Sample details: 4e6669bff6ce8e3b48f0bd4f8b846845 --

Hashes
MD5: 4e6669bff6ce8e3b48f0bd4f8b846845
SHA1: d5bc4af377a9017b989cd0e99d40ffb80a1c6a40
SHA256: 3659d7120b37e587e2230d1a6248177d1ba6ffb1f760467fe0053ada53691b0b
SSDEEP: 384:pv2UtPQVMXVXZV+KBD+EaCxst573dSqN2N0fc0x:pvXtHXVpV3DUCMcCx
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:21
Yara Hits
YRP/WinUpack_v039_final_By_Dwing_c2005_additional | YRP/Upack_v0399_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v039_final | YRP/Upack_v039_final_Sign_by_hot_UNP_additional | YRP/WinUpack_v039_final_By_Dwing_c2005_h1 | YRP/Upack_v039_final_Dwing_h | YRP/Upack_v039_final_Sign_by_hot_UNP | YRP/Upack_V037_Dwing | YRP/WinUpack_v039_final_By_Dwing_c2005_h1_additional | YRP/WinUpack_v039_final_By_Dwing_c2005 | YRP/WinUpackv039finalByDwingc2005h1 | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10127.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
 	otX)
NH`?LfHBv
tR>&Rz
nwcU@*X
C/E}tMr
x2?o^?
HIrf9O
e"_Je<j
Tls#S$
9Ny4xpt
:9IBZc
|8gqTn
mdcygQM
|Lv=is[6TX
]7kmO$
OEHQ	O
9l9jNz
=c&Z]u
O(\;RA
D`JhxTJ
W%0n@5N!e
a=;7csV3q
wf#sotd%
HVp32N
h6J\S}`e
H'T9C9$
QeDpL/
{2;]	n)
V&[[0.
Q^lv_B
mO\'!@
=]S4|: