Sample details: 251f1d06a31443e478336ebefd9b451f --

Hashes
MD5: 251f1d06a31443e478336ebefd9b451f
SHA1: fe50acccd0a17f34d59c0ab4efa50a775dcfb1f2
SHA256: 768ec6bc9ede8433429d01dd0e86f26ac81239e0f64768ace8072ff18ca83ddd
SSDEEP: 384:yO/nHNpRKjcoH1X4PUzT8pYXPUAwlfGhi5:ZH9KjcAIeIpnkhi5
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:29
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10021.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
W]`_%`O
522J,e
%@Hatng@.
yJ'qfW
BU_baApa
c B2Qs
6c9r&<
5Gr$qk
\G7\5B
(GjiKb
x,wQGI:"
S=|ShEo
X$EdR'
9}aOye!g=
7Y^G|g
SJ+uzQ
_7mleh
{ c"5/3
A(|%{Oa
bI0IE(
F343ia
rW329%
	TSv1H
JLCrk!
$O@:==u
C'7(ZJ
%}66s7
7Rw*?^s
5v{scm
N)hK.3
JN',Vi
9`.+q|
3UPyr\|
W5sYI^
o2w;'a
&rEdf&`r
C-ny?z