Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: d94b690c31090e9c6c606378ce750582 --

Hashes
MD5: d94b690c31090e9c6c606378ce750582
SHA1: 15f97d408a184d7e2e835c26489ad293624ea291
SHA256: 407634463cb405392062e628146633abb39875f5d75d900f7644308e58c7995f
SSDEEP: 1536:wZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZI:/d5BJHMqqDL2/OvvdrgY
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Antivirus | YRP/VM_Generic_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/network_http | YRP/network_dga | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Crypt32_CryptBinaryToString_API | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/ReflectiveLoader |
Strings
		!This program cannot be run in DOS mode.
.rdata
.reloc
SVWj@h
<}tK<=tBF
<}t)F<=t
HthHuo
<}tcG<=t
D$(PQh
D$(PWh
D$(PWh
SVWj@h
SVWj@h
QSVWj@h
0SWj@h
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0 
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
55_jWW
[T:$6.
[.:$6g
j_FbT~
h4,8$@_
2\tHlWB
PQAeS~
~4[C)v
8$4,6-9'$6.:*?#1pHhX~AeSlZrNbS
EHl\tFeQ
T~FbZwKi
,8$4'6-9:$6.1*?#XpHhS~AeNlZrEbS
FeQbT~FiZwK
4,8$9'6-.:$6#1*?hXpHeS~ArNlZ
EbS\tHlQ
FeFbT~KiZw
$4,8-9'66.:$?#1*HhXpAeS~ZrNlS
Ebl\tHeQ
F~FbTwKiZ
pub_key
DELETE}
{DELETE}
Fatal error
Fatal error: rsaenh.dll is not initialized as well
advapi32.dll
CheckTokenMembership
Address:
fabian wosar <3
Can't find server
ntdll.dll
RtlComputeCrc32
%Xeuropol
*******************
malwarehunterteaGandCrabGandCrabpolitiaromana.bi
encryption.dll
_ReflectiveLoader@0
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
VirtualAlloc
GetModuleHandleA
lstrcpyA
GetEnvironmentVariableW
GetFileSize
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
WriteFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
GetTempPathW
CreateFileMappingW
lstrcatW
CloseHandle
CreateThread
VirtualFree
lstrcmpiW
lstrcmpiA
ReadFile
SetFilePointer
GetFileAttributesW
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
WaitForSingleObject
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateThread
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateProcessW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
KERNEL32.dll
DispatchMessageW
DefWindowProcW
UpdateWindow
SendMessageW
CreateWindowExW
ShowWindow
SetWindowLongW
LoadIconW
RegisterClassExW
TranslateMessage
wsprintfW
BeginPaint
LoadCursorW
GetMessageW
DestroyWindow
EndPaint
MessageBoxA
wsprintfA
GetForegroundWindow
USER32.dll
TextOutW
GDI32.dll
RegCloseKey
RegCreateKeyExW
RegSetValueExW
AllocateAndInitializeSid
FreeSid
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
WININET.dll
GetDeviceDriverBaseNameW
EnumDeviceDrivers
PSAPI.DLL
IsProcessorFeaturePresent
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
1#1-171A1i1s1}1
2:2D2N2X2b2l2v2
3)333=3G3^3h3r3|3
4/494C4M4W4g4q4{4
5(585B5L5V5~5
6'6O6Y6c6m6w6
6 7*747>7H7R7\7s7}7
8#8-8D8N8X8b8l8|8
9)939=9M9W9a9k9
:(:2:<:d:n:x:
;5;?;I;S;];g;q;
='=1=;=E=m=w=
>?>I>S>]>g>q>{>
?%?/?9?C?M?e?o?y?
070A0K0U0_0o0y0
1'111A1K1U1_1
2'212Y2c2m2w2
3+353?3I3S3]3g3
4%4/494Q4[4e4o4y4
5#5-575A5K5[5e5o5y5
6-676A6K6s6}6
7E7O7Y7c7m7w7
7N8k8{8
<0<7<I<Z<b<
>0>U>[>j>w>
1S2]2d2u2
7*858=8S8g8
;9;N;^;e;
<%<,<3<A<H<X<^<
=_>)?=?R?X?
0$0-070\0z0
22292C2J2T2a2{2
2#3Q3]3e3m3r3
4X4W5\5j5q5
7.8J8Q8X8p8v8
9'9/979?9G9O9W9_9g9o9w9
:#:.:4:N:g:m:
:-;>;I;S;k;~;
</<7<f<
=!=C=]=v=|=
>/>=>q>{>
3#3*3;3S3
4S4g4y4
5`5h5v5
536Y6}6
7 7&7;7G7M7Z7c7h7o7
;%;+;L;U;\;{;
< <'<a<k<
?%?4?:?D?K?V?g?n?
4 4L4p4
566J6g6m6
777@7]7b7h7
8(8<8Q8
8 9(9=9I9U9a9m9y9
<&<-<U<s<~<
=/=W=^=e=
=%>+>0>G>q>~>
?0?[?i?p?~?
0%080=0M0\0e0{0
1,1:1N1\1p1~1
2"2)272E2X2i2w2
3 363A3W3b3x3
3(4I4Y4h4q4
4!5&5B5J5
566V6a6
7;7@7O7g7
7&8`8r8w8
939;9Z9a9h9o9v9}9
:*:r:|:
;2;L;P;T;X;\;z;
<.<Q<w<
=/=B=v=N>
2Q3_3n3
696@6O6Y6_6
7d7k7{7
7-848D8Q8
9&9]9d9s9}9
94:;:N:X:^:C;k;y;%=C=\=c=k=p=t=x=
>R>X>\>`>d>
2*252d2
3(323K3U3b3l3D4
;MZuHf
>KERNt
=.CPLt5=.cplt.
=.EXEt
=.exet
uH=.SCRt
=.scru:R
7w33w9
7wwww9
'r""'r"'r$A'u3337w333w33w333333w3330
"wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww0
'wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww30
"'r""""""""&7s3333333333333333333339
'w"ww"
7w3ww3
'wwwr)
7wwws9
KERNEL32.dll
USER32.dll
ADVAPI32.dll
WINMM.dll
SHELL32.dll
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetComputerNameA
lstrcpyA
GetSystemTime
LoadLibraryA
WriteFile
GetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
WideCharToMultiByte
SetCursorPos
LoadIconA
ShellAboutA
mciSendStringA
RegOpenKeyExA
RegSetValueExA
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
System Info#+ Girigat.4517
(C) 1998-1999 Mister Sandman
Wallpaper
TileWallpaper
WallpaperStyle
Background
Control Panel\Desktop
Control Panel\Colors
c:\Girigat.bmp
set cdaudio door open
set cdaudio door closed
USERPC
VirtualAllocEx
CreateRemoteThread
user32
SetCursorPos
sfc_os
SfcIsFileProtected
shlwapi
PathAppendA
C:\Documents and Settings\User\Desktop\girigat\gand231b.exe
OVL.exe
{A92EA95D-8603-4C3D-A3F1-E561CCFDE269}\_E0CA5A06C047789A9384B4.exe
explorer.exe
gand231b.exe
VL.exe
B4.exe
00910~1.EXE
girigat
0_noOVL.til
a606d73a4ed879ba29d7105dcbb2f922c6debe5695f2
e2b16).cab
00910~1.TIL
x\;US$
`f!TPg