Sample details: 1421419d1be31f1f9ea60e8ed87277db --

Hashes
MD5: 1421419d1be31f1f9ea60e8ed87277db
SHA1: f9fd3f1d8da4ffd6a494228b934549d09e3c59d1
SHA256: 8c47961181d9929333628af20bdd750021e925f40065374e6b876e3b8afbba57
SSDEEP: 768:VAGqIPXBLp19Evz7SxN4+9tvpG/VBpTOmyx:VAGqIPRLZfN4m6BpTOlx
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/network_http | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Crypt32_CryptBinaryToString_API | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
t%VVVSP
t3VVVh
g!C9>u
YY_^[3
tWVj.S
QQSVWj
j%ZjsY
PVVVVVVV
PSSSSSSVS
PPWh24
t?f98t:j%YjsZj\f
%j%Xjsf
QQSVj+h$r
QQQQPQQQ
CWSjEj,
SSVSSh
WWSWWh
SVWjChht
QQSVWj
QQSVWjChht
XjoZjzf
XjiYjl_jaf
jPYjrXjof
GjpXjrf
XjsYj.f
t4VPPP
DGMNOEP
J*N]FcE
0Hum*B}Dw
=L*X_aB8U!=n
eoHcW$z*d
SRP+DTa}n
rR~EW"a-{
Y0Y\aK%
pS)TZcJ%	j,
pS)BYl@oIa=bp4z
)X_#Id
bIVq]Vw.
biLm&&K
ehAkX4
)X_#@n
9S^iLj
bI>_6;
sX>_6;
'[W Ks
XW`\L,S_ Ke
)X_#Jn
W1\^nZ
xH0}eM
m0POzOy
cRX+jld@o
bXP+`^
z0[Zd@
M:WInF
&gws_rd = cr,sslx6Z^COf
n>BSYAX
l*X_aB
e9_Whs
{'SXxZn
z:Z^yK
r0W_AGi
l:W_KGg
epPRaKV
e,SOyGe
epE^yZb	h+K
e,^^aBV
epEShBg:
%s - %lu
%s - %lu	
P:BLb\`I
MTxIJ/iKb\
P:BLb\`I
MTxIJ/
mvtband.dll
.text$mn
.idata$5
.rdata
.edata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
gdiplus.dll
GetAdaptersAddresses
IPHLPAPI.DLL
SHLWAPI.dll
ObtainUserAgentString
urlmon.dll
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
WS2_32.dll
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitForSingleObject
GetExitCodeProcess
CreateThread
CreateRemoteThread
GetExitCodeThread
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
IsWow64Process
GetLastError
CreateMutexA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetLastError
CreateProcessW
FreeLibrary
LoadLibraryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
VerSetConditionMask
GetVolumeInformationW
GetCurrentProcess
GetSystemInfo
GetVersionExA
lstrlenW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
GetPrivateProfileStringW
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
KERNEL32.dll
wsprintfW
wsprintfA
OpenClipboard
CloseClipboard
GetClipboardData
keybd_event
GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
USER32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
ADVAPI32.dll
SHGetSpecialFolderPathW
SHELL32.dll
CreateStreamOnHGlobal
ole32.dll
0"0?0P0g0y0
:%;D;k;
> ?K?U?
30J0t0
060X0b1D4L4U4_4
5!5*5R5Z5e5
6)636]6f6s6{6
6E7l7v7
9#:3:A:W:k:w:
>,>4>;>
*010N0e0
1*121:1h1
808=8b8
:];J<X<C=U=
=5>X>d>s>
9=:);8;?;q;
?*?C?N?
4%444R4f4
5,6c6o6
7"7(7.747:7@7F7L7R7X7^7d7j7