Sample details: 7e566084b5e0cea252924cd80e1d5cde --

Hashes
MD5: 7e566084b5e0cea252924cd80e1d5cde
SHA1: 0aee604e78e4b2c79f565c6c721cbd16dc0ea4fd
SHA256: 7ab743b5cac150344f35f8e5ac93f5662f84b590b4c69803acfa6791d89fcb30
SSDEEP: 3072:aA/OXlQoCsmbZTCYN5G2Lkh/rAmkaGF7B5WNftEV:86TC2LkhzHihyTm
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/anti_dbg | YRP/inject_thread | YRP/escalate_priv | YRP/screenshot | YRP/win_token | YRP/win_files_operation | YRP/win_hook | YRP/MALW_trickbot_bankBot | YRP/Str_Win32_Winsock2_Library |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.SHARDAT
@.reloc
` AUAVAWH
A_A^A]
UATAUAVAWH
A_A^A]A\]
h UAVAWH
UATAUH
x UATAUH
\$\+D$p
D$d9\$`|
\$`+D$t
L$h+L$`
L$h+L$`
UATAUAVAWH
A_A^A]A\]
|$ ATAUAVH
A^A]A\
WATAUAVAWH
L$@+L$8
A_A^A]A\_
L$X+T$T+L$PH
|$ UATAUAVAWH
L$`+T$\+L$XL!d$ A
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
|$ ATH
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUH
 A]A\_^]
UATAWH
tb9\$Dt\
|$@TS5Tu
|$@LliKu
T$89W@}1
D$<9GD}(9WH~#9GL~
ATAUAVH
 A^A]A\
WATAUAVAWH
@A_A^A]A\_
t$ WATAUH
WATAUAVAWH
A_A^A]A\_
ATAUAVH
fD9t$b
A^A]A\
x ATAUAVH
< tG<	tC
 A^A]A\
Hct$@H
s\HcL$HH
fffffff
fffffff
WATAUAVAWH
0A_A^A]A\_
LcA<E3
@SUVWATAUAVH
PA^A]A\_^][
UVWATAUH
D$&8\$&t-8X
@A]A\_^]
@UATAUAVAWH
!t$(H!t$ A
A_A^A]A\]
@UATAUAVAWH
A_A^A]A\]
x ATAUAWH
A_A]A\
D8d$Ht
@SUVWH
UATAUAVAWH
gfffffffH
A_A^A]A\]
@8|$8t
@8t$8t
@SUVWH
@SUVWATH
A\_^][
@USVWH
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
`A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
x ATAUAWH
A_A]A\
bad allocation
Unknown exception
CorExitProcess
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Default
WinSta0\AlterDesk01
 -new -noframemerging http://www.google.com
Chrome_WidgetWin
 --allow-no-sandbox-job --no-sandbox --disable-3d-apis --disable-accelerated-layers --disable-accelerated-plugins --disable-audio --disable-gpu --disable-d3d11 --disable-accelerated-2d-canvas
MozillaWindowClass
 -safe-mode
 taskschd.msc
 /K schtasks |more
SysListView32
kernel32.dll
CreateProcessA
IE.HTTP\shell\open\command
EDGE\shell\open\command
\shell\open\command
ChromeHTML
FirefoxHTML
\mmc.exe
\cmd.exe
\explorer.exe
\Microsoft Office\Office16\outlook.exe
\Microsoft Office\Office15\outlook.exe
\Microsoft Office\Office14\outlook.exe
\Microsoft Office\Office12\outlook.exe
\Microsoft Office\Office11\outlook.exe
Explorer
Internet Explorer
Chrome
Firefox
Outlook office
Windows Sheduler (MMC)
Windows Sheduler (Console)
MainDskWindow
Desktop
c:\windows\explorer.exe
TaskDskWindow
SysShadow
#32768
ToolbarWindow32
Restore
Kill process
TEST.TEMP:
Listen
user32.dll
GetDpiForWindow
Intermediate Software Window
Static
Button
AddressDisplay Control
SYSTEM
WinSta0
SeTcbPrivilege
AlterDesk01
188.209.52.183
1#QNAN
1#SNAN
D:\Projects\MMVNC.PROXY\VNCSRV\x64\Release_minsize\VNCSRV.pdb
WaitForSingleObject
OpenProcess
ReadProcessMemory
FindFirstFileA
VirtualAllocEx
FindClose
FindNextFileA
GetCurrentThreadId
CloseHandle
WriteProcessMemory
CreateThread
GetProcAddress
LoadLibraryA
OpenFile
TerminateProcess
GetModuleHandleA
SwitchToThread
lstrcmpiA
FreeLibrary
SetEvent
GetCurrentThread
VirtualFree
TerminateThread
CreateEventA
SetThreadPriority
GetLastError
SetLastError
VirtualAlloc
GetVersionExA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
ExitProcess
SetPriorityClass
GetCurrentProcess
GetExitCodeThread
SetThreadIdealProcessor
KERNEL32.dll
GetWindowThreadProcessId
FindWindowExW
SetThreadDesktop
GetDesktopWindow
SendMessageA
GetThreadDesktop
OpenDesktopA
UpdateWindow
PostMessageA
ShowWindow
CreateWindowExA
InvalidateRect
CloseDesktop
SetParent
TrackPopupMenu
GetClassNameA
EnumDesktopWindows
SetMenuItemInfoA
InsertMenuA
DispatchMessageA
CreatePopupMenu
TranslateMessage
GetMessageA
RegisterClassA
SetClipboardViewer
LoadCursorA
OpenClipboard
DefWindowProcA
ChangeClipboardChain
GetClipboardData
PostQuitMessage
CloseClipboard
IsWindow
SetWindowPos
GetWindowLongA
BringWindowToTop
SetWinEventHook
GetWindowTextA
GetWindowPlacement
GetIconInfo
UnhookWinEvent
GetParent
SetForegroundWindow
IsZoomed
NotifyWinEvent
IsIconic
GetWindowRect
ScreenToClient
SetWindowPlacement
GetWindow
PrintWindow
IsWindowVisible
EnumChildWindows
RedrawWindow
ReleaseDC
GetClassNameW
GetWindowDC
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SetClipboardData
CloseWindow
EmptyClipboard
GetAncestor
WindowFromPoint
ChildWindowFromPointEx
PostMessageW
GetSystemMetrics
OpenWindowStationA
CreateDesktopA
SetProcessWindowStation
USER32.dll
GetPixel
CreateCompatibleDC
SelectObject
DeleteObject
CreateBitmap
GetDIBits
StretchBlt
DeleteDC
BitBlt
GDI32.dll
RegGetValueA
RegEnumKeyA
OpenProcessToken
OpenThreadToken
GetTokenInformation
LookupAccountSidA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges
ADVAPI32.dll
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractAssociatedIconA
SHGetSpecialFolderPathA
ExtractIconExA
SHELL32.dll
CoUninitialize
CoInitialize
ole32.dll
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Create
COMCTL32.dll
GetModuleFileNameExA
PSAPI.DLL
UuidToStringA
UuidCreate
RpcStringFreeA
RPCRT4.dll
GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipCloneBitmapAreaI
GdipCreateBitmapFromGdiDib
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
gdiplus.dll
WSAWaitForMultipleEvents
WSAResetEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecv
WS2_32.dll
HeapAlloc
HeapFree
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
RaiseException
RtlPcToFileHeader
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
RtlUnwindEx
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
vncsrv.dll
Control
FreeBuffer
NetServerStart
NetServerStop
Release
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AV?$CTwoWayList@VCDeskFilesInfo@@@@
.?AVCDeskFilesInfo@@
.?AV?$CTwoWayList@VCTaskInfo@@@@
.?AVCTaskInfo@@
.?AV?$CTwoWayList@X@@
.?AUIUnknown@@
.?AUISequentialStream@@
.?AUIStream@@
.?AVCMemStream@@
.?AVGdiplusBase@Gdiplus@@
.?AVImage@Gdiplus@@
.?AVBitmap@Gdiplus@@
.?AV?$CTwoWayList@VCRfbChrome@@@@
.?AVCRfbChrome@@
.?AV?$CTwoWayList@VCZOWnd@@@@
.?AVCZOWnd@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
<moduleconfig><needinfo name="id"/><needinfo name="ip"/></moduleconfig> s