Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 60d88c0829fe1e16c32f76d71724807b --

Hashes
MD5: 60d88c0829fe1e16c32f76d71724807b
SHA1: 40fb4d13a643b6f8a7a7cabc2a3f9e48b9e0cc50
SHA256: 6007da6bb72fe138dd4ae622c78c5337e3eaf9e8020b748b4a6918563ec988f6
SSDEEP: 768:hLCnlsA4wVor2lcvDd2nafVz7aGXdP6YMKdI6C6udCv:h2voo2p2naf9aediYMftdw
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
0495481d035935c5e309333c6d7c9209
Source
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Qkkbal
X0123456789abcdef
t ;t$$t
VC20XC00U
QQQSVW
;A$t3WWWW
;QTSUVWs
Kt=Kt5Kt.KuBB
=.idau
@@OO+E
QQQSVW
QQQQSVW
QQQQSVW
t$VVVj
RtlUnwind
SetLastError
GetLastError
CloseHandle
CreateFileA
MultiByteToWideChar
CreateFileW
UnmapViewOfFile
GetFileSize
GetFileTime
DeleteFileA
DeleteFileW
MapViewOfFile
CreateFileMappingA
SetFileTime
SetEndOfFile
SetFilePointer
FlushViewOfFile
VirtualAlloc
VirtualFree
KERNEL32.dll
mspatcha.dll
ApplyPatchToFileA
ApplyPatchToFileByHandles
ApplyPatchToFileByHandlesEx
ApplyPatchToFileExA
ApplyPatchToFileExW
ApplyPatchToFileW
GetFilePatchSignatureA
GetFilePatchSignatureByHandle
GetFilePatchSignatureW
TestApplyPatchToFileA
TestApplyPatchToFileByHandles
TestApplyPatchToFileW
1 1,101<1@1L1P1X1\1d1h1p1t1|1
=L=[=o=
>F?^?p?
30=0Z0_0
>%>0>?>
6(6-6|6
7/7\7n7w7
8*898C9d9r9
mspatcha.pdb
tvbl01\LOCALS~1\Temp\2\DBGtoPDB\mspatcha.pdb