API tools faq
paste
Advertisement
PepperPotts

bandookRAT strings

PepperPotts
Dec 13th, 2019
346
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.38 KB | None | 0 0
raw download clone embed print report
  1. UPX0:1315AB88 0000000D C %s~!%s~!%d~!
  2. UPX0:1315ABA4 0000000C C %s~!%s~!0~!
  3. UPX0:1315ABB4 0000000D C %s~!%s~!%s~!
  4. UPX0:1315ABC8 00000041 C ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
  5. UPX0:1315AC0C 00000005 C 1000
  6. UPX0:1315AC14 00000014 C QHActiveDefense.exe
  7. UPX0:1315AC28 0000000F C QHSafeTray.exe
  8. UPX0:1315AC38 00000014 C QHActiveDefense.exe
  9. UPX0:1315AC50 00000009 C egui.exe
  10. UPX0:1315AC5C 00000009 C ekrn.exe
  11. UPX0:1315AC6C 00000012 C Avira.Systray.exe
  12. UPX0:1315AC80 0000000C C avguard.exe
  13. UPX0:1315AC8C 00000016 C Avira.Servicehost.exe
  14. UPX0:1315ACA4 0000000D C avshadow.exe
  15. UPX0:1315ACB8 0000000C C AvastUI.exe
  16. UPX0:1315ACC4 0000000D C AvastSvc.exe
  17. UPX0:1315ACD8 0000000A C avpui.exe
  18. UPX0:1315ACE4 00000008 C avp.exe
  19. UPX0:1315ACF0 0000000A C avgui.exe
  20. UPX0:1315ACFC 0000000D C avgwdsvc.exe
  21. UPX0:1315AD0C 0000000B C avgrsa.exe
  22. UPX0:1315AD18 0000000B C avgnsa.exe
  23. UPX0:1315AD28 0000000C C bdagent.exe
  24. UPX0:1315AD34 0000000E C seccenter.exe
  25. UPX0:1315AD44 0000000C C bdwtxag.exe
  26. UPX0:1315AD54 0000000D C MCSvHost.exe
  27. UPX0:1315AD64 0000000D C mcshield.exe
  28. UPX0:1315AD74 0000000B C mfemms.exe
  29. UPX0:1315AD80 0000000C C McAPExe.exe
  30. UPX0:1315AD8C 0000000C C McUIcnt.exe
  31. UPX0:1315AD98 0000000C C mfefire.exe
  32. UPX0:1315ADA8 00000007 C NS.exe
  33. UPX0:1315ADB4 0000000D C PSUAMain.exe
  34. UPX0:1315ADC4 00000010 C PSUAService.exe
  35. UPX0:1315ADD8 0000000B C nisSrv.exe
  36. UPX0:1315ADE4 0000000C C MsMPEng.exe
  37. UPX0:1315ADF0 0000000C C msseces.exe
  38. UPX0:1315AE00 0000000C C a2guard.exe
  39. UPX0:1315AE0C 0000000E C a2service.exe
  40. UPX0:1315AE20 00000005 C 1000
  41. UPX0:1315AE2C 00000008 C Key3333
  42. UPX0:1315AE34 00000006 C %s&&&
  43. UPX0:1315AE3C 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
  44. UPX0:1315AE80 00000008 C AppData
  45. UPX0:1315AE88 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
  46. UPX0:1315AECC 0000000E C local appdata
  47. UPX0:1315AEE0 00000008 C AppData
  48. UPX0:1315AEE8 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
  49. UPX0:1315AF2C 00000006 C %s\\%s
  50. UPX0:1315AF34 00000009 C Software
  51. UPX0:1315AF44 00000009 C Software
  52. UPX0:1315AF54 00000007 C %d.exe
  53. UPX0:1315AF64 00000007 C %d.exe
  54. UPX0:1315AF70 00000005 C rno1
  55. UPX0:1315AF78 00000007 C %d.exe
  56. UPX0:1315AF80 00000005 C rno1
  57. UPX0:1315AF98 00000005 C 2000
  58. UPX0:1315AFA4 00000005 C 2003
  59. UPX0:1315AFAC 00000006 C Vista
  60. UPX0:1315AFB4 00000006 C Seven
  61. UPX0:1315AFBC 00000006 C Eight
  62. UPX0:1315AFC4 0000000C C Eight (8.1)
  63. UPX0:1315AFD8 0000000D C avicap32.dll
  64. UPX0:1315AFF4 0000000B C dd.MM.yyyy
  65. UPX0:1315B000 00000008 C Invalid
  66. UPX0:1315B008 0000000A C Removable
  67. UPX0:1315B014 00000006 C Fixed
  68. UPX0:1315B01C 00000008 C Network
  69. UPX0:1315B024 00000007 C CD-ROM
  70. UPX0:1315B02C 00000008 C RAMDISK
  71. UPX0:1315B034 00000008 C Unknown
  72. UPX0:1315B03C 0000000B C %s - (%s)#
  73. UPX0:1315B048 0000000D C %s~!%s~!%s~!
  74. UPX0:1315B058 00000009 C %s~!%s~!
  75. UPX0:1315B064 00000008 C %s~!&&&
  76. UPX0:1315B088 0000000A C D~!%s~!\r\n
  77. UPX0:1315B094 00000005 C %02d
  78. UPX0:1315B09C 00000005 C %02d
  79. UPX0:1315B0A4 00000005 C %02d
  80. UPX0:1315B0AC 00000005 C %02d
  81. UPX0:1315B0B4 00000005 C %02d
  82. UPX0:1315B0C4 00000014 C F~!%s~!%llu~!%s~!\r\n
  83. UPX0:1315B0D8 00000009 C %s\r\n%s%s
  84. UPX0:1315B0F0 0000001D C %s~!%s~!%d~!%d~!%s~!%s~!%s~!
  85. UPX0:1315B11C 0000001D C %s~!%s~!%s~!%d~!%s~!%d~!%s~!
  86. UPX0:1315B158 00000021 C %s~!%s~!%s~!%d~!%s~!%d~!%s~!%s~!
  87. UPX0:1315B188 0000000D C %s~!%s~!%s~!
  88. UPX0:1315B19C 0000000D C %s~!%s~!%s~!
  89. UPX0:1315B1D0 0000000C C %d.%d.%d.%d
  90. UPX0:1315B1DC 0000004A C %s~!%s~!%s~!%s~!%s~!%s~!%dd %dh %dm~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!
  91. UPX0:1315B234 0000000D C %s~!%s~!%s~!
  92. UPX0:1315B248 0000000D C %s~!%s~!%s~!
  93. UPX0:1315B264 0000000D C %s~!%s~!%s~!
  94. UPX0:1315B278 0000000D C %s~!%s~!%s~!
  95. UPX0:1315B29C 0000000D C %s~!%s~!%s~!
  96. UPX0:1315B2B0 0000000D C %s~!%s~!%s~!
  97. UPX0:1315B2D4 0000000D C %s~!%s~!%s~!
  98. UPX0:1315B2E8 0000000D C %s~!%s~!%s~!
  99. UPX0:1315B300 00000005 C NXO3
  100. UPX0:1315B318 0000000D C %s~!%s~!%s~!
  101. UPX0:1315B32C 0000000D C %s~!%s~!%s~!
  102. UPX0:1315B33C 0000000B C axroot.com
  103. UPX0:1315B348 00000018 C http://axroot.com/dxb2/
  104. UPX0:1315B360 0000001D C https://www.axroot.com/dxb2/
  105. UPX0:1315B380 00000019 C http://axroot.com/plg10/
  106. UPX0:1315B39C 00000005 C 6732
  107. UPX0:1315B3C4 00000006 C 3.7.2
  108. UPX0:1315B3CC 0000000D C ncbdhdhdhdhd
  109. UPX0:1315B3DC 0000000C C sadadsada22
  110. UPX0:1315B3E8 0000000A C asdsadacz
  111. UPX0:1315B3F4 00000011 C sFdDfdfssdf33333
  112. UPX0:1315B408 00000009 C cccc3333
  113. UPX0:1315B414 0000000D C zxcxzcxzxzww
  114. UPX0:1315B424 0000000F C dadsadfds44343
  115. UPX0:1315B434 00000010 C dsadsadsadsa222
  116. UPX0:1315B444 0000000A C sdsdsdsds
  117. UPX0:1315B450 0000000A C rtt444444
  118. UPX0:1315B464 00000008 C zam.exe
  119. UPX0:1315B46C 00000008 C zam.cpl
  120. UPX0:1315B47C 00000015 C 18/01/2016 - NEW SIG
  121. UPX0:1315B498 00000021 C bepbmhgboaologfdajppppppppoimhfn
  122. UPX0:1315B4BC 00000005 C DRT3
  123. UPX0:1315B4C4 00000008 C WEeSdeD
  124. UPX0:1315B4CC 00000008 C skp.dat
  125. UPX0:1315B4D4 00000008 C D3v3e32
  126. UPX0:1315B4DC 00000008 C 3S3KdiO
  127. UPX0:1315B4E4 0000000B C S3J3sjS3j3
  128. UPX0:1315B4F0 0000000A C fSJsfjs82
  129. UPX0:1315B4FC 00000007 C FM.DAT
  130. UPX0:1315B504 00000009 C AFDB.DAT
  131. UPX0:1315B510 0000000C C Software\\%s
  132. UPX0:1315B51C 0000000C C Software\\%s
  133. UPX0:1315B528 00000007 C %s\\%s\\
  134. UPX0:1315B530 00000006 C %s\\%s
  135. UPX0:1315B538 0000000B C %s\\cpm.dll
  136. UPX0:1315B544 0000000B C %s\\pmd.dll
  137. UPX0:1315B550 0000000B C %s\\acp.exe
  138. UPX0:1315B55C 00000006 C %s\\%s
  139. UPX0:1315B564 0000000A C %s\\db.dat
  140. UPX0:1315B570 00000006 C %s\\%s
  141. UPX0:1315B57C 00000007 C %s\\%s\\
  142. UPX0:1315B584 0000000F C %s\\control.exe
  143. UPX0:1315B598 0000000A C %s\\%s.exe
  144. UPX0:1315B5A4 0000000A C %s\\%s.cpl
  145. UPX0:1315B5B8 0000000D C %s~!%s~!%s~!
  146. UPX0:1315B5DC 0000000D C %s~!%s~!%s~!
  147. UPX0:1315B5F0 0000000D C %s~!%s~!%s~!
  148. UPX0:1315B600 00000007 C S-%lu-
  149. UPX0:1315B608 00000021 C 0x%02hx%02hx%02hx%02hx%02hx%02hx
  150. UPX0:1315B630 00000005 C -%lu
  151. UPX0:1315B638 0000000D C kernel32.dll
  152. UPX0:1315B648 0000000B C urlmon.dll
  153. UPX0:1315B654 0000000B C user32.dll
  154. UPX0:1315B660 0000000C C shell32.dll
  155. UPX0:1315B66C 0000000D C avicap32.dll
  156. UPX0:1315B67C 0000000B C ws2_32.dll
  157. UPX0:1315B688 0000000C C wsock32.dll
  158. UPX0:1315B694 0000000D C advapi32.dll
  159. UPX0:1315B6A4 0000000C C wininet.dll
  160. UPX0:1315B6B0 0000000C C shdocvw.dll
  161. UPX0:1315B6BC 0000000C C Shlwapi.dll
  162. UPX0:1315B6C8 00000008 C mpr.dll
  163. UPX0:1315B6DC 0000000D C kernel32.dll
  164. UPX0:1315B6EC 0000000B C urlmon.dll
  165. UPX0:1315B6F8 0000000B C user32.dll
  166. UPX0:1315B704 0000000C C shell32.dll
  167. UPX0:1315B710 0000000D C avicap32.dll
  168. UPX0:1315B720 0000000B C ws2_32.dll
  169. UPX0:1315B72C 0000000C C wsock32.dll
  170. UPX0:1315B738 0000000D C advapi32.dll
  171. UPX0:1315B748 0000000C C wininet.dll
  172. UPX0:1315B754 0000000C C shdocvw.dll
  173. UPX0:1315B760 0000000C C Shlwapi.dll
  174. UPX0:1315B76C 00000008 C mpr.dll
  175. UPX0:1315B77C 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
  176. UPX0:1315B7B4 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
  177. UPX0:1315B7EC 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
  178. UPX0:1315B824 00000006 C shell
  179. UPX0:1315B830 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
  180. UPX0:1315B868 00000005 C Load
  181. UPX0:1315B870 00000006 C %s\\%s
  182. UPX0:1315B878 00000006 C %s\\%s
  183. UPX0:1315B880 00000007 C \\%s\\%s
  184. UPX0:1315B888 00000006 C %s %s
  185. UPX0:1315B898 00000012 C explorer.exe , %s
  186. UPX0:1315B8B0 00000007 C \\%s\\%s
  187. UPX0:1315B8B8 0000000D C Kernel32.dll
  188. UPX0:1315B8C8 0000000B C urlmon.dll
  189. UPX0:1315B8D4 0000000B C msvcrt.dll
  190. UPX0:1315B8E0 0000000B C user32.dll
  191. UPX0:1315B8EC 0000000C C shell32.dll
  192. UPX0:1315B8F8 0000000D C avicap32.dll
  193. UPX0:1315B908 0000000B C ws2_32.dll
  194. UPX0:1315B914 0000000C C wsock32.dll
  195. UPX0:1315B920 0000000D C advapi32.dll
  196. UPX0:1315B930 0000000C C wininet.dll
  197. UPX0:1315B93C 0000000F C IsWow64Process
  198. UPX0:1315B94C 00000009 C kernel32
  199. UPX0:1315B95C 0000002A C SOFTWARE\\Microsoft\\Windows\\CurrentVersion
  200. UPX0:1315B990 00000014 C c:\\abc\\iexplore.exe
  201. UPX0:1315B9B4 0000000A C ntdll.dll
  202. UPX0:1315B9C0 0000001D C RtlAnsiStringToUnicodeString
  203. UPX0:1315B9E0 00000012 C RtlInitAnsiString
  204. UPX0:1315B9F4 00000015 C RtlFreeUnicodeString
  205. UPX0:1315BA0C 0000000E C NtOpenSection
  206. UPX0:1315BA1C 00000013 C NtMapViewOfSection
  207. UPX0:1315BA30 00000015 C NtUnmapViewOfSection
  208. UPX0:1315BA48 00000019 C ZwQuerySystemInformation
  209. UPX0:1315BA64 00000017 C \\device\\physicalmemory
  210. UPX0:1315BA7C 00000017 C \\device\\physicalmemory
  211. UPX0:1315BA94 0000000D C ntoskrnl.exe
  212. UPX0:1315BAA4 00000006 C P2k13
  213. UPX0:1315BABC 0000000D C %s~!%s~!%s~!
  214. UPX0:1315BACC 00000005 C Init
  215. UPX0:1315BAD4 0000001D C %s|*%s|*%s|*%s|*%s|*%s|*%s|*
  216. UPX0:1315BAFC 0000000D C %s~!%s~!%s~!
  217. UPX0:1315BB0C 0000000E C CaptureScreen
  218. UPX0:1315BB1C 00000005 C Init
  219. UPX0:1315BB24 0000000A C ClearCred
  220. UPX0:1315BB30 0000000B C GetCamlist
  221. UPX0:1315BB3C 00000008 C SendCam
  222. UPX0:1315BB44 00000008 C StopCam
  223. UPX0:1315BB4C 0000000A C Uninstall
  224. UPX0:1315BB58 00000010 C CompressArchive
  225. UPX0:1315BB68 00000010 C GenerateReports
  226. UPX0:1315BB78 00000008 C GetWifi
  227. UPX0:1315BB80 0000000B C StartShell
  228. UPX0:1315BB8C 00000009 C GetSound
  229. UPX0:1315BB98 0000000C C SplitMyFile
  230. UPX0:1315BBA4 0000000B C GetAutoFTP
  231. UPX0:1315BBB0 0000000C C SendStartup
  232. UPX0:1315BBBC 00000007 C getkey
  233. UPX0:1315BBC4 0000000C C SendMTPList
  234. UPX0:1315BBD0 0000000D C SendMTPList2
  235. UPX0:1315BBE0 00000013 C GrabFileFromDevice
  236. UPX0:1315BBF4 00000010 C PutFileOnDevice
  237. UPX0:1315BC04 00000015 C DeleteFileFromDevice
  238. UPX0:1315BC1C 00000008 C CopyMTP
  239. UPX0:1315BC24 0000000D C ChromeInject
  240. UPX0:1315BC34 0000000E C DisableChrome
  241. UPX0:1315BC44 0000000A C RarFolder
  242. UPX0:1315BC50 0000000C C SendUSBList
  243. UPX0:1315BC5C 0000000D C SignoutSkype
  244. UPX0:1315BC6C 00000009 C StealUSB
  245. UPX0:1315BC78 00000011 C StartFileMonitor
  246. UPX0:1315BC8C 0000000F C SendFileMonLog
  247. UPX0:1315BC9C 0000000E C GetUSBMONLIST
  248. UPX0:1315BCAC 0000000F C GetFileMONLIST
  249. UPX0:1315BCBC 0000000F C StopUSBMonitor
  250. UPX0:1315BCCC 0000000B C SearchMain
  251. UPX0:1315BCD8 0000000B C StopSearch
  252. UPX0:1315BCE4 00000010 C StopFileMonitor
