Sample details: c8aefaa9e3decc17fbcd93d5569420bc --

Hashes
MD5: c8aefaa9e3decc17fbcd93d5569420bc
SHA1: 48bdb5d592c8386f368aafdecf267e91dc5f5c5d
SHA256: abebabf56ca7b294493d7bdbcae0497ffa2b54e7d6b1fa2e4d247c0f87fd1f2e
SSDEEP: 768:rpUWy50qzGxid6eE7IIIIIIIIIIfjGAb:rbyaqzbqIIIIIIIIIIfjGAb
Details
File Type: PE32
Added: 2018-02-26 13:41:55
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
6df83cfb73bfc38b1637dddca7226156
Strings
		!This program cannot be run in DOS mode.
Ve3Hs!
iN6#\A
\.KmInGoEp
DvTCQ19B2v3tUG679731k9i8T3HKP
2/OfMxkhTAQqGv0bM7R00N
q78wt4N7j5UI1G9Jbzu8B5Iliqe
cUmKkMXbf48Sc63Y37M4g3y0I7
?<CHsaO
V4O28XOefP
4AN[hui
3l6<|=
UhPslBGhxsP07Q9z
:\W8VPYVbwQJ\6.OLB
3	/Xtf
Hiwkernel32
GetProcAddress
G[`%H<c
}3us|y
CallWin
dow~_S
 &?!/9
LoadLibraryA
lttmH.
g[p%J}
Coki/G
__vbaVQM
ASqBo+
ErrorOverfltq
CStrToAns
 ww~1?[3u
fs7tI}'& 
A6.DLL
NullCCopy
AryUnlock
AObjSet
ateIde
MmtmrIM
58xBH36B41qg8z042t8QeBJdVRx
RC7#0-
N/5-2G
jPTHoLKwk2R1W
G"I#.KA
B#jDhl
f`k{[V
U O8dcR
!$Nq8!d
hTI8t#
BDPo|< 
4mW2PL
lgkiR(
\`dhJH
Kt"B'hJ
p!AP\;\s
0dB:HE
G_8dhd
!0#V1oE
``dI\,
adj_fptan"0
bdiv_m64
kPEVENT_SINK_RY
oVFunction%bq
-{qrty
XPTPSW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
    <assemblyIdentity version="1.0.0.0"
    processorArchitecture="X86"
    name="YWSBvDvTCQ19B2v3tUG679731k9i8T3HKP"
    type="win32"/>
<description>elevate execution level</description>
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
      <security>
         <requestedPrivileges>
            <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
         </requestedPrivileges>
      </security>
   </trustInfo>
</assembly>
KERNEL32.DLL
MSVBVM60.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess