Sample details: 55507e05aea49087e36f0f9a49d25eb9 --

Hashes
MD5: 55507e05aea49087e36f0f9a49d25eb9
SHA1: 072723fb74273623447b31a5ef521991b6410859
SHA256: 7fd721d25568d2a523058242157e695530625f0efecc65a7bef48ddadf33e58c
SSDEEP: 192:6HeLUEAKOrzXWxRdnkkjAsJZxaLCJm+arqxpW6VVE/t2YkOOK9juL+Qt:6HiTr3RhLAisP+zxpT6/t9kuj8Dt
Details
File Type: MS-DOS
Added: 2018-03-06 19:35:01
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10305.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
/]$W(|o
{Nd.EY=
I	q,jg
vsi~1V
a[L-hQ!
mBRJGH
u|RTQY
wp_ILg
0kO/kp
wtM+GOjf
 J~l]^\
OcT^U~
FiGCmb
,\|([.D
kV^O6o
K \WD`o
8D&Zkp
Dv]zN3
uNY_"Sm5;
m7;>i&5U
CQm[,R
Ld P$G'%