Sample details: 600412b094b0f98089ba055c0504b305 --

Hashes
MD5: 600412b094b0f98089ba055c0504b305
SHA1: c497649d198da6881490c2f9659ef81bfd7d9689
SHA256: b0181500b45fe57fd40e16563cbd70667d0b9f2fcc906504f39fb6fdcde1c572
SSDEEP: 384:7+A+TafQ+cTJUMUzLQJ86DCBIGMpdp0QkfvRipfSCm:7+pTaQllUHQJ86DuINp70DfvspfSCm
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:10
Yara Hits
YRP/Upack_v010_v012Beta_Sign_by_hot_UNP_additional | YRP/Upack_v036_beta_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v010_v012Beta_Sign_by_hot_UNP | YRP/Upack_0399_Dwing | YRP/Upack_V037_Dwing | YRP/Upackv039finalDwing | YRP/Upackv0399Dwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10003.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
#kf31,wW
)Omz6Z
4&)yi^`
v3Sz.?&
G8hKM%
Jb2XXc
@L^"VE
UZ#9;Y
y6V"*s
jMC%oZp
*-`V{ v
_{u09Z
>PUB#+
ZX`-\	
o`o(>5
');CzC
&FS#%!
!fND|^Yix
>t{R[-
)qiV)[
+%56cW
fde6OS\{
S	1[U<
Vp*(2I
FSuSAVa
LO9B"|
GKWnPY
IyL3HXe
S#4O;Tb
t#6|>T
|V-xrL1a
HBVERIFY_DATA