Sample details: 37d760593c5fd2ffa372a6a8c043faf4 --

Hashes
MD5: 37d760593c5fd2ffa372a6a8c043faf4
SHA1: 105c8d41584b729690a32b9c22c6f6d44ae58f25
SHA256: 5d1e73dd6e34a4374d02abaf31b010294144e479b8fd04ce1f5fc08627db8e2f
SSDEEP: 192:XqTtsSjssRokZCLyKJDRKrOjs+JT1UOFPBXbk9lYfk2ST1G11EHmOoqB8g32vqpa:CsSjuYTyJjFT1UsbulYc78nE5Og3vJ4
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:52
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10036.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
W]`_%`O
522J,e
%@Hatng@.
"mzDtC
SU"dL)"iz
!0S[)N
-"d(>H
F[8(Aw
cpt`<q(3p
Zw`Z_{f^
biWF9<5^g_1
#bIiGa_
ioJF!b?k#
5.S*G_%
Xo2n/Js
KKayM_'
?A]S%#jQA
,P|#A4!
y}b%?N
|c\[Fb