Sample details: 34ffcb399eaf01c3d3b7bd9b829f1adf --

Hashes
MD5: 34ffcb399eaf01c3d3b7bd9b829f1adf
SHA1: ddafa7c3ca241b41741485148311bd0623868e1e
SHA256: 223d0b3b67dbb86d9a244aea569c9e95a83c9b20653cea75df98f5ca281efe2d
SSDEEP: 384:dhMCLKHuMhiKtOMXJKnh9Kg8K+kVNft3pkML7KQ/7ghd:dhMCqHtOMXgV8K3DFpkMLWd
Details
File Type: PE32
Added: 2018-03-06 19:34:02
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10055.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
UpackByDwing@
.Upack
)H9p8hr
+JAyIL
j~/4Y]	
OI8Gqs)8u
{fWhz`
D6w|f=
l hDR3
riYd}\
C1JyH?
;ncjb{L'w`x)
->93kkFG
4M|2	_
GG;6Xx
1v2D/-~
ZgRaaeN!E
X6K^1W
0"H1w*u
&e wspO2
;;jMRK
t2GZZt%
Rl4QRH