Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: edbc72c778063a97f05024dafb27d83a --

Hashes
MD5: edbc72c778063a97f05024dafb27d83a
SHA1: 5c6ac96fd630263835b43b3c18c12c003f663e2a
SHA256: dbad2614e8fe8153549887073391a08e6a200d0af4138563fe8dc2850f854306
SSDEEP: 12288:hIGCosThzVSfgJnR/dM5gIsy3FTZ4hxJu3CUtF19eMUZVg:SVHThEfglR/i5gIsySUBUMU8
Details
File Type: PE32
Yara Hits
YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/keylogger | YRP/Big_Numbers0 |
Source
http://193.124.117.153/crypt/startup9.exe
http://193.124.117.153/crypt/startup9.exe
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
@.rsrc
QRSWVj
$X^_[ZY
PQRVV14$^j
Y@PXIu
PQRSVW
_^[ZYX
ZZYXHj
	q		Q	
	q		Q	
	c		Q	
	q		Q	
	s		Q	
	s		Q	
	p		Q	
	r		Q	
	b		Q	
	p		Q	
	r		Q	
s		Q		
q		Q		
	=		Q	
	8		Q	
3		!		
h		q		
		0			
:		y		
:		y		
\		Q		
q		Q		
	5		Q	
1		A		
4		1		
4		Q		
S		1		
H		q		
-		s		
/		3		
N		Q		
?		y		
		D		D		D		D		D		D		D		L		
		"		"		"		"		"		"		"		"		"		"		"		"		"		"		"		*		
		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		f		n		
		"		*		
		f		n		
		9		y					)
Hc{6i0
kernel32.dll
D{`fgs~S~~}q
}RY>mL
5K-;c6
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetProcessId
GetTickCount
GetVersion
LoadLibraryA
lstrcatA
lstrcmpA
lstrlenA
ResetEvent
SetLastError
VirtualProtect
kernel32.dll
GetActiveWindow
GetCaretBlinkTime
GetKeyboardType
ShowWindow
user32.dll
OleConvertOLESTREAMToIStorageEx
OleInitialize
OleUninitialize
ole32.dll
MSChapSrvChangePassword
advapi32.dll
EndDocPrinter
winspool.drv
77ODDD
77ODODD
ssDDD@
777770
??????
??????
0/`0//0`/0`/g
/g`/0`
0//0//
0//0/`0
0//g//g//
``0/`g/
g/`0/`
PPP`g/
0/`0/`g`
`0//0/
//g//g//g//g//0
g``0//0
/g/@@@/
0//g`/
//g`PPP
/g``g/`g
0//g`/
`g//g/pwp
0//g//
/g/`g`
`g//g`/g/`
`/g/@@@
0//0/PPP`g/`g``g/`0``g/
//0/`0/`0/`0/`0``g/`0`
wwwwwwwwwxw
wwwwwwwww(
XtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtN
tNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtN
tNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtN
RJRJJ)RJJ)RJJ)
tNtNtNtNtNtNtNtNtNtNtN
RJJ)RJRJJ)RJRJ
tNtNtNtNtNtNtNtNtNtNtN
J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)
tNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtNtN
J)J)_f_f_f_f_f_f_f
RJRJRJ
RJRJRJ
e_~_~_~_~_~_~
J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)
J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)J)
J)J)J)
J)J)J)J)J)J)RJRJRJJ)J)J)J)J)J)J)J)
J)J)J)J)
J)J)J)J)J)
RJJ)J)J)J)J)J)J)
J)J)J)tN
J)J)J)J)J)
RJJ)J)J)J)J)J)
J)tNtNtNJ)J)J)
RJJ)J)J)J)
tNtNtNtNtNJ)
RJJ)J)
33333333333333333333333333333333333333333333333333333331
33333333133333333331
33333333333333333333333333333333333333
@@@   
@@000PPP000
??0oo0oo0oo0oo
0oo0oo`
PPP```0oo000
oo0oo0oo`
0oo```
oo0oo0oo`
0oo```_
0oo0oo`
```````````````@@@@@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGX