Sample details: 7f89d9d6e38d9224a527d6746cfda392 --

Hashes
MD5: 7f89d9d6e38d9224a527d6746cfda392
SHA1: c7d9d452fd807ab753b1f9986c12648437c0940f
SHA256: 90d7a91be30a6fd4da7d1e59c70cc8e07360e07bc3148303d63f195abb14e60f
SSDEEP: 48:ZvtPOyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DUmXFanUWMpR6YsgMMXPxE4Ymz:Z1GyxTWeZdo0D51aSpYUMqPF
Details
File Type: PE32+
Yara Hits
YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.idata
kernel32.dll
wsock32.dll
IsWow64Process
VirtualAlloc
	lstrcpyA
GetCurrentProcess
WSAStartup
__WSAFDIsSet
closesocket
inet_addr
select
socket
kernel32.dll
VirtualAlloc
kernel32.dll
wsock32.dll
GetProcAddress
LoadLibraryA
RtlZeroMemory
lstrcatA
lstrcpyA
connect