Sample details: 50e4f8c8777227c552231ecf968be181 --

Hashes
MD5: 50e4f8c8777227c552231ecf968be181
SHA1: d9719a03522bd00d593b898fb4147d4bc7ac33d5
SHA256: 0de0b10d77d7ca6ed71391f982166b69e69497aa6b9f2bcbf6172a5a813b8cc1
SSDEEP: 768:HuH7PLxZ8+AJtpVsjJGDYgaYr9gvF6VhCxVllIFCoEhBFxYgEhW:HuHxEj4Yr9eECxVlMCoEp5EU
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_Release_Microsoft | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/win_files_operation | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
6acec394718b86af1cab369f7a25f430
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
ItmItQIt>
YYShhD@
YY8^0t
URPQQh`,@
v	N+D$
UQPXY]Y[
```hhh
xppwpp
Primary
IsTextUnicode
ConvertSidToStringSidW
ADVAPI32.dll
IsCharAlphaNumericW
USER32.dll
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationProcess
RtlEqualUnicodeString
RtlRunDecodeUnicodeString
RtlEqualString
ntdll.dll
GetLastError
LocalAlloc
DeviceIoControl
CloseHandle
LocalFree
SetFilePointer
WriteFile
ReadProcessMemory
ReadFile
WriteProcessMemory
UnmapViewOfFile
GetCurrentProcess
GetDateFormatW
GetSystemTimeAsFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
OpenProcess
GetVersionExW
KERNEL32.dll
vfwprintf
fflush
vwprintf
wcsrchr
msvcrt.dll
memset
memcpy
__wgetmainargs
_cexit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
RtlUnwind
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
/0;0D0d0
>'?U?e?
0#0?0O0w0
1@1H1N1U1b1h1
4.4;4O4b4{4!5.5`5r5
6(60666C6c6i6p6}6
:$:+:8:>:F:L:T:Z:
;.;4;:;@;F;N;R;V;Z;^;b;f;j;n;r;v;z;
?'?0?K?U?h?r?w?|?
0=0E0N0T0\0h0z0
1%1H1N1T1Z1`1f1m1t1{1
4$4*444:4@4E4b4
1 1$1l4p4
\<`<|<
 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
151029113029Z
270609113029Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer09
http://www.certum.pl/CPS0
"3;vlG
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
171204095034Z
181204095034Z0
Open Source Developer1
Ile de France1.0,
%Open Source Developer, Benjamin Delpy1&0$
benjamin@gentilkiwi.com0
!http://crl.certum.pl/cscasha2.crl0q
http://cscasha2.ocsp-certum.com04
(http://repository.certum.pl/cscasha2.cer0
(}b?NON
cscasha2@certum.pl0
https://www.certum.pl/CPS0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA2
$http://blog.gentilkiwi.com/mimikatz 0
20180203223354Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA2
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
160308131043Z
270530131043Z0w1
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer0@
http://www.certum.pl/CPS0
=3+|y4N
8q={sd
<4b{gg
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
180203223354Z0/
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
151029113029Z
270609113029Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer09
http://www.certum.pl/CPS0
"3;vlG
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA20
171204095034Z
181204095034Z0
Open Source Developer1
Ile de France1.0,
%Open Source Developer, Benjamin Delpy1&0$
benjamin@gentilkiwi.com0
!http://crl.certum.pl/cscasha2.crl0q
http://cscasha2.ocsp-certum.com04
(http://repository.certum.pl/cscasha2.cer0
(}b?NON
cscasha2@certum.pl0
https://www.certum.pl/CPS0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Code Signing CA SHA2
$http://blog.gentilkiwi.com/mimikatz 0
20180203223357Z0
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA2
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA0
160308131043Z
270530131043Z0w1
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1
Certum EV TSA SHA20
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer0@
http://www.certum.pl/CPS0
=3+|y4N
8q={sd
<4b{gg
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
180203223357Z0/
PL1"0 
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0 
Certum Trusted Network CA
_L!g=oN)m