Sample details: b316d34e67b258dfbf5ea313dd9b51a6 --

Hashes
MD5: b316d34e67b258dfbf5ea313dd9b51a6
SHA1: b73de70ec2628a527e3847afd7ac74a1ed8dc1a2
SHA256: a9c13cb4049e278494bf8aa770e3ae3cac63e65e4f96064050cac192cf8f7815
SSDEEP: 384:Ir71dULNStfCQ/mwlC7xJhH/ujtjZAmYPJH5grzUceM53oB2cXVNx7w+JNY1cAh0:fSl+Ve+H5gEFYUxBocAh0
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
9cf06b8902e9b91e11c1d6eeb5ad5b8d
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
.gfids
@.rsrc
@.reloc
SVWAVH
8A^_^[
|$ AVH
 H3E H3E
generic
system
Unknown error
invalid string position
string too long
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Unknown exception
bad allocation
bad array new length
D:\P4\Core\AMSP\Dev\AMSP-5.5\AMSP\3rd_party\boost\boost_1_62_0\bin.v2\libs\system\build\msvc-14.0\release\address-model-64\debug-store-database\debug-symbols-on\threading-multi\boost_system-vc140-mt-1_62.pdb
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.tls$ZZZ
.gfids$y
boost_system-vc140-mt-1_62.dll
?generic_category@system@boost@@YAAEBVerror_category@12@XZ
?system_category@system@boost@@YAAEBVerror_category@12@XZ
?throws@system@boost@@3Verror_code@12@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
MSVCP140.dll
LocalFree
FormatMessageA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
KERNEL32.dll
_purecall
__std_terminate
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
memset
__std_type_info_destroy_list
VCRUNTIME140.dll
_invalid_parameter_noinfo_noreturn
strerror
_callnewh
malloc
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
.?AVerror_category@system@boost@@
.?AVnoncopyable@noncopyable_@boost@@
.?AVgeneric_error_category@?A0x490e0335@system@boost@@
.?AVsystem_error_category@?A0x490e0335@system@boost@@
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
151231000000Z
190709184036Z0
Greater Manchester1
Salford1
COMODO CA Limited1*0(
!COMODO SHA-1 Time Stamping Signer0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
160329000000Z
170628235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
170113074117Z0#
'Lnj\x
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
160330000000Z
170628235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
N9qZdV
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
VmiY6sD
20170113074119Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G1
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
160112000000Z
270411235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G10
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-40
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
170113074119Z0/
/1(0&0$0"