Sample details: 1875a4f71fd0587eb77d213fd6fcf676 --

Hashes
MD5: 1875a4f71fd0587eb77d213fd6fcf676
SHA1: a08d6968c007ff1054a64f7e4442b5aea3ffaf28
SHA256: db5e1a0fd6f45b6522904741bafc0593a604d8c4c9c49c80965776e2f8ccf2f6
SSDEEP: 192:PBvTkb25uTJbjp4MbLX3bqZlfibW6m1iWCrZo76JDNRFwgZtwawJuRbh:P9IbgYB+FnTY7pZtwsbh
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:51
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10300.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
N=cw+{
S2>u_V
|uH<upfT
[S[IE.^a!
|L/y>,
iWJY1^
Nuvf u
/|3%nj[
KD;=S4
w:%7!Xw
2B1%av