Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 3b180da2b50b954a55fe37afba58d428 --

Hashes
MD5: 3b180da2b50b954a55fe37afba58d428
SHA1: c2a409311853ad4608418e790621f04155e55000
SHA256: 96d04cdfaf4f4d7b8722b139a15074975d4c244302f78034b7be65df1a92fd03
SSDEEP: 384:23Fob3slaN3oF1fHICOoMzMv/QTIBjDVquODJXsUW7ftWs6:Yo7s28JnOxzMv/QsBjRqugXspd
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_registry | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
714a658c266c2a4e644e42d4a983a500
Source
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
ole32.dll
KERNEL32.dll
USER32.dll
ADVAPI32.dll
wComponent Categories
ThreadingModel
comcat.DLL
InprocServer32
Component Categories Manager
CLSID\{0002E005-0000-0000-C000-000000000046}
CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32
OldKey
%S\%S\%S
Required Categories
Implemented Categories
SVWhdU
dWWWWj
WCWSPj
VVQVVVVVV
SSSQRV
QQQRSQ
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
StringFromCLSID
ole32.dll
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetModuleFileNameA
GetModuleHandleA
IsBadWritePtr
lstrlenW
IsBadReadPtr
GetUserDefaultLCID
GlobalAlloc
GlobalFree
KERNEL32.dll
wsprintfA
USER32.dll
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegOpenKeyW
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
ADVAPI32.dll
COMCAT.dll
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
`1d1h1l1p1t1x1
1(3,30383<3@3D3H3L3P3T3X3`3d3h3l3p3t3x3|3
5'535:5
8-898c8i8w8
9:9E9_9
;:;M;d;p;
>F>N>a>
?(?;?N?o?
#0+030@0Y0e0
1!1,141
22282J2Y2_2l2u2
3!313:3P3W3r3{3
4!4'4-434
5#5=5P5~5
6*6:6E6R6
7)787W7p7
8$8M8V8k8
9N9Y9y9
:?:X:v:
;);A;l;y;
<E<^<|<
=%=@=]=l=
>1>[>s>
?)?@?K?Z?
0'0H0}0
313H3q3
3%4@4j4
4I5_5u5
757P7Y7s7
: :/:N:b:k:w:
p5t5x5|5
dll\comcat.dbg