Sample details: 492a839a3bf9c61b7065589a18c5aa8d --

Hashes
MD5: 492a839a3bf9c61b7065589a18c5aa8d
SHA1: 0cdffe44d23ce95f39828916650fbc4c5491d229
SHA256: 41254ecde7f99da911c86a37c947cb173fefde86983ca5084fc3948c7fc2d474
SSDEEP: 192:qdXBvanTlQRJ4Zyt19e0ADl+b6n32gF2BJJ90qgfMj1:qJNanSD44t1s0UU6n3yBh
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_Release_Microsoft | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_hook | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
hSVWj0
D$`$3@
PQQQQQQhx3@
FAIL : GetVersion
FAIL : InitTokenOffset
FAILED 
FAIL : Get Ntoskrnl Base
ntdll.dll
FAIL : hNtdll == NULL 
ZwQuerySystemInformation
ZwAllocateVirtualMemory
FAIL : GetProcAddress ZwQuerySystemInformation or ZwAllocateVirtualMemory
PsLookupProcessByProcessId
user32.dll
AnimateWindow
CreateSystemThreads
Allocate Mem Failed 
InsertMenuItem FAIL [%d] !
woqunimalegebi
System Is Not Win32
COMSPEC
/c del 
 > nul
FAIL [%d]
C:\Users\Public\test.exe
c:\Users\aa\Documents\Visual Studio 2008\Projects\4113\Release\4113.pdb
ExitProcess
GetVersionExA
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
GetLastError
GetNativeSystemInfo
GetCurrentThreadId
VirtualFree
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
SetThreadPriority
GetCurrentThread
CreateThread
WaitForSingleObject
TerminateThread
CreateProcessA
CloseHandle
KERNEL32.dll
PostMessageA
DefWindowProcA
CreatePopupMenu
InsertMenuItemA
DestroyMenu
CallWindowProcA
EndMenu
UnhookWindowsHook
SetWindowLongA
CallNextHookEx
RegisterClassA
CreateWindowExA
SetWindowsHookExA
TrackPopupMenu
DestroyWindow
USER32.dll
ShellExecuteExA
SHChangeNotify
SHELL32.dll
vprintf
printf
strstr
strcpy_s
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
memset
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0'0B0K0Q0\0~0
1%11171B1O1d1m1s1~1
272H2M2Z2`2j2q2v2~2
3#3+3<3A3J3Q3
384?4H4N4Y4p4
5%5L5w5
5 6(606:6F6O6T6g6
7+7T7\7d7
888>8K8Y8_8s8
9f9p9v9
:':5:?:F:L:Q:V:[:`:f:n:
;";';4;E;K;R;f;k;q;y;
<W<]<e<l<q<w<}<
=&=-=4=;=C=K=S=_=h=m=s=}=
=)>/>8>?>J>P>d>y>
?"?'?F?
0=0Q0W0
2"2(2.242:2@2
d1p1t1