Sample details: b7513ee75c68bdec96c814644717e413 --

Hashes
MD5: b7513ee75c68bdec96c814644717e413
SHA1: af8e75d043e33e8eeb0dd991f22cc0bb44a0898c
SHA256: 9654bb748199882b0fb29b1fa597c0cfe3b9d610adf4188a0b440f3faf5ee527
SSDEEP: 48:KxfE8CDMIWDUGCoYFrTEHffpvFdk2RRGq:aMRMIWD1Co4TEHffhFdkKc
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
CreatePipe
CreateProcessA
CreateThread
GetVersionExA
ReadFile
WriteFile
KERNEL32.dll
WSOCK32.dll
cmd.exe
command.com