Sample details: 17778ecbf0e9e4b6961d4deb79ec1b78 --

Hashes
MD5: 17778ecbf0e9e4b6961d4deb79ec1b78
SHA1: 3ee0f243d300e91f1b91c658f9f9de60fbed1cf9
SHA256: ca1681179b048336fa4315d4c5952a4210fcb5d8927a5c504336922372f51b00
SSDEEP: 192:IuHY7r46kkcKSkotUwS8AZOMXru9I09/+gucSPYGp4E4huU:I+er46kk9Sko65fiy09GguxYm8h
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://185.70.186.150/sploit/xp86.exe