Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d5d09f257f4752e885140de25594d53b --

Hashes
MD5: d5d09f257f4752e885140de25594d53b
SHA1: 94d74795ccdb1a7e81f12037a748d806da70b1b4
SHA256: 8450d4fb93d45757950c2a65245c877b0116c6f696b0fbfd93814326edbe914e
SSDEEP: 768:zB2wuRjtuW5aYMt+XGYYI+ccPvFhBtqmRwptVVUvvewUTJy5dxbZos:4jg/3y+cKFvwp5MefJ03bZo
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/ThreadControl__Context | YRP/anti_dbg | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/suspicious_packer_section |
Source
http://94.130.104.170/3//unpacked_.safe
http://94.130.104.170/3/unpacked_.safe
Strings
		!This program cannot be run in DOS mode.
.idata
.rdata
@.rsrc
@.mackt
XQRQh 
ComSpec
 >> NUL
/c del 
Software\Microsoft\Windows\CurrentVersion\Run
\System32\svchost.exe
SystemRoot
reader_s
reader_s.exe
\reader_s.exe
USERPROFILE
\System32\reader_s.exe
f:\programs\revolution6\preloader\objfre_wxp_x86\i386\PreLoader.pdb
:CmdLu
pYSirE
rcGSaoD
  e DeE
`*s tN
SiG1eaY
OstDk!HEk!WSn6\Px:CNc<Tsy
XseDk!HEk!WSn6\Px:CNc<Tsy
*sdTe5SEk!Wcg
rW^/foD
iCY/weX
ue^%noY
wPk4\eE
k2F@elN
	y#(Sy7R
l\DEodE
loX/er@
u	:# P
#"PP6c
j@sRj@s
j@sQj@w
0Bs@E*
"!UP>c
"!UP*c
|MU&pQ
hzzQ	8#
zzP;+HT
U.HQ3\w
	h@gQ	8#
2"HPVc
fzzPKnq
RzzP,8
	8# Qg
Mh_yx	z#
j@sQ?Bs
~ffzzSS7
zzR	z#
Ra^%eE_
ksxe+!
S2ee+!
nD*2AIk#Vd
Fsle(;
CrO#tsI
kstl*01HY
O2le+4
ksee+4
kshe(!
Nsae) -r~
^sxr)$
reY>syE
RsEe(!
rN#asI
ksye+4
D2ou("
roO0ceD
oa^%nbC
O2le+4
R2Ee+4hsf
Xsor*0\eK
ksxa)$~o^5iny
ChO'tdO
ur^#nsI
eiD5or^
tNo!K2f@ElN
2u@2lN
Dsec.,
28Fn6C
HeapAlloc
GetProcessHeap
ExitProcess
CreateProcessA
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
lstrlenA
lstrcpyA
GetCommandLineA
CloseHandle
WriteFile
CreateFileA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
ReadFile
GetFileSize
GlobalAlloc
CreateThread
lstrcmpiA
GetModuleFileNameA
GetSystemDefaultUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RegSetValueExA
RegOpenKeyExA
RegCloseKey
PathFindFileNameA
`.data
.reloc
ds '?X
ASa^%eE_
nD*2AIk#Vd
Fsle(A
tl*01HY
e7<eiO5'
Nsae) -r~
D2ou("k?eoX
tHs'r{xk
~o^5iny
7OdiZoiD5{Klo
ndcdeRk(
No!K2f@E_S*
/22u@2
28Fn6C
HeapAlloo
cGetPr
A,Envi
oXariable
lstrc*"6
mandLin$C
0"GH$[
Op`Kel.
`.data<D
XPTPSW
KERNEL32.DLL
ADVAPI32.dll
SHLWAPI.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
PathFindFileNameA
XQRQh 
jnm>	i
<nA|saG
ilmw	i
zXt+0zX
iUC"-h
iPC"(h
iXC"	h
=6>+9l	
'WHj%H
EY!nyINH
~00}[6
#Wr=bKXq
	b?NUB
znr~oz
6vP-#1
"VW(fT
Ac3OX~Jz
,'(JNQL>
,_=Q6]1}(
Kbd;^3
iaRZ}<
KERNEL32.DLL
ADVAPI32.dll
COMDLG32.dll
WaitForSingleObject
GetLastError
WritePrivateProfileStringA
CloseHandle
FreeLibrary
TerminateThread
TlsFree
SleepEx
VirtualAlloc
WriteProfileSectionW
WriteConsoleW
lstrcatA
ExitProcess
CreateFileA
ContinueDebugEvent
WritePrivateProfileSectionA
WaitForSingleObjectEx
GetCurrentThreadId
WriteConsoleInputA
SetLastError
CreateFileW
AccessCheckByTypeAndAuditAlarmA
NotifyBootConfigStatus
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AddAccessAllowedAce
ChooseFontA
ChooseColorA
UNIQSTRING987654
advapi32.dll
RegSetValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
HeapAlloc
GetProcessHeap
ExitProcess
CreateProcessA
GetEnvironmentVariableA
lstrcat
GetShortPathNameA
lstrlen
lstrcpy
GetCommandLineA
CloseHandle
WriteFile
CreateFileA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
ReadFile
GetFileSize
GlobalAlloc
CreateThread
lstrcmpi
GetModuleFileNameA
GetSystemDefaultUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
shlwapi.dll
PathFindFileNameA