Sample details: 4e24cadef64e565197ee41c47bf744b6 --

Hashes
MD5: 4e24cadef64e565197ee41c47bf744b6
SHA1: 48f4d5336e6d6194980e39d11f4e9b8fa13deac5
SHA256: 1a6122d728e131a1f660f74709db493a914b36e9ec20b4ca95b928b9754215c4
SSDEEP: 96:Z1aCMbMohNqpB6upyKMznZpiAqarswvIBv5gD3h3I3Wu:mvAohNq/TUjQBGzpI3W
Details
File Type: PE32
Added: 2018-05-21 09:57:38
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n