Sample details: 81474cdf4e83516df6076e3df4caee67 --

Hashes
MD5: 81474cdf4e83516df6076e3df4caee67
SHA1: d2378b8da7dc2b40973bff2fa601ea79e6874aaa
SHA256: 8d0dbc4acb7e4de902cbbf1d25948e0e0595c4ad2bef902b790d6574ec1fec05
SSDEEP: 384:9EZkcWTC5RXGBv4G7NSJYtB/culz7TTc3YlzDcnkRwOw6mO66QOhKJUVE4pDBtDk:9EZkcHRX6hN28Cul/rzDzRw13JoE4pb
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
PSSSSSS
jsZjtf
SVhv @
9x v.S
@_^][YY
9x v3S
fail 3
fail 2
fail 1
Stop ok
Stop Err
NTDLL.DLL
StrStrIA
StrToIntA
SHLWAPI.dll
GetCommandLineA
SetCurrentDirectoryW
OutputDebugStringA
ExitProcess
CreateProcessW
GetSystemDirectoryW
lstrcatW
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
memset
MSVCRT.dll
DZ;&R>@
Q=wD.'
5q.OM"
O G"X)
LRkyT;
NTa$Qj
l@8>cRJu
5iBc28
J	1S0#
&k2$^sr
=Ljvhw
[8;JFF
~,7akH
]6x|m<
$]rL`[
*G4QL/k
8E)-fu
R? IY#
{_ /e/
\I1!&p8m
Z,Hd7v
^8$]rx
"ZQDgBJ
.;D8(	
ZicaN%]B6
!e`2h'
dFRis: