Sample details: 58f2df1bc5a5e59476f18beeb1fa24e1 --

Hashes
MD5: 58f2df1bc5a5e59476f18beeb1fa24e1
SHA1: a9252bf09ca64a4c94684af5c3f2c2305eb089ce
SHA256: 2ec6e6a8ec047ccacb90f32bea017f15ab4db7e18f57e84c1f6c169e1ce4de35
SSDEEP: 192:pHdK3xbp1EIpIcAQb73j8k70uCwMkmBCDeCysW7vNiHkap:pHYtEuvH3Yk7UwMkouSJY
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:34
Yara Hits
YRP/WinUpack_v039_final_By_Dwing_c2005_additional | YRP/Upack_v0399_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v039_final | YRP/Upack_v039_final_Sign_by_hot_UNP_additional | YRP/WinUpack_v039_final_By_Dwing_c2005_h1 | YRP/Upack_v039_final_Dwing_h | YRP/Upack_v039_final_Sign_by_hot_UNP | YRP/Upack_V037_Dwing | YRP/WinUpack_v039_final_By_Dwing_c2005_h1_additional | YRP/WinUpack_v039_final_By_Dwing_c2005 | YRP/WinUpackv039finalByDwingc2005h1 | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10023.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
&d3-Q9A
J.F `&
h q\`I
R$.%rW
ED'Jpb
ChO\n&
S+zwP-
Iqoa*Ib
V*R;	V
yNbw}@
b,_Vw 
s_yhsr'
SI#D\f
n?3&}/
RI(^I$