Sample details: 744a17a3bc6dbd535f568ef1e87d8b9a --

Hashes
MD5: 744a17a3bc6dbd535f568ef1e87d8b9a
SHA1: 73170f48b96d124168ca90ca2be2fcb50475cfa9
SHA256: 7d25e096554e5cce66254e619bec6f40853b38557f9ea5b491855683618f7ba1
SSDEEP: 192:PnB2eOzXrEHjshSL9vPjBZNfH14E7ROfJ3Ed8GAMFyPQGups:PjAOjc+zX18ad8GDk
Details
File Type: PE32+
Yara Hits
YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/win_hook | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
N"RichD
`.rdata
@.data
.pdata
@.rsrc
@.reloc
LcA<E3
FAIL : GetVersion
FAIL : InitTokenOffset
FAILED 
FAIL : Get Ntoskrnl Base
ntdll.dll
FAIL : hNtdll == NULL 
ZwQuerySystemInformation
ZwAllocateVirtualMemory
FAIL : GetProcAddress ZwQuerySystemInformation or ZwAllocateVirtualMemory
PsLookupProcessByProcessId
user32.dll
AnimateWindow
CreateSystemThreads
Allocate Mem Failed 
InsertMenuItem FAIL [%d] !
woqunimalegebi
System Is Not Win64
COMSPEC
/c del 
 > nul
FAIL [%d]
C:\Users\Public\test.exe
c:\Users\aa\Documents\Visual Studio 2008\Projects\4113\x64\Release\4113.pdb
ExitProcess
GetVersionExA
LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetCurrentProcess
GetLastError
GetNativeSystemInfo
GetCurrentThreadId
VirtualFree
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
SetThreadPriority
GetCurrentThread
CreateThread
WaitForSingleObject
TerminateThread
CreateProcessA
CloseHandle
KERNEL32.dll
PostMessageA
DefWindowProcA
CreatePopupMenu
InsertMenuItemA
DestroyMenu
CallWindowProcA
EndMenu
UnhookWindowsHook
SetWindowLongPtrA
CallNextHookEx
RegisterClassA
CreateWindowExA
SetWindowsHookExA
TrackPopupMenu
DestroyWindow
USER32.dll
ShellExecuteExA
SHChangeNotify
SHELL32.dll
vprintf
printf
strstr
strcpy_s
MSVCR90.dll
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_cexit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
memset
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING