Sample details: c20fbe762b21431af16500dede1543db --

Hashes
MD5: c20fbe762b21431af16500dede1543db
SHA1: ae07f4a2dbaa25650cec5f19eb5d59dbe02667af
SHA256: fceb5aabb9c2ab5ec566cd46aedb7d6fba757f9d305c9b5b16dd35a64318790c
SSDEEP: 384:FJY4HRWzOO4bCaZWsO+A/xp9e3ZCWe1e5DbZ74vCTHrot+cf4Sy3qRAvCUtQC3/4:w4HdOHa8+5sDe5HZsSI+cA/3OAv4lGDG
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/network_dns | YRP/win_files_operation | YRP/spyeye | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.edata
@.idata
.reloc
350bcli^
2d6eec
93e35s
41878Z
4a177Z
2ce89X
6bc6f\
553b0[
8cd56^
81051E;
69c32V
5006ev
379bfv
2d190z
29839u
20d41s
77cdax
0ded3u
9388f}
5b2a3h
02bbfr
3285dz
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
_Z10aBypassUACv
_Z10aCharToIntPc
_Z10aGetOsArchv
_Z10aIntToChari
_Z10bBasicTH_1Pv@4
_Z10bBasicTH_2Pv@4
_Z10bBasicTH_3Pv@4
_Z11aAutoRunSetPc
_Z11aCheckAdminv
_Z11aCreateFilePc
_Z11aFileExistsPKc
_Z11aGetTempDirv
_Z11aProcessDllPcS_S_S_
_Z11aProcessExePcS_S_S_S_S_
_Z11aRunAsAdminPc
_Z12aGetHostNamev
_Z12aGetSelfPathv
_Z12aGetUserNamev
_Z12aProcessTaskPcS_S_
_Z12aResolveHostPc
_Z12aWinSockPostPcS_S_
_Z13aDropToSystemPc
_Z13aGetProcessILv
_Z14aCreateProcessPc
_Z14aGetProgramDirv
_Z15aUrlMonDownloadPcS_
_Z16aDirectoryExistsPc
_Z16aExtractFileNamePc
_Z16aGetHomeDriveDirv
_Z16aProcessDllLocalPcS_S_S_S_S_
_Z16aProcessExeLocalPcS_S_S_S_S_
_Z19aGetSelfDestinationi
_Z5aCopyPcii
_Z5aParsPcS_S_S_
_Z6aBasicPcS_i
_Z6aGetIdv
_Z6aGetOsv
_Z6aMkDirPc
_Z6cBasici
_Z7aPathAVPc
_Z7aRaportPcS_S_S_
_Z8aCheckAVv
_Z8aDecryptPc
_Z8aPosLastPcS_
_Z8bBasic_1v
_Z8bBasic_2v
_Z8bBasic_3v
_Z9aCopyFilePcS_
_Z9aFileSizePc
_Z9aFillCharPc
_Z9aFreeFilePc
_Z9aPosFirstPcS_
_Z9aRunDll32PcS_
aAutoRunCmd
aDomain_1
aDomain_2
aDomain_3
aDropDir
aDropName
aElevateFile
aGetProgDir
aOS_AR0
aOS_AR1
aParam0
aParam1
aParam2
aParam3
aParam4
aParam5
aParam6
aParam7
aParam8
aParam9
aPost0
aPost1
aPost2
aPost3
aPost4
aPost5
aPost6
aRunAs
aRunDll_0
aScript_1
aScript_2
aScript_3
aShell
aTimeOut
aURLMon_0
aURLMon_1
aZoneIdent
main_d_1
main_d_2
main_d_3
main_m_1
main_m_2
main_m_3
main_s_1
main_s_2
main_s_3
GetUserNameA
AddAtomA
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetComputerNameA
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetVersionExA
GetVolumeInformationA
LoadLibraryA
SetUnhandledExceptionFilter
WaitForSingleObject
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
fwrite
malloc
memcpy
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteExA
GetSystemMetrics
WSACleanup
WSAStartup
closesocket
connect
gethostbyname
inet_addr
inet_ntoa
socket
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
USER32.dll
WSOCK32.DLL
1&131F1P1Y1_1q1{1
2/2O2c2s2
8#8G8q8~8
989j9}9
9 :0:<:L:V:e:z:
< <,<t<
<Q=X=o=v=
?.?:?\?h?
