Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 84a23a75bedff85954b47769d1543edf --

Hashes
MD5: 84a23a75bedff85954b47769d1543edf
SHA1: b0d092c45a62cdaf76feb15670f4e13959ed6859
SHA256: c926c0d25f5a67f9d80374464f3d7895a6c4f41a9fe5160a69d286c38aa6833a
SSDEEP: 384:v9hD4isesPZlFwQUWeFtdg4uS8fHt9ndIeBq6H7LF018j+dEaNE54XdUb+80t:vWesRlFwQg1buSCH3nWB6bLMC++i80t
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
0379e8ac99a2ccbcb8483cd1e9dc03eb
Strings
		!This program cannot be run in DOS mode.
h.rdata
H.data
B.reloc
ShDDfbjTj
hDDfb3
E u'WW
XtAIt53
hDDfbh
v[j@[+
4?j@_+
u +u(_
D:\WinDDK\3790\src\video\displays\mv2_vncdrv\objfre_wxp_x86\i386\mv2.pdb
EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngMapFile
EngDeleteFile
EngUnmapFile
EngDeleteSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngCopyBits
EngAlphaBlend
EngTransparentBlt
EngBitBlt
EngTextOut
EngStrokePath
EngFillPath
EngStrokeAndFillPath
EngLineTo
EngStretchBltROP
EngStretchBlt
EngGradientFill
EngPlgBlt
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
WIN32K.SYS
8+8<8I8Z8g8;:e;
0'0;0N0e0
1J2T2`2k2q2
585>5D5J5P5V5\5b5h5n5t5z5
;$;,;4;<;D;L;T;\;d;l;t;|;
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
990128130000Z
170127120000Z0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
%uyP}_
"http://crl.globalsign.net/Root.crl0
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
090318110000Z
280128120000Z0T1
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA0
:	D:CrA
%http://www.globalsign.net/repository/03
"http://crl.globalsign.net/root.crl0
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA0
091221093256Z
201222093256Z0R1
GlobalSign NV1+0)
"GlobalSign Time Stamping Authority0
+http://crl.globalsign.net/Timestamping1.crl0
%http://www.globalsign.net/repository/0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
110318171546Z
140318171542Z0]1
	Antwerpen1
	Antwerpen1
	uvnc bvba1
	uvnc bvba0
2http://secure.globalsign.net/cacert/ObjectSign.crt09
(http://crl.globalsign.net/ObjectSign.crl0	
%http://www.globalsign.net/repository/0
GlobalSign nv-sa1%0#
Primary Object Publishing CA100.
'GlobalSign Primary Object Publishing CA0
040122100000Z
170127110000Z0c1
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA0
$http://www.globalsign.net/repository09
(http://crl.globalsign.net/primobject.crl0N
2http://secure.globalsign.net/cacert/PrimObject.crt0
Washington1
Redmond1
Microsoft Corporation1)0'
 Microsoft Code Verification Root0
060523170051Z
160523171051Z0W1
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
GlobalSign nv-sa1
ObjectSign CA1!0
GlobalSign ObjectSign CA
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA
110318182241Z0#
[A~Il0g0X
Timestamping CA1
GlobalSign1#0!
GlobalSign Timestamping CA
Fa)_68X2