Sample details: 509c43bf877011d8e1c91c551bb3bede --

Hashes
MD5: 509c43bf877011d8e1c91c551bb3bede
SHA1: 370d0591e61cd601b3eeadc3fe2b952bd96decdc
SHA256: 039a5dec53f58c8d8b0eaa17dc16e30191003b1cb8accac40d7181e734ccc92f
SSDEEP: 384:YrrtBl1jNM5vPomogd31UNmilzx8Mu7fSMDGW+MDXx13pxePWSSiZQ:4zW5oLg4miP877lWGZx4Ef
Details
File Type: PE32
Added: 2018-06-11 13:20:18
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/with_images | YRP/with_urls | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Dropper_Strings | YRP/network_smtp_raw | YRP/network_dropper | YRP/network_dns | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/BASE64_table | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://92.63.197.60/o.exe
http://92.63.197.60/o.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
%u %s %u %.2u:%.2u:%.2u %s%.2u%.2u
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u
aol.com
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Picture
My photo
My picture
Your photo
Your picture
Our photo
Our picture
Is this you?
Have you seen this photo?
Best picture
You should take a look
Do you know her?
Take a look at my new picture please
Rate my new photo please
My new photo just for you!
Keep them private
Don't show anyone!
She is hot right?
What you think about her new picture?
Lol.. look at her new photo!
LOL seen this photo?
WOW the best picture!
Don't share this one!
Just for you!
My love for you
Please rate my picture
Is she hot? Take a look at her
Damn I can't get her out my head
Someone told me it's you???
Keep it secret!
Your opinion needed
What is your opinion about this?
Trumps private photo leaked!
Is this good enough for facebook?
They will like it?
I'm about to post this on facebook
Look what has happened last weekend
The last party was hardcore
How drunk I was last night?
And I was really that drunk???
WTF is this?! Explain?!
Why you took that picture?!
I'm about to publish your photo
Best photo
Best piture
My best photo
My best picture
Your best photo
Your best picture
Keep this photo private please
Please keep this picture private
My newest picture
I think that's your best photo
How can she be so hot???
Unbelivable photo
My top photo
Photo of the party last night
Your scan wasn't approved
The scan quality is poor
Your scan has been approved!
The ugliest person in the world?
Photo of my new girlfriend
Photo of my new boyfriend
Rate the new photo of my gf
Rate the photo of my new bf
In love after seeing your photo
Why you shoot photos like that??
Next time don't forget about this photo
I took this photo of you
I took this photo of us
I took this photo of your mother
You will be shoked!
My new look!
Time for a change
My new hair
I think she is clearly retarded
Why would someone take such photos?
Not even good enough for facebook?Can't be more ugly than that?
Ugly as f*!
Will you be mad if I upload this?
Someone takes photos from you
Took photo of you
Why you look so ugly here...
How you just look so good here?
I simply love this photo of you!
I love you
Took photo just for you
You are my new love
My new love
Check out this photo I took for you!
Take a look!
Explain this!
Why the f* you took such photo?!
Adolfo
Adolph
Adrian
Adrian
Adriana
Adrienne
Agustin
Aileen
Beulah
Beverley
Beverly
Bianca
Billie
Billie
Blaine
Blanca
Blanche
Bobbie
Bonita
Bonnie
Booker
Bradford
Bradley
Bradly
Deanna
Deanne
Debbie
Debora
Deborah
Deidre
Deirdre
Delbert
Ginger
Giovanni
Gladys
Glenda
Glenna
Gloria
Goldie
Gonzalo
Gordon
Humberto
Hunter
Ignacio
Imelda
Imogene
Tanisha
Tanner
Taylor
Taylor
Terence
Teresa
Bailey
Rivera
Cooper
Richardson
Howard
Torres
Peterson
Ramirez
Gonzalez
Nelson
Carter
Mitchell
Roberts
Turner
Phillips
Campbell
Parker
Edwards
Collins
Stewart
Sanchez
Morris
Rogers
Morgan
Murphy
Jackson
Harris
Martin
Thompson
Garcia
Martinez
Robinson
Rodriguez
Walker
Hernandez
Wright
Johnson
Williams
Miller
Wilson
Taylor
Anderson
Thomas
Watson
Brooks
Sanders
Bennett
Barnes
Henderson
Coleman
Jenkins
[0.0.0.0]
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
http://icanhazip.com/
%s.com
AUTH LOGIN
<%s%s@%s>
MAIL FROM: 
RCPT TO: <
Received: from %s ([%d.%d.%d.%d]) by %s with MailEnable ESMTP; %s
Received: (qmail %s invoked by uid %s); %s
From: 
Subject: 
Date: 
Message-ID: <
Mime-Version: 1.0
%s%s%s%s
Content-Type: multipart/mixed; boundary= "
Content-Type: application/zip
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename= "
%sn.txt
2018%s_%s.jpg
@[::::_TMLR_::::]
http://92.63.197.60/
http://92.63.197.112/
%sd.js
fclose
fscanf
fprintf
_wfopen
sprintf
malloc
memset
_snprintf
strcpy
strlen
strcat
strchr
strstr
strtok
_snwprintf
wcslen
wcscmp
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
inet_pton
getnameinfo
WS2_32.dll
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
WININET.dll
URLDownloadToFileW
urlmon.dll
PathFileExistsW
SHLWAPI.dll
DnsFree
DnsQuery_A
DNSAPI.dll
GetTickCount
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
CreateProcessW
CreateThread
lstrcpyA
lstrlenA
ExitThread
DeleteFileW
ExpandEnvironmentStringsW
SetFileAttributesW
CopyFileW
CreateDirectoryW
GetModuleFileNameW
ExitProcess
GetLastError
CreateMutexA
ReadFile
SetFilePointer
WriteFile
GetFileSize
CloseHandle
CreateFileW
GetSystemTime
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfA
CharUpperA
USER32.dll
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
C                                                     b
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
7,737:7A7H7O7V7]7d7k7r7y7
:(;7;D;N;X;c;
</<9<C<M<R<
="=B=O=
=)>D>I>O>W>y>~>
4)4D4z4
526Y6t6
657;7O7y7
;%<Z<u<
>(>G>u>
?!?>?D?n?
1*1_1d1i1
2%2Z2u2
2$3K3f3
4A5M5R5
9<:F:W:o:
;(;-;d;i;
="=(=3=@=v={=
> >1>=>L>R>
0!070H0`0
1%101g1t1
1,292L2W2h2u2
3!6V6o6@7X7n7
8`9j9t9
;";(;.;B;
<$<1<C<H<M<Z<
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4