contagio malware exchange: Cryptolocker strings

File: Cryptolocker_9cbb128e8211a7cd00729c159815cb1c_crypt_1_sell23-09.exe_
MD5: 9cbb128e8211a7cd00729c159815cb1c
Size: 743424

Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich5>
.text
`.rdata
@.data
.rsrc
crs
Qj@SR
\SVW
_KPP
--------snip
??$j+
*5>>AA99
F77::BB;;
::8822
:?u<5
::::6666
66BB<<:
8822
33664455U"`O
3366D
3377
8899
AA<<AA
228855F~\2w
66<<
AA;;;;A
>>>>
33EEAA
S766N
<Bx@@
vSzi
*s:z
::C:
C:Hnwd:4
Tr44BBCC
44::
2233
^];;8@
$8BZN#
AA99
::778833
EE>>DD
77@@>>
\71C
BB<<
1p,wu
22AA;;
2288
QN??88;;999sus9
AAAA22
<<66
::::88
UDD22
cR"U
C522
EE77
88<<
n^:2
z!qBBBB66EE
6644
\A::
>>77DD
C:~V[J
MJSe
66P/
FF33
EE@@
6666
6633
55EE
55559h
8==55FF
====
}#AA
ZU{5
;;==
==55??88
$'99
g$FOO
;;33
gDDAACCFF
99DD
2 28
AABBFF
.:9y33
99;;
77EE
BBCC
z377A
]s?AO
66EE
44;;D
5555
AABB
B"r]ez
e^iZ
rxD$
3355;
DD;;22
=0^c?FF
::R5
FFDD;;
<<33==::
7*88
::22
99AA
@@==
==44>>
33CC
!E!2I
LE?Sx
k}<H
R44::
2233
33>>22
.1<:
EE;;
;;me(fU1
5588
44==
::Bz
7744
,h"A
DD@@
??BB
KA]9
w&{9&
88DD
DD33==
AA55
)4r(
N5qe
33FF
BB999922::
3366
IDDT
44CCC*Y5
;;666699CC
/-W<
338866@@>D`
`N]2
)V*DD
5599
EE66
D_Cg;D
99BB==EE
==44
AJA0
3377
44EE7
CCEE
1MAA
LU@@!
==66
2255
6=_
>>BB
2244
??@@
AAAA
AA??AA
FG5x
FF22
";ImFA
33FF
@@^R
4499
/;;A
FFDD
==66B
33]nY=
44PJ
<<??99
4M+X8
99AA
77;;
::AA66
;@@>>@@
99EE<<
~Q>>
p\]BB=
??EE
CCFF<<
6/K"P
BBDD44
FF@@
O`AA
`JsS
~==@@
EE77
`j-<<
:(4U:FF
55;;
DD99
:WuM
j3:CC
1iD.
443366
>k3x3
K==~
;;AA::
AA88b
6l0%'
AA224477Z
AA<<
6A33
EEFF
fPWR
eEE2
3355BB
=qFK
<<77
2\8)DW
>>gk
66::
==66
kX+c
AA:/!7U:
::??
33553
Y8K'
DD;;
D0%p&7DDD66
::FF;;
>CC>>
7733
6~A44
{;E2>
52CC
f7;;W-
::88DD;;BBCC
66FF
AA#N
>0q[<;;!
<<`Q
BB99
;;22
::DD
hfd6E
;;55
>>;;
:44xM
55BBy
22FF
qBB3
BB??
7744
99DDE
55^D
AA22
<<??
{]WS
7733>>
2299
vf88t
??==
@@33
>>99
M::4
EEBB7
BB>T~7
>@@-]2
AA33FFEE;7
;;AA77
@@YG
99;;
??DD
ZoCC3
FF99
=]^s
223D
;;@%#
e=yBEE!
;;??
.2:>
6633
33AABB
CCBB
3344W4
{A[%4
66::7744?
F;55}
@@5y
44::BBEE
[<`y@E
E6{me6::
==FRJ
F4488;;
NF@@
[88<
EEFF
pRN??
99;;
q:77
FF44Z@
z|==
C\qEE
??22W
BBAA
CC99
?AA3e?
`9:="
=DDDD66
ABB44
o@!GYB
t&23W|
y>>;;
88::77
D88s
7;;6622??
8844
22EE33
AhUZ
8&;;
r>>DGc
k9\z
CC<<
999C
XX-F
9933
DD;;>>??
@@aQ
@@55BB
>>44<<
36C?
??Y9C
;;EE
99??
`j77
??2277EE
;;CCAA4
??DD
22::44
nUEE
BBBB
DD44@@7-G
DD::
;;BB
CCEE
#CFF;;22
<<99
==AA@@
;;*,
??CC77
>>Du
]UvB
??66
$=88
;;22
@@;;
d"CC}
==>>
22EE
::669
6633
22EE
BB==AAe
@@DD
DDCC
@@66DDBB
n\==9944
3DI-
3@]V
@@66Du
/77p
BB7744
22;mt}S
44AA
22AABBDD
22AAB
S[X'
CC22
::6688
<D/K
s]<==
66AA
EEBB
4499>>Hk
BB;;;;:
AA9966
emAA
>N={
g@@EE
??22
`,jx7;8S
AA66
9-27
EEAA::EE
F33BB;;
>@co>BBg
33="
~s?$)a
'5;)
==DD
[5522
==77
Q~IBB
AA44
99::
]%@7
}mh{
>>3]wO
n@@fm
99p6
DDg&
==33
55::
33;;66
::99
55EE44;;;;@
@;;DD339988
66AA>>
7777
99FF4
DD9_
yr~9
^=/Z9%
77BB44
??FF
55CC
%N4(
2244
3333
FFDD;
?22tKyx
7tbd6q
DD3399??
77>>
gvNq
%@22
E!|44
FF88DD
9988
BBEEc
@@DD3H
AA@@
4422AA
J}m"
DDA,V
5~<<
+:BB
$mfEE
;;33
EE>d
>;;@@
<<22
;;33
6EEAA
>>@*
99DD25
CC==
DDFF
|e;;vQ
{|eV
"[LL
DLLf
tX35\b
Ch5B
hhdj
%UfE
DDbs
ysfj)W
NE5D
'[2>
}?}w
uunv"
KQcX
LLul|
9UeLL
_Jy&
X3tXz
F!jY1M
jjLLPP
DDPP
-ba~
H#hh
bkXu
#L9e:
PPPP
"S g9
SCardIntroduceReaderW
SCardStatusW
SCardForgetReaderW
SCardReleaseStartedEvent
SCardLocateCardsByATRW
SCardState
SCardGetAttrib
SCardIntroduceReaderGroupW
SCardCancel
SCardAddReaderToGroupW
SCardGetStatusChangeW
SCardReleaseContext
SCardListReadersW
SCardBeginTransaction
SCardControl
SCardForgetReaderGroupW
SCardSetAttrib
SCardLocateCardsA
SCardConnectW
SCardRemoveReaderFromGroupW
WinSCard.dll
VirtualFree
DeviceIoControl
GetCurrentProcess
Sleep
LocalAlloc
GetSystemInfo
VirtualAlloc
CopyFileW
MoveFileW
CreateDirectoryW
CloseHandle
GetStartupInfoW
DeleteFileW
VirtualProtect
CreateProcessW
LoadLibraryW
LocalFree
PrepareTape
GetTickCount
ResetEvent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LoadLibraryA
InitializeCriticalSection
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
KERNEL32.dll

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ

Unicode Strings:
---------------------------------------------------------------------------
(null)
((((( H
h(((( H
H
rubmetal main slip
stream her million afraid
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Opposite2|3</> Corporation.
FileDescription
Opposite2|3</> Seedfact
FileVersion
2.1.460.695
InternalName
present.exe
LegalCopyright
2005-2007 Opposite2|3</> Corporation. All rights reserved.
OriginalFilename
present.exe
ProductName
Opposite2|3</> Seedfact
ProductVersion
2.1.460.695
Mountainst
magnetpr
VarFileInfo
Translation

About contagio exchange

Tuesday, October 15, 2013

Cryptolocker strings - CRIME