Sample details: 1c839562a8c11bd02f677621e43cd6a1 --

Hashes
MD5: 1c839562a8c11bd02f677621e43cd6a1
SHA1: 9ea665309f250923ae44603628e2437d8c3209eb
SHA256: 76c239e2c9dbb1b101c02576a70cfe3ab2a148b8fd86b4489cbc2fc08d89f55d
SSDEEP: 384:sn/EhP7z55U5XDgs4U37jknYPLQJ/eMKQ9TsYmdKp23+r/jL:s/ENz5c3cB+Wvm0p23+zj
Details
File Type: PE32+
Added: 2019-05-03 17:48:31
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
993e80d17c7aab36c9eade6aa2f03407
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.gfids
@.rsrc
@.reloc
L$ SVWH
\$ UVWH
 H3E H3E
get_addrs_wndclass
failed to register '%s'
[dxgi]
present=%d
present1=%d
resize=%d
d3d10 get-offset window
dxgi.dll
CreateDXGIFactory1
d3d10.dll
D3D10CreateDeviceAndSwapChain
.text$mn
.text$mn$00
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.gfids$y
.rsrc$01
.rsrc$02
SetErrorMode
GetModuleHandleA
VerSetConditionMask
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
KERNEL32.dll
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
USER32.dll
memset
__C_specific_handler
VCRUNTIME140.dll
__acrt_iob_func
__stdio_common_vfprintf
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
181011000000Z
200202235959Z0
	Guangdong1
Shenzhen1503
,Tencent Technology(Shenzhen) Company Limited1
,Tencent Technology(Shenzhen) Company Limited0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
Oe_3Ya[
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
zV`ecW
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
181211020357Z0#
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
jh6^20
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
181011000000Z
200202235959Z0
	Guangdong1
Shenzhen1503
,Tencent Technology(Shenzhen) Company Limited1
,Tencent Technology(Shenzhen) Company Limited0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
jh6^20
20181211020358Z
-0+1)0'
 GlobalSign TSA for Advanced - G2
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
180219000000Z
290318100000Z0+1)0'
 GlobalSign TSA for Advanced - G20
&https://www.globalsign.com/repository/0	
5http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
<http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0<
0http://ocsp2.globalsign.com/gstimestampingsha2g20
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
110802100000Z
290329100000Z0[1
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G20
x"6kwy
&https://www.globalsign.com/repository/06
%http://crl.globalsign.net/root-r3.crl0
=dj;^NF
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2
181211020358Z0/
GlobalSign nv-sa110/
(GlobalSign Timestamping CA - SHA256 - G2