	0%0.0
1,1K1j1
2$2C2m2
4,4I4V4l4y4
8-8K8i8
<(=Q=|=
7&7E7Z7
9(9e9q9x9
:5:Q:]:i:u:
;&;2;B;O;o;
=.>B?R?b?r?
070T0_0x0
1*1B1q1
2/2E2[2j2r2z2
3*3/3Z3e3p3{3
5"525B5R5b5r5
6"626B6R6b6r6
7"727B7R7b7r7
8"828T8
crt1.c
_atexit
__onexitp
crtstuff.c
.rdata
.idata$7
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5(
.idata$4
.idata$6
.idata$7
.idata$54
.idata$4
.idata$6 
.idata$7
.idata$5@
.idata$4
.idata$6<
.idata$7
.idata$5,
.idata$4
.idata$6
.idata$7
.idata$50
.idata$4
.idata$6
.idata$7
.idata$5$
.idata$4
.idata$6
.idata$7
.idata$5<
.idata$4
.idata$64
.idata$7
.idata$58
.idata$4
.idata$6,
.idata$7
.idata$5 
.idata$4
.idata$6
.idata$7
.idata$5
.idata$4
.idata$6
fthunk
.idata$2x
.idata$5
.idata$4
.idata$4
.idata$5D
.idata$7
CRTglob.c
CRTfmode.c
txtmode.c
pseudo-reloc.c
CRT_fp10.c
_fpreset 0
gccmain.c
___main
.rdata
.idata$7
.idata$5x
.idata$4$
.idata$68
.idata$7
.idata$5t
.idata$4 
.idata$60
fthunk
.idata$2(
.idata$5p
.idata$4
.idata$4(
.idata$5|
.idata$7
.idata$7
.idata$5
.idata$4D
.idata$6
.idata$7
.idata$5
.idata$4<
.idata$6t
.idata$7
.idata$5
.idata$4T
.idata$6
.idata$7
.idata$5
.idata$4H
.idata$6
.idata$7
.idata$5
.idata$4@
.idata$6
.idata$7
.idata$5
.idata$44
.idata$6T
.idata$7D
.idata$5
.idata$4
.idata$6P
.idata$7
.idata$5
.idata$48
.idata$6d
.idata$7
.idata$5
.idata$4L
.idata$6
.idata$7
.idata$5
.idata$40
.idata$6D
.idata$7
.idata$5
.idata$4\
.idata$6
.idata$7P
.idata$5
.idata$4
.idata$6t
.idata$78
.idata$5
.idata$4
.idata$6,
.idata$7
.idata$5
.idata$4`
.idata$6
.idata$70
.idata$5
.idata$4x
.idata$6
.idata$7(
.idata$5
.idata$4p
.idata$6
.idata$7H
.idata$5
.idata$4
.idata$6\
.idata$7
.idata$5
.idata$4X
.idata$6
.idata$7L
.idata$5
.idata$4
.idata$6h
.idata$7X
.idata$5
.idata$4
.idata$6
.idata$7T
.idata$5
.idata$4
.idata$6
.idata$7<
.idata$5
.idata$4
.idata$68
.idata$7@
.idata$5
.idata$4
.idata$6D
.idata$7 
.idata$5
.idata$4h
.idata$6
.idata$7,
.idata$5
.idata$4t
.idata$6
.idata$74
.idata$5
.idata$4|
.idata$6 
.idata$7
.idata$5
.idata$4P
.idata$6
.idata$7
.idata$5
.idata$4d
.idata$6
.idata$7$
.idata$5
.idata$4l
.idata$6
fthunk
.idata$2<
.idata$5
.idata$4,
.idata$4
.idata$5
.idata$7\
.idata$7x
.idata$5
.idata$4
.idata$6
fthunk
.idata$2d
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7|
.idata$7
.idata$5\
.idata$4
.idata$6
.idata$7t
.idata$5
.idata$4
.idata$6
.idata$7h
.idata$5
.idata$4
.idata$6
.idata$7
.idata$54
.idata$4
.idata$6$
.idata$7`
.idata$5
.idata$4
.idata$6d
.idata$7
.idata$50
.idata$4
.idata$6
.idata$7d
.idata$5
.idata$4
.idata$6t
.idata$7
.idata$58
.idata$4
.idata$64
.idata$7
.idata$5L
.idata$4
.idata$6
.idata$7
.idata$5D
.idata$4
.idata$6t
.idata$7
.idata$5h
.idata$4
.idata$6$
.idata$7
.idata$5T
.idata$4
.idata$6
.idata$7
.idata$5X
.idata$4
.idata$6
.idata$7
.idata$5@
.idata$4
.idata$6`
.idata$7|
.idata$5$
.idata$4
.idata$6
.idata$7
.idata$5P
.idata$4
.idata$6
.idata$7
.idata$5<
.idata$4
.idata$6L
.idata$7
.idata$5H
.idata$4
.idata$6
.idata$7l
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5d
.idata$4
.idata$6
.idata$7
.idata$5,
.idata$4
.idata$6
.idata$7
.idata$5`
.idata$4
.idata$6
.idata$7p
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5(
.idata$4
.idata$6
.idata$7x
.idata$5 
.idata$4
.idata$6
.idata$7\
.idata$5
.idata$4
.idata$6X
fthunk
.idata$2
.idata$5
.idata$4
.idata$4
.idata$5l
.idata$7
.idata$7H
.idata$5
.idata$4
.idata$6H
fthunk
.idata$2
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7L
.idata$7h
.idata$5
.idata$4
.idata$6
fthunk
.idata$2P
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7l
crtstuff.c
.ctors
__cexit
_strcat
_aAV03
_strcmp
_aAV11
_aAV06
_aAV09
_recv@16
_aPost4
_aPost3
_aParam8
_aAV07
_aAV00
_strncat
_strlwr
_aParam1
_aParam6
_aOS_AR1 
_aShell
_aParam9
__dll__
_fwrite
_memcpy
_aCMD0
_memset
__argc
_aAV01
_fflush
_aPost1
_send@16
_fprintf`6
__alloca04
_aParam4
__argv
_fread
_aParam7
_fopen
_aPost2
__fmode
_aParam2
_aVers
_aParam5
__end__
_signal
_aPost5
_malloc
_aPost0
_fclose
_strcpy
_aAV10
_aAV04
_aRunAs
_aAV05
_abort
_aPost6
_aParam0
_htons@4
_aAV02
_aAV08
_strlen
_aParam3
_aOS_AR0
_memmove
_aCMD1
_Sleep@4
__gnu_exception_handler@4
___mingw_CRTStartup
_mainCRTStartup
_WinMainCRTStartup
___do_sjlj_init
__Z9aFillCharPc
_ZZ5aCopyPciiE11mCopyResult
__Z5aCopyPcii
__Z8aPosLastPcS_
__Z9aPosFirstPcS_
__Z9aFileSizePc
__Z11aFileExistsPKc
__Z16aDirectoryExistsPc
__Z6aMkDirPc
_ZZ12aGetSelfPathvE15aGetSelfPathRes
__Z12aGetSelfPathv
_ZZ11aGetTempDirvE10TempDirRes
__Z11aGetTempDirv
_ZZ16aGetHomeDriveDirvE16aHomeDriveDirRes
__Z16aGetHomeDriveDirv
__Z11aCreateFilePc
_ZZ10aIntToChariE11IntToStrRes
__Z10aIntToChari
__Z10aCharToIntPc
_ZZ6aGetIdvE9aGetIdRes
__Z6aGetIdv
_ZZ16aExtractFileNamePcE19aExtractFileNameBuf
__Z16aExtractFileNamePc
_ZZ8aDecryptPcE14aDecryptResult
_ZZ8aDecryptPcE4aKey
_ZZ8aDecryptPcE7aSource
__Z8aDecryptPc
_ZZ14aGetProgramDirvE11UsersDirRes
