Sample details: f9710f60969fca8f43317f9d02a25630 --

Hashes
MD5: f9710f60969fca8f43317f9d02a25630
SHA1: 1259ea759cc380cfd65d548c685baff9e77c61b7
SHA256: 65bfa66c845a6aeaf62377fc7f5df49d3e35b1b95a03c8bdb1a12445f1706b44
SSDEEP: 768:04tkBHlJOlyGdPGyyzGRvzf4lddl/q19cpO:GF8dPKKVzwl/Uap
Details
File Type: PE32
Added: 2019-09-09 18:41:45
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
;0Rich
.rdata
@.data
@.reloc
PVVVVVVWV
j\YjsZjtf
SVh^ @
hBrLCSWW
hBrLCSWU
9x v.S
@_^][YY
9x v3S
$6Hi{/q
Configm
Delete
Delete file?
--help
NTDLL.DLL
ShowWindow
DialogBoxParamA
EndDialog
SetDlgItemTextA
SetTimer
SetWindowTextA
MessageBoxA
USER32.dll
StrStrIA
StrToIntA
SHLWAPI.dll
memset
MSVCRT.dll
GetStdHandle
GetCommandLineA
SetCurrentDirectoryW
ExitProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcatW
AllocConsole
WriteConsoleA
GetNativeSystemInfo
GetModuleFileNameW
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
vhi],}
,"Icr3
HtCy^?m/
)/p]*I
8	@UbA
/U;r/R
rwj8]G
]x<b6/
!1*YPSR	&
3:`Cw:
ysI)}\
<l,]ew{
sK%@u,Q
)>6`x3
*v\lgxy
gg4w:a0B<
L"W'WhfKP
%U@4%w
[B' ;<
<%0L?H
K.on*\C
HV"wq4
=OEE);
br<a-V
WCbd"&[
",w_,Ph
|Pk-y[?
u|rE3	
o,,p97H
S_d[hyy
C|w6.:13
0$0,030:0B0L0S0^0d0
071B1Y1c1i1z1
2!2&242F2K2]2g2
3'3,3E3M3W3\3
4 4%474<4P4U4n4s4
5$565;5O5T5m5r5
;+=2=n=u=0?