Sample details: dbaaa2699c639f652117e9176fd27fdf --

Hashes
MD5: dbaaa2699c639f652117e9176fd27fdf
SHA1: 3e4cd703deef2cfd1726095987766e2f062e9c57
SHA256: 654b53b4ef5b98b574f7478ad11192275178ca651d9e8496070651cd6f72656a
SSDEEP: 768:MZzU6bakrEdGiSJRZsncDBGoYuozHlzdx:MpUpkX5vZvNYuIzH
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/network_dns | YRP/win_files_operation | YRP/spyeye | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
1ee76e11929a07445c5abd744aa407db29a07445c5abd744aa407db
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
GetUserNameA
AddAtomA
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetComputerNameA
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetVersionExA
GetVolumeInformationA
LoadLibraryA
SetUnhandledExceptionFilter
WaitForSingleObject
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
fwrite
malloc
memcpy
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteExA
GetSystemMetrics
WSACleanup
WSAStartup
closesocket
connect
gethostbyname
inet_addr
inet_ntoa
socket
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
USER32.dll
WSOCK32.DLL
crt1.c
_atexit
__onexitp
crtstuff.c
Amadey.cpp
.rdata
.idata$7p
.idata$5
.idata$4
.idata$6
.idata$7|
.idata$5 
.idata$4
.idata$6
.idata$7
.idata$5,
.idata$4
.idata$6
.idata$7
.idata$58
.idata$4
.idata$6$
.idata$7
.idata$5$
.idata$4
.idata$6
.idata$7
.idata$5(
.idata$4
.idata$6
.idata$7x
.idata$5
.idata$4
.idata$6
.idata$7
.idata$54
.idata$4
.idata$6
.idata$7
.idata$50
.idata$4
.idata$6
.idata$7t
.idata$5
.idata$4
.idata$6
.idata$7l
.idata$5
.idata$4
.idata$6
fthunk
.idata$2x
.idata$5
.idata$4
.idata$4
.idata$5<
.idata$7
CRTglob.c
CRTfmode.c
txtmode.c
pseudo-reloc.c
CRT_fp10.c
_fpreset
gccmain.c
___main
.rdata
.idata$7
.idata$5p
.idata$4 
.idata$6 
.idata$7
.idata$5l
.idata$4
.idata$6
fthunk
.idata$2(
.idata$5h
.idata$4
.idata$4$
.idata$5t
.idata$7
.idata$7
.idata$5
.idata$4@
.idata$6|
.idata$7
.idata$5
.idata$48
.idata$6\
.idata$7
.idata$5
.idata$4P
.idata$6
.idata$7
.idata$5
.idata$4D
.idata$6
.idata$7
.idata$5
.idata$4<
.idata$6p
.idata$7
.idata$5
.idata$40
.idata$6<
.idata$7(
.idata$5
.idata$4
.idata$68
.idata$7
.idata$5
.idata$44
.idata$6L
.idata$7
.idata$5
.idata$4H
.idata$6
.idata$7
.idata$5|
.idata$4,
.idata$6,
.idata$7
.idata$5
.idata$4X
.idata$6
.idata$7
.idata$5
.idata$4\
.idata$6
.idata$7
.idata$5
.idata$4t
.idata$6
.idata$7
.idata$5
.idata$4l
.idata$6
.idata$7
.idata$5
.idata$4|
.idata$6
.idata$74
.idata$5
.idata$4
.idata$6\
.idata$7
.idata$5
.idata$4T
.idata$6
.idata$7,
.idata$5
.idata$4
.idata$6D
.idata$70
.idata$5
.idata$4
.idata$6P
.idata$7<
.idata$5
.idata$4
.idata$6t
.idata$7 
.idata$5
.idata$4
.idata$6 
.idata$78
.idata$5
.idata$4
.idata$6h
.idata$7$
.idata$5
.idata$4
.idata$6,
.idata$7
.idata$5
.idata$4d
.idata$6
.idata$7
.idata$5
.idata$4p
.idata$6
.idata$7
.idata$5
.idata$4x
.idata$6
.idata$7
.idata$5
.idata$4L
.idata$6
.idata$7
.idata$5
.idata$4`
.idata$6
.idata$7
.idata$5
.idata$4h
.idata$6
fthunk
.idata$2<
.idata$5x
.idata$4(
.idata$4
.idata$5
.idata$7@
.idata$7\
.idata$5
.idata$4
.idata$6
fthunk
.idata$2d
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7`
.idata$7
.idata$5T
.idata$4
.idata$6
.idata$7X
.idata$5
.idata$4
.idata$6
.idata$7P
.idata$5
.idata$4
.idata$6
.idata$7p
.idata$5,
.idata$4
.idata$6
.idata$7H
.idata$5
.idata$4
.idata$6\
.idata$7l
.idata$5(
.idata$4
.idata$6
.idata$7L
.idata$5
.idata$4
.idata$6l
.idata$7t
.idata$50
.idata$4
.idata$6
.idata$7
.idata$5D
.idata$4
.idata$6
.idata$7
.idata$5<
.idata$4
.idata$6\
.idata$7
.idata$5`
.idata$4
.idata$6
.idata$7
.idata$5L
.idata$4
.idata$6
.idata$7
.idata$5P
.idata$4
.idata$6
.idata$7|
.idata$58
.idata$4
.idata$6H
.idata$7`
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5H
.idata$4
.idata$6
.idata$7x
.idata$54
.idata$4
.idata$64
.idata$7
.idata$5@
.idata$4
.idata$6t
.idata$7T
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5\
.idata$4
.idata$6
.idata$7h
.idata$5$
.idata$4
.idata$6
.idata$7
.idata$5X
.idata$4
.idata$6
.idata$7d
.idata$5 
.idata$4
.idata$6
.idata$7\
.idata$5
.idata$4
.idata$6
.idata$7D
.idata$5
.idata$4
.idata$6P
fthunk
.idata$2
.idata$5
.idata$4
.idata$4
.idata$5d
.idata$7
.idata$70
.idata$5
.idata$4
.idata$6@
fthunk
.idata$2
.idata$5
.idata$4
.idata$4
.idata$5
.idata$74
.idata$7L
.idata$5
.idata$4
.idata$6
fthunk
.idata$2P
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7P
crtstuff.c
.ctors
__cexit
_strcat
_aAV03
_strcmp
_aAV11
_aAV06
_aAV09
_recv@16
_aPost4
_aPost3
_aParam8
_aAV07
_aAV00
_strncat
_strlwr
_aParam1
_aParam6
_aOS_AR1 
_aShell
__dll__
_fwrite
_memcpy
_aCMD0
_memset
__argc
_aAV01
_aScript
_fflush
_aPost1
_send@16
_fprintfP2
__alloca 0
_aParam4
__argv
_fread
_aParam7
_fopen
_aPost2
__fmode
_aParam2
_aVers
_aParam5
__end__
_signal
_aPost5
_malloc
_aPost0
_fclose
_strcpy
_aAV10
_aAV04
_aRunAs
_aAV05
_abort
_aPost6
_aParam0
_htons@4p+
_aAV02
_aAV08
_strlen
_aParam3
_aOS_AR0
_memmove
_aCMD1
_Sleep@4
_aDomain
__gnu_exception_handler@4
___mingw_CRTStartup
_mainCRTStartup
_WinMainCRTStartup
___do_sjlj_init
_ZZ8aDecryptPcE14aDecryptResult
