Sample details: 557c531f77a1cfa8c031fe1abae57110 --

Hashes
MD5: 557c531f77a1cfa8c031fe1abae57110
SHA1: 472a11a273b4673425def8a32517fb1f0d69e1fc
SHA256: 92ec54b2e7266cc953f51b971448e8ea585e5d525bc28390f7a9db2e43c3eb04
SSDEEP: 384:ALVUgszHTFS0GtlQPSNqRhLWzxt49Bju/S/0Tzqsq:TH7T00OqqyWzn4Hu6sTz9q
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:55
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10037.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
6uR0B*d
pQ>8Li
%tMc(S
^rM8/s
?F-8lY
sRpdAC
]/5C-y>S
,o;9c)A
X'4SF}
:,IT>f
"ge'57
7xNqec
ZPRt^S
g2	7))z*
{C!8gy2
-\np(o"
)^v^k:Wi&
Oc]G9)[
Io]5\0=
GtDj*'6
1f|*F{n
viM,2(p
]X<=I#4
gp>Rt+
]n)C<m
wSyJ?yW6
\"b6lY