Sample details: c624b309020e16f51687b803005c0f14 --

Hashes
MD5: c624b309020e16f51687b803005c0f14
SHA1: 7f56eb4a3e9c1daf63f0982299d888376956283d
SHA256: 144afb2a8b532c082c600cc445591145c5323f54d0e792497c5ee29dab793093
SSDEEP: 384:aEZkcWTC5RXPBv4G7NSJYtB/culz7TTc3YlzDcnkRwOw6mO66QOhKJUVE4pDBtDk:aEZkcHRX5hN28Cul/rzDzRw13JoE4pb
Details
File Type: PE32
Added: 2019-09-10 18:49:10
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
PSSSSSS
jsZjtf
SVhv @
9x v.S
@_^][YY
9x v3S
"4FXj|
fail 3
fail 2
fail 1
Stop ok
Stop Err
NTDLL.DLL
StrStrIA
StrToIntA
SHLWAPI.dll
GetCommandLineA
SetCurrentDirectoryW
OutputDebugStringA
ExitProcess
CreateProcessW
GetSystemDirectoryW
lstrcatW
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
memset
MSVCRT.dll
DZ;&R>@
Q=wD.'
5q.OM"
O G"X)
LRkyT;
NTa$Qj
l@8>cRJu
5iBc28
J	1S0#
&k2$^sr
=Ljvhw
[8;JFF
~,7akH
]6x|m<
$]rL`[
*G4QL/k
8E)-fu
R? IY#
{_ /e/
\I1!&p8m
Z,Hd7v
^8$]rx
"ZQDgBJ
.;D8(	
ZicaN%]B6
!e`2h'
dFRis: