Sample details: 2846019817813ed409f18c6917ea7698 --

Hashes
MD5: 2846019817813ed409f18c6917ea7698
SHA1: c6ffd98936cee534276beecd6215300249d68f2a
SHA256: 2893f71fc41918e8015a442bad78e5119f45e46eaf59fa2cb1084e42560f8a73
SSDEEP: 384:pEZkcWTC5RXzBv4G7NSJYtB/culz7TTc3YlzDcnkRwOw6mO66QOhKJUVE4pDBtDk:pEZkcHRX1hN28Cul/rzDzRw13JoE4pb
Details
File Type: PE32
Added: 2019-09-10 00:09:10
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
PSSSSSS
jsZjtf
SVhv @
9x v.S
@_^][YY
9x v3S
"4FXj|
fail 3
fail 2
fail 1
Stop ok
Stop Err
NTDLL.DLL
StrStrIA
StrToIntA
SHLWAPI.dll
GetCommandLineA
SetCurrentDirectoryW
OutputDebugStringA
ExitProcess
CreateProcessW
GetSystemDirectoryW
lstrcatW
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
memset
MSVCRT.dll
DZ;&R>@
Q=wD.'
5q.OM"
O G"X)
LRkyT;
NTa$Qj
l@8>cRJu
5iBc28
J	1S0#
&k2$^sr
=Ljvhw
[8;JFF
~,7akH
]6x|m<
$]rL`[
*G4QL/k
8E)-fu
R? IY#
{_ /e/
\I1!&p8m
Z,Hd7v
^8$]rx
"ZQDgBJ
.;D8(	
ZicaN%]B6
!e`2h'
dFRis: