Sample details: 58bc0c758c6a356b742261dec53cbb33 --

Hashes
MD5: 58bc0c758c6a356b742261dec53cbb33
SHA1: eef320a02617b16024159eeb5055b4490c715c96
SHA256: 96f7b61681ac13949412d62a78a30b05760a117fe86da0174ab1f1fd368196fb
SSDEEP: 96:Z1BCMbMohNqpB6upyKMznZpiAqarswvIaGrrk8kRX00SM00SP6l6mDgm:dvAohNq/TUjQr2X0rM0rPO6mDg
Details
File Type: PE32
Added: 2018-05-15 18:47:19
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
333333333333330
{{{{{DK{q
{xp{{{{0
{{{{{{{{
{{{{{{{{
wwwwwww
{{{{{x