Sample details: 4ee35bec665f0dd0743ee6d11223be03 --

Hashes
MD5: 4ee35bec665f0dd0743ee6d11223be03
SHA1: 9abb4ea68ad96b52245df6864849919952a0c67f
SHA256: a5260b56ecbb21aa2bfa8fb54b4ab9fafb343eadd915a8985f6d132fc3a46e00
SSDEEP: 384:9eHJRz0vQSDoFS6jcbbw7xCnQYxkksrzcMd+k0W/g3Zg:9eRz0vQFFS6AXG8QwcgMokB/gpg
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:45
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10029.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
;GJP~M
mX/4F:
dMhe)w
S/M?_0uUkt
=~H?l?b
2(flY22
BZ,{m-
Q}/\6t
m?mZk_5
>B9Duf)
;r~qUT
[n^?EZ
f>/>a!1
7GI8}'
Q|u78)#C
P|d_/4
g*xfRF
NyN6]s
:'l|LN
]4]f9l
G->Q~|
h'62_)
y],DRQ
d;9j3,
:MRD~M
/GHT%(
dcwhTh
p;.J[vS
Z-23\f