Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: eca32d9e3d5fd89dc690e8590a0198e7 --

Hashes
MD5: eca32d9e3d5fd89dc690e8590a0198e7
SHA1: ef3eeb70323923aa70250c3d4e2d862c6cac721e
SHA256: 6ffe96f3abec30fb4a73271ed0aa96d9c994cce3ca8529ab7543eeec1102d2e1
SSDEEP: 3072:8KuT2ShlX/1SvgDJ6gwBq1Dn1xEWrXS8gg:8Ku/ho6JvwA1DnDNSX
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/DebuggerCheck__RemoteAPI | YRP/Check_Debugger | YRP/anti_dbg | YRP/screenshot | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/suspicious_packer_section |
Source
http://derleyicihatasi.com/gecmis/or116/
http://corehealingmassage.com/wp-admin/ufbyw973/
http://ds-cocoa.com/css/ptk903/
http://nhaxinhvina.xyz/36e/nnrm97524/
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
/$X-FS
!SKdf[
8i9Oi;
o\O7j|
//qWRM
 <}*F:o
/-C?@M)
ywhHCq
~qT"HX
nfdl@/
	DR\M7v6*
cN,'#T
EE*;x`
$EPXy^
FE)G9p
w<;G?s0
pOmW|Q6
OG%-`P
ayz	Vu7
zhYD|\
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
kernel32
VirtualAllocEx
cFoCOkLxG 
hdrh=1
mnh=22
n1awjExX
`eP>ent<~
`st+`enX
xeFp`e
C}aseQkndmg
gcrtLklFKge
IetMgmpIkth
w prcgrae cQfno<,be
BS Ucde6
@VMat!	
tS6.tgKf
t.U	?P
.=VV `u
\7j0WE
E|(9AB
<z~$<Ar
C`PjhIG
m@	A0IE
If^V_A
Mx	A@	wX
[:;1\";
%_#A0=
CE*$?J
wt38.J
D}+#Ap.
90qu${7 
|@f3s"h
<A$l:Z
6TW(#(A
{!%xWc
[u8"XtS$S
=Q$w%C]
O$wyBS
|F$wi*G
3PYz*H
lI|m\O1
jh{Ir\{
yTo<3Nq(kD1+fQ1
rQqErHs
[Js5rDsLl
y<{D~-3Cr#r
1@kpy@o
j@ntk>1pq@n
hEnuwCmu]E|
1RzY2Mt4i
\QtUlDn
i,lKx-2Kx
kM1tuHyu+Hy
+?|rtE1cxBu]+>
K14nTn
,Hm3nQ1
nNxX-Uu
p}82*De<
msx3pHr7Goh7
dD1xlQq
oJmu}Yx
p@nOtY6Eh4j
kDy5vH~R6?t-6Ts!y>v
vTs}+DkluUn
c@o~tUn
sDnuiOr
K1"|O1
wNi5xUnU
{5rR1.lHy=|
opsErt-?h
t}t?h~-StljDoumU|
tM12qTo2{
u6dNm6d
zMq5mMt
|lz8q'y
<"0C=N0
;D5u;a
1':32p:
>S3'?B3M?83d?
2K9,2M
:N1Y<^5
0b8%2E8
/E;61g;
5I>'4'?
?W43?pi
==7~=N7
_K$r"W
_KDS"J
WMHi"R
"O4P"@
LoadLibraryA
GetProcAddress
GetModuleHandleA
CloseHandle
CreateSemaphoreA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetSystemWindowsDirectoryA
GetVersionExW
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
GetLocaleInfoW
GetConsoleAliasW
WriteProfileSectionA
lstrcpynA
GetStdHandle
CopyFileExA
GetUserDefaultUILanguage
DuplicateHandle
GetCurrentProcess
CreateThread
SetThreadPriority
TerminateThread
ResumeThread
GetSystemInfo
WaitForMultipleObjects
CreateFileW
FlushFileBuffers
GetFileType
GetLogicalDrives
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
DeviceIoControl
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryPerformanceCounter
GetCurrencyFormatW
GetTickCount
FindFirstFileExW
GetTimeFormatW
GetStartupInfoW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetModuleHandleExW
GetVolumeInformationW
lstrcmpW
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetACP
HeapFree
HeapAlloc
LCMapStringW
EnumSystemLocalesW
DecodePointer
HeapReAlloc
GetCPInfo
SetEnvironmentVariableA
WriteConsoleW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FindFirstFileExA
HeapSize
GetDateFormatW
GetThreadPriority
GetCurrentThread
ResetEvent
LoadLibraryW
GetSystemDirectoryW
CreateEventW
WaitForSingleObjectEx
SetEvent
GetConsoleWindow
OutputDebugStringW
FindNextChangeNotification
GetLocalTime
GetSystemTime
GetUserDefaultLCID
CompareStringW
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
ExpandEnvironmentStringsW
IsValidLocale
IsValidLanguageGroup
FormatMessageW
GetModuleHandleW
FindNextFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
LocalFree
GetCommandLineW
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
QueryPerformanceFrequency
DeleteFileW
lstrlenW
GetSystemWindowsDirectoryW
LocalAlloc
lstrcmpiW
OpenEventW
GetWindowsDirectoryW
GetStartupInfoA
lstrcatW
GetNumberFormatW
lstrcpyW
lstrlenA
lstrcmpA
GetLogicalDriveStringsW
FileTimeToLocalFileTime
GetSystemDirectoryA
CreateFileA
GetFileSize
MoveFileExA
LocalLock
LocalUnlock
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
HeapDestroy
HeapCreate
InterlockedExchange
VirtualQuery
GetStringTypeA
LCMapStringA
VirtualProtect
GetLocaleInfoA
KERNEL32.dll
GetDesktopWindow
GetClipboardOwner
GetThreadDesktop
GetCaretBlinkTime
DestroyWindow
GetKeyState
IsIconic
GetTopWindow
GetSysColor
GetListBoxInfo
IsWindowVisible
ExcludeUpdateRgn
DdeUninitialize
IsWindowEnabled
SetDlgItemTextW
IMPQueryIMEA
GetKeyboardLayoutNameW
LoadCursorW
ChangeClipboardChain
SetCursor
RegisterClipboardFormatA
ToUnicodeEx
MapVirtualKeyW
GetClipboardFormatNameA
PtInRect
CloseWindowStation
HideCaret
GetClipboardData
GetKeyboardLayoutNameA
CheckDlgButton
CheckRadioButton
GetDlgItemTextW
DialogBoxIndirectParamW
MenuItemFromPoint
CountClipboardFormats
MessageBeep
EnumDesktopsA
InvalidateRect
GetUpdateRect
DdeCreateStringHandleA
WindowFromDC
CreateMenu
ChildWindowFromPointEx
AppendMenuW
MessageBoxW
InsertMenuA
UpdateLayeredWindow
SendInput
FindWindowExW
CloseDesktop
SetClipboardData
ToUnicode
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
CreateCursor
CreateIconIndirect
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
ToAscii
GetKeyboardState
IsZoomed
PeekMessageW
SetCaretPos
ReleaseDC
DestroyIcon
DrawIconEx
GetIconInfo
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
SetClipboardViewer
LoadIconW
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
SetWindowRgn
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
PostMessageW
SendMessageW
SystemParametersInfoW
GetDoubleClickTime
GetCursorPos
GetClientRect
GetFocus
ShowWindow
IsWindow
LoadStringW
USER32.dll
GetTextAlign
GetDCPenColor
CloseMetaFile
CreateMetaFileA
FillPath
GetFontLanguageInfo
GetSystemPaletteUse
GetLayout
GdiConvertBrush
ExtCreatePen
PolyPatBlt
StrokeAndFillPath
EngLineTo
EnumFontFamiliesExA
GdiPlayJournal
CreateBrushIndirect
SelectBrushLocal
GetETM
AddFontResourceA
GdiEntry15
BeginPath
EngUnlockSurface
ChoosePixelFormat
XFORMOBJ_bApplyXform
EqualRgn
ResizePalette
PtVisible
PolylineTo
GdiEntry13
GdiEndDocEMF
PlgBlt
SetPixelV
GdiEntry5
GetDeviceCaps
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
SelectClipRgn
GetRegionData
CreateBitmap
ExtTextOutW
SetWorldTransform
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CreateDIBSection
SetTextAlign
SetTextColor
SetGraphicsMode
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetBitmapBits
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SetBkMode
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GdiFlush
GetMetaFileBitsEx
DeleteMetaFile
SetPaletteEntries
SetDIBColorTable
StretchDIBits
CreatePatternBrush
CreateHalftonePalette
IntersectClipRect
SetStretchBltMode
GetNearestPaletteIndex
GetNearestColor
GetTextColor
SaveDC
RestoreDC
GetDIBColorTable
SelectPalette
PatBlt
CreateDIBitmap
CreatePalette
RealizePalette
SetBkColor
StretchBlt
TextOutW
CreateSolidBrush
GetPaletteEntries
GDI32.dll
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
SystemFunction036
RegOpenKeyExW
ADVAPI32.dll
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
SHGetStockIconInfo
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHELL32.dll
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoUninitialize
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
OleUninitialize
OleInitialize
RevokeDragDrop
CoCreateInstance
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
CoInitialize
ole32.dll
StrChrA
SHLWAPI.dll
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
MSVCRT.dll
_onexit
__dllonexit
_controlfp
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME
ImmGetCompositionStringW
IMM32.dll
1?GG&zZ
[Version]
Signature=$CHICAGO$ 
AdvancedINF=2.5,"You need a new version of advpack.dll"
[Uninstall]
Cleanup=1
SmartReboot=N
RunPreSetupCommands=PreSetupCommandsSection
DelFiles=DelCmstp
DelReg=RemoveRunKey
[DestinationDirs]
DelCmstp=11
[DelCmstp]
cmstp.exe
[PreSetupCommandsSection]
[SourceDisksNames]
1 = , , 0 
[Strings]
UC"""@
	""&wfgv
"&wwwt
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
    version="5.1.0.0"
    processorArchitecture="x86"
    name="Microsoft.Windows.Net.cmstp"
    type="win32"
<description>Microsoft Connection Manager Profile Installer</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel
                level="asInvoker"
                uiAccess="false">
            </requestedExecutionLevel>
        </requestedPrivileges>
    </security>
</trustInfo>
</assembly>
XSNXKYNVJIFYSFTWRA0
190513112726Z
391231235959Z0
XSNXKYNVJIFYSFTWRA0
XSNXKYNVJIFYSFTWRA
XSNXKYNVJIFYSFTWRA
18991230000000Z0/
1S0Q0O0M
?_050!
XSNXKYNVJIFYSFTWRA
20190515052643Z
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
190502000000Z
300801235959Z0
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #10
https://sectigo.com/CPS0D
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.sectigo.com0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
190502000000Z
380118235959Z0}1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
rRj;B7|
[C]e=P
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA
190515052643Z0/
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority
j<QBv#wF?X