Sample details: 9113267ddde23134f3be09cbbe74500a --

Hashes
MD5: 9113267ddde23134f3be09cbbe74500a
SHA1: 1d5558079631a9b9a7ee2f7f748f7fe6bc302f51
SHA256: 7aea30ef5233f4b826e7c9e79d4a316491967452a4814ee1722b2f689c9ba005
SSDEEP: 384:CaOqhKEMc5gYjbaDxwS751LB7DjtpTPEBo0V2sQaeAJY/Wb:CQKEx5LbMVVTGl7xAWb
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:36
Yara Hits
YRP/Upack_0399_Dwing_additional | YRP/Upack_v038_beta_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_V037_Dwing | YRP/Upack_038_beta_Dwing | YRP/Upack_v038_beta_Dwing | YRP/Upackv037v038BetaStripbaserelocationtableOptionDwing | YRP/Upackv038betaDwing | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10193.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
^]YQYF
~aH/N<
>#OnFK
Pg<VO;
V^!@V/
:{ml^r
KJH|3ju
FKs7x9
|]^7Ns}"
P<-,0At
BMFlfD
NY>;qf
E j7IRi
EG_F#]K<
5Q\g_!
6+vdMcT
yY~CDo?
=Y9jun
"0o%Tm
p7*w-"y
>v'\o56
"G.,=X
1c@K6Rg
]r+;V)7V
y_q-&T
 /dIZh
gSf5Tw
YN 1^i
+t>	1%Y;
}IqosR
m M)e<K
6"%j|r3Z
PPD~ltc="
)Y_+U2
Jt3&K$
Re%}d6t0/
[mKHDh%W