Sample details: 45e92df335fb18a42b3e1bd6dbbe5376 --

Hashes
MD5: 45e92df335fb18a42b3e1bd6dbbe5376
SHA1: 5573f147b2433fdc6658b87b4c88a21d3afca365
SHA256: 42ace85491d9d6553753730f94959a7cd1eb61042eaa5584b8c3dd49da78df23
SSDEEP: 384:F+B2vDID1wufcla3KbrnAR3QjdSxmFG2l+ugWUl9kNrGp1s1ciEA:gB2MD1g2LRQli39kNapu1OA
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:07
Yara Hits
YRP/NsPack_v37_North_Star | YRP/NsPack_v37_North_Star_h | YRP/NsPack_v37_North_Star_h_additional | YRP/NsPacK_V37_LiuXingPing_additional | YRP/NSPack_3x_Liu_Xing_Ping_additional | YRP/NsPacK_V37_LiuXingPing | YRP/NsPack_3x_Liu_Xing_Ping | YRP/NsPacKV37LiuXingPing | YRP/Upackv039finalDwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10064.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
GetProcAddress
KERNEL32.DLL
USER32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
wvsprintfA
sNbUdD
@@9A	@J
U,.-.._
#3-D|&
O-rnep
nMuB}6
@+DD-^
D;\ipE
7n&i s
"rML&G
n1g$Rz
TGa~\X
I9g38r
%`a 8B$
V.A_S<
Ik1/VU
rOBr_6
D-iJR@
)vJ{OC
\cEU|!
$T4eR.
qi-5M+
|DW&h,
ICQX-G
!gfxW-
KW+4T]
#WBM+L
C#pRh^v
LO7%R)L
vb-u2:5W[
,4*34[
0.\5Jq
hocv|FB
lkA,{Y
zWv=ZI
\m+npv
)q{vgx
wf2:+-