m_memcpy@@YAPAXPAXPBXH@Z
??$AddRef@D@STRBUF@@YAPADPAD@Z
??$Release@D@STRBUF@@YAXAAPAD@Z
??$Length@D@STRBUF@@YAKPAD@Z
??$Append@D@STRBUF@@YAXAAPADPBDK@Z
??0?$TString@D@@QAE@PBDK@Z
??0?$TString@D@@QAE@PBD@Z
??0?$TString@D@@QAE@ABV0@@Z
??1?$TString@D@@UAE@XZ
?Length@?$TString@D@@QBEKXZ
??4?$TString@D@@QAEAAV0@PBD@Z
??4?$TString@D@@QAEAAV0@ABV0@@Z
??Y?$TString@D@@QAEAAV0@PBD@Z
??Y?$TString@D@@QAEAAV0@ABV0@@Z
?GenerateUidAsString@@YA?AV?$TString@D@@ABV1@@Z
??_C@_01GBGANLPD@0?$AA@
?m_lstrlen@@YGKPBD@Z
?MakeMachineID@@YAPADXZ
?CreateGuidFromUid@@YA?AV?$TString@D@@ABV1@@Z
??_C@_01CELHOKLL@?$HN?$AA@
??_C@_01JOAMLHOP@?9?$AA@
??_C@_01HCONENDN@?$HL?$AA@
?CreateSettingKey@@YAPAUHKEY__@@XZ
??_C@_00CNPNBAHC@?$AA@
??_C@_0BI@DDFHHBE@Software?2Classes?2CLSID?2?$AA@
?GetValueName@@YA?AV?$TString@D@@ABV1@@Z
?DebugReportLoadParamList@@YA_NPAV?$TString@D@@@Z
?Crypt@XORCrypt@@YAKPADPAEK@Z
??_C@_02DAMOAIFE@PL?$AA@
?DebugReportSaveParamList@@YA_NABV?$TString@D@@@Z
?DebugReportLoadSettings@@YAXXZ
_DbgRptCs
??_C@_01OGPIMHDM@?$DP?$AA@
?GetCommandParamByIndex@@YA?AV?$TString@D@@PBDK@Z
?DebugReportUpdateSettingsThread@@YAXPAX@Z
?DebugReportSaveSettings@@YAXPBD@Z
?DebugReportGetSettings@@YAPAUDebugReportSettings@@XZ
?DebugReportStepByName@@YAXPBD@Z
?Get@HTTP@@YA_NPADPAPADPAUTHTTPResponseRec@@@Z
??_C@_04CNBNFAL@step?$AA@
?CalcNtldrMd5@@YAPADPADK@Z
?MD5StrFromFileA@@YA?AV?$TString@D@@PBD@Z
??_C@_05FDLGEGEK@ntldr?$AA@
?DebugReportSystem@@YAXXZ
?MemFree@@YAXPAX@Z
??_C@_04HMPDOICP@cs01?$AA@
??_C@_02EHCHIAMF@os?$AA@
??_C@_09GCOHINED@beforerbt?$AA@
?GetOSInfo@@YAPADXZ
?DebugReportBkInstallCode@@YAXK@Z
??_C@_03BALCFKBP@val?$AA@
??_C@_09IJIHGPHM@bkinstall?$AA@
??_C@_02GMHACPFF@?$CFu?$AA@
?GetProcAddressEx@@YAPAXPADKK@Z
?DebugReportUpdateNtldrCheckSum@@YAXXZ
??_C@_04ODMANJEA@csup?$AA@
?DebugReportCreateConfigReportAndSend@@YAXXZ
?CloseCab@@YAXPAX@Z
?AddFileToCab@@YA_NPAXPBD1@Z
??_C@_0M@OAJHFKOL@sysinfo?4txt?$AA@
?CreateCab@@YAPAXPBD@Z
??_C@_01BJJEKLCA@?$CC?$AA@
??_C@_0L@HJGDFBF@?5?1report?5?$CC?$AA@
?GetTempNameA@File@@YAPADXZ
?GetDriverUrl@@YA_NPADK@Z
?m_lstrcpy@@YGXPADPBD@Z
??_C@_06BFGAGGII@170_dr?$AA@
?DebugReportStep1@@YAXXZ
?DebugReportStep2@@YAXK@Z
?DebugReportSaveUrlForBootkitDriver@@YA_NXZ
??_C@_15HCBMMKJC@?$AAI?$AAD?$AA?$AA@
??_C@_1HM@EDCMPNEG@?$AAS?$AAO?$AAF?$AAT?$AAW?$AAA?$AAR?$AAE?$AA?2?$AAC?$AAl?$AAa?$AAs?$AAs?$AAe?$AAs?$AA?2?$AAC?$AAL?$AAS?$AAI?$AAD?$AA?2?$AA?$HL?$AA8?$AAC?$AAB?$AA0?$AAA?$AA4?$AA1?$AA3@
??_G?$TString@D@@UAEPAXI@Z
?DebugReportInit@@YAXXZ
?StartThread@@YGPAXPAX0@Z
?DebugReportRunTests@@YAXXZ
??_C@_08HDFPIGCN@100_trtr?$AA@
??_C@_0M@EKCCLENP@BkDrop?4plug?$AA@
??_C@_0DF@EEGOKPKI@BkDrop?4plug?5bktestt?5http?3?1?1test?4@
??_C@_0BF@EIPNLNPN@param1?5param2?5param3?$AA@