Analysis Date2017-11-13 00:29:38
MD5f8d5751be5a506a560ecd9bade2ac0be
SHA106eeda5021032d15d8ef7d91591b89ab005229ab

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: b4f63950344a4c9c3c0af56b9bd57cf6 sha1: 616a80e253d19bc44cd953fac8479024bd180698 size: 120832
Section.data md5: 54255dfcd7dd7ee6f35251e0604d3bb0 sha1: f352ba7d94cf292a7d4d20df6f4abab7eecf2edb size: 16384
Section.xcpad md5: sha1: size:
Section.idata md5: sha1: size:
Section.reloc md5: sha1: size:
Section.rsrc md5: sha1: size:
Timestamp
VersionLegalCopyright:
PackagerVersion:
InternalName:
FileVersion:
CompanyName:
Comments:
ProductName:
ProductVersion:
FileDescription:
Packager:
OriginalFilename:
Packer
PEhash
IMPhash461843ac95fbbcf9e400a53f57982e61
AV360 SafeNo Virus
AVAd-AwareGen:Variant.Mikey.31037
AVAlwil (avast)Agent-AUAI [Trj]
AVArcabit (arcavir)Gen:Variant.Mikey.31037
AVAuthentiumW32/Agent.NK.gen!Eldorado
AVAvira (antivir)TR/Nivdort.Gen2
AVBitDefenderGen:Variant.Mikey.31037
AVBullGuardGen:Variant.Mikey.31037
AVCA (E-Trust Ino)Gen:Variant.Mikey.31037
AVCAT (quickheal)Trojan.Scar.16686
AVClamAVNo Virus
AVDr. WebTrojan.DownLoader25.55167
AVEmsisoftGen:Variant.Mikey.31037
AVEset (nod32)Win32/Agent.VNC
AVF-SecureGen:Variant.Mikey.31037
AVFortinetW32/Agent.VNC!tr
AVFrisk (f-prot)W32/Agent.NK.gen!Eldorado
AVGrisoft (avg)Generic_r.DMA
AVIkarusTrojan.Agent_s
AVK7Trojan ( 004b9a441 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesError Scanning File
AVMcafeeGeneric-FAOV!F8D5751BE5A5
AVMicroWorld (escan)Gen:Variant.Mikey.31037
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort
AVNANOTrojan.Win32.MlwGen.djdfax
AVPadvishNo Virus
AVRisingNo Virus
AVSUPERAntiSpywareError Scanning File
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterTrojan.Agent.VNC.uuio.mg
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderTrojanSpy:Win32/Nivdort
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\06eeda5021032d15d8ef7d91591b89ab005229ab.exe

Network Details:


Raw Pcap

Strings
_^][
_^]3
SUV3
T$$RW
D$8SW
D$,PW
`Ai+
PWQf
RPPj
D$<D
\$ W3
L$0QW
D$8(
D$(f
L$T+
L$8Qj
L$ +
D$0(
|$ W
_][3
t$ ~S
t$ ;J
_^]3
|$ S
_^][
;_Dfi
Jg3l
-txB
SVW3
\$ f
g{`+
T$,=
m! u;
~M;~
_^][
-0^B
D$ ;
191f
)\$$
T$(f
_^][
D$(_^][
VWPS
\$0@
T$(j
j h|\B
hTMB
D$ Q
hH3B
-lMB
h|CB
l$<3
D$,f
D$HVf
\$$3
L$$P
_^][3
t$ 3
L$(Uf
QWRf
uJN;
_^][
_^][
hxGB
l$$+
D$0P
-0^B
D$0P
L$(Q
L$ VQ
\$D;
D$,SP
D$<W
D$DUf
PSQf
T$$R
D$4P
\$$W
T$(f
RQ@P
D$ R
L$ PQ
|$$VW
D$$_
t$$WV
t$(V
PAQV
T$$h
D$$V
=l_B
Az'f
t$(h
|$H3
#l$8#
_^][
^][Y
_^]3
|:WV
t$(V
t$$WV
t$(V
t$$f
D$$P
u_VWj4h
T$ 3
D0(S
D$0V
D0(SP
L$ WQP
u	;A
SUVW
L$ QUV
SUV;
^][+
D$hSVW
Dz#f
D$4j
L$@QV
T$DRV
L$h3
T$t3
d$xf
\$,f
T$$f
\$$f
D$dP
L$DQ
T$`R
D$XP
L$DQ
L$$Wf
QVRf
D$|]
\$p[
L$4UQ
L$LW
D$\P
D$X3
L$dVQ
L$dj
T$LR
D$4WP
L$LWQ
D$PKH
T$LUR
D$TP
L$@Q
T$LR
D$8P
T$XR
D$DP
L$LUQ
;\$(
T$@3
D$LVP
L$(;
T$DR
D$d3
L$pVQ
-@3B
T$dR
D$DP
D$PP
L$HQ
T$@UR
D$@P
L$8Q
D$8P
T$LR
D$DP
L$@UQ
D$8P
\$4Q
;\$(
L$XQW
D$8P
L$<QW
D$hP
L$HQ
T$dR
D$\P
L$HQ
L$ S
\$(U3
WSQVU
_^][
_^][
L$ VQ
D$(Wf
T$4R
D$,P
DzJf
T$ R
l$$UW
L$TR
S QP
Y_^[
l$$+
hT3B
T$ f
T$ U
T$P3
l$(f
l$ V
D$TV
L$HQ
\$ R
D$xWP
T$DR
T$43
D$@WP
L$4VQ
D$|WP
L$xWQ
T$@RPV
L$@Q
D$HPS
D$@PQVS
D$xPW
L$@QRVWW
T$@RPV
L$@QRVPP
L$@QWVPP
T$@R
D$Lf
L$@QRVWW
D$@PQV
D$@PQVW
L$4QRP
T$(3
T$83
t$ f
D$$h
tmVW
D$<VPW
\$(|
D$$+D$
T$ 3
\$8f
L$$Q
L$xQ
T$$;
T$tRQ
T$pRP
T$pV
L$hQP
D$\j
D$<h
h|]B
\$83
\$83
PWVj
\$83
\$PR
=l_B
D$`j
L$xQS
D$`j
D$|QWRPS
QRPS
\$Pf
_^[3
D$0RP
L$$Q
OhQV
T$$RP
L$0SQ
T$ R
D$80
D$H@m@
\$\j
L$8Q
L$tQ
T$hR
D$hP
L$tQ
D$p_^[
D$ 3
\$ _^[
D$ PQW
%PHB
8T$$
|$&8\$%
8T$&t2
@CH^f
t4$U
hh\B
1;0u
9D$
][_^
hDMB
2;1u
WUQP
%p^B
L$,VQ
D$DP
T$8R
Pj j
L$@j
T$$j
t;()f
L$,Q
_^][3
SVWP
hL3B
hP]B
SQPV
Y_^[
hP]B
AzPf
\$83
D$$3
\$<f
D$0j
;t$<s
+D$<
D$8f
D$$hX3B
hPDB
D$P;
T$LPQR
\$0S
T$`QPR
;L$h
;T$d
\$4SV
htHB
D$H@
D$H;D$
\$`3
T$ 3
\$(h
t$0W
\$8h
t$@W
@9t$4
L$ph
T$<+
h|CB
\$,3
D$,W
AuEf
hd7B
hh|\B
D$<V
D$(f
l$(hp
L$,h
T$T3
T$Xf
L$<f
\$$h
T$,W
\$(j
D$@3
\$ V
D$$h
D$TWj
D$,j
\$H3
D$ W
\$`h|\B
T$8VR
D$Pf
\$`h
T$xRW
\$$f
%LDB
T$xRV
/c9h
5`xB
h4CB
j$h4^B
\$ h|\B
L$<PQ
h(1B
L$4f
L$0f
D$Hf
\$8j
|$ W
h|CB
\$Tf
D$$V
D$LVf
\$Hh
\$$f
;58MB
\$ f
DzCf
kimvml
^[_3
_^[]
0WWWWW
X_^]
tG9}
0WWWWW
<$Xf
t	VP
5dyB
=dyB
5dyB
WWWWW
_^[]
WWWWW
SSSSS
VVVVV
VVVVV
SSSSS
Ph@`B
SVW3
t$9}
WWWWW
t)9u
VVVVV
PPPPP
hP`B
SSSSS
SSSSS
QQSVWd
QSVW
WWWWW
h&3A
</u_
</uT
<\tM</tI
t)@8
SSSSS
SSSj
5``B
QSVW
8csm
=XyB
YQPVh
Y__^[
^_[3
0SSSSS
_^[]
t&:a
_VVVVV
SSSSS
80t.
