Sample details: 5c729bacfddefb180b120a2e32620370 --

Hashes
MD5: 5c729bacfddefb180b120a2e32620370
SHA1: 2d199ed35bec34054a66348fc831c37ae038a1a3
SHA256: eb21535c812d9264a4de350848f9ca5b6ef2891968aece04e8e1dd8c3598b076
SSDEEP: 96:Z1TCMbMohNqpB6upyKMznZpiAqarswvIHGq0wkp:/vAohNq/TUjQHGq0wk
Details
File Type: PE32
Added: 2019-09-01 13:09:02
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
wwwwwx
wwwwwwwp
wwwwwwwx
wwwwwx
wwwwwp
wwwwwp
DDDDDD
wwwwww
DDDDDD
wwwwww