Sample details: 881fc631cf9e2633b8f42778b5c430dc --

Hashes
MD5: 881fc631cf9e2633b8f42778b5c430dc
SHA1: a1b1120ae10c7c6bac03a078c2861bdd7ab8f1d1
SHA256: 1878f7a3d4d202789d73f68b58a796d361ec20ad98166f79e2d4d56cf18b5a3e
SSDEEP: 48:SlUahAhuXr5/ycJ26mzNau5ByvcyBMErq:EhXr5KMMR8MEr
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsConsole | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
6b8ea12d811acf88f94b734bf5cfbfb3
Source
Strings
		!This program cannot be run in DOS mode.
`.data
.pdata
@.reloc
e:\code\test\cryptbase\objfre_win7_amd64\amd64\CryptBase.pdb
ExitProcess
GetCommandLineW
CreateProcessW
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
KERNEL32.dll
CommandLineToArgvW
SHELL32.dll
memset
msvcrt.dll
CryptBase.dll
DllMain