__Z8aDecryptPc
__Z9aFillCharPc
_ZZ5aCopyPciiE11mCopyResult
__Z5aCopyPcii
__Z8aPosLastPcS_
__Z9aPosFirstPcS_
__Z9aFileSizePc
__Z11aFileExistsPKc
__Z16aDirectoryExistsPc
__Z6aMkDirPc
_ZZ12aGetSelfPathvE15aGetSelfPathRes
__Z12aGetSelfPathv
_ZZ11aGetTempDirvE10TempDirRes
__Z11aGetTempDirv
_ZZ14aGetProgramDirvE11UsersDirRes
_ZZ14aGetProgramDirvE3tmp
__Z14aGetProgramDirv
_ZZ16aGetHomeDriveDirvE16aHomeDriveDirRes
__Z16aGetHomeDriveDirv
_ZZ19aGetSelfDestinationiE22aGetSelfDestinationRes
__Z19aGetSelfDestinationi
_ZZ9aFreeFilePcE8FilePath
__Z9aFreeFilePc
__Z11aCreateFilePc
_ZZ10aIntToChariE11IntToStrRes
__Z10aIntToChari
__Z10aCharToIntPc
_ZZ6aGetIdvE9aGetIdRes
__Z6aGetIdv
_ZZ16aExtractFileNamePcE19aExtractFileNameBuf
__Z16aExtractFileNamePc
__Z11aCheckAdminv
_ZZ10aGetOsArchvE2OS
_ZZ10aGetOsArchvE2O1
_ZZ10aGetOsArchvE2O2
__Z10aGetOsArchv
_ZZ6aGetOsvE2OS
_ZZ6aGetOsvE2O1
_ZZ6aGetOsvE2O2
__Z6aGetOsv
__Z7aPathAVPc
__Z8aCheckAVv
_ZZ12aResolveHostPcE15aResolveHostRes
__Z12aResolveHostPc
_ZZ12aWinSockPostPcS_S_E3res
__Z12aWinSockPostPcS_S_
__Z15aUrlMonDownloadPcS_
__Z7aRaportPcS_
__Z14aCreateProcessPc
__Z11aRunAsAdminPc
__Z9aRunDll32PcS_
__Z16aProcessExeLocalPcS_S_S_
__Z11aProcessExePcS_S_S_
__Z16aProcessDllLocalPcS_S_S_
__Z11aProcessDllPcS_
__Z12aProcessTaskPc
__Z5aParsPcS_
_ZZ12aGetHostNamevE7InfoBuf
__Z12aGetHostNamev
_ZZ12aGetUserNamevE7InfoBuf
__Z12aGetUserNamev
__Z6aBasici
__Z9aCopyFilePcS_
__Z13aDropToSystemPc
__Z11aAutoRunSetPc
__Z13aGetProcessILv
__Z10aBypassUACv
__pei386_runtime_relocator
__fpreset
_initialized
___do_global_dtors
___do_global_ctors
pseudo-reloc-list.c
_w32_atom_suffix
___w32_sharedptr_default_unexpected
___w32_sharedptr_get
dw2_object_mutex.0
dw2_once.1
sjl_fc_key.2
sjl_once.3
___w32_sharedptr_initialize
___eprintf
___sjlj_init_ctor
__imp__strncat
_aZoneIdent
__imp__strlwr
_GetSystemInfo@4
___RUNTIME_PSEUDO_RELOC_LIST__
__imp___setmode
__imp__CloseHandle@4
__data_start__
_FreeLibrary@4
___DTOR_LIST__
__imp__recv@16
__imp___onexit
___p__fmode
__imp__GetVersionExA@4
_SetUnhandledExceptionFilter@4
___w32_sharedptr_terminate
__imp__ShellExecuteExA@4
_GetModuleFileNameA@12
___tls_start__
__imp__CreateFileA@28
__libmsvcrt_a_iname
_aRunDll_0
__imp__FindAtomA@4
__imp__abort
__size_of_stack_commit__
_ShellExecuteExA@4
__size_of_stack_reserve__
__major_subsystem_version__
___crt_xl_start__
_AddAtomA@4
_GetSystemDirectoryA@8
_CreateProcessA@40
___crt_xi_start__
___chkstk
___crt_xi_end__
_GetUserNameA@8
__imp____p__environ
__head_libuser32_a
__imp__CreateProcessA@40
__imp___iob
__imp__WriteFile@20
_GetModuleHandleA@4
