Sample details: aced5525ba0d4f44ffd01c4db2730a34 --

Hashes
MD5: aced5525ba0d4f44ffd01c4db2730a34
SHA1: 476fc1d31722ac26b46154cbf0c631d60268b28a
SHA256: 1140c624fbfe28b9ef19fef2e9aa251adfbe8c157820d5f0356d88b4d80c2c88
SSDEEP: 384:c2luNmqZQdY4fA6337hgpL5p4sENEKRbA8RP+TRi9N2Fu54bniJfJ86FxTwmovhx:ckGqIW0L/4sENEInpye8i4bnsxqy10
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_v40_v50 | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_http | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | YRP/Crypt32_CryptBinaryToString_API | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
t%VVVSP
t3VVVh
g!C9>u
YY_^[3
tWVj.S
QQSVWj
j%ZjsY
PVVVVVVV
PSSSSSSVS
PPWhE4
t?f98t:j%YjsZj\f
%j%Xjsf
QQSVj+h$r
QQQQPQQQ
CWSjEj,
SSVSSh
WWSWWh
SVWjCh
QQSVWj
QQSVWjCh
XjoZjzf
XjiYjl_jaf
jPYjrXjof
GjpXjrf
XjsYj.f
t4VPPP
DGMNOEP
<w00v8
OJ%ll%
W:)m13v1
T8k*1h'
T`a.81,@
t`t0040G
t`t004#K
J7gj`$-
t`k91iT-}d@
t`g&5w$A
t`r,'4$_
t`t0040D
'f("*k-?'
,w78~i
'l41y 
a'-qiq^R[eg4EW
m8 m5_
k00u#^!'5f{
.q}@wH{
9u)z};B
=g?&y<
=14gr>
Q'm:s?
&gws_rd = cr,ssl
k21T5@
c*<N;~
z;7o H
m?0V=O
g?0\=A
-8=v1p
q; n=C
--1n D
q61v8p
8A kf~y:qA
%s - %lu
%s - %lu	
 g*#u&FS
J>>m, 
 g*#u&FS
&v*$iiE	
imxtray.dll
.text$mn
.idata$5
.rdata
.edata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
CryptStringToBinaryA
CryptBinaryToStringA
CRYPT32.dll
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
gdiplus.dll
GetAdaptersAddresses
IPHLPAPI.DLL
SHLWAPI.dll
ObtainUserAgentString
urlmon.dll
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
WININET.dll
WS2_32.dll
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
WaitForSingleObject
GetExitCodeProcess
CreateThread
CreateRemoteThread
GetExitCodeThread
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
IsWow64Process
GetLastError
CreateMutexA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetLastError
CreateProcessW
FreeLibrary
LoadLibraryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
VerSetConditionMask
GetVolumeInformationW
GetCurrentProcess
GetSystemInfo
GetVersionExA
lstrlenW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
GetPrivateProfileStringW
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
KERNEL32.dll
wsprintfW
wsprintfA
OpenClipboard
CloseClipboard
GetClipboardData
keybd_event
GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
USER32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
ADVAPI32.dll
SHGetSpecialFolderPathW
SHELL32.dll
CreateStreamOnHGlobal
ole32.dll
0"0?0P0g0y0
:%;D;k;
> ?K?U?
30J0t0
060X0m1W4_4h4r4
545=5e5m5x5
6&6<6F6p6y6
96:F:T:j:~:
>">)>?>G>N>
=0D0a0x0
1-1=1E1M1{1
526=6{6
718C8P8u8
9&:3:Q:
;p;]<k<V=h=
=H>k>w>
7 7-8y8
:P:<;K;R;
<2<M>T>
?%?=?V?a?
484G4e4y4
7"7(7.747:7@7F7L7R7X7^7d7j7p7v7|7
P2T2X5\5