Sample details: c591675917c1c8f470dddeae89f53827 --

Hashes
MD5: c591675917c1c8f470dddeae89f53827
SHA1: 1b6a0db9859d9e6b1a94f5e46739875f11fc67e0
SHA256: e2a17d1cbd961956e47955a42b9410ed32b3cc12e32152d67e39b87bee7bd411
SSDEEP: 768:64tkB2JOlyGdPGyyzGRvzf4lddl/q19cpO:E28dPKKVzwl/Uap
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
;0Rich
.rdata
@.data
@.reloc
PVVVVVVWV
j\YjsZjtf
SVh^ @
hBrLCSWW
hBrLCSWU
9x v.S
@_^][YY
9x v3S
$6Hi{/q
Configm
Delete
Delete file?
--help
NTDLL.DLL
ShowWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SetTimer
SetWindowTextA
MessageBoxA
USER32.dll
StrStrIA
StrToIntA
SHLWAPI.dll
memset
MSVCRT.dll
GetStdHandle
GetCommandLineA
SetCurrentDirectoryW
ExitProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcatW
AllocConsole
WriteConsoleA
GetNativeSystemInfo
GetModuleFileNameW
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
vhi],}
,"Icr3
HtCy^?m/
)/p]*I
8	@UbA
/U;r/R
rwj8]G
]x<b6/
!1*YPSR	&
3:`Cw:
ysI)}\
<l,]ew{
sK%@u,Q
)>6`x3
*v\lgxy
gg4w:a0B<
L"W'WhfKP
%U@4%w
[B' ;<
<%0L?H
K.on*\C
HV"wq4
=OEE);
br<a-V
WCbd"&[
",w_,Ph
|Pk-y[?
u|rE3	
o,,p97H
S_d[hyy
C|w6.:13
0$0,030:0B0L0S0^0d0
071B1Y1c1i1z1
2!2&242F2K2]2g2
3'3,3E3M3W3\3
4 4%474<4P4U4n4s4
5$565;5O5T5m5r5
;+=2=n=u=0?