Sample details: 470cba2c4693c1e059e03f2bfdec76f7 --

Hashes
MD5: 470cba2c4693c1e059e03f2bfdec76f7
SHA1: 470f152b729918ccf86b96ca0656cc093ce817f6
SHA256: 83cd9a6091b26e9d68c98898a4289ca8a739c86782d2c76afbd754508cf28b09
SSDEEP: 384:CEZkcWTC5RXdBv4G7NSJYtB/culz7TTc3YlzDcnkRwOw6mO66QOhKJUVE4pDBtDk:CEZkcHRXLhN28Cul/rzDzRw13JoE4pb
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
PSSSSSS
jsZjtf
SVhv @
9x v.S
@_^][YY
9x v3S
"4FXj|
fail 3
fail 2
fail 1
Stop ok
Stop Err
NTDLL.DLL
StrStrIA
StrToIntA
SHLWAPI.dll
GetCommandLineA
SetCurrentDirectoryW
OutputDebugStringA
ExitProcess
CreateProcessW
GetSystemDirectoryW
lstrcatW
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
memset
MSVCRT.dll
DZ;&R>@
Q=wD.'
5q.OM"
O G"X)
LRkyT;
NTa$Qj
l@8>cRJu
5iBc28
J	1S0#
&k2$^sr
=Ljvhw
[8;JFF
~,7akH
]6x|m<
$]rL`[
*G4QL/k
8E)-fu
R? IY#
{_ /e/
\I1!&p8m
Z,Hd7v
^8$]rx
"ZQDgBJ
.;D8(	
ZicaN%]B6
!e`2h'
dFRis: