Sample details: 535b740dbf4853cda7375a65cd7cc5ab --

Hashes
MD5: 535b740dbf4853cda7375a65cd7cc5ab
SHA1: d3a433e1a40ad48d589bebf7c902b3d68e87315c
SHA256: 112e729463b77ef113829a5b967fe9ce2cdb8c66b1abf7d4abc66c690dc84bd9
SSDEEP: 192:Bbs6R78hKtsJFOXVfJa41kKEy4FCBXAqwFWi3tR+zko:+kAgxlJatKiwwqwFW8tRG
Details
File Type: MS-DOS
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10559.malware
http://52.161.26.253/10563.malware
Strings
		`.data
@.idata
	z_Tz8
*B`>_Am
CMUB2*?
+CA(I/
HA\o4@
7Xr.0T
^)7"%VI
User32.dll
CopyIcon
LoadKeyboardLayoutEx
CharPrevExA
GetClipboardFormatNameW
DdeFreeDataHandle
RegisterClipboardFormatA
Kernel32.dll
GetLastError
VirtualProtect
EraseTape
GetConsoleAliasExesLengthA
SetHandleContext
CopyFileW
CreateConsoleScreenBuffer
Gdi32.dll
SetFontEnumeration
SetBitmapDimensionEx
RemoveFontResourceExA
PlayEnhMetaFileRecord
GetWindowOrgEx