Sample details: b03789a726a2e0d65fe581fb6afc4b17 --

Hashes
MD5: b03789a726a2e0d65fe581fb6afc4b17
SHA1: 89eee978bd21febc1921d882ed760f51e5695c9c
SHA256: e2a511a12805f2ab7e7a6493055847b36d498f60dfe236c31c92b1231c907bec
SSDEEP: 768:HxnUTrr4ZIg3QnvIHmTXmp8LbzVJlPBEraRxxRx98hU2yN6reGMUIuqHj2fnR2:RnSrrOQnvVZzHUKt9gHeGMwfR
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/keylogger | YRP/Str_Win32_Wininet_Library |
Parent Files
04ad72cfc3cc5d02c355ed3b2627ec90
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
T$(QRP
L$$_^][d
D$0SUV
T$4QRP
L$0_^][d
L$,RPSQ
D$TWPh
T$TWRh
D$8RPQ
D$H_^][d
T$xRhd
L$0PQR
L$DSUV2
L$ QhD
|$ VWSj
VWSPUQ
D$8_^]
L$,PVQ
0123456789ABCDEF
MFC42.DLL
__CxxFrameHandler
_mbsicmp
_mbscmp
isalnum
MSVCRT.dll
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
SetErrorMode
lstrlenA
MultiByteToWideChar
GetLastError
GetVersionExA
GetProcAddress
VirtualProtect
LoadLibraryA
InterlockedDecrement
GetModuleHandleA
LocalFree
GetStartupInfoA
KERNEL32.dll
SetTimer
SystemParametersInfoA
KillTimer
PostMessageA
EnableWindow
UpdateWindow
GetKeyState
GetAsyncKeyState
AdjustWindowRectEx
GetClientRect
IsWindow
MessageBoxIndirectW
USER32.dll
ADVAPI32.dll
SHELL32.dll
CoTaskMemAlloc
ole32.dll
OLEAUT32.dll
urlmon.dll
MSVCP60.dll
InternetSetOptionA
WININET.dll
mixerClose
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
WINMM.dll
VERSION.dll
IMAGEHLP.dll
_CxxThrowException
_setmbcp
TbViewer.exe
?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
CChildFrame
CMainFrame
http://auction1.paipai.com/
.paipai.com
http://detail.tmall.com/item.htm?
.tmall.com
http://ju.mmstat.com/?url=http://item.taobao.com/item.htm?
http://item.taobao.com/item.htm?
.taobao.com
CTbBaseView
 %d/%d 
TbViewer.Document
Local AppWizard-Generated Applications
CTbViewerDoc
CTbViewerView
http://search1.paipai.com/cgi-bin/comm_search1?KeyWord={KEYWORD}&sDefKeyword=&sClassid=0&shoptype=&searchType=0&PTAG=20084.2.2&as=1
http://s.1688.com/selloffer/offer_search.htm?keywords={KEYWORD}&n=y&categoryId=
.1688.com
http://s.taobao.com/search?q={KEYWORD}&commend=all&ssid=s5-e&search_type=item&sourceId=tb.index&initiative_id=tbindexz_{YMD}
{KEYWORD}
%04d%02d%02d
ocean\ocean
CFixHtmlView
CFixHtmlViewBase
waveOutWrite
midiStreamOut
midiStreamOpen
winmm.dll
DirectSoundCreate
DSound.dll
socks5
socks4
http://www.taobao.com/webww
http://amos1.taobao.com
http://sighttp.qq.com
http://wpa.qq.com
.gov.cn
.org.cn
.net.cn
.com.cn
<a href="%s" target="%s">%s</a>
_blank
afterBegin
(?<day>expires=[A-Za-z]{3}),(?<date>\s\d{2}-[A-Za-z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\sGMT)
${day}${date}
http://
.?AVtype_info@@
.?AV_com_error@@
NNNNNNNN
NN;?64D
N-7Fb,<y
o`x}qdO!
eVC&9g
fnn_wP
pXEff$$
@P@PB,
xxxB$$A
xxxB#"$,
xxH*2"$,
<							
yS_I1yp.
\aE[blG$  
yyyy\Q[T)
yyyy'CUw
=BB=,EYm
!/.vv;'4FUq{}kJ#
3vy+@PHH20#
"###""
TDDD@@P
xxxxxx
"#"2:*
"##:**
xxxxx@""  ,
"""  ,
xxxF2#""" ,
**"  "
22*"" ,
3fnnl,
XU[k}}
V.,:I[}}
v|Y=7j]
.no\B=7wS]
<PPTbq\M?2
2=M\ns
7=M\ot}
NNNPT./tF*-
Kb```Z*=M\oz
$7=Mfoz
+A+%3K"
 $*7BMfo
27=M\fz
9*7E_\fo
yEAk}lQQ/(.
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwtGwwwwwwwwwwwwwwwtDDDDw
wwGtwDwwwwwtDDDDw
pwwwwppwwww
wwGttwGwwwwt
33330wp3
wwGttwGwwwwt
wwtDtwGwp
33330p333333
wwwttDwwp
wwwwpppwww
wwp0wwww
wwp0wwww
OGp888888
wwp0wwww
wwwppwwwp
p0wwww
DDGwp8
wwwwwwww
p0wwww
wwwwwwpwppp0wwww
wwwwwww
wwwwwww
wwwwwp
HrCg@b	g 
HrCg@b	g 
SSbpS	
SSbpS:g
SSbpS	
SbpS;m
ceQjR4
S>e'Y0R
Rbc0RHQMR
OX[@b	g
Y0Rck8^'Y