Sample details: 59acc4c730e83e822ebf0687472b6c3a --

Hashes
MD5: 59acc4c730e83e822ebf0687472b6c3a
SHA1: d9c4b8922bf061cfe8e84f75195eb7177b2f883f
SHA256: ad7f257ea6d51b73e98e889bc47939bf907d02c0e68e4414df3158508281427f
SSDEEP: 96:Z1mCMbMohNqpB6upyKMznZpiAqarswvI//eVWkWP1mDtOs:6vAohNq/TUjQ//jCg
Details
File Type: PE32
Added: 2018-11-02 17:53:10
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
wwwwwwwwwwp
wwwwwwwwwwp
DDDDDDD
DDDDDDD
wwwwwwwwwwp
{{{{{{{{{{{{0
{{{{{{{{{{{{0
wwwwwx