__libmoldname_a_iname
__libadvapi32_a_iname
__bss_start__
___RUNTIME_PSEUDO_RELOC_LIST_END__
__imp__GetSystemMetrics@4
_aDropDir
__size_of_heap_commit__
___p__environ
__imp__GetProcAddress@8
_GetProcAddress@8
___crt_xp_start__
___crt_xp_end__
__imp__signal
__minor_os_version__
_GetComputerNameA@8
__imp__atexit
__head_libmsvcrt_a
__image_base__
__head_libshell32_a
_GetVersionExA@4
__imp__exit
__section_alignment__
_socket@12
_LoadLibraryA@4
__imp__memmove
__imp__FreeLibrary@4
__head_libmoldname_a
__RUNTIME_PSEUDO_RELOC_LIST__
__imp__htons@4
__imp____p__fmode
__imp__GetFileAttributesA@4
_ExitProcess@4
__imp__inet_ntoa@4
_gethostbyname@4
__data_end__
___getmainargs
___w32_sharedptr
__CTOR_LIST__
___set_app_type
__bss_end__
__CRT_fmode
__head_libwsock32_a
__imp__WaitForSingleObject@8
___crt_xc_end__
_CreateDirectoryA@8
___crt_xc_start__
__imp__socket@12
__imp__closesocket@4
___CTOR_LIST__
__imp__GetSystemInfo@4
_GetFileAttributesA@4
_CreateFileA@28
__head_libadvapi32_a
_inet_ntoa@4
__imp__GetAtomNameA@12
_GetSystemMetrics@4
_WSAStartup@8
__imp__fread
_WaitForSingleObject@8
__imp__memcpy
__imp__GetFileSize@8
__imp__strcmp
__imp__inet_addr@4
__file_alignment__
__imp__malloc
__imp__atoi
_aElevateFile
__major_os_version__
_CloseHandle@4
__imp__GetSystemDirectoryA@8
__imp__gethostbyname@4
__imp__GetModuleHandleA@4
__imp__itoa
__DTOR_LIST__
__imp__fprintf
__imp__memset
__imp__fclose
__size_of_heap_reserve__
_GetVolumeInformationA@32
___crt_xt_start__
__subsystem__
__imp__strlen
__imp__GetVolumeInformationA@32
__imp__fflush
__imp__strcpy
_aURLMon_1
_aGetProgDir
___w32_sharedptr_unexpected
_GetTempPathA@8
__imp__fopen
__imp____getmainargs
___tls_end__
__imp__GetUserNameA@8
__imp__ExitProcess@4
__imp__WSACleanup@0
__imp__send@16
__imp__free
__imp__SetUnhandledExceptionFilter@4
__imp__CreateDirectoryA@8
__major_image_version__
_WriteFile@20
__loader_flags__
__libuser32_a_iname
__CRT_glob
__setmode
__imp__AddAtomA@4
_inet_addr@4
__head_libkernel32_a
__imp___cexit
__minor_subsystem_version__
__minor_image_version__
__imp__Sleep@4
_closesocket@4
__imp____set_app_type
__imp__GetComputerNameA@8
_aDropName
_FindAtomA@4
__imp__WSAStartup@8
__imp__LoadLibraryA@4
_GetFileSize@8
_aTimeOut
_WSACleanup@0
__libshell32_a_iname
_GetAtomNameA@12
__RUNTIME_PSEUDO_RELOC_LIST_END__
__libkernel32_a_iname
__imp__GetModuleFileNameA@12
_connect@12
__libwsock32_a_iname
__imp__connect@12
___crt_xt_end__
_aURLMon_0
__imp__GetTempPathA@8
__imp__strcat
_aAutoRunCmd
__imp__fwrite