bdwtxag exe
bdwtxag exe from Pastebin
UPX0:1315AB88 0000000D C %s~!%s~!%d~!
UPX0:1315ABA4 0000000C C %s~!%s~!0~!
UPX0:1315ABB4 0000000D C %s~!%s~!%s~!
UPX0:1315ABC8 00000041 C ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
UPX0:1315AC0C 00000005 C 1000
UPX0:1315AC14 00000014 C QHActiveDefense.exe
UPX0:1315AC28 0000000F C QHSafeTray.exe
UPX0:1315AC38 00000014 C QHActiveDefense.exe
UPX0:1315AC50 00000009 C egui.exe
UPX0:1315AC5C 00000009 C ekrn.exe
UPX0:1315AC6C 00000012 C Avira.Systray.exe
UPX0:1315AC80 0000000C C avguard.exe
UPX0:1315AC8C 00000016 C Avira.Servicehost.exe
UPX0:1315ACA4 0000000D C avshadow.exe
UPX0:1315ACB8 0000000C C AvastUI.exe
UPX0:1315ACC4 0000000D C AvastSvc.exe
UPX0:1315ACD8 0000000A C avpui.exe
UPX0:1315ACE4 00000008 C avp.exe
UPX0:1315ACF0 0000000A C avgui.exe
UPX0:1315ACFC 0000000D C avgwdsvc.exe
UPX0:1315AD0C 0000000B C avgrsa.exe
UPX0:1315AD18 0000000B C avgnsa.exe
UPX0:1315AD28 0000000C C bdagent.exe
UPX0:1315AD34 0000000E C seccenter.exe
UPX0:1315AD44 0000000C C bdwtxag.exe
UPX0:1315AD54 0000000D C MCSvHost.exe
UPX0:1315AD64 0000000D C mcshield.exe
UPX0:1315AD74 0000000B C mfemms.exe
UPX0:1315AD80 0000000C C McAPExe.exe
UPX0:1315AD8C 0000000C C McUIcnt.exe
UPX0:1315AD98 0000000C C mfefire.exe
UPX0:1315ADA8 00000007 C NS.exe
UPX0:1315ADB4 0000000D C PSUAMain.exe
UPX0:1315ADC4 00000010 C PSUAService.exe
UPX0:1315ADD8 0000000B C nisSrv.exe
UPX0:1315ADE4 0000000C C MsMPEng.exe
UPX0:1315ADF0 0000000C C msseces.exe
UPX0:1315AE00 0000000C C a2guard.exe
UPX0:1315AE0C 0000000E C a2service.exe
UPX0:1315AE20 00000005 C 1000
UPX0:1315AE2C 00000008 C Key3333
UPX0:1315AE34 00000006 C %s&&&
UPX0:1315AE3C 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
UPX0:1315AE80 00000008 C AppData
UPX0:1315AE88 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
UPX0:1315AECC 0000000E C local appdata
UPX0:1315AEE0 00000008 C AppData
UPX0:1315AEE8 00000041 C Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
UPX0:1315AF2C 00000006 C %s\\%s
UPX0:1315AF34 00000009 C Software
UPX0:1315AF44 00000009 C Software
UPX0:1315AF54 00000007 C %d.exe
UPX0:1315AF64 00000007 C %d.exe
UPX0:1315AF70 00000005 C rno1
UPX0:1315AF78 00000007 C %d.exe
UPX0:1315AF80 00000005 C rno1
UPX0:1315AF98 00000005 C 2000
UPX0:1315AFA4 00000005 C 2003
UPX0:1315AFAC 00000006 C Vista
UPX0:1315AFB4 00000006 C Seven
UPX0:1315AFBC 00000006 C Eight
UPX0:1315AFC4 0000000C C Eight (8.1)
UPX0:1315AFD8 0000000D C avicap32.dll
UPX0:1315AFF4 0000000B C dd.MM.yyyy
UPX0:1315B000 00000008 C Invalid
UPX0:1315B008 0000000A C Removable
UPX0:1315B014 00000006 C Fixed
UPX0:1315B01C 00000008 C Network
UPX0:1315B024 00000007 C CD-ROM
UPX0:1315B02C 00000008 C RAMDISK
UPX0:1315B034 00000008 C Unknown
UPX0:1315B03C 0000000B C %s - (%s)#
UPX0:1315B048 0000000D C %s~!%s~!%s~!
UPX0:1315B058 00000009 C %s~!%s~!
UPX0:1315B064 00000008 C %s~!&&&
UPX0:1315B088 0000000A C D~!%s~!\r\n
UPX0:1315B094 00000005 C %02d
UPX0:1315B09C 00000005 C %02d
UPX0:1315B0A4 00000005 C %02d
UPX0:1315B0AC 00000005 C %02d
UPX0:1315B0B4 00000005 C %02d
UPX0:1315B0C4 00000014 C F~!%s~!%llu~!%s~!\r\n
UPX0:1315B0D8 00000009 C %s\r\n%s%s
UPX0:1315B0F0 0000001D C %s~!%s~!%d~!%d~!%s~!%s~!%s~!
UPX0:1315B11C 0000001D C %s~!%s~!%s~!%d~!%s~!%d~!%s~!
UPX0:1315B158 00000021 C %s~!%s~!%s~!%d~!%s~!%d~!%s~!%s~!
UPX0:1315B188 0000000D C %s~!%s~!%s~!
UPX0:1315B19C 0000000D C %s~!%s~!%s~!
UPX0:1315B1D0 0000000C C %d.%d.%d.%d
UPX0:1315B1DC 0000004A C %s~!%s~!%s~!%s~!%s~!%s~!%dd %dh %dm~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!%s~!
UPX0:1315B234 0000000D C %s~!%s~!%s~!
UPX0:1315B248 0000000D C %s~!%s~!%s~!
UPX0:1315B264 0000000D C %s~!%s~!%s~!
UPX0:1315B278 0000000D C %s~!%s~!%s~!
UPX0:1315B29C 0000000D C %s~!%s~!%s~!
UPX0:1315B2B0 0000000D C %s~!%s~!%s~!
UPX0:1315B2D4 0000000D C %s~!%s~!%s~!
UPX0:1315B2E8 0000000D C %s~!%s~!%s~!
UPX0:1315B300 00000005 C NXO3
UPX0:1315B318 0000000D C %s~!%s~!%s~!
UPX0:1315B32C 0000000D C %s~!%s~!%s~!
UPX0:1315B33C 0000000B C axroot.com
UPX0:1315B348 00000018 C http://axroot.com/dxb2/
UPX0:1315B360 0000001D C https://www.axroot.com/dxb2/
UPX0:1315B380 00000019 C http://axroot.com/plg10/
UPX0:1315B39C 00000005 C 6732
UPX0:1315B3C4 00000006 C 3.7.2
UPX0:1315B3CC 0000000D C ncbdhdhdhdhd
UPX0:1315B3DC 0000000C C sadadsada22
UPX0:1315B3E8 0000000A C asdsadacz
UPX0:1315B3F4 00000011 C sFdDfdfssdf33333
UPX0:1315B408 00000009 C cccc3333
UPX0:1315B414 0000000D C zxcxzcxzxzww
UPX0:1315B424 0000000F C dadsadfds44343
UPX0:1315B434 00000010 C dsadsadsadsa222
UPX0:1315B444 0000000A C sdsdsdsds
UPX0:1315B450 0000000A C rtt444444
UPX0:1315B464 00000008 C zam.exe
UPX0:1315B46C 00000008 C zam.cpl
UPX0:1315B47C 00000015 C 18/01/2016 - NEW SIG
UPX0:1315B498 00000021 C bepbmhgboaologfdajppppppppoimhfn
UPX0:1315B4BC 00000005 C DRT3
UPX0:1315B4C4 00000008 C WEeSdeD
UPX0:1315B4CC 00000008 C skp.dat
UPX0:1315B4D4 00000008 C D3v3e32
UPX0:1315B4DC 00000008 C 3S3KdiO
UPX0:1315B4E4 0000000B C S3J3sjS3j3
UPX0:1315B4F0 0000000A C fSJsfjs82
UPX0:1315B4FC 00000007 C FM.DAT
UPX0:1315B504 00000009 C AFDB.DAT
UPX0:1315B510 0000000C C Software\\%s
UPX0:1315B51C 0000000C C Software\\%s
UPX0:1315B528 00000007 C %s\\%s\\
UPX0:1315B530 00000006 C %s\\%s
UPX0:1315B538 0000000B C %s\\cpm.dll
UPX0:1315B544 0000000B C %s\\pmd.dll
UPX0:1315B550 0000000B C %s\\acp.exe
UPX0:1315B55C 00000006 C %s\\%s
UPX0:1315B564 0000000A C %s\\db.dat
UPX0:1315B570 00000006 C %s\\%s
UPX0:1315B57C 00000007 C %s\\%s\\
UPX0:1315B584 0000000F C %s\\control.exe
UPX0:1315B598 0000000A C %s\\%s.exe
UPX0:1315B5A4 0000000A C %s\\%s.cpl
UPX0:1315B5B8 0000000D C %s~!%s~!%s~!
UPX0:1315B5DC 0000000D C %s~!%s~!%s~!
UPX0:1315B5F0 0000000D C %s~!%s~!%s~!
UPX0:1315B600 00000007 C S-%lu-
UPX0:1315B608 00000021 C 0x%02hx%02hx%02hx%02hx%02hx%02hx
UPX0:1315B630 00000005 C -%lu
UPX0:1315B638 0000000D C kernel32.dll
UPX0:1315B648 0000000B C urlmon.dll
UPX0:1315B654 0000000B C user32.dll
UPX0:1315B660 0000000C C shell32.dll
UPX0:1315B66C 0000000D C avicap32.dll
UPX0:1315B67C 0000000B C ws2_32.dll
UPX0:1315B688 0000000C C wsock32.dll
UPX0:1315B694 0000000D C advapi32.dll
UPX0:1315B6A4 0000000C C wininet.dll
UPX0:1315B6B0 0000000C C shdocvw.dll
UPX0:1315B6BC 0000000C C Shlwapi.dll
UPX0:1315B6C8 00000008 C mpr.dll
UPX0:1315B6DC 0000000D C kernel32.dll
UPX0:1315B6EC 0000000B C urlmon.dll
UPX0:1315B6F8 0000000B C user32.dll
UPX0:1315B704 0000000C C shell32.dll
UPX0:1315B710 0000000D C avicap32.dll
UPX0:1315B720 0000000B C ws2_32.dll
UPX0:1315B72C 0000000C C wsock32.dll
UPX0:1315B738 0000000D C advapi32.dll
UPX0:1315B748 0000000C C wininet.dll
UPX0:1315B754 0000000C C shdocvw.dll
UPX0:1315B760 0000000C C Shlwapi.dll
UPX0:1315B76C 00000008 C mpr.dll
UPX0:1315B77C 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315B7B4 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315B7EC 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
UPX0:1315B824 00000006 C shell
UPX0:1315B830 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
UPX0:1315B868 00000005 C Load
UPX0:1315B870 00000006 C %s\\%s
UPX0:1315B878 00000006 C %s\\%s
UPX0:1315B880 00000007 C \\%s\\%s
UPX0:1315B888 00000006 C %s %s
UPX0:1315B898 00000012 C explorer.exe , %s
UPX0:1315B8B0 00000007 C \\%s\\%s
UPX0:1315B8B8 0000000D C Kernel32.dll
UPX0:1315B8C8 0000000B C urlmon.dll
UPX0:1315B8D4 0000000B C msvcrt.dll
UPX0:1315B8E0 0000000B C user32.dll
UPX0:1315B8EC 0000000C C shell32.dll
UPX0:1315B8F8 0000000D C avicap32.dll
UPX0:1315B908 0000000B C ws2_32.dll
UPX0:1315B914 0000000C C wsock32.dll
UPX0:1315B920 0000000D C advapi32.dll
UPX0:1315B930 0000000C C wininet.dll
UPX0:1315B93C 0000000F C IsWow64Process
UPX0:1315B94C 00000009 C kernel32
UPX0:1315B95C 0000002A C SOFTWARE\\Microsoft\\Windows\\CurrentVersion
UPX0:1315B990 00000014 C c:\\abc\\iexplore.exe
UPX0:1315B9B4 0000000A C ntdll.dll
UPX0:1315B9C0 0000001D C RtlAnsiStringToUnicodeString
UPX0:1315B9E0 00000012 C RtlInitAnsiString
UPX0:1315B9F4 00000015 C RtlFreeUnicodeString
UPX0:1315BA0C 0000000E C NtOpenSection
UPX0:1315BA1C 00000013 C NtMapViewOfSection
UPX0:1315BA30 00000015 C NtUnmapViewOfSection
UPX0:1315BA48 00000019 C ZwQuerySystemInformation
UPX0:1315BA64 00000017 C \\device\\physicalmemory
UPX0:1315BA7C 00000017 C \\device\\physicalmemory
UPX0:1315BA94 0000000D C ntoskrnl.exe
UPX0:1315BAA4 00000006 C P2k13
UPX0:1315BABC 0000000D C %s~!%s~!%s~!
UPX0:1315BACC 00000005 C Init
UPX0:1315BAD4 0000001D C %s|*%s|*%s|*%s|*%s|*%s|*%s|*
UPX0:1315BAFC 0000000D C %s~!%s~!%s~!
UPX0:1315BB0C 0000000E C CaptureScreen
UPX0:1315BB1C 00000005 C Init
UPX0:1315BB24 0000000A C ClearCred
UPX0:1315BB30 0000000B C GetCamlist
UPX0:1315BB3C 00000008 C SendCam
UPX0:1315BB44 00000008 C StopCam
UPX0:1315BB4C 0000000A C Uninstall
UPX0:1315BB58 00000010 C CompressArchive
UPX0:1315BB68 00000010 C GenerateReports
UPX0:1315BB78 00000008 C GetWifi
UPX0:1315BB80 0000000B C StartShell
UPX0:1315BB8C 00000009 C GetSound
UPX0:1315BB98 0000000C C SplitMyFile
UPX0:1315BBA4 0000000B C GetAutoFTP
UPX0:1315BBB0 0000000C C SendStartup
UPX0:1315BBBC 00000007 C getkey
UPX0:1315BBC4 0000000C C SendMTPList
UPX0:1315BBD0 0000000D C SendMTPList2
UPX0:1315BBE0 00000013 C GrabFileFromDevice
UPX0:1315BBF4 00000010 C PutFileOnDevice
UPX0:1315BC04 00000015 C DeleteFileFromDevice
UPX0:1315BC1C 00000008 C CopyMTP
UPX0:1315BC24 0000000D C ChromeInject
UPX0:1315BC34 0000000E C DisableChrome
UPX0:1315BC44 0000000A C RarFolder
UPX0:1315BC50 0000000C C SendUSBList
UPX0:1315BC5C 0000000D C SignoutSkype
UPX0:1315BC6C 00000009 C StealUSB
UPX0:1315BC78 00000011 C StartFileMonitor
UPX0:1315BC8C 0000000F C SendFileMonLog
UPX0:1315BC9C 0000000E C GetUSBMONLIST
UPX0:1315BCAC 0000000F C GetFileMONLIST
UPX0:1315BCBC 0000000F C StopUSBMonitor
UPX0:1315BCCC 0000000B C SearchMain
UPX0:1315BCD8 0000000B C StopSearch
UPX0:1315BCE4 00000010 C StopFileMonitor
UPX0:1315BCF4 0000000D C SendinfoList
UPX0:1315BD04 00000015 C EnableAndLoadCapList
UPX0:1315BD1C 00000014 C DisableMouseCapture
UPX0:1315BD30 0000000F C AddAutoFTPToDB
UPX0:1315BD40 00000014 C DeleteAutoFTPFromDB
UPX0:1315BD54 0000000A C ExecuteTV
UPX0:1315BD64 0000000D C %s~!%s~!%s~!
UPX0:1315BD74 0000001D C %s|*%s|*%s|*%s|*%s|*%s|*%s|*
UPX0:1315BD9C 0000000D C %s~!%s~!%s~!
UPX0:1315BDB0 0000000D C %s~!%s~!%s~!
UPX0:1315BDC0 0000000A C %sprd.dat
UPX0:1315BDD4 0000000D C %s~!%s~!%s~!
UPX0:1315BDFC 0000000D C %s~!%s~!%s~!
UPX0:1315BE14 0000000D C %s~!%s~!%s~!
UPX0:1315BE28 0000000D C %s~!%s~!%s~!
UPX0:1315BE38 0000000C C 5|%s|%s|%s|
UPX0:1315BE44 00000005 C open
UPX0:1315BE4C 00000009 C %s~!%s~!
UPX0:1315BE5C 0000000D C %s~!%s~!%s~!
UPX0:1315BE70 0000000D C %s~!%s~!%s~!
UPX0:1315BE80 00000010 C 10|%s|%s|%s|%s|
UPX0:1315BE90 00000005 C open
UPX0:1315BE9C 0000000D C %s~!%s~!%s~!
UPX0:1315BEB0 0000000D C %s~!%s~!%s~!
UPX0:1315BEC4 0000000D C %s~!%s~!%s~!
UPX0:1315BED8 0000000D C %s~!%s~!%s~!
UPX0:1315BEEC 0000000D C %s~!%s~!%s~!
UPX0:1315BF00 0000000D C %s~!%s~!%s~!
UPX0:1315BF10 0000000F C 1|%s|%s|%s|%s|
UPX0:1315BF20 00000005 C open
UPX0:1315BF2C 0000000D C %s~!%s~!%s~!
UPX0:1315BF48 0000000D C %s~!%s~!%s~!
UPX0:1315BF64 0000001C C Microsoft Internet Explorer
UPX0:1315BF84 00000008 C cap.dll
UPX0:1315BF8C 00000005 C %s%s
UPX0:1315BF98 00000008 C pws.dll
UPX0:1315BFA0 00000005 C %s%s
UPX0:1315BFAC 0000000A C extra.dll
UPX0:1315BFB8 00000005 C %s%s
UPX0:1315BFC4 00000007 C tv.dll
UPX0:1315BFCC 00000005 C %s%s
UPX0:1315BFD4 00000007 C %s\\%s\\
UPX0:1315BFDC 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C010 00000006 C %s %s
UPX0:1315C01C 00000031 C %s\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C054 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
UPX0:1315C08C 00000006 C shell
UPX0:1315C094 00000012 C explorer.exe , %s
UPX0:1315C0AC 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
UPX0:1315C0E4 00000005 C Load
UPX0:1315C0EC 0000000B C msvcrt.dll
UPX0:1315C0F8 0000000B C user32.dll
UPX0:1315C104 0000000C C shell32.dll
UPX0:1315C110 0000000D C avicap32.dll
UPX0:1315C120 0000000D C advapi32.dll
UPX0:1315C130 00000007 C \\%s\\%s
UPX0:1315C138 00000006 C %s %s
UPX0:1315C148 00000008 C DISPLAY
UPX0:1315C150 00000008 C DISPLAY
UPX0:1315C158 0000000D C %s~!%s~!%d~!
UPX0:1315C178 00000005 C ASCR
UPX0:1315C180 00000005 C ASCR
UPX0:1315C188 00000005 C ASCR
UPX0:1315C198 00000015 C %s~!%s~!%d~!%d~!%s~!
UPX0:1315C1B0 00000009 C %s~!%s~!
UPX0:1315C1BC 0000000A C %s\\%d.jpg
UPX0:1315C1CC 0000000D C %s~!%s~!%s~!
UPX0:1315C1E0 0000000D C %s~!%s~!%s~!
UPX0:1315C1FC 00000019 C %s~!%s~!%s~!%s~!%s~!%s~!
UPX0:1315C218 00000014 C %s~!%s~!%d%~!%d~!\r\n
UPX0:1315C22C 00000009 C %s~!%s~!
UPX0:1315C238 00000009 C %s~!%s~!
UPX0:1315C244 00000007 C %s\\~!\n
UPX0:1315C24C 0000000D C %s~!%s~!%d~!
UPX0:1315C25C 00000009 C %s%d.dat
UPX0:1315C26C 0000000D C %s~!%s~!%d~!
