Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 867e7c4917795399040f367575550ae4 --

Hashes
MD5: 867e7c4917795399040f367575550ae4
SHA1: 5907bbea5dad8a072374eae6d00e3cfde8188ab2
SHA256: 1c678ac8a1b77966c948ed5c988baaf47dd5a983d5c4e0f8befffe8c45f51a95
SSDEEP: 192:7dFLamEJCZip9RSRjSEs74k+Xu8EMmRBiatfU0Ytox:ZFLsJCZ49RS9js7+YMgManYy
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
P`.data
.rdata
0@.bss
.edata
0@.idata
.reloc
c:\3165616.exe
62.210.204.58
IPIPIPIP>>
RTPORTPORTPORTPORTPORTPORTPORTPORTPORT>>
libgcj-16.dll
_Jv_RegisterClasses
Error at socket(): %ld
Unable to connect to server: %ld
Bytes received: %d
Connection closed
recv failed: %d
WSAStartup failed: %d
mMingw-w64 runtime failure:
Address %p has no image-section
  VirtualQuery failed for %d bytes at address %p
  VirtualProtect failed with code 0x%x
  Unknown pseudo relocation protocol version %d.
  Unknown pseudo relocation bit size %d.
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 5.1.0
GCC: (tdm64-1) 5.1.0
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 5.1.0
GCC: (tdm64-1) 4.9.2
GCC: (tdm64-1) 5.1.0
aaa.dll
DllMain@12
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WinExec
__dllonexit
_amsg_exit
_initterm
_onexit
_unlock
calloc
fclose
fflush
fwrite
malloc
memcmp
printf
strlen
strncmp
vfprintf
WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect
inet_addr
socket
KERNEL32.dll
msvcrt.dll
WS2_32.dll
0"0O0b0g0
1 161\1
2!2H2O2Z2
4W4b4h4|4
5-5N5b5i5
6>6G6b6i6
778O8i8
9!929H9f9{9
:#:+:0:8:A:K:Q:Z:k:
;7<e<r<
=!=;=\=n=s=x=
>)>/>?>E>V>\>c>u>
?#???H?l?
080>0Q0
0$1*1Q1W1g1
4%4,4v4
5!5/555D5S5
6"6*626:6B6J6R6Z6b6j6r6z6