Sample details: 882998f31f6f19d30fa7598e414e2194 --

Hashes
MD5: 882998f31f6f19d30fa7598e414e2194
SHA1: 42d4516f6be90345e33a58cab39e8ab6d9c61d8b
SHA256: e9e4fa31159e430d44266f6b0be6353fd069c866d7a2e13658fb3520f5c6efe2
SSDEEP: 96:Z1PrMbMohNqpB6upyKMznZpiAqarswvsW0FbSs29lM8/FPI0qFrqQv:TwAohNq/TUjMOv/+rq
Details
File Type: PE32
Added: 2018-05-09 04:37:18
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
wx""'w
rr"""w
r'wrwrw
r'wwwrw
r''wwww
r"'w""w
w"'wr"w
r"'w""w
wwr""rw
{{{0{s