Sample details: 97ae604fbc338f1ec2df34e1f7dcb827 --

Hashes
MD5: 97ae604fbc338f1ec2df34e1f7dcb827
SHA1: b185ef9fcf5d308f432e166fbe0c3c572326fe28
SHA256: a65fd4dd07ebc1d45bc72c45d51d52d71dd111b358cb3ebfce794269d8291bcd
SSDEEP: 192:06+MWwpW3l0vdV+c0JdULHzUtPpiufN6qAa3ChkBqbrnA1fM99YX:F+B2vDID1wufcla3KbrnAR3X
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:11
Yara Hits
YRP/NsPack_v37_North_Star | YRP/NsPack_v37_North_Star_h | YRP/NsPack_v37_North_Star_h_additional | YRP/NsPacK_V37_LiuXingPing_additional | YRP/NSPack_3x_Liu_Xing_Ping_additional | YRP/NsPacK_V37_LiuXingPing | YRP/NsPack_3x_Liu_Xing_Ping | YRP/NsPacKV37LiuXingPing | YRP/Upackv039finalDwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10067.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
GetProcAddress
KERNEL32.DLL
USER32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
wvsprintfA
sNbUdD
@@9A	@J
U,.-.._
#3-D|&
O-rnep
nMuB}6
@+DD-^
D;\ipE
7n&i s
"rML&G
n1g$Rz
TGa~\X
I9g38r
%`a 8B$
V.A_S<
Ik1/VU
rOBr_6