Sample details: 252332d0adc12254dcc90a86831b6d93 --

Hashes
MD5: 252332d0adc12254dcc90a86831b6d93
SHA1: 0bbcca354c7f91614da272292f22f280265f886f
SHA256: 54910439f10ff376db5d8e0c9f5bd1845dd3fb2b1c56ce7acc8b69df5164d110
SSDEEP: 384:OJY4HRWzOO4bCaZWsO+A/xp9ZyCWeze5Dbs874vCTHrot+:14HdOHa8+ude5Hs8sSI+
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/MinGW_1 | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/network_dns | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.edata
@.idata
.reloc
93e35s
41878Z
4a177Z
2ce89X
6bc6f\
553b0[
8cd56^
81051E;
69c32V
5006ev
379bfv
2d190z
29839u
20d41s
77cdax
0ded3u
9388f}
5b2a3h
02bbfr
3285dz
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
_Z10aBypassUACv
_Z10aCharToIntPc
_Z10aGetOsArchv
_Z10aIntToChari
_Z10bBasicTH_1Pv@4
_Z10bBasicTH_2Pv@4
_Z10bBasicTH_3Pv@4
_Z11aAutoRunSetPc
_Z11aCheckAdminv
_Z11aCreateFilePc
_Z11aFileExistsPKc
_Z11aGetTempDirv
_Z11aProcessDllPcS_S_S_
_Z11aProcessExePcS_S_S_S_S_
_Z11aRunAsAdminPc
_Z12aGetHostNamev
_Z12aGetSelfPathv
_Z12aGetUserNamev
_Z12aProcessTaskPcS_S_
_Z12aResolveHostPc
_Z12aWinSockPostPcS_S_
_Z13aDropToSystemPc
_Z13aGetProcessILv
_Z14aCreateProcessPc
_Z14aGetProgramDirv
_Z15aUrlMonDownloadPcS_
_Z16aDirectoryExistsPc
_Z16aExtractFileNamePc
_Z16aGetHomeDriveDirv
_Z16aProcessDllLocalPcS_S_S_S_S_
_Z16aProcessExeLocalPcS_S_S_S_S_
_Z19aGetSelfDestinationi
_Z5aCopyPcii
_Z5aParsPcS_S_S_
_Z6aBasicPcS_i
_Z6aGetIdv
_Z6aGetOsv
_Z6aMkDirPc
_Z6cBasici
_Z7aPathAVPc
_Z7aRaportPcS_S_S_
_Z8aCheckAVv
_Z8aDecryptPc
_Z8aPosLastPcS_
_Z8bBasic_1v
_Z8bBasic_2v
_Z8bBasic_3v
_Z9aCopyFilePcS_
_Z9aFileSizePc
_Z9aFillCharPc
_Z9aFreeFilePc
_Z9aPosFirstPcS_
_Z9aRunDll32PcS_
aAutoRunCmd
aDomain_1
aDomain_2
aDomain_3
aDropDir
aDropName
aElevateFile
aGetProgDir
aOS_AR0
aOS_AR1
aParam0
aParam1
aParam2
aParam3
aParam4
aParam5
aParam6
aParam7
aParam8
aParam9
aPost0
aPost1
aPost2
aPost3
aPost4
aPost5
aPost6
aRunAs
aRunDll_0
aScript_1
aScript_2
aScript_3
aShell
aTimeOut
aURLMon_0
aURLMon_1
aZoneIdent
main_d_1
main_d_2
main_d_3
main_m_1
main_m_2
main_m_3
main_s_1
main_s_2
main_s_3
l\u3	[u
[uz]]u
GetUserNameA
AddAtomA
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FindAtomA
FreeLibrary
GetAtomNameA
GetComputerNameA
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetTempPathA
GetVersionExA
GetVolumeInformationA
LoadLibraryA
SetUnhandledExceptionFilter
WaitForSingleObject
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
fwrite
malloc
memcpy
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteExA
GetSystemMetrics
WSACleanup
WSAStartup
closesocket
connect
gethostbyname
inet_addr
inet_ntoa
socket
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
USER32.dll
WSOCK32.DLL
1&131F1P1Y1_1q1{1
2/2O2c2s2
8#8G8q8~8
989j9}9
9 :0:<:L:V:e:z:
< <,<t<
<Q=X=o=v=
?.?:?\?h?
	0%0.0
1,1K1j1
2$2C2m2
4,4I4V4l4y4
8-8K8i8
<(=Q=|=
7&7E7Z7
9(9e9q9x9
:5:Q:]:i:u:
;&;2;B;O;o;
=.>B?R?b?r?
070T0_0x0
1*1B1q1
2/2E2[2j2r2z2
3*3/3Z3e3p3{3
5"525B5R5b5r5
6"626B6R6b6r6
7"727B7R7b7r7
8"828T8