Sample details: d4aeb75e8ad8fd2569428d3b893ecca4 --

Hashes
MD5: d4aeb75e8ad8fd2569428d3b893ecca4
SHA1: 15747dbac890f3baa9f5fd0606982d724374a955
SHA256: 393ff8c8d99d3ce4f18d963c86543edd9eb1d72079d2634261e8fe8223ac854c
SSDEEP: 768:QVyAqcQ4gBdyj5O6Gn2F/AIssWSaUvsjgv0xMizb5+:7AqcQ40dmGnussWSaUvGLxMiJ
Details
File Type: PE32
Yara Hits
YRP/DirtJumper_drive | YRP/Str_Win32_Winsock2_Library | YRP/contentis_base64 | YRP/domain | YRP/Borland | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/borland_delphi | YRP/network_udp_sock | YRP/network_tcp_socket | YRP/network_dns | YRP/keylogger | YRP/win_registry | YRP/win_files_operation | YRP/Delphi_Random | YRP/Delphi_CompareCall | YRP/Delphi_Copy |
Source
http://51.15.192.56/ddos2.exe
http://51.15.192.56/ddos2.exe
Strings
		This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
String
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
Ht Ht.
~KxI[)
                                                                
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
TCommand0
QQQQQQSVW
; WOW64
Bangladesh
Russia
United Kingdom
Mongolia
Grenada
Thailand
Romania
Germany
France
Ukraine
United States
_^[YY]
QQQQQSVW
http://
Mozilla/5.0 (Windows NT 
.0) Gecko/20100101 Firefox/
Opera/9.80 (Windows NT 
; U; Edition 
 Local; ru) Presto/2.10.289 Version/
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 
; Trident/4.0; SLCC2; .NET CLR 2.0.
; .NET CLR 3.5.
; .NET CLR 3.0.
https://
http://
error1
error2
error3 (
 HTTP/1.1
Host: 
User-Agent: 
Accept: text/html
Connection: Keep-Alive
Referer: 
Content-Length: 
Content-Type: application/x-www-form-urlencoded
error4 (Send)
QQQQQSVW
kkm,|ampqcwo{p
"7xqrD
<qrcj=/oiqX
200 OK
-post1 
-post2 
-request 
login=[1000]&pass=[1000]&password=[50]&log=[50]&passwrd=[50]&user=[50]&username=[50]&vb_login_username=[50]&vb_login_md5password=[50]
-timeout 
-thread 
https://
http://
 HTTP/1.1
Host: 
User-Agent: 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Connection: Keep-Alive
Referer: http://
Content-Length: 
Content-Type: application/x-www-form-urlencoded
Referer: 
utsbqeY                       
pf[                           
gui,m`^                       
fhiutfh^6mz                   
3oyek^3                       
kkm,i0hpjbioupwdlbhY
10kf099j4w0kffg
Runtime error     at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
kernel32.dll
FreeLibrary
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
CreateThread
CloseHandle
wsock32.dll
WSAStartup
gethostbyname
socket
shutdown
setsockopt
sendto
inet_addr
connect
closesocket
kernel32.dll
GetModuleFileNameA
GetCommandLineA
FindFirstFileA
CopyFileA
kernel32.dll
CloseHandle
WaitForSingleObject
advapi32.dll
ChangeServiceConfig2A
CreateServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
QueryServiceStatus
StartServiceCtrlDispatcherA
StartServiceA
OpenServiceA
CloseServiceHandle
shell32.dll
SHGetSpecialFolderPathA
0&0.060>0F0N0V0^0f0n0v0~0
1"1*121:1B1J1S1t1|1
858;8I8\8f8l8z8
9"9,989C9T9Z9b9l9
< <S<Y<r<{<
=R>X>h>q>
0,020:0d0j0|0
1:1B1H1N1
1E2P2Y2_2o2x2
5.5C5P5p5
:I;T;e;n;
0=1M1c1
2.262L2d2r2
2/3\3e3
6$6X6`6k6
7R7V7\7`7e7l7r7z7
8)838;8A8O8j8
9#=J?S?
1%1.1:1A1
2&2=2N2[2b2f2l2p2v2}2
3"3*323:3b3
4/4;4H4Z4g4s4
5"5*525:5B5J5R5Z5b5j5r5
6"6*626:6
7"777C7Q7`7v7~7
=!=%=)=-=4=B=P=^=l=z=
0!0%0)0-010P0y0
7)7B7G7O7T7j7o7t7y7
<$=M=q=
1_2d2m2
4/4M4y4
506<6S6|6
728C8N8T8^8h8
90989>9O9c9o9
:5:M:e:}:
;?;];v;
<*<N<|<
>?>P>]>n>
> ?<?[?o?
&0@0b0
1$1b1s1
2?3V3t3
3)4[4v4
7 7%7*7/74797>7C7W7\7a7f7
8&8+808F8K8P8U8Z8_8d8i8n8
9>9V9q9
:':B>J>R>Z>b>j>r>z>
>$?@?Y?
0I0g0|0
1,151j1
1A2$32314[4f4p4z4
5 5$5(5,50585N5[5g5p5
6)666@6E6^6d6n6~6
004080
cdcdfd
RichEdit
System
SysInit
3Messages
KWindows
UTypes
WinSock