Sample details: 3f5d79b262472a12e3666118a7cdc2ca --

Hashes
MD5: 3f5d79b262472a12e3666118a7cdc2ca
SHA1: 40c59211973df42d00aa33165d4744f15ad6e7e8
SHA256: a8702588c9bd16b6bebad961bf7917b297e82d083cfeafeeede841e24f1d0598
SSDEEP: 768:pzgzAy9K9LTk7xkvCwddz8lwiQRn0yNGUY:5gzARLAVMdzwQZ/NI
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/escalate_priv | YRP/win_token | YRP/win_files_operation | FlorianRoth/Pirpi_1609_A | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
D$ RPV
L$ PQV
L$@SU3
L$LVW3
FD_^][
GetSystemTime
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
CloseHandle
FlushFileBuffers
WriteFile
SetEndOfFile
SetFilePointer
CreateFileA
CopyFileA
GetTickCount
CreateProcessA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
SetFileAttributesA
SetFileTime
GetFileTime
SystemTimeToFileTime
SetLastError
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetVersionExA
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
OpenProcess
KERNEL32.dll
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
ADVAPI32.dll
sprintf
malloc
_snwprintf
rename
strrchr
strchr
wcslen
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
GetStartupInfoA
_stricmp
_strnicmp
_wcsnicmp
ms*as.dll
\msasn1.dll
as.dll
rundll32 %s in 111432
@echo off
del %s
if exist %s goto loop
del %%0
rundll32 %s GetFile 
tmp.exe
5?%Ri(
dD~O8)
pahE:4
keZ(?1
d1Fvg}
<^8GZ\
~-;3;1
12}S<c)
GI:^T,
b}JXx~G2,
"2O7&3I
7~<1]@
}9JA-,
V9..9G
WvB]C"J?#
dYZ4a#
u,+"Jy<
@jLah6
a1M|.t
n_F3l7{q
$<wuD!
Mv(	GS
FE{qX/
N'p]Wr|
D0swB[
l>c O_@
l}l)k/
Z=N|s9
/N.PtG%
B#Cna 
jDLM((
yZya:3T
UEh4@P#9
H~!2ah
[-W$=g
)>Jp{<
cb|K(m
d/uC1y
96FER&
=B.-*W
wy-Z[z 
?HcJPD
TTz|.IQ
{4VEni
"fvu8K|
nkOR7!
+Wr[bb}K,
X6m7P4
0h}G}V
bQm!-I
\user32.dll
XXXXaX
\\127.0.0.1
\\localhost
DisableThreadLibraryCalls
LoadLibraryW
LoadLibraryA
kernel32.dll
user32.dll
xmlhlp
wups32
kdbg32
gdim32
helpnt
even32
dmsvct
biosnt
msexec
msdtcs
mscmsr
msctfp
sensnt
msasno
msfont
dhcpcsvc
tapisrv
wuauserv
netman
wzcsvc
Tapisrv
aaaaaa
NtQuerySystemInformation
NtQueryInformationProcess
winlogon.exe
sfc_os.dll
sfc.dll
SeTcbPrivilege
SeShutdownPrivilege
SeLoadDriverPrivilege
SeDebugPrivilege