Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9144c660f02b40969e2dbdd88dce7c76 --

Hashes
MD5: 9144c660f02b40969e2dbdd88dce7c76
SHA1: 14cd1973ac8e5eebe1d3d13ec1b5df491c48e6ea
SHA256: 0403cdece0180c0a4b6fff43ad48e32d5f602b29c1fa0c5b4952857244f2c164
SSDEEP: 192:XoESFGkBbyam4XhwaTCJyg2TtmH/1gUVRVwH:4HFiamq9TCJylQB7wH
Details
File Type: PE32
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/Netopsystems_FEAD_Optimizer_1 | YRP/UPX_290_LZMA | YRP/UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_290_LZMA_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX290LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/upx_3 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
02c2ee77cf5aaf8ac03739640c46e822
Strings
		!This program cannot be run in DOS mode.
LxFFFF
FFFF<,
w	K6<8 F
7sysmon.ocPS
C:\WINDOWS\s 
Program Fi
soft Visual Studio\
6.OLBG	
kernel
wBfsffeep
H__vbaFr?Var/
Crp%KN
dlgT42
AbDLLKcx
lWindow"I
2glJ60
SU/@a	
ZAL\wG
orGmgi)
GetOwnd
DupGAryUnck
kat`4N
ltChezo
PXcbuzCsWe5
1Lv1srYC
'WRjx+
h,-v5o
<51j"=9
	C2ij=	R
=&CrstI
RQSVW3
;|$d@n
_CIcosadj_fptan
`#Xdiv_m64
$m1OCa+
sinPwb
mAqkNk;
KEVENT_SINK_
t;Q,aau
QueoInt
mSd9?n
'.UxtY
XPTPSW
KERNEL32.DLL
MSVBVM60.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess