Sample details: 908bcec4e52c0f55f05579fecaa107da --

Hashes
MD5: 908bcec4e52c0f55f05579fecaa107da
SHA1: 8976736831461957d67940aebfffb58b4a5d0295
SHA256: cbe544715d650a1534ea83c59fb3d589f62dcc979a9ada9d4001c22630da85a8
SSDEEP: 192:PqTtsSWzZJCcTJB8oJ7Gl+4CisF8e6sNbS:asSOScVOJsNbS
Details
File Type: MS-DOS
Added: 2018-03-06 19:35:11
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10314.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
W]`_%`O
522J,e
%@Hatng@.
"mzDtC
zxt.v}
4!z#*B
jz,e[P^
7u,;YN}
1H \OT
qt*-@$U 
0_.Mtw`y
0btoo.7
o+!{e2