Sample details: b404c475bec2c8fcc959258695eb6cc6 --

Hashes
MD5: b404c475bec2c8fcc959258695eb6cc6
SHA1: 46891dbf24cbdacc6f9e14878b2c29af33020bcf
SHA256: 6a9e8b724b13bb09d02c7362e41ae76c5ef325197ae370c972b4e79dca9202a4
SSDEEP: 384:csSjefXUm9NlcwlfYZGfRJWpSC4rZ3halWk:HSjefkm95CZKRJWpdAjalV
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:37
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10024.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
W]`_%`O
522J,e
%@Hatng@.
"mzDtC
SU"dL)"iz
0|3#jX
HvH>rm
R7%-TB?
L`*C]"e
;"N-f8
77?"L\
QTL&l+UM5b
\j3'vQ
6msBvN
Wh:.+ 
+aH(#M>
45}%p3
e}UI3w
<bk`C%	:
S"Y{+>
	}c S&
.tC_mnL
`b	UxL
cNc$%I
~|mir*