  253. UPX0:1315BCF4 0000000D C SendinfoList
  254. UPX0:1315BD04 00000015 C EnableAndLoadCapList
  255. UPX0:1315BD1C 00000014 C DisableMouseCapture
  256. UPX0:1315BD30 0000000F C AddAutoFTPToDB
  257. UPX0:1315BD40 00000014 C DeleteAutoFTPFromDB
  258. UPX0:1315BD54 0000000A C ExecuteTV
  259. UPX0:1315BD64 0000000D C %s~!%s~!%s~!
  260. UPX0:1315BD74 0000001D C %s|*%s|*%s|*%s|*%s|*%s|*%s|*
  261. UPX0:1315BD9C 0000000D C %s~!%s~!%s~!
  262. UPX0:1315BDB0 0000000D C %s~!%s~!%s~!
  263. UPX0:1315BDC0 0000000A C %sprd.dat
  264. UPX0:1315BDD4 0000000D C %s~!%s~!%s~!
  265. UPX0:1315BDFC 0000000D C %s~!%s~!%s~!
  266. UPX0:1315BE14 0000000D C %s~!%s~!%s~!
  267. UPX0:1315BE28 0000000D C %s~!%s~!%s~!
  268. UPX0:1315BE38 0000000C C 5|%s|%s|%s|
  269. UPX0:1315BE44 00000005 C open
  270. UPX0:1315BE4C 00000009 C %s~!%s~!
  271. UPX0:1315BE5C 0000000D C %s~!%s~!%s~!
  272. UPX0:1315BE70 0000000D C %s~!%s~!%s~!
  273. UPX0:1315BE80 00000010 C 10|%s|%s|%s|%s|
  274. UPX0:1315BE90 00000005 C open
  275. UPX0:1315BE9C 0000000D C %s~!%s~!%s~!
  276. UPX0:1315BEB0 0000000D C %s~!%s~!%s~!
  277. UPX0:1315BEC4 0000000D C %s~!%s~!%s~!
  278. UPX0:1315BED8 0000000D C %s~!%s~!%s~!
  279. UPX0:1315BEEC 0000000D C %s~!%s~!%s~!
  280. UPX0:1315BF00 0000000D C %s~!%s~!%s~!
  281. UPX0:1315BF10 0000000F C 1|%s|%s|%s|%s|
  282. UPX0:1315BF20 00000005 C open
  283. UPX0:1315BF2C 0000000D C %s~!%s~!%s~!
  284. UPX0:1315BF48 0000000D C %s~!%s~!%s~!
  285. UPX0:1315BF64 0000001C C Microsoft Internet Explorer
  286. UPX0:1315BF84 00000008 C cap.dll
  287. UPX0:1315BF8C 00000005 C %s%s
  288. UPX0:1315BF98 00000008 C pws.dll
  289. UPX0:1315BFA0 00000005 C %s%s
  290. UPX0:1315BFAC 0000000A C extra.dll
  291. UPX0:1315BFB8 00000005 C %s%s
  292. UPX0:1315BFC4 00000007 C tv.dll
  293. UPX0:1315BFCC 00000005 C %s%s
  294. UPX0:1315BFD4 00000007 C %s\\%s\\
  295. UPX0:1315BFDC 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
  296. UPX0:1315C010 00000006 C %s %s
  297. UPX0:1315C01C 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
  298. UPX0:1315C054 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
  299. UPX0:1315C08C 00000006 C shell
  300. UPX0:1315C094 00000012 C explorer.exe , %s
  301. UPX0:1315C0AC 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
  302. UPX0:1315C0E4 00000005 C Load
  303. UPX0:1315C0EC 0000000B C msvcrt.dll
  304. UPX0:1315C0F8 0000000B C user32.dll
  305. UPX0:1315C104 0000000C C shell32.dll
  306. UPX0:1315C110 0000000D C avicap32.dll
  307. UPX0:1315C120 0000000D C advapi32.dll
  308. UPX0:1315C130 00000007 C \\%s\\%s
  309. UPX0:1315C138 00000006 C %s %s
  310. UPX0:1315C148 00000008 C DISPLAY
  311. UPX0:1315C150 00000008 C DISPLAY
  312. UPX0:1315C158 0000000D C %s~!%s~!%d~!
  313. UPX0:1315C178 00000005 C ASCR
  314. UPX0:1315C180 00000005 C ASCR
  315. UPX0:1315C188 00000005 C ASCR
  316. UPX0:1315C198 00000015 C %s~!%s~!%d~!%d~!%s~!
  317. UPX0:1315C1B0 00000009 C %s~!%s~!
  318. UPX0:1315C1BC 0000000A C %s\\%d.jpg
  319. UPX0:1315C1CC 0000000D C %s~!%s~!%s~!
  320. UPX0:1315C1E0 0000000D C %s~!%s~!%s~!
  321. UPX0:1315C1FC 00000019 C %s~!%s~!%s~!%s~!%s~!%s~!
  322. UPX0:1315C218 00000014 C %s~!%s~!%d%~!%d~!\r\n
  323. UPX0:1315C22C 00000009 C %s~!%s~!
  324. UPX0:1315C238 00000009 C %s~!%s~!
  325. UPX0:1315C244 00000007 C %s\\~!\n
  326. UPX0:1315C24C 0000000D C %s~!%s~!%d~!
  327. UPX0:1315C25C 00000009 C %s%d.dat
  328. UPX0:1315C26C 0000000D C %s~!%s~!%d~!
  329. UPX0:1315C27C 00000005 C %s%s
  330. UPX0:1315C284 00000005 C %s%s
  331. UPX0:1315C28C 0000000F C 6|%s|%s|%s|%s|
  332. UPX0:1315C29C 00000005 C open
  333. UPX0:1315C2A8 0000000D C %s~!%s~!%s~!
  334. UPX0:1315C2B8 00000009 C %s~!%s~!
  335. UPX0:1315C2C4 0000000D C %s\\Skype\\*.*
  336. UPX0:1315C2D4 00000009 C %s\\Skype
  337. UPX0:1315C2E8 0000000E C %s\\%s\\main.db
  338. UPX0:1315C2F8 00000005 C %s\r\n
  339. UPX0:1315C300 0000000D C %s~!%s~!%s~!
  340. UPX0:1315C310 00000016 C %sSkype\\%s\\config.xml
  341. UPX0:1315C328 0000000A C skype.exe
  342. UPX0:1315C334 0000000A C skype.exe
  343. UPX0:1315C340 0000000A C skype.exe
  344. UPX0:1315C34C 00000009 C %s~!%s~!
  345. UPX0:1315C35C 00000005 C ASKP
  346. UPX0:1315C364 00000005 C ASKP
  347. UPX0:1315C36C 00000005 C ASKP
  348. UPX0:1315C37C 0000000D C %s~!%s~!%s~!
  349. UPX0:1315C394 00000008 C %s\\rec\\
  350. UPX0:1315C39C 00000009 C %s~!%s~!
  351. UPX0:1315C3A8 0000000D C %s~!%s~!%s~!
  352. UPX0:1315C3B8 0000000D C %s~!%s~!%s~!
  353. UPX0:1315C3C8 00000009 C %s~!%s~!
  354. UPX0:1315C3D4 0000000A C %s\\gfx\\%s
  355. UPX0:1315C3E0 0000000D C %s~!%s~!%s~!
  356. UPX0:1315C3F0 0000000C C %s\\gfx\\*.fx
  357. UPX0:1315C404 0000000A C F~!%s~!\r\n
  358. UPX0:1315C410 00000007 C %s\r\n%s
  359. UPX0:1315C420 00000005 C STAT
  360. UPX0:1315C42C 00000005 C STAT
  361. UPX0:1315C43C 00000007 C BLABLA
  362. UPX0:1315C44C 0000001C C Microsoft Internet Explorer
  363. UPX0:1315C468 0000001C C Microsoft Internet Explorer
  364. UPX0:1315C484 00000005 C %s%s
  365. UPX0:1315C490 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
  366. UPX0:1315C4C4 00000006 C shell
  367. UPX0:1315C4CC 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
  368. UPX0:1315C508 00000005 C Load
  369. UPX0:1315C510 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
  370. UPX0:1315C548 00000005 C ASCR
  371. UPX0:1315C550 00000005 C ACAM
  372. UPX0:1315C55C 00000005 C %s%s
  373. UPX0:1315C568 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
  374. UPX0:1315C59C 00000006 C shell
  375. UPX0:1315C5A4 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
  376. UPX0:1315C5E0 00000005 C Load
  377. UPX0:1315C5E8 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
  378. UPX0:1315C630 0000000D C %s~!%s~!%s~!
  379. UPX0:1315C644 0000000D C %s~!%s~!%s~!
  380. UPX0:1315C658 0000000D C %s~!%s~!%s~!
  381. UPX0:1315C668 00000006 C P2k13
  382. UPX0:1315C67C 0000000A C %s\\%d.exe
  383. UPX0:1315C690 00000005 C %s%s
  384. UPX0:1315C698 00000009 C %s~!%s~!
  385. UPX0:1315C6A8 00000005 C ACAM
  386. UPX0:1315C6B0 00000005 C ACAM
  387. UPX0:1315C6B8 00000005 C ACAM
  388. UPX0:1315C6CC 00000011 C %s~!%s~!%s~!%s~!
  389. UPX0:1315C6E0 0000000D C %s~!%s~!%s~!
  390. UPX0:1315C6F0 0000000B C %s\\logs\\%s
  391. UPX0:1315C6FC 0000000D C %s~!%s~!%s~!
  392. UPX0:1315C70C 0000000E C %s\\logs\\*.arl
  393. UPX0:1315C724 0000000A C F~!%s~!\r\n
  394. UPX0:1315C730 00000007 C %s\r\n%s
  395. UPX0:1315C73C 00000005 C AMCS
  396. UPX0:1315C744 00000005 C AMCS
  397. UPX0:1315C74C 00000005 C AMCS
  398. UPX0:1315C75C 0000000D C %s~!%s~!%s~!
  399. UPX0:1315C76C 00000014 C SeShutdownPrivilege
  400. UPX0:1315C7A0 00000009 C %s~!%s~!
  401. UPX0:1315C7C0 0000000F C %s~!%d~!%s~!\r\n
  402. UPX0:1315C7E4 00000009 C %s~!%s~!
  403. UPX0:1315C7F8 00000005 C ATRP
  404. UPX0:1315C800 00000009 C %s~!%s~!
  405. UPX0:1315C810 00000009 C %s~!%s~!
  406. UPX0:1315C81C 0000000D C %s\\adx\\*.mp3
  407. UPX0:1315C834 0000000E C F~!%s~!%d~!\r\n
  408. UPX0:1315C844 00000007 C %s\r\n%s
  409. UPX0:1315C850 00000009 C %s~!%s~!
  410. UPX0:1315C868 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
  411. UPX0:1315C8A4 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
  412. UPX0:1315C8E0 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
  413. UPX0:1315C914 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
  414. UPX0:1315C948 00000032 C Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce
  415. UPX0:1315C980 00000032 C Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce
  416. UPX0:1315C9B4 00000009 C %s~!%s~!
  417. UPX0:1315C9E0 00000007 C set-%s
  418. UPX0:1315C9E8 00000006 C %s\\%s
  419. UPX0:1315C9F0 00000009 C %s~!%s~!
  420. UPX0:1315C9FC 00000007 C set-%s
