contagio malware exchange: Surtr (Smoaler) Strings

File: DW20.dll
MD5: 1325ec00149cd2dd9a2982769f1fa12a
Size: 39936

Ascii Strings:
---------------------------------------------------------------------------
!This program cannot be run in DOS mode.
Rich
.text
`.rdata
@.data
.reloc
;ORD.
MessageBoxA
user32.dll
CloseHandle
CreateFileA
GetFileSize
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
ReadFile
SetFilePointer
VirtualAlloc
WinExec
WriteFile
lstrlenA
kernel32.dll
mydll.dll
DoWork
0#010I0j0y0
1%1+171=1C1I1T1_1k1
!This program cannot be run in DOS mode.
Richw
.text
`.rdata
@.data
.rsrc
SVW3
Soft
ware
\Mic
roso
ft\W
indo
ws M
edia
t$ ;4
_^]3
Pj@h
h40@
h$0@
Dah$0@
h$0@
h$0@
h$0@
h$0@
Oh$0@
7tah@0@
hD0@
Pj@QV
5L1@
t"It
Iu'j
hh @
hSVW
>"u:F
XPVSS
%( @
%8 @
%P @
%T @
VirtualProtect
KERNEL32.dll
strncpy
fclose
fread
ftell
fseek
fopen
fwrite
MSVCRT.dll
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleHandleA
GetStartupInfoA
advapi32.dll
kernel32.dll
ntdll.dll
9tWg^
u6[W
EtZ$n$
v^q$t
uYwA~;
Ft0(
wwwwwwwwwwwwww
wwwwwwwwwwwwww
DDDDDDDDD@
DDDDDDDDDGpw
DDDDDDDDDGpw
DDDDDDDDDDDDDD
wwwwwwwwwwwwww
This
proggam
DO~S
mode.
iS0R
chDH(
P@EL8
.tesx
Z$0 -.rd9at@]W
relo
h8p.(
5)lp(0
t$dW
\$l;
_$^]^f[
L 2;
VRhz
j@R+h\
FVPS
OYg_#
tVjR
$j(E
QVh<U
mAsn
40pI
$PUA!M
&Po;V<It
^xMtR
UNLSp
D$=? j
9MZu:
Q<.W
*A<Wf
7,^\
I@LCT
$]Qx pw3
,u8w
=Wb@
)PcQU
SWVJz8
3QIv
.,yEU
3\KXfA
tDu7R
4r4U
JZ,xQQh
=D:XLE
hbm0
2SYQM
kp?p
S Z+
K(J
K@zta
bxL2
mMW&
KNM$
2 <8
B`6Y
7w^>
4P+O!t
bn@k
16=PP"<
1>a9
:OUu
PV$QR
z248
4yj?
^9W(
vD*(
WhKdK|
ebRPp
+tNFQ
EAu)'
_i[2
x|$N
;DS\p
>G.!
j(%]
@D\/
&bA~
RLQPRD
l3}hJ
2NFB
)l)
kS{T
_[uaY
J"H[j
!YK)&j
'UVG
)&(dD,%|
<Nwi
745LJ<_
2d~o
B,M0
/AWf
,DU`
z{2%
8"90
"+1x
@bBt
C3|W`E!
Fr!Hd
"\10
__y }
0'KK
3hnh.
_I[z
ljtNg
|`tOM
=WNj
5_IL
W>tC
?!$G
8H-d
n\'Y
KGE
Vw4&
EA2
L_Z`
*4PY
"+8M
LX{R
J<R{
DL|P(
/1MQn
%"!B [V
e2;^!L1
bqLR
^8p/
hMD
VFQ)P
tc0d
MK<c-
%AGQ
#M@S'q
(_QD
h5Zf
/[<E
'0KW
t|24
MRI>
hud_
?qY9]4
A.I?n
k(^D
DHmzD
0+F;
u.Wh
We^M
>yo*
t1:;
(VXl
xZ3@
a78Wt
B+8E$
QyAw:
dR"P
t/W+L
bP890
rTQwN
2JX"1
tMVP
!g $
[%=H
<#u?hU
0DVY
RHe.
171WP(
!BJ1
J$RLj
/`"V
@#0qq
6(8r
_begi
nthr
? 2@YAP
XwInZ4
FrgaDHAndl
I3&XK
ftopln
4eX&|
_pu}Z
CRT.d
iav8
lg<M.
$)ch
|GWt
USER32H^
5ACP
8K9bN
i$cm
n,dBe
l38!<"
Aoh;
9tWg^
u6[W
`KE5
ECZ$n
(yPz
rtP@"
%\2b
Sf|z
YwA~;
p&p0pO
Kern4l
Loza
i;brr8yAE
%s: #N
Softw
Ze\Mic
0Exp
X,7Ueh
k\x NWT_
cS'C
'bN3
rqwf
vcty(
j;4l
^.6Hb
egtny
/v%Y
Y_CUR
C'iU\
"tSg$i
umHC
fLk~
L4Cd
\)2_
HRT<Qt
aCyI
"%PA
NC+H0
hh&@
/zBMcS
!ySb
@ToMuHl
2!ft
(x86)\IDu
SysWO
ls0tm
RI3tY
*1\1Li!
m((
13232.
'Eduw
$XC\
8"fWP
IN8GX
&3-'EGLg
;&'GGdg
=r1tBvQx`zo|~~
'98P*w
:,'SG
G!g1
71rft{v
3J'yG
67'VG
G"g3
< =,>1?6?B?G?L?X?]?b?n?s?x?
,48>
:94I,V
#5*'9GXgz
q8M<
'BGLgf
C'P\G
BNb
')G6gO
T1m$
!98R:
(9>S:d;k<
]?mNt
):1P
vBYO,>e?j?o,t.
x0r|t
tibe
mss.
Oq3g
|n$n
wwwwwwwwwwwwww
wwwwwwwwwwwwww
DDDDDDDDD@
DDDDDDDDDGpw
DDDDDDDDDGpw
DDDDDDDDDDDDDD
wwwwwwwwwwwwww

Unicode Strings:
---------------------------------------------------------------------------

About contagio exchange

Tuesday, September 3, 2013

Surtr (Smoaler) Strings - APT