Sample details: 1d0768d618566f083fa52c91496af0dc --

Hashes
MD5: 1d0768d618566f083fa52c91496af0dc
SHA1: 6fa204887ad80d376c23ccf4c7086648f4e9a3ac
SHA256: fc6c05dcba23c86720b8db7c9c46d5a0174281ef4f8c7d13be351cc6157ac810
SSDEEP: 768:wuhkgdRbFfHgl//PrGoIig3Ca1y7uqJDLx/LVUSK85:t2MbFsnrGojg35y7LtLxTSS7
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://mnbvcxz.biz/pony/Pony.exe
http://mnbvcxz.biz/pony/Pony.exe
Strings
		!This program cannot be run in DOS mode.
t1&^'m,
{b3xX/
dDAyY!
@gZCrP
,8%&F<6m
eyQZ^&,
@'S7x?`&
d]F8B~
by_[`	snp
:ilNuH
`#|3%d
AAC,zR,Rr:
z/jJHr
+1q)PX
yBrJ^545^t ]
d(9,Pnn
@H!MJC/BZ
y \,R@
+cH#'J
_U"$qda
%h$(oz
t@f(8W4
F /[PH"
9d~ulv
W2aS| 
9j-#+!
&9B>N+
rJ^k%kL
gx,`,t
y7@!9%y^
!z&h$-
"$;>d|zh;/	
KXr%m$Y
#aSH4*
GhJ5*O
vXS5L 
6<Ur`+.
8,"uzEA.
$87B2p
VhR0VE
9?${).T
"!%l-e!b
a9A9rp$
M?^hH-dG
!i\j$<
u(jFVd3
Te#OF4
B\/:{x
GE@tkh
bU*VBl
@D2222HLPT2222X\`d2222hlpt2222x|
 $,dddd48<@ddddDHLPddddTX\dddddhptxdddd|
+8Ko~e8T
JzH6J$
MKw(GrIG#
x(5w;F
=9rd;/
123456
assword
qwerty
esus(78
letmein
monkeMdc
rago+rMtno
i7youa
shadowpkms
mmm_pr
footbay
w]3v%reegm
SdfbocHris
\k[+sxfn
uaBuck
Ufaithdmmwk[l
qazwsx
65432=
Z[c$wr
pecrxJgr
%l9rob
\<6~3,r
!q2w3e
w9Cmzxcvbnm
sm/7d$M
06tp://m	
~vcxz.2z/pR/7.
b!YUIPWDFILE0
OCRYPTED1.0
SOFTWARE\M
.dPWTSGh`
CjsUS'
67X?N<
A%k8vD
Imp*vLoggOn
jfy	mlJ
psGc!PSN
My D!2c
#4mFY[.
%g*.C/
9sq Tj
T %s HTTP/	
Moz)a/4u
HWIDI%08X-
[|GHIS
evGh`lr
SCAPEZi
\P^& 6`|
^V;smYa
l%4lkq
$:.xml
gK16?L9 D 	{	;
BPD- .
4A(eUpy
XFJB-22
KiDyk2
/eb;Pu
N!\	_7
S_1_0_5
bik,fp
y`VWrlw
CXu#1,
0NTROL
b\{CB1F2C0F
-8094-4AAC-BCF5	1A64E27FA
d[B}?9EA
29-Ej?7577
4825FT73]}
.K1REa
-"ymoz
-A95B-
ESTX2m(
TE7	4+d
%-5#	c+2n3]
d)a57I
y A #L4
YKNIQUE
N]^hr?
qp	auUk
b9pl++
SF9043C88-F6F101A-A3C
O 51:b::\7
549.3a
4pYYi*T$	
mbuTTYmX
$l.wjf&
{>$173
B4y-4D;92
6B568FAE6`Bx
(,mAilF
-laNML
0agm!i
rqspt6
4DRT-OK 
7E4@@z
+#>6.&
'2, /+0&
7!4-)1#
lj3c(w
KG_wF6l
viron6
%p! 	Viema
MXC?Wid
WrToM<iB
C+32Sn
g9LC%l
}A~CmpN3WF8v@4N,r#tf
v;@\.N
XPTPSW
KERNEL32.DLL
advapi32.dll
ole32.dll
shlwapi.dll
user32.dll
userenv.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA