Static Analysis

PE Compile Time

2011-03-15 06:06:07

PE Imphash

8abecba2211e61763c4c9ffcaa13369e

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.XPack0 0x00001000 0x00004000 0x00003200 3.89300187716
.rsrc 0x00005000 0x00001000 0x00000800 1.43890767994
.XPack 0x00006000 0x00002000 0x00001600 7.75291225977

Imports

Library MFC42.DLL:
0x403050 None
0x403054 None
0x403058 None
0x40305c None
0x403060 None
0x403064 None
0x403068 None
0x40306c None
0x403070 None
0x403074 None
0x403078 None
0x40307c None
0x403080 None
0x403084 None
0x403088 None
0x40308c None
0x403090 None
0x403094 None
0x403098 None
0x40309c None
0x4030a0 None
0x4030a4 None
0x4030a8 None
Library MSVCRT.dll:
0x4030b0 _adjust_fdiv
0x4030b4 __p__commode
0x4030b8 __p__fmode
0x4030bc __set_app_type
0x4030c0 _except_handler3
0x4030c4 _controlfp
0x4030c8 __setusermatherr
0x4030cc _initterm
0x4030d0 __getmainargs
0x4030d4 _acmdln
0x4030d8 exit
0x4030dc _XcptFilter
0x4030e0 _exit
0x4030e4 _beginthread
0x4030e8 rand
0x4030ec fgetc
0x4030f0 fputc
0x4030f4 fwrite
0x4030f8 rename
0x4030fc fopen
0x403100 fseek
0x403104 fread
0x403108 fclose
0x40310c _stat
0x403110 __CxxFrameHandler
0x403114 _mbscmp
Library KERNEL32.dll:
0x403000 GetCurrentThread
0x403004 GetCurrentProcess
0x403008 SetPriorityClass
0x40300c lstrcatA
0x403010 lstrcpyA
0x403018 GetShortPathNameA
0x40301c GetModuleFileNameA
0x403020 GetFileAttributesA
0x403024 DeleteFileA
0x403028 SetFileAttributesA
0x40302c GetSystemDirectoryA
0x403030 WaitForSingleObject
0x403034 CreateProcessA
0x403038 Sleep
0x40303c GetLogicalDrives
0x403040 GetModuleHandleA
0x403044 GetStartupInfoA
0x403048 SetThreadPriority
Library USER32.dll:
0x403128 LoadIconA
0x40312c MessageBoxA
Library SHELL32.dll:
0x40311c ShellExecuteExA
0x403120 SHChangeNotify
This is a Win32 program.
.XPack0
.XPack
VWh0@@
L$dh0@@
D$8j8P
t\h0@@
j0h`@@
L$0][d
SVWjeP
D$Ph0@@
L$Hj8Q
MFC42.DLL
__CxxFrameHandler
fclose
rename
fwrite
_beginthread
_mbscmp
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
MessageBoxA
LoadIconA
USER32.dll
SHChangeNotify
ShellExecuteExA
SHELL32.dll
> nul
/c del
COMSPEC
\Zombie.exe
?
