Sample details: 2a6983bde8843fdccf2425090c38a475 --

Hashes
MD5: 2a6983bde8843fdccf2425090c38a475
SHA1: e3dd06a0f98484ff7f29e58f74520cc409d4cfc8
SHA256: 18cb22841a89bc55c98aeefe18ecc7dacf71b03014af132f3aac6bf3220187d7
SSDEEP: 3072:8XWbmc+bQOfWUXV42nqZbgzE6jQg2X9zP/lGWu2x5+zt3YhrL:8mbtCQOfWsV42nqZczFQ1X9zP/lGWu2l
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Browsers | YRP/Sandboxie_Detection | YRP/VirtualBox_Detection | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/ThreadControl__Context | YRP/antisb_sandboxie | YRP/antivm_vmware | YRP/disable_dep | YRP/inject_thread | YRP/network_dropper | YRP/escalate_priv | YRP/keylogger | YRP/sniff_audio | YRP/cred_ff | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API |
Source
http://limedentsoffer.xyz/hgdskfkydfdgfvdgfvladfhdlfvdjlfvdljvhafvhjvfblfvhlavlvvjhvlvasjvljvhjhvhlablvlh/tech.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
tahd6A
tl9~<tg
8F8t{8
F@;F<r
8^9uu8
9>t'WW
 8^<u#
W8^=tqj
W8^<tm
#twHt`HtIHt2Ht
Bt`HtIHt2Ht
vtdHtPHt<Ht(Ht
tTIt=It,It
t=It,It
t]ItIIt2It
t<It(It
2twHt`HtIHt2Ht
gtaHtMHt9Ht)Ht
uD8^-u
utCHt.
t3Jt(Jt Jt
HHt4Ht
HHt4Ht
Bt'Husj
VWVPhH?A
VPhLAA
SPh<AA
t#hlEA
YSSSh0 A
YYPht8A
VWhLFA
OttOt0Ot
WPhh7A
PQhh7A
u$WVVVV
YYPht8A
[<3u1S
YSSSSSSSj
t VVVj
SbieDll.dll
HARDWARE\ACPI\DSDT\VBOX__
PROCMON_WINDOW_CLASS
PROCEXPL
invalid vector<T> subscript
%Y-%m-%d %H.%M
FreeFrame
GetFrame
CloseCamera
OpenCamera
[DataStart]
%02i:%02i:%02i:%03i [INFO] 
KeepAlive Enabled! Timeout: %i seconds
%02i:%02i:%02i:%03i [KeepAlive] 
Timeout changed to %i
Disabled.
Timeout expired, resetting connection.
CloseChat
GetMessage
DisplayMessage
eventvwr.exe
origmsc
mscfile\shell\open\command
RtlGetNtVersionNumbers
Software\Classes\mscfile\shell\open\command
[INFO]
Uploading file to C&C: 
Offline Keylogger Started
{ User has been idle for 
 minutes }
Online Keylogger Started
Online Keylogger Stopped
Offline Keylogger Stopped
{ %04i/%02i/%02i %02i:%02i:%02i - 
 [F7] 
 [F8] 
 [F9] 
 [F10] 
 [F11] 
 [F12] 
 [F6] 
 [Del] 
 [F1] 
 [F2] 
 [F3] 
 [F4] 
 [F5] 
 [Print] 
 [End] 
 [Start] 
 [Left] 
 [Up] 
 [Right] 
 [Down] 
 [PagDw] 
 [BckSp] 
 [Tab] 
 [Enter] 
 [Pause] 
 [Esc] 
 [PagUp] 
 [Ctrl + V]
[Following text has been pasted from clipboard:]
[End of clipboard text]
 [Ctrl + 
 [LCtrl] 
 [RCtrl] 
[Following text has been copied to clipboard:]
[End of clipboard text]
[Chrome StoredLogins found, cleared!]
[Chrome StoredLogins not found]
UserProfile
\AppData\Local\Google\Chrome\User Data\Default\Login Data
[Chrome Cookies found, cleared!]
[Chrome Cookies not found]
\AppData\Local\Google\Chrome\User Data\Default\Cookies
[Firefox StoredLogins cleared!]
\key3.db
\logins.json
[Firefox StoredLogins not found]
\AppData\Roaming\Mozilla\Firefox\Profiles\
[Firefox cookies found, cleared!]
\cookies.sqlite
[Firefox Cookies not found]
[IE cookies cleared!]
[IE cookies not found]
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Cookies
[Cleared all cookies & stored logins!]
FunFunc
EXEpath
Userinit
C:\WINDOWS\system32\userinit.exe
explorer.exe
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
 (32 bit)
 (64 bit)
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Remcos_Mutex_Inj
Software\
licence_code.txt
SetProcessDEPPolicy
Shell32
IsUserAnAdmin
GetComputerNameExW
IsWow64Process
kernel32
kernel32.dll
GlobalMemoryStatusEx
GetModuleFileNameExW
Kernel32.dll
Psapi.dll
GetModuleFileNameExA
SETTINGS
C:\Windows\System32\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
GetDirectListeningPort
StopReverse
StopForward
StartReverse
StartForward
fwdsocks
Mutex_RemWatchdog
[regsplt]
Shlwapi.dll
SHDeleteKeyA
Disconnected. Retrying connection...
2.0.2 Pro
Connected to C&C!
Initializing connection to C&C...
SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinSAT
PrimaryAdapterString
Unable to rename file!
Unable to delete: 
Deleted file: 
Failed to download file: 
Downloaded file: 
Downloading file: 
[ERROR]
Failed to upload file: 
Uploaded file: 
Executing file: 
Viewing directory: 
PowrProf.dll
SetSuspendState
subsplt
wndsplt
SeShutdownPrivilege
ntdll.dll
NtUnmapViewOfSection
User32.dll
GetCursorInfo
DISPLAY
GetLastInputInfo
%02i:%02i:%02i:%03i 
abcdefghijklmnopqrstuvwxyz
cmd.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall
TileWallpaper
WallpaperStyle
Control Panel\Desktop
Remcos
GetConsoleWindow
MsgWindowClass
 * Breaking-Security.Net
 * REMCOS v
CONOUT$
CreateThread
GetModuleHandleA
ExitThread
CloseHandle
WriteFile
CreateFileW
CreateDirectoryW
WaitForSingleObject
CreateEventA
GetLocalTime
HeapFree
HeapCreate
SetEvent
GetProcAddress
LoadLibraryA
FindNextFileW
FindFirstFileW
lstrlenA
GetDriveTypeA
ReadFile
SetFilePointer
GetFileSize
FindClose
TerminateThread
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
MapViewOfFileEx
CreateFileMappingA
GetLastError
DeleteFileA
FindNextFileA
FindFirstFileA
ExpandEnvironmentStringsA
CopyFileW
GetModuleFileNameW
GetLongPathNameW
CreateMutexA
OpenMutexA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
CreateProcessA
OpenProcess
GetCurrentProcessId
lstrcatW
GetTempFileNameW
GetTempPathW
TerminateProcess
GetTickCount
GetLogicalDriveStringsA
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualAlloc
CreateProcessW
GlobalFree
LocalAlloc
PeekNamedPipe
GetStdHandle
CreatePipe
DuplicateHandle
GetCurrentThread
lstrcpynA
GetModuleFileNameA
ExitProcess
AllocConsole
KERNEL32.dll
FindWindowA
DispatchMessageA
TranslateMessage
GetMessageA
GetKeyboardLayout
SetWindowsHookExA
CallNextHookEx
GetKeyState
GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
ExitWindowsEx
MessageBoxW
GetKeyboardLayoutNameA
GetWindowThreadProcessId
ShowWindow
CloseWindow
IsWindowVisible
GetWindowTextW
EnumWindows
DrawIcon
GetIconInfo
SendInput
SystemParametersInfoW
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
USER32.dll
GetDIBits
GetObjectA
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GDI32.dll
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
OpenSCManagerA
StartServiceW
OpenSCManagerW
ControlService
QueryServiceStatus
ChangeServiceConfigW
GetUserNameW
ADVAPI32.dll
ShellExecuteW
ShellExecuteExA
Shell_NotifyIconA
ExtractIconA
SHELL32.dll
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
MSVCP60.dll
PathFileExistsW
PathFileExistsA
StrToIntA
SHLWAPI.dll
_except_handler3
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??2@YAPAXI@Z
strftime
localtime
__CxxFrameHandler
_EH_prolog
malloc
strncmp
printf
wcscmp
tolower
sprintf
toupper
getenv
_wgetenv
wcslen
wcscpy
_wrename
_wsystem
swprintf
wcscat
freopen
MSVCRT.dll
??1type_info@@UAE@XZ
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
waveInStart
waveInOpen
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInClose
waveInStop
WINMM.dll
WS2_32.dll
URLDownloadToFileW
URLOpenBlockingStreamW
urlmon.dll
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdipSaveImageToFile
gdiplus.dll
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
WININET.dll
GetStartupInfoA
.?AVexception@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
UU{LL~57
UU{SStQQfppy
UU{UU{BD
y^_fccgeee
eeeccfeee
ssseee
qomkihkih
QPO*))221`_^Z]r4<
>>>KKKTTTXXX
JJIZYY]d
[\gtrq
SSSaaammmrrrsss
~}_]\EDC
555===NNNUUUTTT
ZYXBA@/..
***,,,<<<<<<
III...555
p9c24_t
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGX