Sample details: 95a2387f103608f6eebcc64a01aefece --

Hashes
MD5: 95a2387f103608f6eebcc64a01aefece
SHA1: 43e42a7773c00fb37fea7fd41c252b3f550491c4
SHA256: 0603059021f667f9d92ca895d056d086275251fe8055bf1ba84baa46a8c4af73
SSDEEP: 192:uaxYZIWlgOsPe3H02a3HkaM3j2Ik4/2bPUGPv:us01K9m3K3pM3jJT2bPUGPv
Details
File Type: MS-DOS
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/win_registry | YRP/win_token | YRP/MD5_Constants | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		PSSSSSSh 
t99^Pu4
f9N8u+9]
t*9^Pu%f9~8u
JtmJtSJt0Jt
mpsi.dll
memset
memcpy
_snwprintf
memcmp
ZwQuerySystemInformation
ZwClose
_wcsnicmp
ZwQueryDirectoryObject
ZwOpenDirectoryObject
RtlInitUnicodeString
ntdll.dll
GetLastError
GetCurrentProcess
CloseHandle
GetVersion
VirtualProtect
VirtualAlloc
CreateMutexW
GetCurrentProcessId
LoadLibraryA
GetProcAddress
ExpandEnvironmentStringsW
lstrlenW
SetFilePointer
ReadFile
CreateFileW
KERNEL32.dll
FreeSid
LookupAccountSidA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ADVAPI32.dll
StrStrIA
SHLWAPI.dll
malloc
MSVCRT.dll
/bin/i386/setup.bin
/etc/setup.cfg
Faronics
4C4P4t4{4
5A5J5q5
6!7&7G7
8'828N8W8
:G;Y;c;>?