Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 4efa16e53ecd3f238ac3a591575e395a --

Hashes
MD5: 4efa16e53ecd3f238ac3a591575e395a
SHA1: 51baccf8b60acc194a24af5a578d26cc8419ceca
SHA256: 03bab82f1116c3f06641a5ec5d0b9b9df44b9f7216be334065d75d1279cf1bf2
SSDEEP: 192:xWqNF+ubrZkroaNXqoJrBz3iQbC7E5pz6LKpkTZ3:J+erZkr3qoJdz3ZC7KqZ3
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
u"h<3@
input a charater:
C:\Users\chris\Desktop\test\Release\test.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
memset
_except_handler4_common
VCRUNTIME140.dll
__acrt_iob_func
__stdio_common_vfprintf
getchar
system
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
KERNEL32.dll
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
010K0f0r0
3%3,333:3A3H3P3X3`3l3u3z3
5"595N5U5[5m5w5
6*6i6x6
707V7_7e7C8c8m8
9%9*9P9U9z9
;,;3;i;r;{;
<#<)</<5<;<A<G<
5 5<5@5