SSSSS
^WWWWW
SQRP
jdRP
PPPPP
Wj0V
SSSSS
SSSSS
|-;E
VVVVV
ueSj
5dyB
5dyB
5dyB
5dyB
@_^[
 VW}
j?^;
Y__^[
35@`B
9csm
h@`B
h@`B
=d`B
VVVVV
PPPPP
<v8V
VVVVV
VVVVV
VVVVV
=d`B
oV f
o^0f
of@f
onPf
ov`f
o~pf
=0~B
WWWWW
VVVVV
~,WPV
98t^
tVPV
t/9U
=DyB
=XfB
j@j ^V
[j@j
WWWWW
<at9<rt,<wt
SSSSS
tVHtG
tEHt1
uF	}
u'	}
>=upF
SSSSS
URPQQh
L$,3
UVWS
[_^]
SVWj
hO	A
_^[]
VVVVV
VVVVV
VVhU
WWWWW
PPPPP
@u^V
, <Xw
t%HHt
HHtXHHt
HHty+
RPSW
90tV
>If90t
WSj0
WSj
@_^]
=MOC
=csm
8csm
9csm
~SSV
j,hH
~@;H
>csm
taSV
YYPV
t)SV
Hu4j
>MOC
s[S;7|G;w
9>u&
tR99u2
r,9Y
@_^[]
hz1A
VVVVV
@SuzP
VVVVV
jdZ;
>]u
^F<-uB
]t7F:
j0^9
<xtX<XtT
`<%u
?%uD
u[SSSP
SSSSS
YY_^[
jd[j
PPPPP
PPPPP
PPPPP
SSSSS
_^[]
Y_^[
Y_^[
S99t
j hH
t+Ht
PPPPP
u,9E
u,9E
WWWWW
5dyB
8csm
t$<"u	3
5PyB
=,yB
5PyB
>=Yt1j
tNVSP
PPPPP
5PyB
%PyB
Y[_^
5,yB
%,yB
>"u&
< tK<	tG
5<yB
5$yB
@@f9
@@f9
SSS+
@PWSS
t!SS
5@`B
5D`B
;5(kB
5(kB
0A@@Ju
5(kB
to=(oB
=hnB
Y_^[]
_^[]
Fpt"
SSSSW
SSSSW
0SSSSS
@PWV
_^[]
PPPPP
WVU3
v	N+D$
_VVVVV
0SSSSS
_^[]
_^[]
0SSSSS
VVVVV
=d`B
VW|[;
=d`B
_^[]
VVVVV
h( B
j@j
hP B
SSSSS
hp B
SSSSS
tGHt.Ht&
^SSSSS
;t0;
8VVVVV
t(9u
SSSSS
SSSSS
ti9]
6f;p
r0f;p
tH9]
6f;H
r0f;H
u!f;
t	9]
SSSSS
SSSSS
tA9]
t_8]
t 9]
SVWUj
]_^[
;t$,v-
UQPXY]Y[
WWWWW
WWWWW
VVVVV
950mB
=0mB
50mB
~%9M
QVj
r 8^
^SSSSS
j"^SSSSS
QSWVj
v	N+D$
WWWWW
@WuyV
WWWWW
[_^]
QQS3
SSSSS
SSSSS
t	;E
VVVVV
VVVVV
SSSSS
YY8]
SSSSS
SSSSS
SSSSS
=PmB
=DmB
t!PV
SSSSS
PSj?
PSj?
SSSSS
>:u8FV
SSSSS
jd_Fj
5HmB
=DmB
5TmB
PPPPP
=PmB
VVVVV
Pf95
PVVRV
Pf954
VVVVVQRSSj
VVVVV
h0!B
VVVVV
VVVVV
VVVVV
u8SS3
9] u
9]$SS
t)9]
t"SS9]
9] u
PPPPPPPP
hP!B
WWWWW
uaVj
5dyB
uL9=
hp!B
wIVSP
5dyB
5dyB
FVSj
5dyB
SSSSS
_^[]
9] SS
;50oB
v$;5LoB
PPPPPPPP
tR:Q
t<:Q
t&:Q
5xoB
r"9U
5xoB
r"9U
9]$u
SSSSS
<+t(<-t$:
+t HHt
VVVVV
VVVVV
u	9p
u	9E
K<5}
;9u
0K;]
SVW3
SSSSS
SSSSS
tl9]
tC9]
Ht$C
CC@@
Ht(f
CC+]
VVVVV
_^[u
VVVVV
VW9]
SSSSS
SSSSS
u99u
VVVVV
SSSSS
SSSSS
5,yB
954yB
5,yB
<8=u
WWWWV
t<Vj
t+WWVPV
WWWWW
<Xt
u+9u
@tH9
SSSSS
SSSSS
QQSV3
=4yB
VVVVj
tCVV
@A;E
SVW3
t{~Bj
t1SW
SSSSS
SSSSS
5,yB
SSSSS
tSj=V
u`9]
5,yB
Y|R9
?sjj
5,yB
5,yB
@Y@P
t\VV
@Y@PW
SSSSS
SSSSS
_^[]
SSSSS
^SSSSS
YY;E
WVQR
SSSSS
h c@
h c@
Delete
NoRemove
ForceRemove
bad allocation
@mqb
string too long
invalid string position
Unknown exception
CorExitProcess
e+000
GAIsProcessorFeaturePresent
KERNEL32
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
UTF-8
UTF-16LE
UNICODE
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
( 8PX
700WP
`h````
xpxxxx
bad exception
.com
.bat
.cmd
.exe
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
 new
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
('8PW
700PP
`h`hhh
xppwpp
WS2_32.dll
DPtoLP
GetDeviceCaps
LPtoDP
SetMapMode
GetMapMode
GdiGetBatchLimit
SetTextCharacterExtra
EndDoc
ExtCreateRegion
GetStockObject
GDI32.dll
MulDiv
CreateProcessA
Process32Next
CloseHandle
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
ExpandEnvironmentStringsA
SetEndOfFile
WaitForSingleObject
CreateEventA
GetModuleFileNameA
Sleep
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSize
CreateFileA
GetModuleHandleA
GetTickCount
GetTempPathA
GetEnvironmentVariableA
CopyFileA
SetFileAttributesA
GetCommandLineA
SetEvent
CreateThread
KERNEL32.dll
CreateIconFromResourceEx
GetMenuItemID
SetSystemCursor
CopyIcon
EndMenu
GetWindowDC
SetWindowTextA
UpdateWindow
InvalidateRect
SetFocus
DefWindowProcA
EndPaint
BeginPaint
CreateWindowExA
MoveWindow
GetWindowRect
GetDesktopWindow
GetTitleBarInfo
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
RegisterClassExA
LoadCursorA
MessageBoxA
USER32.dll
RegCloseKey
RegSetValueExA
RegOpenKeyA
ADVAPI32.dll
CreateStreamOnHGlobal
ole32.dll
OLEAUT32.dll
GetSystemTimeAsFileTime
GetLastError
HeapFree
HeapAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetModuleHandleW
GetProcAddress
ExitProcess
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
SetHandleCount
GetFileType
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetFullPathNameA
GetCurrentDirectoryA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateDirectoryA
[~2S
Y$'A
z)AL
^T`J
h-cc
5Mw:
,4Fh
?%8|
T;U].
CYR# \
T\A:
OBRt30v
7"%[
MHY]>YA
ER4"
VYBw
[wk,F
XN,*
!=*Q
;'KF
t*mb(
3c!<:
ThLX
rpVA
a0IJ`
7WzU.NU
R4]k"
*x+v
B.da2
Cm}b1
o!Ce
_K'^
{Yx7
]`Sg
>o-C
jrcC
sSc'
v&?9oDy"pxM
&*.0
ov/~
$8d(
k63CVAI'
.VS.
'j$K
Gwu^
jng(c
--Ly
K/x}
@)2~
L/OR
Q+r<
3IJk[
ef1;
UfK.b
[Q}
|aQ$z
uB^)f
DN<b
d[Xn)
Dih;,
<:D!
xRupg
r^&;
Rt#1
6)9j
JcQ&Fp
psqqi
!MH)
a9Ms3
QA&SRM
S&$i
{4!:o
0K!n
0+#=
`gos
\2>m.
WyvE
BJK6 }
Ozv*
q/)n
2C1"
rv9`
f	VYkk
LU=lUt
4c"=
yc#[7Z
~l2l
0)96
]hsr.
f!v(
7;~'
,#Va
r+HN9N9
l_ON6
pn9s
7e&1f2
>\T1(.*D,
IE%Z
:T.J
p@xe8
^#9z
@ZNE
bM">
0I4WT
!$y+
v5\v
p;Lh
5	v<k
A?bx
6Fd\
?t54
F3B!#
f^tq
h;)s
7lx~
W]-&t`
f#6&
o|I]b
@o@XZ
	t+^{
8*H_K6
!+YL
~-u$_
8%S|h
#8VKph_~
G3gf
JuSSE
ugmo
&OGp
e)D}8{G
0!M\x
Lb/b
%g2R<Gm
I;o
!E%$
eC-,Vx)^
Sq"	0
t)4m
kZq;
BT4U
c)}>
=;DqqY
#u'r2t
C	&7
wo0S
}`Af
\h\*
{jEB
bj8/:
DTf{'e
l^#k
b5vm
+,7
=7nw
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
kU'9
HMXB
?Zd;
?/L[
S;uD
z?aUY
D?$?
U>c{
zc%C1
.:3q
-64OS
NKeb