WINDOWS
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
MessageBoxA
LoadIconA
USER32.dll
SHChangeNotify
ShellExecuteExA
SHELL32.dll
KERNEL32.DLL
GetProcAddress
LoadLibraryA
VirtualProtect
not found
USER32.DLL
MessageBoxA
;6U8ml
&c3+<0
o<i>@;
4W5Gg
kzC]qQ
hOpPS
m~1mj:mw(g
.F>eCI
{G+01k:'G
e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml
adbbca
adbbca
TR{voT
debgef
hkjTR~
kejj_i
{voTib
t~yyzfd
pdbdf_bd_cf
cklbilde`ccbbfhk
pdbdf_bd_cf
cklbilde`cbgkihf
pdbdf_bd_cf
cklbilde`cbgkigj
pxssss~
sssv|ssssu
v~sssswssss{
ssssybs
tbsufs
tgsy{s
ssssswssss
ssstwsssss
adbbbabka
adbbcacba
UTRapn
adbbcabfa
dghTRapn
{oTTpn
adbbbabka
TRapna
adbbcabfa
dghTRapnv
fb_dicd_b
eebTpn}
psswss
adbbca
adbbca
TR{voT
debgef
hkjTR~
kejj_i
{voTib
t~yyzfd
pdbdf_bd_cf
cklbilde`ccbbfhk
pdbdf_bd_cf
cklbilde`cbgkihf
pdbdf_bd_cf
cklbilde`cbgkigj
pxssss~
sssv|ssssu
v~sssswssss{
ssssybs
tbsufs
tgsy{s
ssssswssss
ssstwsssss
adbbbabka
adbbcacba
UTRapn
adbbcabfa
dghTRapn
{oTTpn
adbbbabka
TRapna
adbbcabfa
dghTRapnv
fb_dicd_b
eebTpn}
psswss
556__Connections.provxml
rWfceWU
WtsB?q
sB?UUq
WsB?UUUUq
WsB?UUUUUUq
WsB?UUUUUUUUq
WUdsB?UUUUUUqd
sB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
gbffhlbi
fnmbhh
kjljfj
WUdsB?UUUUqd
sB?UUqd
rWfceWU
WtsB?q
sB?UUq
WsB?UUUUq
WsB?UUUUUUq
WsB?UUUUUUUUq
WUdsB?UUUUUUqd
sB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
gbffhlbi
fnmbhh
kjljfj
WUdsB?UUUUqd
sB?UUqd
refcount.ini
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9;A
217__Connections.provxml
nSb_aSQ
Spo>;m
o>;QQm
So>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQm`
nSb_aSQ
Spo>;m
o>;QQm
So>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQm`
BCD.LOG
Autologon64.exe
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
BCD.LOG
3334G533333
333333y
333S3333
33333334333333333333333
3333333333333333333
3d33333,
3<373"
733334333333333
3k3i3\333s3
3f3e3a3
3_3`3e3d3k3d3j333K3
3d33333,
f3s3<373"
5333;333333333333333
3f333I3
3<373"
5333:3333333333333333333t3
333O333
333O3334333O333`3333333
333D3336333
C3333vm
33y3a3a3
3k3i3\3
3W3v3m3
3k3i3\3
3x3C333833
333O333>33
333633
3333333
333<33
33373333R333`333
3`3d3`3h3`3e3d3`3j3e3f3h3c3k3f3k3c3`3f3d3e3l3g3d3l3l3g3`3e3f3g3e3d3h3g3i3k3d3`3d3c3c3d333333333l333d
3333{333
333333
U3333333333333333
3334G533333
333333y
333S3333
33333334333333333333333
3333333333333333333
3d33333,
3<373"
733334333333333
3k3i3\333s3
3f3e3a3
3_3`3e3d3k3d3j333K3
3d33333,
f3s3<373"
5333;333333333333333
3f333I3
3<373"
5333:3333333333333333333t3
333O333
333O3334333O333`3333333
333D3336333
C3333vm
33y3a3a3
3k3i3\3
3W3v3m3
3k3i3\3
3x3C333833
333O333>33
333633
3333333
333<33
33373333R333`333
3`3d3`3h3`3e3d3`3j3e3f3h3c3k3f3k3c3`3f3d3e3l3g3d3l3l3g3`3e3f3g3e3d3h3g3i3k3d3`3d3c3c3d333333333l333d
3333{333
333333
U3333333333333333OO
BCD.LOG
118__Connections.provxml
lQ`]_QO
Qnm<9k
m<9OOk
Qm<9OOOOk
Qm<9OOOOOOk
Qm<9OOOOOOOOk
QO^m<9OOOOOOk^
m<9OOOOOOk
QO^m<9OOOOOOk
QO^m<9OOOOOOk
a\``bf\c
`hg\bb
edfd`d
QO^m<9OOOOk^
m<9OOk^
lQ`]_QO
Qnm<9k
m<9OOk
Qm<9OOOOk
Qm<9OOOOOOk
Qm<9OOOOOOOOk
QO^m<9OOOOOOk^
m<9OOOOOOk
QO^m<9OOOOOOk
QO^m<9OOOOOOk
a\``bf\c
`hg\bb
edfd`d
QO^m<9OOOOk^
m<9OOk^
OneDrive.lnk
{///0C1/////
//////u
o//O///
{/0///0///////////////
///////////////////
/`/////
]///k/////0/////////y/////
/b/a/]/
/[/\/a/`/f/g/`///G/
/`/////
0///4///////////////
//y/8/3/
0///2///////////////
///K///
///K///0///K///\///////
///@///2///Z
wW?////ri
//v/z/
/]/k/]/]/
/_/r/i/
/C2//6//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////T/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////?///4//
///K///://
///2//
///////
~Z8qw_
~Z870//8//
T///3////N///8///
/\/`/\/d/\/`/g/////////
"L///I////w///}j
>x///4////N///J///|/
/////////h///`
////w///
A//////
5////////////////{///0C1/////
//////u
o//O///
{/0///0///////////////
///////////////////
/`/////
]///k/////0/////////y/////
/b/a/]/
/[/\/a/`/f/g/`///G/
/`/////
0///4///////////////
//y/8/3/
0///2///////////////
///K///
///K///0///K///\///////
///@///2///Z
wW?////ri
//v/z/
/]/k/]/]/
/_/r/i/
/C2//6//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////T/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////?///4//
///K///://
///2//
///////
~Z8qw_
~Z870//8//
T///3////N///8///
/\/`/\/d/\/`/g/////////
"L///I////w///}j
>x///4////N///J///|/
/////////h///`
////w///
A//////
5////////////////
SettingsLocationTemplate.xsd
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9!o
Desktop.ini
0=0:0|0
0m0p0U0
0c0b0^0
0\0]0b0a0g0f0`0=0:0
0m0p0U0
0\0]0e0e0e0e0=0:0/.
0=0:0|0
0m0p0U0
0c0b0^0
0\0]0b0a0g0f0`0=0:0
0m0p0U0
0\0]0e0e0e0e0=0:0cp
desktop.ini
jhizzdhdaidleaedevamzdladduuddfzmihy
`almjhA>
jhizzdhdaidleaedevamzdladduuddfzmihy
`almjhA>
0890ad2f-b74f-c384-f684-9c33f8f67924.xml
]`^^_]
]`^^_]
PNwrkPe
[bafb[fe`
wrkP^fg^
deg`bPN
l_`gd^^j]z
l`^`b[^e[``
^fhachc`\_dggdec
l`^`b[^e[``
^fhachc`\_eba`^e
ltooooz
ooorxooooq
oorzoooosooooqY
oooou^o
p^oqbo
oobouwo
ooor|oooow
oooosopu
oooopoooo}
ooooosoo
^]w`~y
]`^^^]^g]
]`^^_]_^]
QPN]lj
]`^^_]^b]
`cdPN]lj
wkPPlj
]`^^^]^g]
PN]lj]
]`^^_]^b]
`cdPN]ljr
wtsea^^
s|okkj]
b^[`e_`[^
aa^Pljy
etfc}p
loosoo
]`^^_]
]`^^_]
PNwrkPe
[bafb[fe`
wrkP^fg^
deg`bPN
l_`gd^^j]z
l`^`b[^e[``
^fhachc`\_dggdec
l`^`b[^e[``
^fhachc`\_eba`^e
ltooooz
ooorxooooq
oorzoooosooooqY
oooou^o
p^oqbo
oobouwo
ooor|oooow
oooosopu
oooopoooo}
ooooosoo
^]w`~y
]`^^^]^g]
]`^^_]_^]
QPN]lj
]`^^_]^b]
`cdPN]lj
wkPPlj
]`^^^]^g]
PN]lj]
]`^^_]^b]
`cdPN]ljr
wtsea^^
s|okkj]
b^[`e_`[^
aa^Pljy
etfc}p
loosoo
RunTime.xml.exe
This is a Win32 program.
.XPack0
.XPack
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
WaitForSingleObject
CreateProcessA
GetLogicalDrives
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
MessageBoxA
LoadIconA
USER32.dll
SHChangeNotify
ShellExecuteExA
SHELL32.dll
KERNEL32.DLL
GetProcAddress
LoadLibraryA
VirtualProtect
not found
USER32.DLL
MessageBoxA
;6U8ml
&c3+<0
o<i>@;
4W5Gg
kzC]qQ
hOpPS
m~1mj:mw(g
.F>eCI
{G+01k:'G
e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml
adbbca
adbbca
TR{voT
debgef
hkjTR~
kejj_i
{voTib
t~yyzfd
pdbdf_bd_cf
cklbilde`ccbbfhk
pdbdf_bd_cf
cklbilde`cbgkihf
pdbdf_bd_cf
cklbilde`cbgkigj
pxssss~
sssv|ssssu
v~sssswssss{
ssssybs
tbsufs
tgsy{s
ssssswssss
ssstwsssss
adbbbabka
adbbcacba
UTRapn
adbbcabfa
dghTRapn
{oTTpn
adbbbabka
TRapna
adbbcabfa
dghTRapnv
fb_dicd_b
eebTpn}
psswss
adbbca
adbbca
TR{voT
debgef
hkjTR~
kejj_i
{voTib
t~yyzfd
pdbdf_bd_cf
cklbilde`ccbbfhk
pdbdf_bd_cf
cklbilde`cbgkihf
pdbdf_bd_cf
cklbilde`cbgkigj
pxssss~
sssv|ssssu
v~sssswssss{
ssssybs
tbsufs
tgsy{s
ssssswssss
ssstwsssss
adbbbabka
adbbcacba
UTRapn
adbbcabfa
dghTRapn
{oTTpn
adbbbabka
TRapna
adbbcabfa
dghTRapnv
fb_dicd_b
eebTpn}
psswss
556__Connections.provxml
rWfceWU
WtsB?q
sB?UUq
WsB?UUUUq
WsB?UUUUUUq
WsB?UUUUUUUUq
WUdsB?UUUUUUqd
sB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
gbffhlbi
fnmbhh
kjljfj
WUdsB?UUUUqd
sB?UUqd
rWfceWU
WtsB?q
sB?UUq
WsB?UUUUq
WsB?UUUUUUq
WsB?UUUUUUUUq
WUdsB?UUUUUUqd
sB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
WUdsB?UUUUUUq
gbffhlbi
fnmbhh
kjljfj
WUdsB?UUUUqd
sB?UUqd
refcount.ini
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9;A
217__Connections.provxml
nSb_aSQ
Spo>;m
o>;QQm
So>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQm`
nSb_aSQ
Spo>;m
o>;QQm
So>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQQQm
So>;QQQQQQm
So>;QQQQQQQQm
SQ`o>;QQQQQQm`
o>;QQQQQQm
SQ`o>;QQQQQQm
SQ`o>;QQQQQQm
c^bbdh^e
bji^dd
gfhfbf
SQ`o>;QQQQm`
o>;QQm`
BCD.LOG
Autologon64.exe
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
BCD.LOG
3334G533333
333333y
333S3333
33333334333333333333333
3333333333333333333
3d33333,
3<373"
733334333333333
3k3i3\333s3
3f3e3a3
3_3`3e3d3k3d3j333K3
3d33333,
f3s3<373"
5333;333333333333333
3f333I3
3<373"
5333:3333333333333333333t3
333O333
333O3334333O333`3333333
333D3336333
C3333vm
33y3a3a3
3k3i3\3
3W3v3m3
3k3i3\3
3x3C333833
333O333>33
333633
3333333
333<33
33373333R333`333
3`3d3`3h3`3e3d3`3j3e3f3h3c3k3f3k3c3`3f3d3e3l3g3d3l3l3g3`3e3f3g3e3d3h3g3i3k3d3`3d3c3c3d333333333l333d
3333{333
333333
U3333333333333333
3334G533333
333333y
333S3333
33333334333333333333333
3333333333333333333
3d33333,
3<373"
733334333333333
3k3i3\333s3
3f3e3a3
3_3`3e3d3k3d3j333K3
3d33333,
f3s3<373"
5333;333333333333333
3f333I3
3<373"
5333:3333333333333333333t3
333O333
333O3334333O333`3333333
333D3336333
C3333vm
33y3a3a3
3k3i3\3
3W3v3m3
3k3i3\3
3x3C333833
333O333>33
333633
3333333
333<33
33373333R333`333
3`3d3`3h3`3e3d3`3j3e3f3h3c3k3f3k3c3`3f3d3e3l3g3d3l3l3g3`3e3f3g3e3d3h3g3i3k3d3`3d3c3c3d333333333l333d
3333{333
333333
U3333333333333333OO
BCD.LOG
118__Connections.provxml
lQ`]_QO
Qnm<9k
m<9OOk
Qm<9OOOOk
Qm<9OOOOOOk
Qm<9OOOOOOOOk
QO^m<9OOOOOOk^
m<9OOOOOOk
QO^m<9OOOOOOk
QO^m<9OOOOOOk
a\``bf\c
`hg\bb
edfd`d
QO^m<9OOOOk^
m<9OOk^
lQ`]_QO
Qnm<9k
m<9OOk
Qm<9OOOOk
Qm<9OOOOOOk
Qm<9OOOOOOOOk
QO^m<9OOOOOOk^
m<9OOOOOOk
QO^m<9OOOOOOk
QO^m<9OOOOOOk
a\``bf\c
`hg\bb
edfd`d
QO^m<9OOOOk^
m<9OOk^
OneDrive.lnk
{///0C1/////
//////u
o//O///
{/0///0///////////////
///////////////////
/`/////
]///k/////0/////////y/////
/b/a/]/
/[/\/a/`/f/g/`///G/
/`/////
0///4///////////////
//y/8/3/
0///2///////////////
///K///
///K///0///K///\///////
///@///2///Z
wW?////ri
//v/z/
/]/k/]/]/
/_/r/i/
/C2//6//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////T/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////?///4//
///K///://
///2//
///////
~Z8qw_
~Z870//8//
T///3////N///8///
/\/`/\/d/\/`/g/////////
"L///I////w///}j
>x///4////N///J///|/
/////////h///`
////w///
A//////
5////////////////{///0C1/////
//////u
o//O///
{/0///0///////////////
///////////////////
/`/////
]///k/////0/////////y/////
/b/a/]/
/[/\/a/`/f/g/`///G/
/`/////
0///4///////////////
//y/8/3/
0///2///////////////
///K///
///K///0///K///\///////
///@///2///Z
wW?////ri
//v/z/
/]/k/]/]/
/_/r/i/
/C2//6//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////T/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////?///4//
///K///://
///2//
///////
~Z8qw_
~Z870//8//
T///3////N///8///
/\/`/\/d/\/`/g/////////
"L///I////w///}j
>x///4////N///J///|/
/////////h///`
////w///
A//////
5////////////////
SettingsLocationTemplate.xsd
desktop.ini
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9
ecduu_c_\d_g`\`_`q\hu_g\__pp__auhdct
[\ghec<9!o
Desktop.ini
0=0:0|0
0m0p0U0
0c0b0^0
0\0]0b0a0g0f0`0=0:0
0m0p0U0
0\0]0e0e0e0e0=0:0/.
0=0:0|0
0m0p0U0
0c0b0^0
0\0]0b0a0g0f0`0=0:0
0m0p0U0
0\0]0e0e0e0e0=0:0cp
desktop.ini
jhizzdhdaidleaedevamzdladduuddfzmihy
`almjhA>
jhizzdhdaidleaedevamzdladduuddfzmihy
`almjhA>
0890ad2f-b74f-c384-f684-9c33f8f67924.xml
]`^^_]
]`^^_]
PNwrkPe
[bafb[fe`
wrkP^fg^
deg`bPN
l_`gd^^j]z
l`^`b[^e[``
^fhachc`\_dggdec
l`^`b[^e[``
^fhachc`\_eba`^e
ltooooz
ooorxooooq
oorzoooosooooqY
oooou^o
p^oqbo
oobouwo
ooor|oooow
oooosopu
oooopoooo}
ooooosoo
^]w`~y
]`^^^]^g]
]`^^_]_^]
QPN]lj
]`^^_]^b]
`cdPN]lj
wkPPlj
]`^^^]^g]
PN]lj]
]`^^_]^b]
`cdPN]ljr
wtsea^^
s|okkj]
b^[`e_`[^
aa^Pljy
etfc}p
loosoo
]`^^_]
]`^^_]
PNwrkPe
[bafb[fe`
wrkP^fg^
deg`bPN
l_`gd^^j]z
l`^`b[^e[``
^fhachc`\_dggdec
l`^`b[^e[``
^fhachc`\_eba`^e
ltooooz
ooorxooooq
oorzoooosooooqY
oooou^o
p^oqbo
oobouwo
ooor|oooow
oooosopu
oooopoooo}
ooooosoo
^]w`~y
]`^^^]^g]
]`^^_]_^]
QPN]lj
]`^^_]^b]
`cdPN]lj
wkPPlj
]`^^^]^g]
PN]lj]
]`^^_]^b]
`cdPN]ljr
wtsea^^
s|okkj]
b^[`e_`[^
aa^Pljy
etfc}p
loosoo
RunTime.xml
oTc`bTR
_jTqp?<nu
oTc`bTp?<RRnu
j_jeic_ddg
oTcTRap?<RRnu
j_jeic_ddg
oTdTRap?<RRnu
j_jeic_ddg
oTjTRap?<nau
oTc`bTR
_jTqp?<nu
oTc`bTp?<RRnu
j_jeic_ddg
oTcTRap?<RRnu
j_jeic_ddg
oTdTRap?<RRnu
j_jeic_ddg
oTjTRap?<nau
Antivirus Signature
Lionic Trojan.Win32.Cosmu.trZY
Elastic malicious (high confidence)
ClamAV Win.Malware.Generickdz-9938530-0
CMC Clean
CAT-QuickHeal Trojan.Ghanarava.17551486701be517
Skyhigh BehavesLike.Win32.Generic.mh
ALYac Gen:Variant.Ransom.Xpiro.2
Cylance Unsafe
Zillya Trojan.CosmuGen.Win32.1
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Trojan:Win32/Cosmu.1603
K7GW Trojan ( 000142251 )
K7AntiVirus Trojan ( 000142251 )
huorong Ransom/LockFile.mk
Baidu Clean
VirIT Win32.Zombie.B
Paloalto generic.ml
Symantec Ransom.Zombie
tehtris Clean
ESET-NOD32 Win32/Agent.NBJ
APEX Malicious
Avast Win32:MalwareX-gen [Misc]
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Cosmu.bwts
BitDefender Gen:Variant.Ransom.Xpiro.2
NANO-Antivirus Trojan.Win32.Cosmu.bgzaxj
ViRobot Trojan.Win.Z.Cosmu.85392
MicroWorld-eScan Gen:Variant.Ransom.Xpiro.2
Tencent Trojan.Win32.Cosmu.ke
Sophos W32/Zombie-B
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.Encoder.185
VIPRE Gen:Variant.Ransom.Xpiro.2
TrendMicro Clean
McAfeeD Real Protect-LS!A6402277DE33
Trapmine malicious.high.ml.score
CTX exe.ransomware.xpiro
Emsisoft Gen:Variant.Ransom.Xpiro.2 (B)
Ikarus Trojan.Win32.Cosmu
GData Win32.Trojan.Cosmu.B
Jiangmin Trojan.Cosmu.aqq
Webroot Trojan.Cosmu
Varist W32/Agent.LDU.gen!Eldorado
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Clean
Kingsoft malware.kb.a.999
Gridinsoft Trojan.Heur!.03012061
Xcitium TrojWare.Win32.Trojan.Banker.~d21@1okg8d
Arcabit Trojan.Ransom.Xpiro.2
SUPERAntiSpyware Clean
ZoneAlarm W32/Zombie-B
Microsoft Trojan:Win32/Zombie.A
Google Detected
AhnLab-V3 Trojan/Win.Cosmu.R704412
Acronis suspicious
VBA32 Trojan.Cosmu
TACHYON Clean
Malwarebytes Generic.Trojan.Malicious.DDS
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9j
Rising Virus.Zombie!1.AB2A (CLASSIC)
Yandex Trojan.GenAsa!qZCC7vZoV+4
TrellixENS GenericATG-FAF!A6402277DE33
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Cosmu.bwts
Fortinet W32/Cosmu.BWTS!tr
AVG Win32:MalwareX-gen [Misc]
DeepInstinct MALICIOUS
alibabacloud Trojan:Win/Zombie
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Evo-gen [Trj]
C4S ClamAV (Linux) Win.Malware.Generickdz-9938530-0
Trellix (Linux) GenericATG-FAF
Sophos Anti-Virus (Linux) W32/Zombie-B
Bitdefender Antivirus (Linux) Gen:Variant.Ransom.Xpiro.2
G Data Antivirus (Windows) Virus: Gen:Variant.Ransom.Xpiro.2 (Engine A), Win32.Trojan.Cosmu.B (Engine B)
WithSecure (Linux) Trojan.TR/Crypt.XPACK.Gen
ESET Security (Windows) Win32/Agent.NBJ virus
DrWeb Antivirus (Linux) Trojan.Encoder.185
ClamAV (Linux) Win.Malware.Generickdz-9938530-0
eScan Antivirus (Linux) Gen:Variant.Ransom.Xpiro.2(DB)
Kaspersky Standard (Windows) Trojan.Win32.Cosmu.bwts
Emsisoft Commandline Scanner (Windows) Gen:Variant.Ransom.Xpiro.2 (B)
Cuckoo

We're processing your submission... This could take a few seconds.