Sample details: 71b57b5cd7f1d49eb0dc087537108d33 --

Hashes
MD5: 71b57b5cd7f1d49eb0dc087537108d33
SHA1: 6ea6c9f8363333c0c6b2e5f6aae3fcc509194a10
SHA256: 199eb2fdac3c459af2e2d2d7e405abf4f65b53e0b3ecb252f7389ff5b0cee3ba
SSDEEP: 768:IWdwmRjwkjXxnWBVU8tahoICS4AI3jrdIa:5RkkjXxnW7U8xICS4Aejt
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/RijnDael_AES | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
552220341900aad88a1b760c9aa6781f
Source
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
T$ QRP
T$,Rh\
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
pp|B>>q
aaj_55
UUPx((
cccc||||wwww{{{{
kkkkoooo
gggg++++
YYYYGGGG
&&&&6666????
uuuu				
nnnnZZZZ
RRRR;;;;
[[[[jjjj
9999JJJJLLLLXXXX
CCCCMMMM3333
PPPP<<<<
~~~~====dddd]]]]
ssss````
""""****
2222::::
$$$$\\\\
7777mmmm
llllVVVV
eeeezzzz
xxxx%%%%....
pppp>>>>
ffffHHHH
aaaa5555WWWW
UUUU((((
BBBBhhhhAAAA
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
RRRR				jjjj
00006666
CCCCDDDD
TTTT{{{{
####====
ffff((((
vvvv[[[[
IIIImmmm
%%%%rrrr
]]]]eeee
llllppppHHHHPPPP
FFFFWWWW
kkkk::::
AAAAOOOOgggg
tttt""""
nnnnGGGG
VVVV>>>>KKKK
yyyy    
YYYY''''
____````QQQQ
;;;;MMMM
ccccUUUU!!!!
PyErr_SetString
PyExc_ValueError
_PyObject_New
PyObject_Free
PyCallable_Check
PyErr_Occurred
PyObject_HasAttr
PyUnicode_FromString
PyExc_TypeError
PyErr_Format
PyArg_ParseTupleAndKeywords
PyExc_SystemError
PyExc_OverflowError
PyBytes_AsString
PyBytes_Size
PyObject_CallObject
PyEval_RestoreThread
PyEval_SaveThread
PyExc_MemoryError
PyBytes_FromStringAndSize
PyArg_Parse
PyExc_AttributeError
PyObject_GenericGetAttr
PyLong_FromLong
PyUnicode_CompareWithASCIIString
Py_FatalError
PyModule_AddIntConstant
PyModule_Create2
PyType_Ready
python34.dll
memset
memcpy
memmove
malloc
MSVCR100.dll
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
_crt_debugger_hook
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
_AES.pyd
PyInit__AES
AES key must be either 16, 24, or 32 bytes long
new(key, [mode], [IV]): Return a new _AES encryption object.
counter
segment_size
s#|is#Oi
Unknown cipher feedback mode %i
MODE_PGP is not supported anymore
Key must be %i bytes long, not %i
Key cannot be the null string
IV must be %i bytes long
segment_size must be multiple of 8 (bits) between 1 and %i
'counter' keyword parameter is required with CTR mode
__PCT_CTR_SHORTCUT__
'counter' parameter must be a callable object
'counter' parameter only useful with CTR mode
Encrypt the provided string of binary data.
Input strings must be a multiple of %i in length
Input strings must be a multiple of the segment size %i in length
No memory available in _AES encrypt
counter wrapped without allow_wraparound
CTR counter function returned string not of length %i
CTR counter function didn't return bytes
CTR counter function returned bytes not of length %i
Unknown ciphertext feedback mode %i; this shouldn't happen
decrypt(string): Decrypt the provided string of binary data.
Input strings must be a multiple of %i in length
No memory available in _AES decrypt
Input strings must be a multiple of the segment size %i in length
Unknown ciphertext feedback mode %i; this shouldn't happen
encrypt
decrypt
non-existent block cipher object attribute '%s'
Can't delete IV attribute of block cipher object
IV attribute of block cipher object must be bytes
_AES IV must be %i bytes long
block_size
key_size
Crypto.Cipher._AES
MODE_ECB
MODE_CBC
MODE_CFB
MODE_PGP
MODE_OFB
MODE_CTR
block_size
key_size
can't initialize module _AES
1%151Q1\1
2+282I2
3	4!4+4l4|4
6&636D6Q6^6j6w6
8#8/8B8U8g8u8
9?9F9R9a9
:):I:V:d:t:
;5;I;a;
>#>:>G>U>f>z>
?5?<?H?`?s?z?
010A0P0_0r0
1=1U1i1
142;2S2i2
3 4%4O4q4x4
5"5A5H5O5^5d5p5
7@7H7O7a7t7{7
9=;I;m;
;/<5<<<C<J<b<h<q<
=&=-=4=H=L=P=T=X=\=
>%>7>E>L>S>f>
D0K1W1`1t1|1
2&2-2G2N2U2d2r2{2
3*3<3G3X3j3
4 4.444B4L4Q4V4l4x4
5&5+515I5N5Z5j5p5w5
6"6-656]6d6i6n6u6
828J8T8
9.:4:::@:Q:]:q:
;';3;;;C;O;x;
<#<+<7<@<E<K<U<^<i<u<z<
0H5L5T5X5\5d5\6`6h6