Sample details: 8102aef50b9c7456f62cdbeefa5fa9de --

Hashes
MD5: 8102aef50b9c7456f62cdbeefa5fa9de
SHA1: e6bfe33c591fd024aac97d5734250fb72e3cf6b6
SHA256: 1488f56b62c37c789875dd3725103cdc3e17a6216aaba47d4543f3593f5040d5
SSDEEP: 192:VFSV7CoV6g04+33MhfNv5oSVJynQWEp08Ot9Ib/7rKQAW+vNYrM5Y:vSxKHafNvuSLyQj07MdAfC
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_Release_Microsoft | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://94.130.104.170/___2A6E.tmp
Strings
		!This program cannot be run in DOS mode.
`.data
ntdll.dll
NtQueryInformationProcess
psapi.dll
GetModuleFileNameExA
```hhh
xppwpp
ParentDelete.pdb
URPQQh
v	N+D$
UQPXY]Y[
CloseHandle
OpenProcess
GetProcAddress
LoadLibraryA
DeleteFileA
WaitForSingleObject
GetLastError
GetCurrentProcessId
KERNEL32.dll
memset
__wgetmainargs
_cexit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
?terminate@@YAXXZ
_controlfp
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130419000000Z
160718235959Z0
Sofia1
Sofia1
TecSystem Ltd.1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
TecSystem Ltd.0
?^eNNE%
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA