Sample details: a43b9de3c47144e842fc5b629adcbf6e --

Hashes
MD5: a43b9de3c47144e842fc5b629adcbf6e
SHA1: 778fbcf4f1638663dac425fcd78a7bdb232ed8e1
SHA256: 52b53ededa5f837f47ea6f53483264565c02f9f805d06f721f7b6527465d19d3
SSDEEP: 384:aWoKdulDeMdrZ69cJypnYPL/p1CyIANs0u:MKgwep8p6u
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
0e860aa7351826f893fa4be5c0bc7286
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
F:\views\QQ1.91\Basic_Hummer4_VOB\Hummer2013\Misc\Setup3\crt_c\Release\crt_c.pdb
wcscpy_s
MSVCR80.dll
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
KERNEL32.dll
crt_c.dll
?checkCRT@@YA_NXZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0D0^0s0|0
1/1D1I1O1j1o1{1
2,2I2P2U2Z2c2m2~2
4#4/484=4C4M4V4a4m4r4
5"585E5|5
5V6[6m6
7 7-7:7E7b7
8C8K8V8\8b8h8n8t8
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
100930000000Z
140101235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif0
VeriSignMPKI-2-80
 http://crl.verisign.com/pca3.crl0
E+QLI4
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130117000000Z
160216235959Z0
	guangdong1
shenzhen1503
,Tencent Technology(Shenzhen) Company Limited1>0<
5Digital ID Class 3 - Microsoft Software Validation v21503
,Tencent Technology(Shenzhen) Company Limited0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
E+QLI4
!~5W'~
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
130403082546Z0#