_ZZ14aGetProgramDirvE3tmp
__Z14aGetProgramDirv
_ZZ19aGetSelfDestinationiE22aGetSelfDestinationRes
__Z19aGetSelfDestinationi
_ZZ9aFreeFilePcE8FilePath
__Z9aFreeFilePc
__Z11aCheckAdminv
_ZZ10aGetOsArchvE2OS
_ZZ10aGetOsArchvE2O1
_ZZ10aGetOsArchvE2O2
__Z10aGetOsArchv
_ZZ6aGetOsvE2OS
_ZZ6aGetOsvE2O1
_ZZ6aGetOsvE2O2
__Z6aGetOsv
__Z7aPathAVPc
__Z8aCheckAVv
__Z15aUrlMonDownloadPcS_
__Z14aCreateProcessPc
__Z11aRunAsAdminPc
_ZZ12aGetHostNamevE7InfoBuf
__Z12aGetHostNamev
_ZZ12aGetUserNamevE7InfoBuf
__Z12aGetUserNamev
__Z9aCopyFilePcS_
_ZZ12aResolveHostPcE15aResolveHostRes
__Z12aResolveHostPc
_ZZ12aWinSockPostPcS_S_E3res
__Z12aWinSockPostPcS_S_
__Z7aRaportPcS_S_S_
__Z9aRunDll32PcS_
__Z16aProcessExeLocalPcS_S_S_S_S_
__Z11aProcessExePcS_S_S_S_S_
__Z16aProcessDllLocalPcS_S_S_S_S_
__Z11aProcessDllPcS_S_S_
__Z12aProcessTaskPcS_S_
__Z5aParsPcS_S_S_
__Z6aBasicPcS_i
__Z8bBasic_1v
__Z8bBasic_2v
__Z8bBasic_3v
__Z10bBasicTH_1Pv@4
__Z10bBasicTH_2Pv@4
__Z10bBasicTH_3Pv@4
__Z6cBasici
__Z13aDropToSystemPc
__Z11aAutoRunSetPc
__Z13aGetProcessILv
__Z10aBypassUACv
__pei386_runtime_relocator
__fpreset
_initialized
___do_global_dtors
___do_global_ctors
pseudo-reloc-list.c
_w32_atom_suffix
___w32_sharedptr_default_unexpected
___w32_sharedptr_get
dw2_object_mutex.0
dw2_once.1
sjl_fc_key.2
sjl_once.3
___w32_sharedptr_initialize
___eprintf
___sjlj_init_ctor
__imp__strncat
_aZoneIdent
__imp__strlwr
_GetSystemInfo@4
___RUNTIME_PSEUDO_RELOC_LIST__
__imp___setmode
__imp__CloseHandle@4
__data_start__
_FreeLibrary@4
___DTOR_LIST__
__imp__recv@16
__imp___onexit
___p__fmode
__imp__GetVersionExA@4
_SetUnhandledExceptionFilter@4
___w32_sharedptr_terminate
__imp__ShellExecuteExA@4
_GetModuleFileNameA@12
___tls_start__
__imp__CreateFileA@28
__libmsvcrt_a_iname
_main_m_1
_aRunDll_0
__imp__FindAtomA@4
__imp__abort
__size_of_stack_commit__
_ShellExecuteExA@4
__size_of_stack_reserve__
__major_subsystem_version__
___crt_xl_start__
_AddAtomA@4
_GetSystemDirectoryA@8
_CreateProcessA@40
___crt_xi_start__
___chkstk
___crt_xi_end__
_GetUserNameA@8
__imp____p__environ
__head_libuser32_a
__imp__CreateProcessA@40
__imp___iob
__imp__WriteFile@20
_GetModuleHandleA@4
__libmoldname_a_iname
__libadvapi32_a_iname
__bss_start__
___RUNTIME_PSEUDO_RELOC_LIST_END__
_aDomain_2
__imp__GetSystemMetrics@4
_aDropDir
_CreateThread@24
__size_of_heap_commit__
_main_d_3
_main_s_1
___p__environ
__imp__GetProcAddress@8
_GetProcAddress@8
