Sample details: 221d4041480e82f0b65d8d793fdc04c9 --

Hashes
MD5: 221d4041480e82f0b65d8d793fdc04c9
SHA1: 861635bb3eb5c2dafbc56eff926365a49d36838b
SHA256: dbf1375291efc07ba3100978a57ac9300d3346f32a3676f37694412177db5266
SSDEEP: 768:k4tkBDJOlyGdPGyyzGRvzf4lddl/q19cpO:2D8dPKKVzwl/Uap
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
;0Rich
.rdata
@.data
@.reloc
PVVVVVVWV
j\YjsZjtf
SVh^ @
hBrLCSWW
hBrLCSWU
9x v.S
@_^][YY
9x v3S
$6Hi{/q
Configm
Delete
Delete file?
--help
NTDLL.DLL
ShowWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SetTimer
SetWindowTextA
MessageBoxA
USER32.dll
StrStrIA
StrToIntA
SHLWAPI.dll
memset
MSVCRT.dll
GetStdHandle
GetCommandLineA
SetCurrentDirectoryW
ExitProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcatW
AllocConsole
WriteConsoleA
GetNativeSystemInfo
GetModuleFileNameW
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
vhi],}
,"Icr3
HtCy^?m/
)/p]*I
8	@UbA
/U;r/R
rwj8]G
]x<b6/
!1*YPSR	&
3:`Cw:
ysI)}\
<l,]ew{
sK%@u,Q
)>6`x3
*v\lgxy
gg4w:a0B<
L"W'WhfKP
%U@4%w
[B' ;<
<%0L?H
K.on*\C
HV"wq4
=OEE);
br<a-V
WCbd"&[
",w_,Ph
|Pk-y[?
u|rE3	
o,,p97H
S_d[hyy
C|w6.:13
0$0,030:0B0L0S0^0d0
071B1Y1c1i1z1
2!2&242F2K2]2g2
3'3,3E3M3W3\3
4 4%474<4P4U4n4s4
5$565;5O5T5m5r5
;+=2=n=u=0?