Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b48e578f030a7b5bb93a3e9d6d1e2a83 --

Hashes
MD5: b48e578f030a7b5bb93a3e9d6d1e2a83
SHA1: 8f40f8fb629d426e381989b8713ece3fe5885547
SHA256: 81bd203ef3924bf497e8824ed5f224561487258ff3d8ee55f1e0907155fd5333
SSDEEP: 768:0g5GcFjWkNqroFsPDN2NMhUvGAYEystxK9rZu+gWDepVzgUzXkp3bCY5ZG/nao86:04kEGeuP8+1pCpE5V0oTNcy2R
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dropper | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/GenerateTLSClientHelloPacket_Test |
Strings
		!This program cannot be run in DOS mode.
HRichQ
`.rdata
@.data
@.reloc
<gtA<Gt=<pt
D$ SUV
D$ _^][
L$(PQj
E	RUSWPV
^X_[]Z
UPVRWQ
Y_Z^X]
D$LUVWj
RUSWPV
^X_[]Z
RPWVQS
[Y^_XZh`
RPWVQS
[Y^_XZ
D$(VPQ
D$(VPQ
L$(QRh
L$(QRh
D$,SPQ
L$$PQh
L$ j Q
D$Pj\P
D$ RPV
L$ PQV
D$8RPh
D$(QRP
D$$Pj@
L$ Qj@
L$4Ph` 
XUWSRP
ZX[jPh
D$8SPj
\$0t$8
D$@PVW
<Vt1VW
RPWVQS
[Y^_XZ
SVWRUSWPV
^X_[]Z
DeleteFileA
GetVersionExA
GetTempPathA
SetCurrentDirectoryA
ReadFile
CloseHandle
GetFileSize
CreateFileA
CopyFileA
SetFileTime
GetFileTime
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CreateProcessA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
WaitForSingleObject
CreateThread
SetEndOfFile
FlushFileBuffers
WriteFile
SetFilePointer
WinExec
GetSystemDirectoryA
GetWindowsDirectoryA
SetLastError
GetVersion
GetSystemInfo
GetCurrentProcess
GetModuleHandleA
GetSystemDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GlobalFree
GlobalAlloc
FindClose
FindNextFileA
FindFirstFileA
CreateMutexA
GetSystemTime
LocalFree
LocalAlloc
DisableThreadLibraryCalls
GlobalLock
KERNEL32.dll
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ChangeServiceConfigA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA
StartServiceA
RegQueryValueExA
FreeSid
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
ADVAPI32.dll
SHGetSpecialFolderPathA
SHELL32.dll
CoTaskMemAlloc
ole32.dll
sprintf
malloc
strstr
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
_snprintf
printf
strncat
asctime
localtime
fclose
fflush
fprintf
_except_handler3
wcscpy
wcslen
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
DeleteUrlCacheEntry
InternetSetCookieA
WININET.dll
URLDownloadToCacheFileA
urlmon.dll
Netbios
NetApiBufferFree
NetUserEnum
NetServerEnum
NETAPI32.dll
GetTcpTable
GetAdaptersInfo
GetNetworkParams
iphlpapi.dll
WS2_32.dll
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
_stricmp
_strnicmp
_memicmp
IePorxyv.dll
IePramGet
http://%s/
http://%s/%s/
hidden
NAME="
name="
type="
<input
ACTION="
action="
METHOD="
method="
</FORM>
</form>
<form 
<img src="
http://%s%s
abcdefhirstuvwxz
update
