Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: e784b71a4e2b68fa0c6c8d3a2d152c7e --

Hashes
MD5: e784b71a4e2b68fa0c6c8d3a2d152c7e
SHA1: 502ef3db8057eb9185100c83eb029a3b607b3cd9
SHA256: fa1c3959482648505514523e240a9227169605c72d05517fbaf91d4ef5e5f0fd
SSDEEP: 384:yQAW1qC8q6sfzXLe8yxQI8h4LwDf+DO8eLxxlrqP:2C8qdLe8yxQI8h4Lw6DWlrqP
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Full/Objs/Release%20DEBUGCONFIG/Unhook.obj
Strings
		.drectve
.debug$S
B.rdata
0@.data
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`.text
P`   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\Full\Objs\Release DEBUGCONFIG\Unhook.obj
Microsoft (R) Optimizing Compiler
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
$SG64184
?ieframe_dll@@3PA_WA
?kernel32_dll@@3PA_WA
?user32_dll@@3PA_WA
?ws2_32_dll@@3PA_WA
?ntdll_dll@@3PA_WA
?wininet_dll@@3PA_WA
?nspr4_dll@@3PA_WA
?ssl3_dll@@3PA_WA
?opera_dll@@3PA_WA
?gdi_dll@@3PA_WA
?winspool_drv@@3PA_WA
?commdlg32_dll@@3PA_WA
?winmm_dll@@3PA_WA
?advapi32_dll@@3PA_WA
?odbc32_dll@@3PA_WA
?crypt32_dll@@3PA_WA
?UnhookFunc@@YGXPAXPA_WK@Z
?m_memcmp@@YAHPBX0I@Z
?m_memcpy@@YAPAXPAXPBXH@Z
?GetHash@STR@@YAKPADK_N@Z
?GetDllBase@@YAPAUHINSTANCE__@@K@Z
?GetHash@WSTR@@YAKQA_WK_N@Z
?CopyDllToTemp@@YAPA_WPA_W_N@Z
?MemFree@@YAXPAX@Z
?GetTempName@@YAPA_WXZ
?m_wcslen@@YGKPB_W@Z
?MemAlloc@@YAPAXK@Z
?RestoreFuncs@@YGXPA_WPAK_N@Z
?UnhookFunc2@@YGXPAXPA_WK@Z
?RestoreFuncs2@@YGXPA_WPAK_N@Z
?UnhookDlls@@YAXXZ
?UnhookIE@@YAXXZ
?UnhookFF@@YAXXZ
?UnhookUser32@@YAXXZ
?UnhookTranslateMessage@@YAXXZ
?UnhookCreateFileW@@YAXXZ
?UnhookKernel32Functions@@YAXPAK@Z
?UnhookIBancShowCreate@@YAXXZ
?UnhookShowWindow@@YAXXZ
?UnhookCookie@@YAXXZ
?UnhookOpera@@YAXK@Z
?UnhookJava@@YAXXZ
?UnhookGetMessagePos@@YAXXZ
?UnhookKeyLogger@@YAXXZ
?UnhookSber@@YAXXZ
?UnhookSetFocus@@YAXXZ
?UnhookCreateFile@@YAXXZ
?UnhookBeginEndPaint@@YAXXZ
??$pushargEx@$00$0JLNGIIIP@PAXPAXHHPAK@@YAPAXPAX0HHPAK@Z
?GetProcAddressEx@@YAPAXPADKK@Z
??$pushargEx@$00$0JLNGIIIP@PAXPAXHKPAK@@YAPAXPAX0HKPAK@Z
??$pushargEx@$00$0EJKBDHFM@PA_WH@@YAPAXPA_WH@Z
??$pushargEx@$00$0CMKBLFPA@PA_WPB_W@@YAPAXPA_WPB_W@Z
??$pushargEx@$00$0KEINGHHE@H@@YAPAXH@Z
??$pushargEx@$00$0HHEDJDPO@PAUHINSTANCE__@@PA_WH@@YAPAXPAUHINSTANCE__@@PA_WH@Z
??$pushargEx@$00$0CMKBLFPA@PA_WPA_W@@YAPAXPA_W0@Z
??$pushargEx@$00$0COOEPBBL@PA_WPA_WH@@YAPAXPA_W0H@Z
??$pushargEx@$00$0IPIPBAC@PA_WKHHHHH@@YAPAXPA_WKHHHHH@Z
??$pushargEx@$00$0OPAKCFKB@PAXHHHHH@@YAPAXPAXHHHHH@Z
??$pushargEx@$00$0FMNJEDA@PAXHHHH@@YAPAXPAXHHHH@Z
??$pushargEx@$00$0HHMNJFGH@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0HCDOLANF@PAX@@YAPAXPAX@Z
??$pushargEx@$00$0IBPAPAMJ@PA_W@@YAPAXPA_W@Z
??$pushargEx@$00$0MIKMIADA@PA_W@@YAPAXPA_W@Z