Sample details: a17645fac4bcb5253f36a654ea369bf9 --

Hashes
MD5: a17645fac4bcb5253f36a654ea369bf9
SHA1: 1211ebe09eede3fddc210991cb3bb4ddfdeee8d7
SHA256: fe45f51d76c3c07c33432e6dac8b1964e6451f1b86e1668fd8aac9ee53de982c
SSDEEP: 384:f84hbJMjJ/6w5qWH2SOldU3pM3kjKHvCAsn9w/LjddAd18ULnCm4R1cvS:f84hqJ/R/HPOs3pDeHaAse5dAdm05Cc
Details
File Type: MS-DOS
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasModified_DOS_Message | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/RE_Tools | YRP/DebuggerCheck__QueryInfo | YRP/network_tcp_socket | YRP/win_mutex | YRP/MD5_Constants | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		>MemFu4
8Fileu
8MemFu
9MemFu?
?Fileub
_^][YY
SPWVSSh
u$Sj?W
wK9V8t
N,9N0u#
F(WWPS
Kx2j X+E
INSTALL_SOURCE
&sid=%u
INSTALL_SID
INSTALL_CID
sltp://bbs.favcom.space:1108/setup.bin?id=999
ntdll.dll
ZwQueryInformationProcess
VolumeNumber
SCSIDISK
os=%d&ar=%d
kernel32.dll
IsWow64Process
RtlGetNtVersionNumbers
memcpy
strcpy
strlen
strcmp
_snwprintf
strcat
sprintf
_snprintf
ZwClose
ZwOpenFile
RtlInitUnicodeString
RtlEqualUnicodeString
memset
ZwQuerySystemInformation
tolower
memchr
_allmul
_aulldiv
ntdll.dll
FDIDestroy
FDICopy
FDIIsCabinet
FDICreate
CABINET.dll
ExitProcess
CloseHandle
CreateMutexW
DeleteFileW
DeleteTimerQueue
WaitForSingleObject
CreateTimerQueue
CreateEventA
SetEnvironmentVariableA
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
SetEvent
CreateTimerQueueTimer
DeleteTimerQueueTimer
IsBadReadPtr
LocalFree
LocalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetVolumeInformationW
DeviceIoControl
CreateFileW
lstrcpyW
ExpandEnvironmentStringsW
lstrcpyA
lstrcpynA
GetCurrentProcess
BindIoCompletionCallback
lstrlenA
KERNEL32.dll
CloseServiceHandle
DeleteService
ControlService
OpenServiceW
OpenSCManagerW
ADVAPI32.dll
GetAdaptersInfo
iphlpapi.dll
WSARecv
WSASend
WSAIoctl
WSASocketA
WS2_32.dll
realloc
calloc
malloc
_pctype
_isctype
__mb_cur_max
MSVCRT.dll
5 6-6q6
7&7/7<7I7
9G:L:c:i:o:
;1;=;F;
<(</<^<e<
= =-=C=I=a=u=
>9>R>a>{>
?&?F?l?
Q0[0p0w0
0+121[1
3#3=3^3
6$6.6Q6
7$7.7~7
7R8d8n8
9/:J:a:f:k:w:
<.=:=Y=
495(7,7074787<7@7D7H7N7`7
<2/6m6
5 5$5(5,5054585<5@5D5