Sample details: aa115028063d94131d80f35d60617793 --

Hashes
MD5: aa115028063d94131d80f35d60617793
SHA1: 9eda52d2934d918fcc06c562bf6d85890738243e
SHA256: d345e2bd4e927258e99bcfff5614f1d8824527f1212141018d9ccd8fe663dfb4
SSDEEP: 48:ZvtPJIyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DUmXFanUWMpR6YsgMMXPxE4Ymz:Z1BIyxTWeZdo0D51aSpYUMqPF
Details
File Type: PE32+
Yara Hits
YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.idata
kernel32.dll
wsock32.dll
IsWow64Process
VirtualAlloc
	lstrcpyA
GetCurrentProcess
WSAStartup
__WSAFDIsSet
closesocket
inet_addr
select
socket
kernel32.dll
VirtualAlloc
kernel32.dll
wsock32.dll
GetProcAddress
LoadLibraryA
RtlZeroMemory
lstrcatA
lstrcpyA
connect