Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 91e27cbceb6addcfdf0d1e7d1a3ad339 --

Hashes
MD5: 91e27cbceb6addcfdf0d1e7d1a3ad339
SHA1: 17d489c003355a34197c84be37ed393bb9bff2d3
SHA256: dec5542f2a19ff58af26b1e30a80d2628ac8fba9d8569a867f1c8529eb209f8e
SSDEEP: 768:6Gxnz2TWfL8g3/2RVjoOPeHd4xKQ7m4d05hgl36:nxzdfLn3ug8eHd4R0fgl3
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Microsoft_Visual_Cpp_70_DLL | YRP/Microsoft_Visual_Cpp_70_DLL_additional | YRP/Microsoft_Visual_Cpp_v60_DLL | YRP/Microsoft_Visual_Cpp_70_DLL_Method_3 | YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/Advapi_Hash_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
0495481d035935c5e309333c6d7c9209
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
KERNEL32.dll
NTDLL.DLL
CryptSIPAddProvider
CryptSIPRemoveProvider
CoTaskMemFree
StgOpenStorage
CryptAcquireContextW
CoInitialize
CoUninitialize
IsEqualGUID
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CertOIDToAlgId
1.3.6.1.4.1.311.2.1.30
CryptEncodeObject
CryptReleaseContext
CorExitProcess
mscoree.dll
E_`runtime error 
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: 
<program name unknown>
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`_`InitializeCriticalSectionAndSpinCount
kernel32.dll
j_`$j_`GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
?t_`Ct_`
`w_`dw_`
{_`SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
~_`NB10
msisip.pdb
QQSVWd
t.;t$$t(
QQSVW3
_`SUVW
_`SSS+
t#SSUP
t$$VSS
_^][YY
O;>|E;~
F,98uX
hpy_`d
_`VWumh
?n_`,n_`$n_`
Xn_``n_`ln_`
o_`@o_`
_`;A t
_`;p$t
PPPPPPPP
GWhL _`W
PPPPPPPP
j4h` _`
_`u8WW3
FVhL _`h
t!SS9]
VC20XC00U
HHtjHHtF
WWWWVSW
WWVPVSW
v	N+D$
GetProcAddress
LoadLibraryW
SetLastError
lstrlenW
CloseHandle
FreeLibrary
GetLastError
lstrcmpW
lstrcpyA
lstrlenA
KERNEL32.dll
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
RtlUnwind
ExitProcess
GetModuleHandleA
TlsFree
TlsGetValue
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
msisip.dll
MsiSIPCreateIndirectData
MsiSIPGetSignedDataMsg
MsiSIPIsMyTypeOfFile
MsiSIPPutSignedDataMsg
MsiSIPRemoveSignedDataMsg
MsiSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
_`>l_`aX_`
4H8X8`8d8l8p8
T0X0d0h0p0t0|0
1&1-141;1B1I1P1W1]1g1n1
6&666a6k6
617i7o7
8%838Q8i8
;@;g;p;
"0(0H0d0x0
1)2H2W2u2
3&313N3Y3^3i3x3
4&454>4_4
6#7B7^7
818<8]8{8
9"9+9@9`9z9
:":I:N:X:
20L0U0
0"1:1?1G1P1d1m1r1y1~1
2/252=2^2d2o2|2
4@4F4Q4^4y4
5#5m5s5
5	6>6E6V6
:L:Y:d:l:q:y:
; ;';S;
<5<<<K<b<h<u<
<Q=b=q=
?(?B?P?Y?
8!9(929\9h9o9t9
=6=M=Z=u=
>,>D>[>d>j>
?"???T?Z?b?i?t?
	0?0G0O0d0~0
1S1Y1`1m1t1z1
4%424=4O4b4m4s4x4~4
5+575U5f5l5}5
6.7i9t9|9
:4:O:X:^:n:s:}:
;4;b<x<
<8=P=W=_=d=h=l=
=B>H>L>P>T>
?;?m?t?x?|?
2+262W2b2t2
3a3n3}3
8F9J:y:
:h;q;w;V<g<{<
2+2=2O2i2{2
3 3,3D3P3h3t3
0T0\0d0l0t0|0
7 7$7(7,7074787<7@7D7H7X7\7d7h7l7p7t7x7|7