Sample details: b526f53a4b39dd5607d76fd59845ac2d --

Hashes
MD5: b526f53a4b39dd5607d76fd59845ac2d
SHA1: 436de6bd83a3c4bc6394c07baf9b0f261a029636
SHA256: 26c3ab0437f022eaf070e2b40c1d9ade60736f714d5551c129548410c537f0dd
SSDEEP: 384:J/iOrfoc4ECEqcs+DFHBollxgFXkkhtjccrQK3oBvCS6WnRPtZaX7En+yBJr50n:h4ECEqp+DUlLgFUkdj4MDWRzO7gZ35i
Details
File Type: PE32
Added: 2018-03-06 19:43:49
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/ThreadControl__Context | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10564.malware
http://52.161.26.253/10567.malware
Strings
		!This program cannot be run on DOS mode.
`.data
VirtualAlloc
kernel32.dll
SetThreadContext
AddAtomA
CreateThread
FindNextFileA
GetCurrentThread
GetProcAddress
GetThreadContext
GlobalFlags
GlobalLock
GlobalWire
HeapAlloc
HeapCreate
LoadLibraryA
ResumeThread
SetEvent
SuspendThread
KERNEL32.dll
%]]YsO
2K3F&d
YUQ8PO
{,H5;w
-P.a]1
I!WS-N
7/V<O~
whdGM.C
RfMufa
MK>'9c
Z" &xO
7c7G7--i
kMDE:|x
*o~@@>3
YF(nqg
[BPxma
[DAgzC
+?e-.]