Sample details: 7de8622119cc01b6193e5d3768173ede --

Hashes
MD5: 7de8622119cc01b6193e5d3768173ede
SHA1: 572ef3e5d20db4a11d041e4aa842d6fc19e14f62
SHA256: 26db7f6d95ec9f9f4e54540e8fd54ced56b05c0a913f8e94e75ef01983586f70
SSDEEP: 768:FjuROhSp8C4kxXnrl0sGFqsBsUhiocAhr/:FhSpckhnrl0PbBThi/AhT
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
9cf06b8902e9b91e11c1d6eeb5ad5b8d
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
generic
system
Unknown error
invalid string position
string too long
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
D:\P4\Core\AMSP\Dev\AMSP-5.5\AMSP\3rd_party\boost\boost_1_62_0\bin.v2\libs\system\build\msvc-14.0\release\debug-store-database\debug-symbols-on\threading-multi\boost_system-vc140-mt-1_62.pdb
.text$di
.text$mn
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.tls$ZZZ
.gfids$y
boost_system-vc140-mt-1_62.dll
?generic_category@system@boost@@YAABVerror_category@12@XZ
?system_category@system@boost@@YAABVerror_category@12@XZ
?throws@system@boost@@3Verror_code@12@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
MSVCP140.dll
LocalFree
FormatMessageA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
KERNEL32.dll
_purecall
__std_terminate
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
memset
_except_handler4_common
__std_type_info_destroy_list
VCRUNTIME140.dll
_invalid_parameter_noinfo_noreturn
strerror
_callnewh
malloc
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
.?AVerror_category@system@boost@@
.?AVnoncopyable@noncopyable_@boost@@
.?AVgeneric_error_category@?A0x490e0335@system@boost@@
.?AVsystem_error_category@?A0x490e0335@system@boost@@
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0*090F0T0\0b0f0p0~0
1"1F1R1j1y1
5<5#6>6K6X6c6
7J7P7N8T8
;l=p=t=x=|=
? ?$?(?
 0&0{0
161B1Z1i1v1
2%232;2@2Q2[2q2
8#868B8R8c8
8%929Y9a9z9
:$:0:?:D:M:i:|:
;&;=;C;I;T;\;f;x;~;
080U0k0u0
011:1B1
3+373A3^3
4%4,434:4A4H4O4W4_4g4s4|4
5&5/5<5k5s5
6>6D6J6P6V6\6b6h6n6t6z6
6"7B7h7
9+919;9E9
1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1<2@2H2L2P2h2l2p2
2D3H3P3d3h3l3p3
4$4(484<4@4D4L4d4t4x4
5 5$5,5D5T5X5h5l5p5x5
;,;8;\;|;
<4<8<X<x<
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1*0(
!COMODO SHA-1 Time Stamping Signer0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160329000000Z
170628235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Z#OyyR
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
170113072101Z0#
Vl{8MPL66
4c,JL;
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160330000000Z
170628235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
N9qZdV
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
20170113072104Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G1
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
160112000000Z
270411235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G10
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-40
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
170113072104Z0/
/1(0&0$0"
2(_!R"
Vlw9=Z