Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 56555601926762fb324606b1e317111e --

Hashes
MD5: 56555601926762fb324606b1e317111e
SHA1: f37382b9a72ef78acab74820635a5b0824bf0b45
SHA256: c92a155454c17465ac5978250b32f708c0aa52f67bd019a50e0162e22b5a46ba
SSDEEP: 384:EJOgdX11jkZJJJJJJJJJtJBVpeTbJJJJJJJJY:yOGjGJJJJJJJJJtJBCTbJJJJJJJJ
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Str_Win32_Wininet_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
04ad72cfc3cc5d02c355ed3b2627ec90
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
t,h40@
MFC42.DLL
__CxxFrameHandler
_mbsicmp
strncpy
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetStartupInfoA
GetProcAddress
LoadLibraryA
GetLastError
CreateSemaphoreA
KERNEL32.dll
USER32.dll
ADVAPI32.dll
SHELL32.dll
ole32.dll
MSVCP60.dll
VERSION.dll
imagehlp.dll
WININET.dll
_setmbcp
%s\%s\%s
ShowUpdateDlg
OnlyOneXAutoUpdate
xupdate.exe
Happy Year 2012
HrCg@b	g 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity 
	processorArchitecture="x86" 
	version="5.1.0.0"
	type="win32"
	name="OceanSoftApplication"
<description>OceanSoft Application</description>
<dependency>
	<dependentAssembly>
		<assemblyIdentity
			type="win32"
			name="Microsoft.Windows.Common-Controls"
			version="6.0.0.0"
			publicKeyToken="6595b64144ccf1df"
			language="*"
			processorArchitecture="x86"
	</dependentAssembly>
</dependency>
</assembly>
7_B7_B7_B7_B7_B7_B7_B7_B7_B7_B7_B
7_B7_B7_B7_B
7_B6_A.b6b
V&t50[:7_B
7_B7_B(d0%j+2_;7_B
7_B7_B2j:
A.Z87_B
7_B"[)
`!6]@7_B
7_B*a3
s15^@7_B
7_B'[/
%M-7_B
7_B0\:C
V'X07_B7_B1];
3Z=7_B
7_B&g1Q
m07_B5^@
7_B3\=*
60Y: X(
*T37_B
7_B,Z5/
5\?7_B
7_B&^/0
!R)7_B
-W67_B7_B7_B
]!6^A.W8&T/
g$"P),
i'-W74]?7_B
l"v60Y9*
@"[*7_B7_B
~3*Y2'
H$Y-7_B
7_B#X+
K*W37_B
7_B6^@
C0Y:7_B
7_B-Z6
$,Y4/]9 
%r47_B7_B
7_B#[+
#!Z(7_B4^> 
q)V27_B
7_B5^@
6^@7_B7_B%_/+
0t>5]@7_B
7_B-[7
2_<7_B
7_B3]=!
&X.7_B
7_B!X)
0[:7_B
7_B&\/(
d'6^@7_B
7_B5]?+b4.Z87_B
7_B)]2&
k$c.5^@7_B
7_B7_B7_B
7_B7_B7_B7_B7_B7_B7_B7_B7_B7_B7_B