UPX0:1315C27C 00000005 C %s%s
UPX0:1315C284 00000005 C %s%s
UPX0:1315C28C 0000000F C 6|%s|%s|%s|%s|
UPX0:1315C29C 00000005 C open
UPX0:1315C2A8 0000000D C %s~!%s~!%s~!
UPX0:1315C2B8 00000009 C %s~!%s~!
UPX0:1315C2C4 0000000D C %s\\Skype\\*.*
UPX0:1315C2D4 00000009 C %s\\Skype
UPX0:1315C2E8 0000000E C %s\\%s\\main.db
UPX0:1315C2F8 00000005 C %s\r\n
UPX0:1315C300 0000000D C %s~!%s~!%s~!
UPX0:1315C310 00000016 C %sSkype\\%s\\config.xml
UPX0:1315C328 0000000A C skype.exe
UPX0:1315C334 0000000A C skype.exe
UPX0:1315C340 0000000A C skype.exe
UPX0:1315C34C 00000009 C %s~!%s~!
UPX0:1315C35C 00000005 C ASKP
UPX0:1315C364 00000005 C ASKP
UPX0:1315C36C 00000005 C ASKP
UPX0:1315C37C 0000000D C %s~!%s~!%s~!
UPX0:1315C394 00000008 C %s\\rec\\
UPX0:1315C39C 00000009 C %s~!%s~!
UPX0:1315C3A8 0000000D C %s~!%s~!%s~!
UPX0:1315C3B8 0000000D C %s~!%s~!%s~!
UPX0:1315C3C8 00000009 C %s~!%s~!
UPX0:1315C3D4 0000000A C %s\\gfx\\%s
UPX0:1315C3E0 0000000D C %s~!%s~!%s~!
UPX0:1315C3F0 0000000C C %s\\gfx\\*.fx
UPX0:1315C404 0000000A C F~!%s~!\r\n
UPX0:1315C410 00000007 C %s\r\n%s
UPX0:1315C420 00000005 C STAT
UPX0:1315C42C 00000005 C STAT
UPX0:1315C43C 00000007 C BLABLA
UPX0:1315C44C 0000001C C Microsoft Internet Explorer
UPX0:1315C468 0000001C C Microsoft Internet Explorer
UPX0:1315C484 00000005 C %s%s
UPX0:1315C490 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C4C4 00000006 C shell
UPX0:1315C4CC 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
UPX0:1315C508 00000005 C Load
UPX0:1315C510 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
UPX0:1315C548 00000005 C ASCR
UPX0:1315C550 00000005 C ACAM
UPX0:1315C55C 00000005 C %s%s
UPX0:1315C568 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C59C 00000006 C shell
UPX0:1315C5A4 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
UPX0:1315C5E0 00000005 C Load
UPX0:1315C5E8 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
UPX0:1315C630 0000000D C %s~!%s~!%s~!
UPX0:1315C644 0000000D C %s~!%s~!%s~!
UPX0:1315C658 0000000D C %s~!%s~!%s~!
UPX0:1315C668 00000006 C P2k13
UPX0:1315C67C 0000000A C %s\\%d.exe
UPX0:1315C690 00000005 C %s%s
UPX0:1315C698 00000009 C %s~!%s~!
UPX0:1315C6A8 00000005 C ACAM
UPX0:1315C6B0 00000005 C ACAM
UPX0:1315C6B8 00000005 C ACAM
UPX0:1315C6CC 00000011 C %s~!%s~!%s~!%s~!
UPX0:1315C6E0 0000000D C %s~!%s~!%s~!
UPX0:1315C6F0 0000000B C %s\\logs\\%s
UPX0:1315C6FC 0000000D C %s~!%s~!%s~!
UPX0:1315C70C 0000000E C %s\\logs\\*.arl
UPX0:1315C724 0000000A C F~!%s~!\r\n
UPX0:1315C730 00000007 C %s\r\n%s
UPX0:1315C73C 00000005 C AMCS
UPX0:1315C744 00000005 C AMCS
UPX0:1315C74C 00000005 C AMCS
UPX0:1315C75C 0000000D C %s~!%s~!%s~!
UPX0:1315C76C 00000014 C SeShutdownPrivilege
UPX0:1315C7A0 00000009 C %s~!%s~!
UPX0:1315C7C0 0000000F C %s~!%d~!%s~!\r\n
UPX0:1315C7E4 00000009 C %s~!%s~!
UPX0:1315C7F8 00000005 C ATRP
UPX0:1315C800 00000009 C %s~!%s~!
UPX0:1315C810 00000009 C %s~!%s~!
UPX0:1315C81C 0000000D C %s\\adx\\*.mp3
UPX0:1315C834 0000000E C F~!%s~!%d~!\r\n
UPX0:1315C844 00000007 C %s\r\n%s
UPX0:1315C850 00000009 C %s~!%s~!
UPX0:1315C868 00000035 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
UPX0:1315C8A4 00000036 C Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
UPX0:1315C8E0 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C914 0000002E C Software\\Microsoft\\Windows\\CurrentVersion\\Run
UPX0:1315C948 00000032 C Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce
UPX0:1315C980 00000032 C Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce
UPX0:1315C9B4 00000009 C %s~!%s~!
UPX0:1315C9E0 00000007 C set-%s
UPX0:1315C9E8 00000006 C %s\\%s
UPX0:1315C9F0 00000009 C %s~!%s~!
UPX0:1315C9FC 00000007 C set-%s
UPX0:1315CA04 00000006 C %s\\%s
UPX0:1315CA0C 00000007 C STS-%s
UPX0:1315CA14 00000006 C %s\\%s
UPX0:1315CA1C 00000009 C %s~!%s~!
UPX0:1315CA28 0000000D C %s~!%s~!%d~!
UPX0:1315CA38 00000011 C %s\\usd\\dv-%s.dat
UPX0:1315CA50 0000000D C %s~!%s~!%s~!
UPX0:1315CA64 0000000D C %s~!%s~!%s~!
UPX0:1315CA80 00000006 C %s\\%s
UPX0:1315CA88 00000009 C %s~!%s~!
UPX0:1315CA94 00000006 C %s\\%s
UPX0:1315CA9C 00000009 C %s~!%s~!
UPX0:1315CAA8 00000006 C %s\\%s
UPX0:1315CAB0 00000009 C %s~!%s~!
UPX0:1315CAC0 00000011 C %s~!%s~!%s~!%s~!
UPX0:1315CAD8 0000000D C %s~!%s~!%s~!
UPX0:1315CAEC 0000001C C Microsoft Internet Explorer
UPX0:1315CB0C 0000000D C %s~!%s~!%s~!
UPX0:1315CB20 0000000D C %s~!%s~!%s~!
UPX0:1315CB34 0000000D C %s~!%s~!%s~!
UPX0:1315CB54 00000014 C %s can't be opened\n
UPX0:1315CB6C 00000005 C %02x
UPX0:1315CBA0 00000020 C C:\\Windows\\system32\\control.exe
UPX0:1315CDA4 0000000A C 30920.exe
UPX0:1315CE10 0000002D C C:\\Users\\\\AppData\\Roaming\\zam\\\\pmd.dll
UPX0:1315D020 00000021 C C:\\Users\\\\AppData\\Roaming\\
UPX0:1315D22C 00000035 C C:\\Users\\\\AppData\\Roaming\\zam\\~!zam.exe~!zam~!
UPX0:1315D42C 00000021 C bepbmhgboaologfdajppppppppoimhfn
UPX0:1315E1B4 00000014 C c:\\abc\\iexplore.exe
UPX0:1315E3B4 00000025 C C:\\Users\\\\AppData\\Roaming\\zam\\
UPX0:1315E5B4 0000000A C CopyFileA
UPX0:1315E5E8 00000013 C CreateRemoteThread
UPX0:1315E61C 0000000F C CreateProcessA
UPX0:1315E654 0000000E C ShellExecuteA
UPX0:1315E688 0000000D C ncbdhdhdhdhd
UPX0:1315E6F8 00000011 C sFdDfdfssdf33333
UPX0:1315E83C 0000000D C kernel32.dll
UPX0:1315E850 0000000D C advapi32.dll
UPX0:1315E864 0000000C C shell32.dll
UPX0:1315E878 0000000C C wsock32.dll
UPX0:1315E88C 0000000B C ws2_32.dll
UPX0:1315E8A0 0000000A C ntdll.dll
UPX0:1315E8B4 0000000B C \\ntdll.dll
UPX0:1315E8C8 00000018 C http://axroot.com/dxb2/
UPX0:1315EBFC 00000008 C skp.dat
UPX0:1315EE5C 0000002A C C:\\Users\\\\AppData\\Roaming\\18184.exe
UPX0:1315EEC8 00000015 C 18/01/2016 - NEW SIG
UPX0:1316B580 00000024 C C:\\Users\\\\AppData\\Roaming\\zam
UPX0:1316B780 00000029 C C:\\Users\\\\Downloads\\sample.exe
UPX0:1316BB78 00000020 C C:\\Users\\\\AppData\\Roaming
UPX0:1316BD7C 0000002D C C:\\Users\\\\AppData\\Roaming\\zam\\\\cpm.dll
UPX0:1316C184 00000007 C FM.DAT
UPX0:1316C384 0000000A C rtt444444
UPX0:1316C3E8 0000002F C C:\\Users\\\\AppData\\Roaming\\zam\\\\30920.exe
UPX0:1316C5F0 00000008 C zam.exe
UPX0:1316C658 0000000D C zxcxzcxzxzww
UPX0:1316C6C0 0000000C C sadadsada22
UPX0:1316C728 00000036 C SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\
UPX0:1316C7C0 00000009 C StubPath
UPX0:13193AF4 0000000A C fSJsfjs82
UPX0:13193B58 0000000A C asdsadacz
UPX0:13193BD4 00000018 C Software\\dadsadfds44343
UPX0:13193DC8 0000000B C axroot.com
UPX0:131947D4 00000008 C D3v3e32
UPX0:131948B8 00000025 C C:\\Users\\\\AppData\\Roaming\\OPR\\
UPX0:13194AB8 00000008 C 3S3KdiO
UPX0:13194B1C 00000009 C AFDB.DAT
UPX0:13194BB4 00000006 C 3.7.2
UPX0:13194C20 0000000F C dadsadfds44343
UPX0:13194CA0 00000005 C DRT3
UPX1:13B938D8 0000002C C C:\\Users\\\\AppData\\Roaming\\zam\\\\db.dat
UPX1:13B93ADC 00000006 C 30868
UPX1:13B93AF4 0000000A C 30969.exe
UPX1:13B93B74 00000005 C 6732
UPX1:13B93B8C 00000010 C dsadsadsadsa222
UPX1:13B93C04 00000009 C cccc3333
UPX1:13B93C68 00000019 C http://axroot.com/plg10/
UPX1:13B93E6C 0000002D C C:\\Users\\\\AppData\\Roaming\\zam\\\\acp.exe
UPX1:13B94070 00000008 C WEeSdeD
UPX1:13B940DC 0000001D C https://www.axroot.com/dxb2/
UPX1:13B9420C 00000019 C Software\\dsadsadsadsa222
UPX1:13B94414 0000000A C sdsdsdsds
UPX1:13B9447C 0000000B C S3J3sjS3j3
UPX1:13B94754 0000002F C C:\\Users\\\\AppData\\Roaming\\zam\\\\30969.exe
UPX1:13B95009 0000000D C SetLastError
UPX1:13B95018 00000013 C etCurrentProcessId
UPX1:13B9502C 0000000A C HeapAlloc
UPX1:13B95038 0000000E C etProcessHeap
UPX1:13B95048 00000008 C eapFree
UPX1:13B95051 00000012 C GetShortPathNameA
UPX1:13B95064 00000011 C CreateDirectoryA
UPX1:13B95078 0000000E C tStartupInfoA
UPX1:13B95088 0000000E C etProcAddress
UPX1:13B95098 00000010 C etModuleHandleA
UPX1:13B950A9 0000001B C GetFileInformationByHandle
UPX1:13B951B8 00000014 C GetSystemDirectoryA
UPX1:13B951CD 0000000A C MoveFileW
UPX1:13B951D8 00000011 C CreateDirectoryW
UPX1:13B951EC 0000000F C tComputerNameW
UPX1:13B951FC 0000000F C GetLocaleInfoA
UPX1:13B9520C 0000000C C DeleteFileW
UPX1:13B95219 0000000A C WriteFile
UPX1:13B95224 0000000F C SetFilePointer
UPX1:13B95234 00000009 C ReadFile
UPX1:13B95240 00000013 C leTimeToSystemTime
UPX1:13B95254 0000000E C FindNextFileW
UPX1:13B95264 00000017 C etLogicalDriveStringsA
UPX1:13B9527C 0000000B C ExitThread
UPX1:13B95288 0000000E C GetDriveTypeA
UPX1:13B95298 00000011 C etCurrentProcess
UPX1:13B952AC 0000000A C eateFileW
UPX1:13B952B8 0000000B C reateFileA
UPX1:13B952C4 0000000C C GetFileSize
UPX1:13B952D1 0000000F C FindFirstFileW
UPX1:13B952E1 0000000F C FindFirstFileA
UPX1:13B952F1 0000000A C FindClose
UPX1:13B952FC 0000000E C GetSystemTime
UPX1:13B9530C 0000000E C etDateFormatA
UPX1:13B9531C 0000000C C oadLibraryA
UPX1:13B95329 0000001A C QueryPerformanceFrequency
UPX1:13B95344 00000018 C QueryPerformanceCounter
UPX1:13B9535D 0000000C C ExitProcess
UPX1:13B9536C 0000000C C tVersionExA
UPX1:13B95379 00000014 C WideCharToMultiByte
UPX1:13B95390 00000012 C ltiByteToWideChar
UPX1:13B953A4 0000000B C penProcess
UPX1:13B953B0 00000011 C TerminateProcess
UPX1:13B953C4 00000017 C eateToolhelp32Snapshot
UPX1:13B953DC 0000000F C Process32First
UPX1:13B953EC 0000000E C Process32Next
UPX1:13B953FC 0000000F C erminateThread
UPX1:13B9540C 0000000D C CreateThread
UPX1:13B9541C 0000000B C tTickCount
UPX1:13B95428 0000000C C CloseHandle
UPX1:13B95435 00000006 C Sleep
UPX1:13B9543C 0000000D C CreateMutexA
UPX1:13B9544C 00000012 C itForSingleObject
UPX1:13B95460 0000000A C lobalFree
UPX1:13B95474 00000011 C OpenProcessToken
UPX1:13B95488 00000012 C tTokenInformation
UPX1:13B9549C 00000018 C llocateAndInitializeSid
UPX1:13B954B5 00000009 C EqualSid
UPX1:13B954C0 00000007 C reeSid
UPX1:13B954C8 0000000E C RegOpenKeyExA
UPX1:13B954D8 0000000F C egDeleteValueA
UPX1:13B954E8 0000000C C RegOpenKeyA
UPX1:13B954F5 00000011 C RegQueryValueExA
UPX1:13B95508 0000000F C egCreateKeyExA
UPX1:13B95518 0000000F C RegSetValueExA
UPX1:13B95528 0000000C C RegCloseKey
UPX1:13B95535 0000000D C GetUserNameW
UPX1:13B95544 00000015 C ookupPrivilegeValueA
UPX1:13B9555C 00000014 C justTokenPrivileges
UPX1:13B95571 00000010 C GetSecurityInfo
UPX1:13B95584 0000000B C tUserNameA
