Sample details: 21edcfb915b081301854396fac74f994 --

Hashes
MD5: 21edcfb915b081301854396fac74f994
SHA1: 83d8054a08ade80653d8cd79571ca46d669b00ca
SHA256: 9b34ac1591e0861ac7fbe42fc9b8d50c2351272ab9d9820cd59ed9d6d93d0794
SSDEEP: 192:z/wSbvVOtSCuY+HD7KjaNcTSnsys6SQ/0LNuHtSwfOhrjOfkap:zomVOtYY+HOaNcmsy3S+tSzGkY
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:39
Yara Hits
YRP/WinUpack_v039_final_By_Dwing_c2005_additional | YRP/Upack_v0399_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v039_final | YRP/Upack_v039_final_Sign_by_hot_UNP_additional | YRP/WinUpack_v039_final_By_Dwing_c2005_h1 | YRP/Upack_v039_final_Dwing_h | YRP/Upack_v039_final_Sign_by_hot_UNP | YRP/Upack_V037_Dwing | YRP/WinUpack_v039_final_By_Dwing_c2005_h1_additional | YRP/WinUpack_v039_final_By_Dwing_c2005 | YRP/WinUpackv039finalByDwingc2005h1 | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10026.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
t:!0QG
+^;q<^
c5,S2l
Hx)Mw:
%*aj[=
.TeU6-R
!rccO!-:
fnG)Tt-
[T7fGK(4
^g(tT"
+xj1J)
3B|!iw
N+&Q:e