Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 1d27a7210f54a047264f23c7506e9506 --

Hashes
MD5: 1d27a7210f54a047264f23c7506e9506
SHA1: 4116e4e8f34e5e7f3fc6cf23cffd04fb027a1527
SHA256: 431111e367629bea37db016682c6354303360cd1419c033a22a26115121ccfe9
SSDEEP: 384:ymlG7hWSGNjLmCdCH72JrgITFYDVOElufavSeAE3hbj/hohmg57CtJwjr0n:ymQ9WSGNzdc2iITF1fav7AE3hbj/hohI
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/CRC32_poly_Constant | YRP/Str_Win32_Winsock2_Library | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Sub Files
39fcaf25e846c20b27268a41da96b9d6
Source
http://94.130.104.170/Win32Dircrypt.Trojan.Ransom.ABZ//119.executable
http://94.130.104.170/Win32Dircrypt.Trojan.Ransom.ABZ/119.executable
Strings
		!This program cannot be run in DOS mode.
*N[toi
R9tJ)h!
Y|/Hm,
^GtX2/!
i~xrZc
3!H[_>O
HA;l:2
$fa,;9
1RrRP	b
hJ!YF6h
,c&Gn}
Qce8bV
Z~Ha|	z~6|
'-t-.t$_t
F80-P%
6I~,Fr
o.tAxT
n)>0Ot+
`E4>:'
/	4Ro%
)hwjhX
$&HHD	"
Ev\SIj
N!&,8T/
$$NH~'
d>h	Sr
7tJh0u
9E 3[k
222%7HLH
2222@D@Db
jzja)~
9Yj!/8hX
\UB>\x
C u1*VE4
kg!#TIb
etThreadErrorMod
d	l/NLocalG-
upAddMembers
RegDel
eKeyEx
SwitchTo
isWindow
rPathW-h
WL64DW
dir@ti
-vct:;eK
WsYpWe
kt; 5d
1zA8,# 
m5boti
payinf
/EVUsY
R][,_RY
\ws2_32
ozilla
/4.0 (compatiF; MSIE
a Center PC 6
-us_ /
 HTTP/1.1
Host: hUs1-Ag9
rt/form-
so	ry=/.L
BAccep
,xKhtml,
 applic
;q=0.9w
x-xbitp
utf-8,
/-PrIA%no
--mKE@	
%5name=Ra/
;T{lil#
viweabkkfe
tribu's
SpacL*x
VoluMIn
U32qrN
Snlshot
sourcg
A	lenc
wRSNingW#
S/LObj
&ogi`D
S(ep[C
u1Open
ifybgnt`n
f<dSjx<l
XPTPSW
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
SHELL32.dll
USER32.dll
WS2_32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
InitCommonControlsEx
GetOpenFileNameW
SetBkMode
ShellExecuteW