Sample details: 74ba6a52de806e712dc9b82e70eda58a --

Hashes
MD5: 74ba6a52de806e712dc9b82e70eda58a
SHA1: 9d9ae18a3837d6c67798d1f0c2738b49c7fd48ed
SHA256: 7836908260ba9312cef400d98cc166fe48b87c28587ad7f470a994757e6f645d
SSDEEP: 384:DEZkcWTC5RXmBv4G7NSJYtB/culz7TTc3YlzDcnkRwOw6mO66QOhKJUVE4pDBtDk:DEZkcHRXahN28Cul/rzDzRw13JoE4pb
Details
File Type: PE32
Added: 2019-09-09 18:39:11
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
PSSSSSS
jsZjtf
SVhv @
9x v.S
@_^][YY
9x v3S
fail 3
fail 2
fail 1
Stop ok
Stop Err
NTDLL.DLL
StrStrIA
StrToIntA
SHLWAPI.dll
GetCommandLineA
SetCurrentDirectoryW
OutputDebugStringA
ExitProcess
CreateProcessW
GetSystemDirectoryW
lstrcatW
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
memset
MSVCRT.dll
DZ;&R>@
Q=wD.'
5q.OM"
O G"X)
LRkyT;
NTa$Qj
l@8>cRJu
5iBc28
J	1S0#
&k2$^sr
=Ljvhw
[8;JFF
~,7akH
]6x|m<
$]rL`[
*G4QL/k
8E)-fu
R? IY#
{_ /e/
\I1!&p8m
Z,Hd7v
^8$]rx
"ZQDgBJ
.;D8(	
ZicaN%]B6
!e`2h'
dFRis: