Sample details: 1219be818577fc393283e672a0469811 --

Hashes
MD5: 1219be818577fc393283e672a0469811
SHA1: 5f3d26660c6c0f16c5e01bd7b5cfe7fb76c21afb
SHA256: 1feca10cd7a8d93450340e63567a5d94f7588a3e2d94841bf2be3f5f65771f65
SSDEEP: 384:zWpi9m0TZ0nhJFpRQvmOyNvkU2uU9mLV6vpYvhKVmmhgvrzO670CgK+:zWpis6GhlR0mNh2NmLVApYYhgvXOigK+
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/ThreadControl__Context | YRP/inject_thread | YRP/network_http | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Advapi_Hash_API | YRP/BASE64_table | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		`.rdata
@.data
j@h`p@
QPWVh<B@
QPWVhtB@
Y wO!!w1# w]7!w
 w(7!wI" w\9!w
 wej"w_i"w
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
http://api.ipify.org
0.0.0.0
GUID=%I64u&BUILD=%s&INFO=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)
GUID=%I64u&BUILD=%s&INFO=%s&IP=%s&TYPE=1&WIN=%d.%d(x32)
LoadLibraryA
LoadLibraryExA
GetProcAddress
zzzzzzzzzzzzzzzzexplorer.exe
SystemRoot
\System32\svchost.exe
/c del 
 >> NUL
\system32\cmd.exe
Software\Microsoft\Windows\CurrentVersion\Run
WinHost32
WinHost32.exe
\System32\
USERPROFILE
GetNativeSystemInfo
kernel32.dll
PathFindFileNameA
SHLWAPI.dll
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
GetAdaptersAddresses
IPHLPAPI.DLL
EnumProcesses
GetProcessImageFileNameA
PSAPI.DLL
RtlDecompressBuffer
ntdll.dll
HeapAlloc
HeapFree
GetProcessHeap
GetVersion
lstrcpyA
lstrcatA
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
OpenProcess
ExitProcess
TerminateProcess
CreateThread
GetProcessId
GetLastError
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
GetFileSize
WriteFile
ReadFile
CloseHandle
GetSystemInfo
lstrcmpiA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
GetEnvironmentVariableA
GetTempPathA
GetTempFileNameA
CreateFileA
DeleteFileA
GetComputerNameA
KERNEL32.dll
wsprintfA
USER32.dll
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
ADVAPI32.dll
 0@P`p
hX(#lo
TI*C|C
2Di# '
PPrb?m
c=9/S)
_yZ|.s
zK/xp1
rs)A9F
z5o:}N
-7yQ4*=
#)5Q'Cq`
J$[3tke
V5 E(F/u
<Sm1>4
Content-Type: application/x-www-form-urlencoded