Sample details: 8b91f51ef05d18df6b720a487d13d389 --

Hashes
MD5: 8b91f51ef05d18df6b720a487d13d389
SHA1: b00a9cf58b3cb9fa3c475ca00b2d6db0f95b9cd6
SHA256: 8e6fc8b63213c660a9b5cbc2f4fd769750d167e64908ec14ede3a953a1c91d23
SSDEEP: 384:Oa8iTVHay/bA4ipFIQENzFKUv2/Lg8VZIttrTIKe:OaNVay/bPmFI4urMKe
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Studio_NET | YRP/Microsoft_Visual_C_v70_Basic_NET_additional | YRP/Microsoft_Visual_C_Basic_NET | YRP/Microsoft_Visual_Studio_NET_additional | YRP/Microsoft_Visual_C_v70_Basic_NET | YRP/NET_executable_ | YRP/NET_executable | YRP/NETexecutableMicrosoft | YRP/IsPE32 | YRP/IsNET_EXE | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Antivirus | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://snapcrackleshot.com/wp-content/uploads/FONTUTIL.exe
http://snapcrackleshot.com/wp-content/uploads/FONTUTIL.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v2.0.50727
#Strings
RIPEMD160
Microsoft.Win32
<Module>
SIGN_MAGIC
GetUID
RUN_METHOD
CODE_BASE
REG_PATH
FONTUTIL
GetURL
System.IO
StartUP
REG_LOADER
REG_RUNNER
GENERATOR
REG_ROOT
DeleteHKCU
WriteHKCU
UID_KEY
GATE_KEY
AUTO_KEY
LOADER_KEY
mscorlib
Thread
command
DeleteSubKeyTree
GetEnvironmentVariable
IDisposable
DownloadFile
Console
set_WindowStyle
ProcessWindowStyle
set_FileName
get_MachineName
get_UserName
DateTime
WriteLine
response
Dispose
GetGate
Update
Create
Delete
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
SetValue
wmiMustBeTrue
FONTUTIL.exe
System.Threading
Encoding
ToBase64String
UploadString
GetHashString
GetRandomString
ToString
GetRHash
ComputeHash
GetFolderPath
get_Length
length
rawTask
Install
Program
get_Item
System
HashAlgorithm
GetHashSumm
Random
ComponentMain
GetVersion
System.Reflection
WebHeaderCollection
ManagementObjectCollection
Exception
ProcessStartInfo
get_Year
HttpRequestHeader
PlainLoader
PowerLoader
SpecialFolder
GetIdentifier
ShellRunner
ToUpper
Dropper
CurrentUser
TaskParser
ManagementObjectEnumerator
GetEnumerator
.cctor
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
DebuggingModes
FileAttributes
SetAttributes
ReadAllBytes
GetBytes
GetCommandLineArgs
BotActions
StringSplitOptions
get_Chars
get_Headers
WmiClass
ManagementClass
Process
Constants
set_Arguments
Exists
Concat
Format
ManagementBaseObject
System.Net
ticket
get_Default
GetUserAgent
WebClient
System.Management
Environment
get_Current
Convert
MoveNext
System.Text
AppendAllText
get_Now
set_CreateNoWindow
get_Day
CreateSubKey
DeleteSubKey
RegistryKey
System.Security.Cryptography
DoQuery
Registry
op_Equality
op_Inequality
IsNullOrEmpty
WmiProperty
WrapNonExceptionThrows
Font installer
Devops
FONTUTIL.EXE
 Copyright 
  2017 DevOps Tools 
$d95390b8-3c56-4da5-bd58-2b334bf28817
5.9.1.9
E:\VXProjects\Queequeg2\Queequeg\obj\Release\FONTUTIL.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>