Sample details: 3536aa0865e9ef3eb07d5cf2b9b9ad5d --

Hashes
MD5: 3536aa0865e9ef3eb07d5cf2b9b9ad5d
SHA1: 14713327d1108e633c8ae04457a279009ce0d5c4
SHA256: 7e18e4f3537b1d10f0d25a8a6d4980b1229864d400bd0f37db8f76411e1366d4
SSDEEP: 96:Kl+ptWFhPt3u4QvuuuLiU5AsDwzSlu/hqJfO3avMM7nxyeNR21CiRbKv9x:DptelLQWl+h/ISMMMvR21CiR2v
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/anti_dbg | YRP/network_dropper | YRP/win_registry | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
832ec872167da629691dbbb72d1775d4
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
F95x3@
MALWARE ANALYSIS - Copyright Robert McArdle (c) 2017!!!
This File is a Hands On exercise for Robert McArdles Malware Analysis Course
If you are seeing this for any other reason - please contact me by email on RobertMcArdle [INSERT OBVIOUS SYMBOL HERE] gmail.com
Select OK to continue, or CANCEL to stop program running
ERROR: CODE 0
ERROR: CODE 1
ERROR: CODE 2
/A reg*
tskill
ERROR: CODE 18
/A wireshark*
ERROR: CODE 19
/A taskmgr*
ERROR: CODE 20
c:\install.zip
http://www.robertmcardle.com/Teaching/Exercises/samples/update.zip
ERROR!!!
ERROR: CODE 21
c:\7z.exe
http://www.robertmcardle.com/Teaching/Exercises/samples/7z.exe
ERROR: CODE 21a
/C c:\7z.exe e c:\install.zip -oc:\ -pgoToStage2 -y
cmd.exe
ERROR: CODE 24
-L -p 80 -e cmd.exe
c:\stage2.exe
ERROR: CODE 25
Software\Microsoft\Windows\CurrentVersion\Run
ERROR: CODE 26
Auto Update
ERROR: CODE 27
KERNEL32.DLL
ADVAPI32.dll
MSVCR120.dll
SHELL32.dll
urlmon.dll
USER32.dll
CopyFileA
DecodePointer
GetSystemTimeAsFileTime
GetModuleFileNameA
GetComputerNameA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
RegOpenKeyExA
RegSetValueExA
_amsg_exit
__getmainargs
__set_app_type
_cexit
_configthreadlocale
_XcptFilter
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
__setusermatherr
memset
ShellExecuteA
URLDownloadToFileA
MessageBoxA
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>