Sample details: 3a6c8753c0662e80c61c033b23d75274 --

Hashes
MD5: 3a6c8753c0662e80c61c033b23d75274
SHA1: f24825a058c8341ba881aed3aa216c4f7e5f559d
SHA256: a8bbe835cdbd31d73023a3dabdbd8228c0949055dbd5225db38be4bc2f77d644
SSDEEP: 24576:P2O/Gln70QPuz12cmuDQCj4GSmVMqE4k+IATbP1OokJSCDxfWW7g6zwzRQegxP2W:425mwdcrhqVpBfkQEX5k1tW
Details
File Type: PE32
Yara Hits
YRP/suspicious_packer_section | YRP/contentis_base64 | YRP/url | YRP/domain | YRP/IP | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/escalate_priv | YRP/screenshot | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/RIPEMD160_Constants | YRP/SHA1_Constants |
Source
http://etssoliv.myhostpoint.ch/jeffallen.exe
Strings