Sample details: 6997f8a82e0559c326ff6b1d2e6062c7 --

Hashes
MD5: 6997f8a82e0559c326ff6b1d2e6062c7
SHA1: bad1f83bb7657ca443baff99fa3ae3d1f577f157
SHA256: bf474ba85693250fc3b5d5f41aa8ebc3f103b681832ecd93bff7002256505538
SSDEEP: 192:KtZR5Fhp8cdwpHR3AkPLiM79mLU2Pcihcum:m5FZdgAkTiM79mgLQcum
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/win_files_operation | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
74a434a0b7bd5cfb64d13e88ee577087
Strings
		!This program cannot be run in DOS mode.
`.data
.idata
b2e.exe
!This program cannot be run in DOS mode.
`.text
`.data
selfdel
rmdir 
batchfile.bat
memset
memcpy
remove
_mkdir
_chdir
_rmdir
malloc
CRTDLL.dll
GetModuleHandleA
HeapCreate
lstrlenA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
HeapDestroy
ExitProcess
GetExitCodeProcess
KERNEL32.dll
strncpy
strlen
InitializeCriticalSection
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
ShellExecuteExA
ShellExecuteA
SHELL32.dll
PathQuoteSpacesA
PathAddBackslashA
PathRemoveBlanksA
PathFileExistsA
PathRemoveFileSpecA
SHLWAPI.dll
batfile.bat                                                                                             set oocl=regedit
    set DC=/C
    Set DS=/S
    Set varra=PP.reg
    %oocl% %DC% %DS% %varra%
KERNEL32.DLL
crtdll.dll
shell32.dll
shlwapi.dll
user32.dll
CloseHandle
CreateFileA
DeleteFileA
ExitProcess
WriteFile
GetCommandLineA
lstrcatA
GetTempFileNameA
GetTempPathA
PathQuoteSpacesA
PathAddBackslashA
wsprintfA
_mkdir
_getcwd
ShellExecuteA