Sample details: 75bc97c90490c77ee7f99e258e28a4d0 --

Hashes
MD5: 75bc97c90490c77ee7f99e258e28a4d0
SHA1: 2c0b773df407f0881aede2f5efc47dcb6c48ff27
SHA256: d66554f3f5644e3fc12cf6c40375045cf416cd7e603ab67c2b31584d9b6a6e62
SSDEEP: 768:ShpkEYFCfm22Svwd3EaEcbtCfs78XpSIH0:cDYFz2EdUapfw5SS0
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
.reloc
PSSSSSS
PSSSSSS
SVh^0@
hBrLCSWW
hBrLCSWU
9x v.S
@_^][YY
9x v3S
)DYtlU
0123456789ABCDEF
NTDLL.DLL
memset
MSVCRT.dll
GetCommandLineA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetCurrentDirectoryA
ExitProcess
CreateProcessA
GetSystemDirectoryA
lstrcpyA
lstrcatA
GetLastError
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
wsprintfA
USER32.dll
StrStrA
StrToIntA
StrStrIA
SHLWAPI.dll
P@rw2'
iUG^Dn
|/OU7	
VbxV9dhs
.D 16*
JDB+(?
l[S?H[
/je]IM
T3DYb*
H{%*RO
d;-gb(
.M'5Jg
0G1P1`1i1p1
3 3+3g3
575<5N5S5g5l5
666;6M6R6f6k6
7%8>8T8