Sample details: c007b30eb69068698cccf5a09355221d --

Hashes
MD5: c007b30eb69068698cccf5a09355221d
SHA1: 22b905d1f8d3810e05a1644567a91ad33f5a8d07
SHA256: e084e4ad90e825f512bec7dab81a048ca9dcdea20a326e248150a846c54d40e4
SSDEEP: 1536:eojtDic3iLwx3YeNnJ/RB5U28aNfYPjPWE41hYJV:ewT3iLwxrNVRB5U284fqWE41hwV
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_60_DLL_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/inject_thread | YRP/escalate_priv | YRP/win_registry | YRP/win_token | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
RichCs.
`.rdata
@.data
@.reloc
HmVDmI
X*b$Lw?{
L$,PQjq
L$@PQjr
HmVDmI
8Gj>zO!
?vOxQ|
8Gj>zO!
?vOxQ|
HmVDmI
yh(3]mF
D$ RPV
L$ PQV
L$$PQjW
o`$=0Q
L$LQRjV
L$$PQjW
$g'>*C
X*b$Lw?{
HmVDmI
s\Wqt&
o`$=0Q
5+jyQk*
o`$=0Q
X*b$Lw?{
5+jyQk*
D$8RPQ
8Gj>zO!
?vOxQ|
5+jyQk*
GetModuleFilepameA
CloseHandle
GetLastError
DeleteFileA
GetSystemDirectoryA
OpenProcess
CreateThread
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
SizeofResource
LockResource
LoadResource
SetLastError
FindResourceA
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetTickCount
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadFile
GetFileSize
SetFileTime
GetFileTime
CopyFileA
SetEndOfFile
TerminateThread
CreateEventA
FreeConsole
SetEvent
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
GetExitCodeProcess
PeekNamedPipe
CreateProcessA
CreatePipe
FreeLibraryAndExitThread
MoveFileExA
WinExec
LeaveCriticalSection
EnterCriticalSection
KERpEL32.dll
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
LookupAccountSidA
GetTokenInformation
ADVAPI32.dll
strchr
strncpy
sprintf
strncmp
strstr
malloc
system
wcstombs
__CxxFrameHandler
??3@YAXPAX@Z
_snprintf
_except_handler3
MSVCRT.dll
__dllonexit
_onexit
_initterm
_adjust_fdiv
WS2_32.dll
_strnicmp
_stricmp
msnetacsvc.dll
ServiceMain
WnNetEntry
h1!}]YT
|qs,)`
AWw#<tO;e
'&9C/o?F"
up`35i
<;M&+~n1q_:L'$_e'}	
$]8~co"
?"\5u$f-
	DPZ	$
I&<Y7Tht
w=..aI7
=:W>G{k%
08"_=6Nd.
^;!\>5Xs
!;^0qyte.r
 4sts|2e!@^
5*HN;gYl
ARG\eD
^C(VGY
w_SP@Gmr
XG)QoV
|x	y=5+~b
:yg	|d
o,M'zpw
{-8/4p*
n#1g?T&
MajNQlH0Vnn| 
0umI1Woo} 
1te_6 $55e@e
_%K R'}
k<'6[qk
k+ 8 N 
%m*`EZZ^H"lr~?
,t}l2A\
o;.zQF;L
L\yD)\
JZ{U:\
IY)1ZW#G
pWLZ5K
OVHS%B-
aUBX1w
~;7/4,5-2*3+0(
gLf.f1f
fneee^e
eidddMdYd+d:d
dhcdcycIc-c(c%c
cibwbubIbZbYbUb
bmakaiagaZa/a a
an`l`j`h`y`N`I`Z`.`#`4`2`
oroIo[o*o<o:o8o6o4o2o0o
N.}cDO<
7pH7TkXRw&w
gT0&G*
$+Njk/
|W!o-V
xwD$j'$r
$mdzE"
8!%Y!_
Zt2l_p
	'D-Qo
dz;1&~=N*
S3 p~z
"`i?TH
=!-ty>
;]>&;)!
89=0;P>::
9\<m9i>
6N3q6"5b0
>A;^>s=
9h;o;C=V=f=m=z=
20J0W0
7a8k8x8
:%:0:;:c:n:y:
3080=0F0g0H1v1
?!?5?T?a?
2&2B4I4
:[?_?c?
5N6p6x6
>->;>A>
4V7_7n7v7
<(<2<<<F<P<
>*>0>O>k>|>
0!0(0.040T0
324B4R4O6
;.<\<v<
70T0o0
0r1B2k2
20474H4P4W4
; <3<R<r<
<2=}=*>H>S>
233K3x4
5I5f5{5
7A7w7}7
7a9k9%;
0!0(0-0R0
1(141:1\1n1
2"2(2.242:2@2F2L2R2w2
2,242@2\2d2