Sample details: ba4b8441491c6badb265ac702520e0ad --

Hashes
MD5: ba4b8441491c6badb265ac702520e0ad
SHA1: dfa59f5538b6fc1ad0ac0c2bb5fb45b1b8c42a11
SHA256: aec00cc16d4eea4d23895c0a48e5e5520592cbb3f1fac0f5850b9263addcf453
SSDEEP: 1536:ifD3AdXOvrhlNiTFva+OCVnOkVZLkmIXWEgtX58Xe55Q:ifEdXQHiJOQ4nXG58Xe55
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/escalate_priv | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_hook | YRP/Big_Numbers1 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/IMPLANT_4_v5 | FlorianRoth/IMPLANT_4_v5 |
Source
http://103.68.190.250/Sources//Advance/Locker/bin/Release/locker.dll
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
^9G@w	
0WWWWW
0WWWWW
QQSVWd
0SSSSS
j@j ^V
>=Yt1j
< tK<	tG
URPQQhls
s[S;7|G;w
tR99u2
_VVVVV
^WWWWW
0A@@Ju
0SSSSS
0SSSSS
;t$,v-
UQPXY]Y[
0SSSSS
v	N+D$
_VVVVV
PPPPPPPP
PPPPPPPP
t"SS9]
v	N+D$
<+t(<-t$:
+t HHt
t+WWVPV
D$09D$(u
uGSUVWj
PPUSWP
h_p5:j
he$Xjj
QSSWSS
VVVVPQ
D$09D$(uPVj
bad allocation
Unknown exception
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
bad exception
GAIsProcessorFeaturePresent
KERNEL32
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#SNAN
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
string too long
invalid string position
bad allocation
SwitchDesktop
USER32
CreateProcessInternalW
KERNEL32
bad allocation
bad allocation
bad allocation
InitializeAPI
bad allocation
.fpbcfg
ws2_32.dll
winsta.dll
shell32.dll
wininet.dll
urlmon.dll
nspr4.dll
ssl3.dll
winmm.dll
cabinet.dll
opera.dll
Gdi32.dll
gdiplus.dll
crypt32.dll
msgina.dll
list<T> too long
vector<T> too long
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
ole32.dll
StrStrIW
SHLWAPI.dll
CreateMutexW
HeapAlloc
HeapFree
WaitForSingleObject
SetEvent
GetProcessHeap
OpenProcess
HeapValidate
TerminateProcess
MultiByteToWideChar
GetLastError
CreateEventW
CloseHandle
CreateThread
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetVersionExW
GetProcAddress
GetModuleHandleA
VirtualProtect
KERNEL32.dll
SetThreadDesktop
SwitchDesktop
wsprintfW
OpenDesktopW
CreateDesktopW
GetWindowThreadProcessId
EnumChildWindows
EnumWindows
CallWindowProcW
SetWindowsHookExW
SetWindowLongW
CallNextHookEx
GetKeyState
GetForegroundWindow
FindWindowW
USER32.dll
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
OLEAUT32.dll
lstrlenA
WideCharToMultiByte
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
locker.dll
InitializeAPI
.?AV_com_error@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVout_of_range@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVexception@std@@
.?AVbad_alloc@std@@
=/=:={=
1"1*151;1J1T1a1o1n2
=/=L=W=
=4>:>@>]>x>}>
0#0?0J0}0
2;3B3H3m3u3
4H4Z4,565C5^5e5}5G6
889>9Y9
<b<<=D=\=t=
262@2E2K2O2U2Y2_2c2i2m2r2x2|2
2V3\3b3h3n3t3{3
4!4'4-4C4J4z4
535Q5X5\5`5d5h5l5p5t5
566A6\6c6h6l6p6
7Z7`7d7h7l7
8C9I9T9`9u9|9
:*:;:A:L:V:\:h:w:}:
;!;.;Q;f;
>">*>0>7>=>D>J>R>Y>^>f>o>{>
?(?H?N?j?
(0-0?0]0q0w0
0!1<1B1K1R1t1
2*232I2T2n2z2
3#3.333Q3
5/686D6}6
7(7/777<7@7D7m7
8$8(8,808
9M9T9X9\9`9d9h9l9p9
:8:=:!;.;R;
;	<*<0<b<
=!>'>K>i>
>7?B?L?]?h?
1,141:1?1E1
3(3-3a3f3t3|3
4'434;4C4O4s4{4
51575@5S5w5
6,6:6?6
9!9&9/9L9R9]9b9j9p9z9
1E1]1h1
272\2o2
2	4n4{4
4V5|6u7
1&2.2C2N2
6%707:7S7]7p7
:4:<:D:[:t:
;1;6;;;@;P;
<#<*</<6<;<
<C=R=a=j=
2'252u2
4=5W5`5
0(0:0L0
3+383D3N3V3a3
5z6V9L:T:
<*=0=@=
2$3;3k3
6*:.:2:6:::>:B:F:J:N:R:V:c:>;V;e;
8F8S829A9
0(020O0o0|0
1F2U2]2
:/:M:b:s:
;%;/;?;I;U;
;"<R<f<{<p=
4G5Y5t5
5'656<6C6M6W6a6k6u6
8#9-9:9Q9c9m9
:!:-:C:W:g:p:
;';4;T;o;x;
>.?6?U?u?
060M0T0k0
1F1c1n1
616T6w6
7&7Q7l7
1P2d2h2l2
 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1(1,1<1@1H1`1p1t1
2 2$2(2,242L2\2`2p2t2x2
4,404P4p4
5 5@5\5`5
6@6H6L6d6h6
7 7@7`7
8 8(80888<8@8H8\8d8x8
9 9(9@9T9`9h9
:0:8:D:d:p:
;(;<;P;\;d;|;
04080<0T0
4$4,40444`4d4h4l4p4t4x4|4
5 505T5`5d5h5l5p5x5|5
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
0$0(0,0004080X0x0