___crt_xp_start__
___crt_xp_end__
__imp__signal
__minor_os_version__
_GetComputerNameA@8
__imp__atexit
__head_libmsvcrt_a
__image_base__
__head_libshell32_a
_GetVersionExA@4
__imp__exit
__section_alignment__
_socket@12
_LoadLibraryA@4
__imp__memmove
_aScript_2
__imp__FreeLibrary@4
__imp__CreateThread@24
__head_libmoldname_a
__RUNTIME_PSEUDO_RELOC_LIST__
__imp__htons@4
__imp____p__fmode
__imp__GetFileAttributesA@4
_main_s_2
_ExitProcess@4
__imp__inet_ntoa@4
_gethostbyname@4
__data_end__
_aDomain_1
___getmainargs
_main_m_2
___w32_sharedptr
__CTOR_LIST__
___set_app_type
__bss_end__
__CRT_fmode
__head_libwsock32_a
__imp__WaitForSingleObject@8
___crt_xc_end__
_main_d_2
_CreateDirectoryA@8
___crt_xc_start__
__imp__socket@12
_main_s_3
__imp__closesocket@4
___CTOR_LIST__
__imp__GetSystemInfo@4
_GetFileAttributesA@4
_CreateFileA@28
__head_libadvapi32_a
_inet_ntoa@4
__imp__GetAtomNameA@12
_GetSystemMetrics@4
_WSAStartup@8
__imp__fread
_WaitForSingleObject@8
__imp__memcpy
__imp__GetFileSize@8
_aDomain_3
__imp__strcmp
__imp__inet_addr@4
__file_alignment__
__imp__malloc
__imp__atoi
_aElevateFile
__major_os_version__
_CloseHandle@4
__imp__GetSystemDirectoryA@8
__imp__gethostbyname@4
__imp__GetModuleHandleA@4
__imp__itoa
__DTOR_LIST__
__imp__fprintf
__imp__memset
__imp__fclose
_aScript_3
__size_of_heap_reserve__
_GetVolumeInformationA@32
___crt_xt_start__
__subsystem__
__imp__strlen
__imp__GetVolumeInformationA@32
__imp__fflush
__imp__strcpy
_aURLMon_1
_aGetProgDir
___w32_sharedptr_unexpected
_GetTempPathA@8
_aScript_1
__imp__fopen
__imp____getmainargs
___tls_end__
__imp__GetUserNameA@8
__imp__ExitProcess@4
__imp__WSACleanup@0
__imp__send@16
__imp__free
__imp__SetUnhandledExceptionFilter@4
__imp__CreateDirectoryA@8
__major_image_version__
_WriteFile@20
__loader_flags__
__libuser32_a_iname
__CRT_glob
__setmode
__imp__AddAtomA@4
_inet_addr@4
__head_libkernel32_a
__imp___cexit
__minor_subsystem_version__
__minor_image_version__
__imp__Sleep@4
_closesocket@4
__imp____set_app_type
__imp__GetComputerNameA@8
_aDropName
_FindAtomA@4
__imp__WSAStartup@8
__imp__LoadLibraryA@4
_GetFileSize@8
_aTimeOut
_WSACleanup@0
__libshell32_a_iname
_GetAtomNameA@12
__RUNTIME_PSEUDO_RELOC_LIST_END__
__libkernel32_a_iname
__imp__GetModuleFileNameA@12
_connect@12
_main_d_1
__libwsock32_a_iname
__imp__connect@12
_main_m_3
___crt_xt_end__
_aURLMon_0
__imp__GetTempPathA@8
__imp__strcat
_aAutoRunCmd
__imp__fwrite