research
history
health
safety
government
expand "%s" "%s"
Program Files\Windows NT\Accessories\
%sindex%2.2d_%d.html
7B$cs:
wVtSOlh
EcDb&7|N
zrdRt'F
UsTr[}Z|Y
8Es]6-
%_Y>gr
;B;K;w;};o;
:1:S:u:k:
9	95919=9R9_9C9O9J9t9l9
8=8)8[8J8c8j8
> >*>]>F>D>B>@>N>L>J>w>q>}>f>`>m>
>;= =N=l=
=7<:<Y<M<p<k<
31393!3)3\3@3v3~3`3
InstallDate
SOFTWARE\Microsoft\Windows NT\CurrentVersion
kernel32
IsWow64Process
 %s %d.%d 
unkstate
DELETE-TCB
TIME-WAIT
LAST-ACK
CLOSING
CLOSE-WAIT
FIN-WAIT-2
FIN-WAIT-1
ESTABLISHED
SYN-RECV
SYN-SENT
LISTEN
CLOSED
TCP 	 %s:%d 	 %s:%d 	 %s
	Lease Obtained. . . . . . . . . . : %s	Lease Expires . . . . . . . . . . : %s
	Primary WINS Server . . . . . . . : %s
	Secondard WINS Server . . . . . . : %s
					    %s
	DNS Servers . . . . . . . . . . . : %s
	DHCP Server . . . . . . . . . . . : %s
	IP Address. . . . . . . . . . . . : %s
	Subnet Mask . . . . . . . . . . . : %s
	Default Gateway . . . . . . . . . : %s
	Description . . . . . . . . . . . : %s
	Physical Address. . . . . . . . . : %s
	DHCP Enabled. . . . . . . . . . . : %s
	Autoconfiguration Enabled . . . . : 
	Connection-specific DNS Suffix. . : %s
	Media State . . . . . . . . . . . : Media disconnected
0.0.0.0
%s ...... : 
	Host Name . . . . . . . . . . . . : %s
	Primary DNS Suffix. . . . . . . . : 
	Node Type . . . . . . . . . . . . : %s
	IP Routing Enabled. . . . . . . . : %s
	WINS Proxy enabled. . . . . . . . : %s
	DNS Suffix Search List. . . . . . : %s
unknown
Hybrid
Peer To Peer
Broadcast
SLIP Adapter
Loopback Adapter
PPP Adapter
FDDI Adapter
Token Ring Adapter
Ethernet Adapter
Other Type Of Adapter
%02x-%02x-%02x-%02x-%02x-%02x
Dir %dk (%d)
Copy Ok
Echo Err
Echo Ok
vcl.tmp
http://%s/%s.%s
default
AutomaticLayoutRecovery
%s\Software\Microsoft\Internet Explorer\BrowserEmulation
AutoRecover
%s\Software\Microsoft\Internet Explorer\Recovery
vv;expires = Sat,01-Jan-2000 00:00:00 GMT
</label>
</span>
</div>
9!:7:P:
;8<J<U<`<u<
>'>?>^>h>
4!5(5k6
:";D;Q;+<
3)404=4
829N9 :u:
=-?4?k?
-030E0J0x0
7"767A7P7b7q7
8&838B8K8Y8
:+:8:M:Z:
<0<V<e<{<
;=;N;Z;
<+<2<6=
5 525=5J5t5
7$7O7V7d8
= =$=(=,=0=4=8=v=
354C4P4
6&696F6
[0u0|0
6'7-7o7
:!;N;h;};
<*=7=S=]=d=o=
>:>O>X>
626g6#7[7@9E9
:=;B;H;N;T;Z;`;f;l;r;x;~;
0A0f0{0
00171Y1i1w1
2L2S2u2
5"5*525<5@5D5H5L5P5T5X5n5u5z5
7)7I7j7r7
8>8G8b8h8o8
:#:(:0:
;P;_;v;};
<)<9<E<J<R<^<t<
;)<K<_<y<
<@=d=r=
?0?A?k?
1&2+2j2t2y2
4 4/4Z4z4
4-545?5
;*;2;D;
<7=F=T=s=2>9>
6&7H7~7
8$848>8Y8^8n8x8
9&9A9F9V9c9
:,:M:R:b:o:
<(<<<P<d<{<
=-=A=U=
?!?'?2?8?>?D?J?
0$0)040A0K0`0l0r0
1$12181>1D1J1P1V1\1b1h1n1t1z1
2<2\2|2
383D3P3\3h3q3z3
H2L2T2X2d2h2l2p2t2x2|2
3,343@3\3d3p3
4,484T4`4|4
5$5,545<5D5L5