Sample details: 20d8a3c209d25afd919f3171505119ec --

Hashes
MD5: 20d8a3c209d25afd919f3171505119ec
SHA1: 4612403fe495d6962df17fc6042bd176095c0264
SHA256: ab11eea270d2c9c4e827d3ce94650d1fc98ccd8fe0d183fb6cb0b06c48c5f6a0
SSDEEP: 768:FrqQ7AmV3rjBkyo1bekB8M97W+DtwTxq+OASDKwUYlysQdZl:F33kizlFqlAqD0d
Details
File Type: PE32
Added: 2019-06-19 12:01:58
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/ImportTableIsBad | YRP/FASM | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://vilamax.home.pl/a/klzb.pif
Strings
		!This program cannot be run in DOS mode.
<R>VfVV
#45:7%%
VVWVVV
>VVV^<
#45:7%%
>VVV^<
VVVV#R"TYE
NVVSopVV>NTVV
VfVV"Zs
PPPPQPPV
VVVV#P"R
)FVvVVY
BVVVsV
V&V3V5VsVVV
tVVVyV5VvV%V"V7V$V"VvVtVtVvVtVsV%VtVVV
ZVVV$V#V8V7V%VVV
_VVV%4?32::VV
#$$38"
98"$9:
3$ ?53%
VVV'3;#VVVVVV ?$"#7:VVV ;!7$3VVVV.38VVVVVVVV
VVVV#S"U/<x
VVV=V3V$V8V3V:VeVdVVV#V%V3V$VeVdVVVVVVV7V2V V7V&V?VeVdVVV%V>V3V:V:VeVdVVVVVV
+G}A B
@SVWATH
UxSubclassInfo
[j`XeH
CreateThread
CloseHandle
SetPropA
0A\_^[
$hFa.Zc
MmU*Wj]IUh
KOhZLRWU
v7TIRh
b.T Wc
U{4*f2O
Uxr|bI
G3XKVs
YaV|`D
\NpU[.s_
I<h_3C
;UGKH;
DG,heG
Ww &%k
W)9G[\T
PEvlbA lT
LEEK`U
hrtsXU
LNn5LYiPH
wDFtemv(AI
ThFNX7u
wlW3"Le
)h Xl['
TmW)RO
(V,T	/G
DhU|T*
~T|S@V
&TEF>^A
@T$"X\
jEY\?aG
LuLVhU
j^fJhR
NPnyLNk
Jz){Lsj
.V[3l	~3E
gVmql<@
qIW$|C5
=Zq<Z@
PW~^|F
yp8\(w
jJlhy5
V\EBVmV
,h+;<`
xheAV$q
=TMx<q
V.n;*u
,m3llL
nu6ADl
TUkk/k
VgU3YhZ
iQ=UmW
W.T Wc
nU1UmU(
Um/F_I
}rU7dP
\-QbUWIT
\t!]L=
Vh=wVh
UaZ{vd
"yUG,dV
tCDJnU/
^UlA.pXE
zh!Vto
nC\Ph^
TlVH]3C"W
rHU$^IU
iA\V|U
Vs<,V)
$4$*uW)1$
`K9A})
=eSx <
e#VPur1
HP.(yw?
6QDV5%
Vt{3CKU
^ UE&x
+TEV+EG
q}'^ 6
]3Z}+,S
Z5]>p5^
mFb}3Cq
9hEF[XU
@wBhUOn
CwzelP%2
!DF0Y$
Y9N$Vq |
3yftZ<{ 
4ZUA.i
Z*]DB|U
5iEV5e
(~E~m	
xh[<^d%
m%oEiv
]hH,zu
thI,WHU
UfMhUH
XU`'l%
hQ\mhUPfhQ
hUIfh9
U4&hK<J