Sample details: a285b8bf251c7385bbe6ec7de91b8b6d --

Hashes
MD5: a285b8bf251c7385bbe6ec7de91b8b6d
SHA1: da35e993ca6b2f8a73bef404a32391ae2a6f6b3e
SHA256: f8a603588cb91acf4c4a745f74326d202f4d63243fefaf048e1076174a18a50a
SSDEEP: 384:f0av7ODM08MXckYdK27UW/xMjI0vnBXDST2J:f0av70bYdKk0bSC
Details
File Type: PE32
Yara Hits
YRP/MingWin32_Dev_Cpp_v4991_h | YRP/MingWin32_GCC_3x | YRP/Microsoft_Visual_Cpp_v71_DLL_Debug_additional | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/Dev_Cpp_4992_Bloodshed_Software_ | YRP/Dev_Cpp_4992_Bloodshed_Software | YRP/Microsoft_Visual_Cpp_v71_DLL_Debug | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/Dev_Cue_4992_Bloodshed_Software | YRP/MingWin32_Dev_Cpp_v4x_h_additional | YRP/MingWin32_Dev_Cpp_v4991 | YRP/MingWin32_v | YRP/MingWin32_Dev_Cpp_v4991_h_additional | YRP/MingWin32_Dev_Cpp_v4x_h | YRP/MinGWGCC3x | YRP/DevC4992BloodshedSoftware | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/MinGW_1 | YRP/domain | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/network_tcp_listen | YRP/network_tcp_socket | YRP/win_files_operation | YRP/spyeye | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
a14ed25c7d08385e6b6aa96b167facd6
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
c:\windows\system32\cmd.exe
        | 
        | 
        | 
    /\  |  /\  
    //\. .//\ 
    //\ . //\ 
    /  ( )/  \ 
Welcome To Spider Shell!
Error on recv()
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
WSACleanup
WSAStartup
accept
listen
socket
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAtomA
CreatePipe
CreateProcessA
ExitProcess
FindAtomA
GetAtomNameA
GetConsoleTitleA
GetExitCodeProcess
GetStartupInfoA
PeekNamedPipe
ReadFile
SetUnhandledExceptionFilter
WriteFile
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fflush
fprintf
malloc
memset
printf
signal
sprintf
strlen
FindWindowA
ShowWindow
WSOCK32.DLL
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
crt1.c
_atexit
__onexitp
crtstuff.c
main.cpp
.rdata
.idata$7
.idata$5`
.idata$4
.idata$6H
.idata$7
.idata$5|
.idata$4
.idata$6
.idata$7
.idata$5l
.idata$4
.idata$6l
.idata$7
.idata$5h
.idata$4
.idata$6d
.idata$7
.idata$5p
.idata$4
.idata$6t
.idata$7
.idata$5d
.idata$4
.idata$6X
.idata$7
.idata$5x
.idata$4
.idata$6
.idata$7
.idata$5t
.idata$4
.idata$6
.idata$7
.idata$5\
.idata$4|
.idata$68
fthunk
.idata$2
.idata$5X
.idata$4x
.idata$4
.idata$5
.idata$7
CRTglob.c
CRTfmode.c
txtmode.c
pseudo-reloc.c
CRT_fp10.c
_fpreset
gccmain.c
___main
.rdata
.idata$7p
.idata$5
.idata$4
.idata$6
.idata$7h
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$4
.idata$64
.idata$7t
.idata$5
.idata$4
.idata$6
.idata$7l
.idata$5
.idata$4
.idata$6
.idata$7`
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$48
.idata$6
.idata$7d
.idata$5
.idata$4
.idata$6
.idata$7x
.idata$5
.idata$4
.idata$6 
.idata$7\
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$44
.idata$6
.idata$7
.idata$5
.idata$40
.idata$6t
.idata$7
.idata$5 
.idata$4@
.idata$6
.idata$7
.idata$5
.idata$4<
.idata$6
.idata$7
.idata$5
.idata$4
.idata$6@
.idata$7
.idata$5
.idata$4(
.idata$6`
.idata$7
.idata$5
.idata$4,
.idata$6h
.idata$7|
.idata$5
.idata$4
.idata$6,
.idata$7
.idata$5
.idata$4 
.idata$6H
.idata$7
.idata$5
.idata$4$
.idata$6T
fthunk
.idata$2<
.idata$5
.idata$4
.idata$4D
.idata$5$
.idata$7
.idata$7
.idata$5,
.idata$4L
.idata$6
.idata$7
.idata$50
.idata$4P
.idata$6
fthunk
.idata$2P
.idata$5(
.idata$4H
.idata$4T
.idata$54
.idata$7
.idata$7D
.idata$5
.idata$4
.idata$6
.idata$7$
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$4
.idata$6
.idata$78
.idata$5
.idata$4
.idata$6`
.idata$7 
.idata$5
.idata$4
.idata$6
.idata$7<
.idata$5
.idata$4
.idata$6t
.idata$70
.idata$5
.idata$4
.idata$64
.idata$74
.idata$5
.idata$4
.idata$6H
.idata$7@
.idata$5
.idata$4
.idata$6
.idata$7H
.idata$5
.idata$4
.idata$6
.idata$7,
.idata$5
.idata$4
.idata$6$
.idata$7(
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$4
.idata$6
fthunk
.idata$2(
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7L
.idata$7
.idata$5
.idata$4
.idata$6
.idata$7
.idata$5
.idata$4
.idata$6
fthunk
.idata$2
.idata$5
.idata$4
.idata$4
.idata$5
.idata$7
crtstuff.c
.ctors
__cexit
_sprintf 
_recv@16
_bind@12`	
__dll__
_memset
__argc
_fflush
_send@16
_fprintf
__alloca
__argv
__fmode
__end__
_signal
_malloc
_abort
_htons@4P	
_strlen
_printf
__gnu_exception_handler@4
___mingw_CRTStartup
_mainCRTStartup
_WinMainCRTStartup
___do_sjlj_init
__Z16InitializeServerv
__Z18CreateShellProcessP20_PROCESS_INFORMATIONPPvS2_S2_S2_Pj
__Z22GetNumberOfBytesToReadPvPcii
__pei386_runtime_relocator
__fpreset
_initialized
___do_global_dtors
___do_global_ctors
pseudo-reloc-list.c
_w32_atom_suffix
___w32_sharedptr_default_unexpected
___w32_sharedptr_get
dw2_object_mutex.0
dw2_once.1
sjl_fc_key.2
sjl_once.3
___w32_sharedptr_initialize
___eprintf
___sjlj_init_ctor
_ShowWindow@8
___RUNTIME_PSEUDO_RELOC_LIST__
__imp___setmode
__data_start__
___DTOR_LIST__
__imp__bind@12
__imp__recv@16
__imp___onexit
___p__fmode
_SetUnhandledExceptionFilter@4
___w32_sharedptr_terminate
___tls_start__
__libmsvcrt_a_iname
__imp__FindAtomA@4
__imp__abort
__size_of_stack_commit__
__imp__CreatePipe@16
__size_of_stack_reserve__
__major_subsystem_version__
___crt_xl_start__
_InitializeSecurityDescriptor@8
_AddAtomA@4
_PeekNamedPipe@24
_CreateProcessA@40
___crt_xi_start__
___chkstk
___crt_xi_end__
__imp____p__environ
__head_libuser32_a
__imp__CreateProcessA@40
__imp___iob
__imp__WriteFile@20
__libadvapi32_a_iname
_GetConsoleTitleA@8
__bss_start__
___RUNTIME_PSEUDO_RELOC_LIST_END__
__size_of_heap_commit__
_ReadFile@20
__imp__listen@8
___p__environ
___crt_xp_start__
_CreatePipe@16
___crt_xp_end__
__imp__signal
__minor_os_version__
__imp__atexit
__head_libmsvcrt_a
_accept@12
__image_base__
__imp__accept@12
__imp__exit
__section_alignment__
_socket@12
__imp__GetStartupInfoA@4
__RUNTIME_PSEUDO_RELOC_LIST__
__imp__htons@4
__imp____p__fmode
_ExitProcess@4
__data_end__
___getmainargs
___w32_sharedptr
__CTOR_LIST__
___set_app_type
__imp__sprintf
__imp__GetExitCodeProcess@8
__bss_end__
__CRT_fmode
__head_libwsock32_a
___crt_xc_end__
___crt_xc_start__
__imp__socket@12
___CTOR_LIST__
__head_libadvapi32_a
__imp__GetAtomNameA@12
_FindWindowA@8
_GetStartupInfoA@4
__imp__FindWindowA@8
_WSAStartup@8
__imp__GetConsoleTitleA@8
__file_alignment__
__imp__malloc
__major_os_version__
__imp__ReadFile@20
__imp__SetSecurityDescriptorDacl@16
__imp__InitializeSecurityDescriptor@8
__DTOR_LIST__
__imp__fprintf
_SetSecurityDescriptorDacl@16
__imp__memset
__size_of_heap_reserve__
___crt_xt_start__
__subsystem__
__imp__strlen
__imp__fflush
___w32_sharedptr_unexpected
__imp____getmainargs
__imp__PeekNamedPipe@24
_listen@8
___tls_end__
_GetExitCodeProcess@8
__imp__ExitProcess@4
__imp__WSACleanup@0
__imp__send@16
__imp__free
__imp__SetUnhandledExceptionFilter@4
__major_image_version__
_WriteFile@20
__loader_flags__
__libuser32_a_iname
__imp__ShowWindow@8
__CRT_glob
__setmode
__imp__printf
__imp__AddAtomA@4
__head_libkernel32_a
__imp___cexit
__minor_subsystem_version__
__minor_image_version__
__imp____set_app_type
_FindAtomA@4
__imp__WSAStartup@8
_WSACleanup@0
_GetAtomNameA@12
__RUNTIME_PSEUDO_RELOC_LIST_END__
__libkernel32_a_iname
__libwsock32_a_iname
___crt_xt_end__