Sample details: 6be40c8f35899a07ca5a3b5d7e61c2ec --

Hashes
MD5: 6be40c8f35899a07ca5a3b5d7e61c2ec
SHA1: 37b0ec66cf57eded3111fbcf646aa80f148a136a
SHA256: de58055a95b90d75a3aa6fd085474df4137cf2fb2f9e79e9075e46450b0598ac
SSDEEP: 96:Z11CMbMohNqpB6upyKMznZpiAqarswvIOAppEfGCnnfGCn9ZGwhKK:5vAohNq/TUjQ9ppaTfT9ZG+K
Details
File Type: PE32
Added: 2018-05-15 04:57:20
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
wwwwwx
wwwwwx
3;s333{3;0
{{{{{{{{p0
33333333330
wwwwwwwwwwwx
wwwwwwwww"'x
wwwwwwwww
wwwwwwwwwwww
wwwwwwwwwwwx
ws33333
wwwwwx
ws33333
wwwwwx