Sample details: 62a44aace15cb728f1f5f96a1c2a4a37 --

Hashes
MD5: 62a44aace15cb728f1f5f96a1c2a4a37
SHA1: 2c05b0c70791368a3d28fd2d70f6047abf657034
SHA256: 8973e714d5644b31b07937434d4ab545970d6e9e3a98a264a2feb153802a8489
SSDEEP: 96:6JxKSuqvxAZsTfyUt8XyvFKPZZf7mZQRyheejF8/6v8gG6A4Z6:WIqgsDyXUeTiCEheejy/6vau0
Details
File Type: MS-DOS
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/escalate_priv | YRP/win_token | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		tOPPPj
tJQQQj
^PWSWj@Wj
VVVVWV
,v1#,v
,vM (v
,v=',v
mpsi.dll
memset
ZwQuerySystemInformation
memcpy
_snwprintf
ZwMapViewOfSection
ZwQueryInformationProcess
ntdll.dll
RegisterWaitForSingleObject
CloseHandle
UnmapViewOfFile
OpenProcess
MapViewOfFile
OpenFileMappingW
GetCurrentProcessId
TerminateProcess
ResumeThread
CreateProcessW
GetStartupInfoW
GetFileAttributesExW
ExpandEnvironmentStringsW
QueueUserAPC
CreateFileMappingA
UnregisterWaitEx
GetCurrentProcess
GetLastError
IsBadReadPtr
GetVolumeInformationW
KERNEL32.dll
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
DuplicateTokenEx
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation
ADVAPI32.dll
malloc
MSVCRT.dll
/etc/ccmain.json
/bin/i386/ccmain.bin
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
SeTcbPrivilege
2,3G3n3
4)4<4A4N4W4j4
5-595M5R5_5h5q5
6 6*636P6k6z6
7?7O7^7q7
9"9,9I9O9T9Z9d9w9
:7:`:|:
;:;O;U;m;