Sample details: 1e3d98e39ceb3acb0221484c2d124f6b --

Hashes
MD5: 1e3d98e39ceb3acb0221484c2d124f6b
SHA1: d67d320da47ef18c5ee16eab7d5b7115c91ebf7e
SHA256: 708167af50b5bd45f24bbf0875a3abd0b72811e191d595405974b6d8640245bb
SSDEEP: 48:ZvtcsAyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DTXFanUWMpR6YsgMMXPxE4Ymz:Z1myxTWeZdo0DT1aSpYUMqPF
Details
File Type: PE32+
Yara Hits
YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.idata
kernel32.dll
wsock32.dll
IsWow64Process
VirtualAlloc
	lstrcpyA
GetCurrentProcess
WSAStartup
__WSAFDIsSet
closesocket
inet_addr
select
socket
kernel32.dll
VirtualAlloc
kernel32.dll
wsock32.dll
GetProcAddress
LoadLibraryA
RtlZeroMemory
lstrcatA
lstrcpyA
connect