  421. UPX0:1315CA04 00000006 C %s\\%s
  422. UPX0:1315CA0C 00000007 C STS-%s
  423. UPX0:1315CA14 00000006 C %s\\%s
  424. UPX0:1315CA1C 00000009 C %s~!%s~!
  425. UPX0:1315CA28 0000000D C %s~!%s~!%d~!
  426. UPX0:1315CA38 00000011 C %s\\usd\\dv-%s.dat
  427. UPX0:1315CA50 0000000D C %s~!%s~!%s~!
  428. UPX0:1315CA64 0000000D C %s~!%s~!%s~!
  429. UPX0:1315CA80 00000006 C %s\\%s
  430. UPX0:1315CA88 00000009 C %s~!%s~!
  431. UPX0:1315CA94 00000006 C %s\\%s
  432. UPX0:1315CA9C 00000009 C %s~!%s~!
  433. UPX0:1315CAA8 00000006 C %s\\%s
  434. UPX0:1315CAB0 00000009 C %s~!%s~!
  435. UPX0:1315CAC0 00000011 C %s~!%s~!%s~!%s~!
  436. UPX0:1315CAD8 0000000D C %s~!%s~!%s~!
  437. UPX0:1315CAEC 0000001C C Microsoft Internet Explorer
  438. UPX0:1315CB0C 0000000D C %s~!%s~!%s~!
  439. UPX0:1315CB20 0000000D C %s~!%s~!%s~!
  440. UPX0:1315CB34 0000000D C %s~!%s~!%s~!
  441. UPX0:1315CB54 00000014 C %s can't be opened\n
  442. UPX0:1315CB6C 00000005 C %02x
  443. UPX0:1315CBA0 00000020 C C:\\Windows\\system32\\control.exe
  444. UPX0:1315CDA4 0000000A C 30920.exe
  445. UPX0:1315CE10 0000002D C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\pmd.dll
  446. UPX0:1315D020 00000021 C C:\\Users\\<user>\\AppData\\Roaming\\
  447. UPX0:1315D22C 00000035 C C:\\Users\\<user>\\AppData\\Roaming\\zam\\~!zam.exe~!zam~!
  448. UPX0:1315D42C 00000021 C bepbmhgboaologfdajppppppppoimhfn
  449. UPX0:1315E1B4 00000014 C c:\\abc\\iexplore.exe
  450. UPX0:1315E3B4 00000025 C C:\\Users\\<user>\\AppData\\Roaming\\zam\\
  451. UPX0:1315E5B4 0000000A C CopyFileA
  452. UPX0:1315E5E8 00000013 C CreateRemoteThread
  453. UPX0:1315E61C 0000000F C CreateProcessA
  454. UPX0:1315E654 0000000E C ShellExecuteA
  455. UPX0:1315E688 0000000D C ncbdhdhdhdhd
  456. UPX0:1315E6F8 00000011 C sFdDfdfssdf33333
  457. UPX0:1315E83C 0000000D C kernel32.dll
  458. UPX0:1315E850 0000000D C advapi32.dll
  459. UPX0:1315E864 0000000C C shell32.dll
  460. UPX0:1315E878 0000000C C wsock32.dll
  461. UPX0:1315E88C 0000000B C ws2_32.dll
  462. UPX0:1315E8A0 0000000A C ntdll.dll
  463. UPX0:1315E8B4 0000000B C \\ntdll.dll
  464. UPX0:1315E8C8 00000018 C http://axroot.com/dxb2/
  465. UPX0:1315EBFC 00000008 C skp.dat
  466. UPX0:1315EE5C 0000002A C C:\\Users\\<user>\\AppData\\Roaming\\18184.exe
  467. UPX0:1315EEC8 00000015 C 18/01/2016 - NEW SIG
  468. UPX0:1316B580 00000024 C C:\\Users\\<user>\\AppData\\Roaming\\zam
  469. UPX0:1316B780 00000029 C C:\\Users\\<user>\\Downloads\\sample.exe
  470. UPX0:1316BB78 00000020 C C:\\Users\\<user>\\AppData\\Roaming
  471. UPX0:1316BD7C 0000002D C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\cpm.dll
  472. UPX0:1316C184 00000007 C FM.DAT
  473. UPX0:1316C384 0000000A C rtt444444
  474. UPX0:1316C3E8 0000002F C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\30920.exe
  475. UPX0:1316C5F0 00000008 C zam.exe
  476. UPX0:1316C658 0000000D C zxcxzcxzxzww
  477. UPX0:1316C6C0 0000000C C sadadsada22
  478. UPX0:1316C728 00000036 C SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\
  479. UPX0:1316C7C0 00000009 C StubPath
  480. UPX0:13193AF4 0000000A C fSJsfjs82
  481. UPX0:13193B58 0000000A C asdsadacz
  482. UPX0:13193BD4 00000018 C Software\\dadsadfds44343
  483. UPX0:13193DC8 0000000B C axroot.com
  484. UPX0:131947D4 00000008 C D3v3e32
  485. UPX0:131948B8 00000025 C C:\\Users\\<user>\\AppData\\Roaming\\OPR\\
  486. UPX0:13194AB8 00000008 C 3S3KdiO
  487. UPX0:13194B1C 00000009 C AFDB.DAT
  488. UPX0:13194BB4 00000006 C 3.7.2
  489. UPX0:13194C20 0000000F C dadsadfds44343
  490. UPX0:13194CA0 00000005 C DRT3
  491. UPX1:13B938D8 0000002C C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\db.dat
  492. UPX1:13B93ADC 00000006 C 30868
  493. UPX1:13B93AF4 0000000A C 30969.exe
  494. UPX1:13B93B74 00000005 C 6732
  495. UPX1:13B93B8C 00000010 C dsadsadsadsa222
  496. UPX1:13B93C04 00000009 C cccc3333
  497. UPX1:13B93C68 00000019 C http://axroot.com/plg10/
  498. UPX1:13B93E6C 0000002D C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\acp.exe
  499. UPX1:13B94070 00000008 C WEeSdeD
  500. UPX1:13B940DC 0000001D C https://www.axroot.com/dxb2/
  501. UPX1:13B9420C 00000019 C Software\\dsadsadsadsa222
  502. UPX1:13B94414 0000000A C sdsdsdsds
  503. UPX1:13B9447C 0000000B C S3J3sjS3j3
  504. UPX1:13B94754 0000002F C C:\\Users\\<user>\\AppData\\Roaming\\zam\\\\30969.exe
  505. UPX1:13B95009 0000000D C SetLastError
  506. UPX1:13B95018 00000013 C etCurrentProcessId
  507. UPX1:13B9502C 0000000A C HeapAlloc
  508. UPX1:13B95038 0000000E C etProcessHeap
  509. UPX1:13B95048 00000008 C eapFree
  510. UPX1:13B95051 00000012 C GetShortPathNameA
  511. UPX1:13B95064 00000011 C CreateDirectoryA
  512. UPX1:13B95078 0000000E C tStartupInfoA
  513. UPX1:13B95088 0000000E C etProcAddress
  514. UPX1:13B95098 00000010 C etModuleHandleA
  515. UPX1:13B950A9 0000001B C GetFileInformationByHandle
  516. UPX1:13B951B8 00000014 C GetSystemDirectoryA
  517. UPX1:13B951CD 0000000A C MoveFileW
  518. UPX1:13B951D8 00000011 C CreateDirectoryW
  519. UPX1:13B951EC 0000000F C tComputerNameW
  520. UPX1:13B951FC 0000000F C GetLocaleInfoA
  521. UPX1:13B9520C 0000000C C DeleteFileW
  522. UPX1:13B95219 0000000A C WriteFile
  523. UPX1:13B95224 0000000F C SetFilePointer
  524. UPX1:13B95234 00000009 C ReadFile
  525. UPX1:13B95240 00000013 C leTimeToSystemTime
  526. UPX1:13B95254 0000000E C FindNextFileW
  527. UPX1:13B95264 00000017 C etLogicalDriveStringsA
  528. UPX1:13B9527C 0000000B C ExitThread
  529. UPX1:13B95288 0000000E C GetDriveTypeA
  530. UPX1:13B95298 00000011 C etCurrentProcess
  531. UPX1:13B952AC 0000000A C eateFileW
  532. UPX1:13B952B8 0000000B C reateFileA
  533. UPX1:13B952C4 0000000C C GetFileSize
  534. UPX1:13B952D1 0000000F C FindFirstFileW
  535. UPX1:13B952E1 0000000F C FindFirstFileA
  536. UPX1:13B952F1 0000000A C FindClose
  537. UPX1:13B952FC 0000000E C GetSystemTime
  538. UPX1:13B9530C 0000000E C etDateFormatA
  539. UPX1:13B9531C 0000000C C oadLibraryA
  540. UPX1:13B95329 0000001A C QueryPerformanceFrequency
  541. UPX1:13B95344 00000018 C QueryPerformanceCounter
  542. UPX1:13B9535D 0000000C C ExitProcess
  543. UPX1:13B9536C 0000000C C tVersionExA
  544. UPX1:13B95379 00000014 C WideCharToMultiByte
  545. UPX1:13B95390 00000012 C ltiByteToWideChar
  546. UPX1:13B953A4 0000000B C penProcess
  547. UPX1:13B953B0 00000011 C TerminateProcess
  548. UPX1:13B953C4 00000017 C eateToolhelp32Snapshot
  549. UPX1:13B953DC 0000000F C Process32First
  550. UPX1:13B953EC 0000000E C Process32Next
  551. UPX1:13B953FC 0000000F C erminateThread
  552. UPX1:13B9540C 0000000D C CreateThread
  553. UPX1:13B9541C 0000000B C tTickCount
  554. UPX1:13B95428 0000000C C CloseHandle
  555. UPX1:13B95435 00000006 C Sleep
  556. UPX1:13B9543C 0000000D C CreateMutexA
  557. UPX1:13B9544C 00000012 C itForSingleObject
  558. UPX1:13B95460 0000000A C lobalFree
  559. UPX1:13B95474 00000011 C OpenProcessToken
  560. UPX1:13B95488 00000012 C tTokenInformation
  561. UPX1:13B9549C 00000018 C llocateAndInitializeSid
  562. UPX1:13B954B5 00000009 C EqualSid
  563. UPX1:13B954C0 00000007 C reeSid
  564. UPX1:13B954C8 0000000E C RegOpenKeyExA
  565. UPX1:13B954D8 0000000F C egDeleteValueA
  566. UPX1:13B954E8 0000000C C RegOpenKeyA
  567. UPX1:13B954F5 00000011 C RegQueryValueExA
  568. UPX1:13B95508 0000000F C egCreateKeyExA
  569. UPX1:13B95518 0000000F C RegSetValueExA
  570. UPX1:13B95528 0000000C C RegCloseKey
  571. UPX1:13B95535 0000000D C GetUserNameW
  572. UPX1:13B95544 00000015 C ookupPrivilegeValueA
  573. UPX1:13B9555C 00000014 C justTokenPrivileges
  574. UPX1:13B95571 00000010 C GetSecurityInfo
  575. UPX1:13B95584 0000000B C tUserNameA
  576. UPX1:13B95590 00000011 C SetEntriesInAclA
  577. UPX1:13B955A4 0000000E C tSecurityInfo
  578. UPX1:13B955B4 0000000C C etLengthSid
  579. UPX1:13B955C1 00000018 C GetSidSubAuthorityCount
  580. UPX1:13B955DC 00000006 C pySid
  581. UPX1:13B955E4 0000000A C sValidSid
  582. UPX1:13B955F0 00000019 C etSidIdentifierAuthority
  583. UPX1:13B9560C 00000011 C tSidSubAuthority
  584. UPX1:13B95628 00000018 C apGetDriverDescriptionW
  585. UPX1:13B95660 00000017 C CreateCompatibleBitmap
  586. UPX1:13B95678 00000013 C CreateCompatibleDC
  587. UPX1:13B9568C 00000011 C CreateDIBSection
  588. UPX1:13B956A0 0000000C C tDeviceCaps
  589. UPX1:13B956AD 0000000A C CreateDCA
  590. UPX1:13B956B8 0000000D C DeleteObject
  591. UPX1:13B956C8 00000008 C tDIBits
  592. UPX1:13B956D1 0000000E C SelectPalette
  593. UPX1:13B956E0 0000000F C GetStockObject
  594. UPX1:13B956F0 0000000B C GetObjectA
  595. UPX1:13B956FC 00000009 C DeleteDC
  596. UPX1:13B95708 0000000D C alizePalette
  597. UPX1:13B95720 00000011 C NetEnumResourceW
  598. UPX1:13B95734 0000000C C etOpenEnumW
  599. UPX1:13B95741 0000000E C WNetCloseEnum
  600. UPX1:13B95759 00000009 C _strcmpi
  601. UPX1:13B95764 00000007 C printf
  602. UPX1:13B9576C 00000005 C free
  603. UPX1:13B95774 00000006 C alloc
  604. UPX1:13B9577C 00000005 C open
  605. UPX1:13B95784 00000005 C intf
  606. UPX1:13B95791 00000007 C fclose
  607. UPX1:13B95799 00000011 C _except_handler3
  608. UPX1:13B957AC 00000006 C trstr
  609. UPX1:13B957B4 00000008 C wprintf
  610. UPX1:13B957BD 00000007 C wcscmp
  611. UPX1:13B957C5 00000007 C wcslen
  612. UPX1:13B957CD 00000007 C memcpy
  613. UPX1:13B957D5 00000008 C strncpy
  614. UPX1:13B957E0 0000000B C 3@YAXPAX@Z
  615. UPX1:13B957EC 00000007 C strcat
  616. UPX1:13B957F4 00000007 C malloc
  617. UPX1:13B957FC 0000000D C ??2@YAPAXI@Z
  618. UPX1:13B9580C 00000010 C CxxFrameHandler
  619. UPX1:13B958E0 00000012 C PathFindFileNameA
  620. UPX1:13B958F4 0000000C C HDeleteKeyA
  621. UPX1:13B9590C 0000000D C tWindowTextW
  622. UPX1:13B9591C 0000000C C itWindowsEx
  623. UPX1:13B95929 00000010 C GetActiveWindow
  624. UPX1:13B9593C 0000000B C tCursorPos
  625. UPX1:13B95948 0000000C C mouse_event
  626. UPX1:13B95955 00000013 C GetWindowPlacement
  627. UPX1:13B95969 00000010 C IsWindowVisible
  628. UPX1:13B9597C 0000000A C umWindows
  629. UPX1:13B95988 0000000A C howWindow
  630. UPX1:13B95994 0000000C C endMessageA
  631. UPX1:13B959A1 00000014 C GetForegroundWindow
  632. UPX1:13B959B8 0000000F C tLastInputInfo
  633. UPX1:13B959C8 0000000A C wsprintfA
  634. UPX1:13B959D4 00000005 C etDC
  635. UPX1:13B959DC 00000008 C leaseDC
  636. UPX1:13B95A00 00000014 C InternetCloseHandle
  637. UPX2:13B9715C 0000000D C KERNEL32.DLL
  638. UPX2:13B97169 0000000D C ADVAPI32.dll
  639. UPX2:13B97176 0000000D C AVICAP32.dll
  640. UPX2:13B97183 0000000A C GDI32.dll
  641. UPX2:13B9718D 00000008 C MPR.dll
  642. UPX2:13B97195 0000000B C MSVCRT.dll
  643. UPX2:13B971A0 0000000C C SHELL32.dll
  644. UPX2:13B971AC 0000000C C SHLWAPI.dll
  645. UPX2:13B971B8 0000000B C USER32.dll
  646. UPX2:13B971C3 0000000C C WININET.dll
  647. UPX2:13B971CF 0000000B C WS2_32.dll
  648. UPX2:13B971DC 0000000D C LoadLibraryA
  649. UPX2:13B971EA 0000000F C GetProcAddress
  650. UPX2:13B971FA 0000000F C VirtualProtect
  651. UPX2:13B9720A 0000000D C VirtualAlloc
  652. UPX2:13B97218 0000000C C VirtualFree
  653. UPX2:13B97226 0000000C C ExitProcess
  654. UPX2:13B97234 00000008 C FreeSid
  655. UPX2:13B9723E 00000019 C capGetDriverDescriptionW
  656. UPX2:13B97258 00000007 C BitBlt
  657. UPX2:13B97260 0000000E C WNetOpenEnumW
  658. UPX2:13B97270 00000005 C free
  659. UPX2:13B97276 00000009 C StrStrIA
  660. UPX2:13B97280 0000000D C SHDeleteKeyA
  661. UPX2:13B9728E 00000006 C GetDC
  662. UPX2:13B97296 0000000E C InternetOpenA
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!