Sample details: 610be2715c32f47b95f069e853e348f0 --

Hashes
MD5: 610be2715c32f47b95f069e853e348f0
SHA1: 3170ef29158fb4614d3bf0de8f22065bbc9a416f
SHA256: b831f61d4e2a438ef4bde3201f62a225db3b08acef0d5bdc947bbd8cd3b5998e
SSDEEP: 192:KRd7oieZzt+YP+9tH/9/+AdJJ9EquXELp:KD7E8YP+PlHdhP
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_Release_Microsoft | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/network_dns | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://94.130.104.170/changeme//Tools/UpdateCheck.exe
http://94.130.104.170/changeme/Tools/UpdateCheck.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
bad allocation
=======================================================================
Betabot version checker
This will make a DNS query to determine the current version of betabot. It is recommended you use a VPN with proper DNS settings before performing check
Please type [Enter] key to get current version
=======================================================================
check.betalabs.su
DNS Query failed.
Response seems invalid. Unable to get current version
Current version:  [ %s ]
If this version is greater than the one listed on your panel, an update is available.
Please type [Enter] key to terminate the application.
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
MSVCP90.dll
WS2_32.dll
DnsQuery_A
DNSAPI.dll
printf
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0!0(0/070@0Q0
1"1,13191>1C1H1M1S1[1o1
2!22282?2S2X2^2f2l2r2
2D3J3R3Y3^3d3j3r3x3
4!4(40484@4L4U4Z4`4j4s4~4
5&5-585>5R5g5r5
404L4P4