Sample details: 355e69ce92ed7da7981e1f4447143c58 --

Hashes
MD5: 355e69ce92ed7da7981e1f4447143c58
SHA1: 9b35900fa60ceb5e2be4294389332da7ad38c149
SHA256: 1c921f8a5e79ebc39d649833e688693d8406812cc0f3ba52688daf81861f973b
SSDEEP: 3072:hs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/N/Fnncrd5971cP:hDeM7iNEkgiOb31k1ECJJy5Jy
Details
File Type: PE32
Added: 2018-06-22 18:15:02
Yara Hits
YRP/Dev_Cpp_v5_additional | YRP/Dev_Cpp_v5 | YRP/DevCv5 | YRP/IsPE32 | YRP/IsConsole | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/network_dns | YRP/Big_Numbers1 | YRP/Advapi_Hash_API | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!This program cannot be run in DOS mode.
P`.data
.rdata
0@.bss
.edata
0@.idata
.reloc
u	QQhd
t[QQVP
3QQj4j
VSQRPh 
t'QQhh0B
u0PPShz
:/tbPPj/R
uMPPRj
@RRj?P
8[uqQQj%P
u!PPh?
w&RPh|
4$SPhO
B8QQPR
VSPPjhj
t/Pj8VS
t?PPVh
FXRj.SP
<Ste<E
<itk<ntA<g
7<utK<x
3PPj`j
\PPj;S
u7PPhb
u6PPhb
Bu'@u$
u6PPhb
u_PPj S
^dPSQV
t*QPRh
t"RRPS
|QQj:V
WWhH	B
SShs	B
u	WWhu
t	PPhw
<\tI<]
u;PPhB
t)PPhE
;/tD;]
RPVSh7
RPVShN
wPPj/S
@PPj/S
G|u'VVj
WtSRPW
4$SPhd
(90u!Qj
SShD!B
libgcj_s.dll
_Jv_RegisterClasses
ma num wa rifaien yanje v1.0
rifaien2-%s.exe
ma num wa gyen orn hyzik %s en exec ween NODE%i
NODE%i
file[]
submit
http://wecan.hasthe.technology/upload
curl_easy_perform() failed: %s
ma au ga rre gyaje weel
[[UNIQUE]]
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
CONNECT_ONLY is required!
Failed to get recent socket
easy handle already used in multi handle
------------------------%08x%08x
; filename="%s"
Content-Type: multipart/form-data
%s; boundary=%s
Content-Disposition: form-data; name="
Content-Type: multipart/mixed; boundary=%s
Content-Disposition: attachment
Content-Type: %s
couldn't open file "%s"
--%s--
--%s--
application/octet-stream
image/gif
image/jpeg
text/plain
text/html
application/xml
No error
Unknown error %d (%#x)
%255[^:]:%d:%255s
/etc/ssl/certs/ca-certificates.crt
no_proxy
NO_PROXY
_proxy
http_proxy
all_proxy
ALL_PROXY
socks5h
socks5
socks4a
socks4
[%*45[0123456789abcdefABCDEF:.]%c
;type=%c
%s://%s%s%s:%hu%s%s%s
Port number out of range
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
%15[^:]:%[^
:]://%[^
/?]%[^
/?]%[^
<url> malformed
Protocol %s not supported or disabled in libcurl
%s://%s
memory shortage
anonymous
ftp@example.com
%I64u-
identity
Set-Cookie:
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
<no protocol>
In state %d with no easy_conn, bail out!
Resolving timed out after %ld milliseconds
Connection timed out after %ld milliseconds
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
unknown
#HttpOnly_
%s%s%s	%s	%s	%s	%I64d	%s	%s
%1023[^;
 =]=%4999[^;
secure
httponly
domain
version
max-age
expires
Set-Cookie:
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# Fatal libcurl error
Header
[%s %s %s]
Write callback asked for PAUSE when not supported!
Failed writing body (%zu != %zu)
Failed writing header
Recv failure: %s
Send failure: %s
sa_addr inet_ntop() failed with errno %d: %s
Couldn't bind to interface '%s'
Couldn't bind to '%s'
getsockname() failed with errno %d: %s
bind failed with errno %d: %s
Connection time-out
getpeername() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
Failed to connect to %s port %ld: %s
0123456789abcdefghijklmnopqrstuvwxyz
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
%d.%d.%d.%d
Avoided giant realloc for header (max is %d)!
Failed to alloc memory for big header!
The requested URL returned error: %d
Empty reply from server
Invalid TIMEVALUE
%s, %02d %s %4d %02d:%02d:%02d GMT
If-Modified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Content-Type:
Content-Length
Connection
Expect:
100-continue
Expect: 100-continue
Digest
Proxy-authorization:
Authorization:
Proxy-
%sAuthorization: Basic %s
User-Agent:
Referer:
Referer: %s
Cookie:
Accept-Encoding:
Accept-Encoding: %s
Transfer-Encoding:
chunked
Chunky upload is not supported by HTTP 1.0
Transfer-Encoding: chunked
Host: %s%s%s
Host: %s%s%s:%hu
ftp://
;type=
;type=%c
Accept:
Accept: */*
Could not seek stream
Could only read %I64d bytes from the input
File already completely uploaded
Range:
Range: bytes=%s
Content-Range:
Content-Range: bytes 0-%I64d/%I64d
Content-Range: bytes %s%I64d/%I64d
Content-Range: bytes %s/%I64d
ftp://%s:%s@%s
Proxy-Connection:
Proxy-Connection: Keep-Alive
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
Cookie: 
%s%s=%s
Content-Length: 0
Failed sending POST request
Internal HTTP POST error!
Content-Length:
Content-Length: %I64d
Could not get Content-Type header line!
Failed sending PUT request
Content-Type: application/x-www-form-urlencoded
Failed sending HTTP POST request
Failed sending HTTP request
 HTTP/%d.%d %3d
 HTTP %3d
 RTSP/%d.%d %3d
The requested URL returned error: %s
Maximum file size exceeded
Server:
keep-alive
Connection:
identity
deflate
x-gzip
compress
x-compress
Content-Encoding:
Set-Cookie:
Last-Modified:
WWW-Authenticate:
Proxy-authenticate:
Location:
%08x%08x%08x%08x
%s:%s:%s
%s:%.*s
auth-int
d41d8cd98f00b204e9800998ecf8427e
%s:%s:%08x:%s:%s:%s
Proxy-
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", cnonce="%s", nc=%08x, qop=%s, response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", response="%s"
%s, opaque="%s"
%s, algorithm="%s"
Digest
opaque
algorithm
MD5-sess
Connection time-out
SOCKS5: no connection here
SOCKS5: connection timeout
SOCKS5: error occurred during connection
Unable to send initial SOCKS5 request.
SOCKS5 nothing to read
SOCKS5 read timeout
SOCKS5 read error occurred
Unable to receive initial SOCKS5 response.
Received invalid version in initial SOCKS5 response.
Failed to send SOCKS5 sub-negotiation request.
Unable to receive SOCKS5 sub-negotiation response.
User was rejected by the SOCKS5 server (%d %d).
SOCKS5 GSSAPI per-message authentication is not supported.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable.
Undocumented SOCKS5 mode attempted to be used by server.
Failed to resolve "%s" for SOCKS5 connect.
Failed to send SOCKS5 connect request.
Failed to receive SOCKS5 connect request ack.
SOCKS5 reply has wrong version, version should be 5.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)
%hu.%hu.%hu.%hu
Failed to resolve "%s" for SOCKS4 connect.
Too long SOCKS proxy name, can't use!
Failed to send SOCKS4 connect request.
Failed to receive SOCKS4 connect request ack.
SOCKS4 reply has wrong version, version should be 4.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
%s:%hu
CONNECT
%s%s%s:%hu
Host: %s
Proxy-Connection:
Proxy-Connection: Keep-Alive
User-Agent:
CONNECT %s HTTP/%s
%s%s%s%s
Failed sending CONNECT to proxy
Proxy CONNECT aborted due to timeout
Proxy CONNECT aborted due to select/poll error
Proxy CONNECT aborted
Proxy CONNECT followed by %zd bytes of opaque data. Data ignored (known bug #39)
WWW-Authenticate:
Proxy-authenticate:
Content-Length:
Connection:
chunked
Transfer-Encoding:
HTTP/1.%d %d
Received HTTP code %d from proxy after CONNECT
%%%02X
machine
password
_netrc
%s%s%s
%5I64d
%4I64dk
%2I64d.%0I64dM
%4I64dM
%2I64d.%0I64dG
%4I64dG
%4I64dT
%4I64dP
--:--:--
%2I64d:%02I64d:%02I64d
%3I64dd %02I64dh
%7I64dd
Callback aborted
** Resuming transfer from byte position %I64d
  %% Total    %% Received %% Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
%3I64d %s  %3I64d %s  %3I64d %s  %s  %s %s %s %s %s
zDOperation too slow. Less than %ld bytes/sec transferred the last %ld seconds
Maximum (%ld) redirects followed
%15[^?&/:]://%c
No URL set!
seek callback returned error %d
ioctl callback returned error %d
necessary data rewind wasn't possible
operation aborted by callback
Read callback asked for PAUSE when not supported!
read function returned funny value
select/poll returned error
HTTP server doesn't seem to support byte ranges. Cannot resume.
Failed writing data
%s in chunked-encoding
Failed to alloc scratch buffer!
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
transfer closed with %I64d bytes remaining to read
transfer closed with outstanding read data remaining
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]
%02d:%02d:%02d
%02d:%02d
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
0123456789
%c%c==
%c%c%c=
%c%c%c%c
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Bad content-encoding found
Out of memory
Too long hexadecimal number
Illegal or missing hexadecimal sequence
Malformed encoding found
Write error
survivalist.exe
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
ExitProcess
ExpandEnvironmentStringsA
FormatMessageA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersionExA
SetLastError
SetUnhandledExceptionFilter
SleepEx
_strdup
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_isctype
_onexit
_pctype
_setmode
_stati64
_stricmp
_strnicmp
_sys_nerr
atexit
calloc
fclose
fflush
fprintf
fwrite
getenv
gmtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
realloc
setlocale
signal
sprintf
sscanf
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strrchr
strstr
strtol
strtoul
tolower
wcstombs
WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getpeername
getsockname
getsockopt
ioctlsocket
select
setsockopt
socket
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
WS2_32.DLL
0(0Q0X0]0g0y0
3'383>3W3l3
4%4^4g4w4
5$545?5J5f5
6	6&6p6
;;;\;};
>%>)>/>3>9>=>C>G>M>Q>
?%?D?J?S?Y?_?
F0`0t0
5>5\5q5
5-6R6r6
7)8;8J8a8
2'2L2v2
=:>-?|?
98:P:p:
=7=M=e=
?E?K?~?
0%0P0]0
1+2C2V2i2t2
7 8A8b8
9(9I9j9
;#;E;u;
>,>>>P>b>t>
2A2\2w2
6>7D7Y7e7|7
::;U;t;
;*<4<><N<
3[469|=
8*878X8e8
:(:2:=:E:X:b:g:r:
6%6;6d6j6|6
:4:K:X:
<!<4<V<s<
>Q?X?]?d?
7?7r8[:t:*=
0%0.3U3
858G8T8y8
9M9n9t9
;&;A;\;w;
9;:G:^:q:
364A4i4r4{4R5]5
686F6y6
:2;C;N;V;g;o;
E0k0{0
9)989J9n9
:;;Q;Z;c;
;9<><k<p<
?$?H?]?
1 2)3C3^3y3
5%6H6l6
7G8Z8~8
8#9@9a9
:T:b:S;
<#<2<S<n<x<
=7=L=i=
%1C1O1T1Y1x1
5,5D5W5
9<:Q:F;z;
4 434H4X4i4n4u4
5(5P5a5
6/7$9r9
:):.:A:F:m:r:
<^<5=Y=o=
>4>]>q>
6;6V6S;
2A2g2|2
3.484g4
5/647Z7f7
8?9n9u9~9
:C:R:|:
4!4(4/464=4
;";A;w;
<*<:<J<Z<j<z<
=R=Z=d=l=y=
>:>B>O>Z>
3O3j3}3
3-5?5M5U5
:":2:B:R:b:r:
;";2;B;R;b;r;
<"<2<B<R<b<r<
="=2=B=R=b=r=
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3
7L7T7X7\7`7d7h7l7p7t7x7
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
? ?$?(?,?
t6x6|6
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
< <$<d<h<l<p<t<x<|<
1 1014181