Sample details: 08b7d9a0581387f112804797c00a6d87 --

Hashes
MD5: 08b7d9a0581387f112804797c00a6d87
SHA1: b48955f2c7c005cef3fa2428c5d1ad77f4cc80c2
SHA256: 615f88f60454ba8f763eaf50126bc402caf3882432c32a1777d099ab270a57da
SSDEEP: 96:jAwDhGUx9MeZbUhr1Km2vxy6ZkDL1faGeY4U3Jm305TqvLbhp:swNpKobUhr1Km2v8EkDs1YbQ30yP
Details
File Type: MS-DOS
Added: 2018-03-06 19:35:04
Yara Hits
YRP/Upack_v010_v012Beta_Sign_by_hot_UNP_additional | YRP/Upack_v036_beta_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v010_v012Beta_Sign_by_hot_UNP | YRP/Upack_0399_Dwing | YRP/Upack_V037_Dwing | YRP/Upackv039finalDwing | YRP/Upackv0399Dwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10307.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
FFFyyy
%%LLL:::
}"""(((___
777EEETTT
JJJ,,,
QQQ???```
aaaNNN\\\<<<DDDMMM%%%
ccc000PPP
<COPY>:: Copyrighted by VC ::
BPIA I=