File: COOKIEBAG_sample_0C28AD34F90950BC784339EC9F50D288MD5: 0c28ad34f90950bc784339ec9f50d288
Size: 151552
Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
RichW
.text
`.rdata
@.data
----------------------snip
tAVW
string too long
invalid string position
Unknown exception
(8PX
700WP
`h````
ppxxxx
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
TLOSS error
SING error
DOMAIN error
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
abnormal program termination
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
CreateProcessA
Sleep
CloseHandle
TerminateProcess
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateThread
GetStartupInfoA
CreatePipe
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetLastError
KERNEL32.dll
InternetOpenW
InternetCloseHandle
InternetSetOptionW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetCookieW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestA
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
WININET.dll
WS2_32.dll
RtlUnwind
ExitProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
SetFilePointer
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
CreateFileW
LoadLibraryA
SetEndOfFile
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
http://66.170.3.43:8080/CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCC
geturl:
perform exe success!
perform exe failure!
performexe:
interval:
breakpointtrans
sleep:
exit
quit
content=
download
reqpath=
savepath=
upfile
command=
Reqfile not exist!
upfile over!
.exe
no file!
download file failure!
download over!
&FILECONTENT=
FILENAME=
ready download file !
FilePath
Circle
f.ini
File
DDDDD
Set-Cookie:
the url no respon!
start Cmd Failure!
CreatePipe(echo) failed!!!
CreatePipe(cmd) failed!!!
YzpcXHdpbmRvd3NcXHN5c3RlbTMyXFxjbWQuZXhl
Notepad.exe
Y21kLmV4ZQ==
path
Hello World!
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Location:
Content-Length:
charset=
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
kU'9
HMXB
?Zd;
?/L[
S;uD
z?aUY
D?$?
U>c{
zc%C1
.:3q
-64OS
NKeb
Unicode Strings:
---------------------------------------------------------------------------
jjjj
jjjj
(null)
hostname
clientkey
reqfilepath
command
reqfile
.html
?ID=
postvalue
postfile
.asp
POST
aaaaaaa
postdata
C:\unknow.zip
Content-Length
Set Proxy Failure!
BMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
</html>
<html>
utf-8
((((( H