UPX1:13B95590 00000011 C SetEntriesInAclA
UPX1:13B955A4 0000000E C tSecurityInfo
UPX1:13B955B4 0000000C C etLengthSid
UPX1:13B955C1 00000018 C GetSidSubAuthorityCount
UPX1:13B955DC 00000006 C pySid
UPX1:13B955E4 0000000A C sValidSid
UPX1:13B955F0 00000019 C etSidIdentifierAuthority
UPX1:13B9560C 00000011 C tSidSubAuthority
UPX1:13B95628 00000018 C apGetDriverDescriptionW
UPX1:13B95660 00000017 C CreateCompatibleBitmap
UPX1:13B95678 00000013 C CreateCompatibleDC
UPX1:13B9568C 00000011 C CreateDIBSection
UPX1:13B956A0 0000000C C tDeviceCaps
UPX1:13B956AD 0000000A C CreateDCA
UPX1:13B956B8 0000000D C DeleteObject
UPX1:13B956C8 00000008 C tDIBits
UPX1:13B956D1 0000000E C SelectPalette
UPX1:13B956E0 0000000F C GetStockObject
UPX1:13B956F0 0000000B C GetObjectA
UPX1:13B956FC 00000009 C DeleteDC
UPX1:13B95708 0000000D C alizePalette
UPX1:13B95720 00000011 C NetEnumResourceW
UPX1:13B95734 0000000C C etOpenEnumW
UPX1:13B95741 0000000E C WNetCloseEnum
UPX1:13B95759 00000009 C _strcmpi
UPX1:13B95764 00000007 C printf
UPX1:13B9576C 00000005 C free
UPX1:13B95774 00000006 C alloc
UPX1:13B9577C 00000005 C open
UPX1:13B95784 00000005 C intf
UPX1:13B95791 00000007 C fclose
UPX1:13B95799 00000011 C _except_handler3
UPX1:13B957AC 00000006 C trstr
UPX1:13B957B4 00000008 C wprintf
UPX1:13B957BD 00000007 C wcscmp
UPX1:13B957C5 00000007 C wcslen
UPX1:13B957CD 00000007 C memcpy
UPX1:13B957D5 00000008 C strncpy
UPX1:13B957E0 0000000B C 3@YAXPAX@Z
UPX1:13B957EC 00000007 C strcat
UPX1:13B957F4 00000007 C malloc
UPX1:13B957FC 0000000D C ??2@YAPAXI@Z
UPX1:13B9580C 00000010 C CxxFrameHandler
UPX1:13B958E0 00000012 C PathFindFileNameA
UPX1:13B958F4 0000000C C HDeleteKeyA
UPX1:13B9590C 0000000D C tWindowTextW
UPX1:13B9591C 0000000C C itWindowsEx
UPX1:13B95929 00000010 C GetActiveWindow
UPX1:13B9593C 0000000B C tCursorPos
UPX1:13B95948 0000000C C mouse_event
UPX1:13B95955 00000013 C GetWindowPlacement
UPX1:13B95969 00000010 C IsWindowVisible
UPX1:13B9597C 0000000A C umWindows
UPX1:13B95988 0000000A C howWindow
UPX1:13B95994 0000000C C endMessageA
UPX1:13B959A1 00000014 C GetForegroundWindow
UPX1:13B959B8 0000000F C tLastInputInfo
UPX1:13B959C8 0000000A C wsprintfA
UPX1:13B959D4 00000005 C etDC
UPX1:13B959DC 00000008 C leaseDC
UPX1:13B95A00 00000014 C InternetCloseHandle
UPX2:13B9715C 0000000D C KERNEL32.DLL
UPX2:13B97169 0000000D C ADVAPI32.dll
UPX2:13B97176 0000000D C AVICAP32.dll
UPX2:13B97183 0000000A C GDI32.dll
UPX2:13B9718D 00000008 C MPR.dll
UPX2:13B97195 0000000B C MSVCRT.dll
UPX2:13B971A0 0000000C C SHELL32.dll
UPX2:13B971AC 0000000C C SHLWAPI.dll
UPX2:13B971B8 0000000B C USER32.dll
UPX2:13B971C3 0000000C C WININET.dll
UPX2:13B971CF 0000000B C WS2_32.dll
UPX2:13B971DC 0000000D C LoadLibraryA
UPX2:13B971EA 0000000F C GetProcAddress
UPX2:13B971FA 0000000F C VirtualProtect
UPX2:13B9720A 0000000D C VirtualAlloc
UPX2:13B97218 0000000C C VirtualFree
UPX2:13B97226 0000000C C ExitProcess
UPX2:13B97234 00000008 C FreeSid
UPX2:13B9723E 00000019 C capGetDriverDescriptionW
UPX2:13B97258 00000007 C BitBlt
UPX2:13B97260 0000000E C WNetOpenEnumW
UPX2:13B97270 00000005 C free
UPX2:13B97276 00000009 C StrStrIA
UPX2:13B97280 0000000D C SHDeleteKeyA
UPX2:13B9728E 00000006 C GetDC
UPX2:13B97296 0000000E C InternetOpenA