Sample details: 152b3b693cfa24df678e1d45937349a3 --

Hashes
MD5: 152b3b693cfa24df678e1d45937349a3
SHA1: 2a1e9895d6b3c9d5da3bada0161831df5752b407
SHA256: 1a0a77c323cb157d8a236753d56d1465e85fc7fcf8142422990e533e600a797c
SSDEEP: 768:0hpkEY4Cfm22Svwd3EaEcbtCfs78XpSIH0:qDY4z2EdUapfw5SS0
Details
File Type: PE32
Added: 2019-10-09 19:09:53
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.rdata
@.data
.reloc
PSSSSSS
PSSSSSS
SVh^0@
hBrLCSWW
hBrLCSWU
9x v.S
@_^][YY
9x v3S
0123456789ABCDEF
NTDLL.DLL
memset
MSVCRT.dll
GetCommandLineA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetCurrentDirectoryA
ExitProcess
CreateProcessA
GetSystemDirectoryA
lstrcpyA
lstrcatA
GetLastError
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadLibraryA
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
wsprintfA
USER32.dll
StrStrA
StrToIntA
StrStrIA
SHLWAPI.dll
P@rw2'
iUG^Dn
|/OU7	
VbxV9dhs
.D 16*
JDB+(?
l[S?H[
/je]IM
T3DYb*
H{%*RO
d;-gb(
.M'5Jg
0G1P1`1i1p1
3 3+3g3
575<5N5S5g5l5
666;6M6R6f6k6
7%8>8T8