Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b7993c10b9a8c3b9735d7696c7b9e8b6 --

Hashes
MD5: b7993c10b9a8c3b9735d7696c7b9e8b6
SHA1: ac2e765311380bfa502b3b7aed2e8d80c351e08b
SHA256: 6f0443a62fd444c4254f902f668543b867a0577504915d22cd75328f73cd4472
SSDEEP: 384:L5yAJ3gXLVMYNcJhGCMcrXWpiWwH/sHHgH2nKwsHTWHi5AGsHW0HcHpLHP0oqQGI:0AJ3IMYNcJXMcyu/z
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Cpp_v60_DLL_additional | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/win_registry | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
0495481d035935c5e309333c6d7c9209
Source
Strings
		!This program cannot be run in DOS mode.
`.data
@.reloc
KERNEL32.DLL
ADVAPI32.DLL
SHGetFolderPathW
shell32.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Common Administrative Tools
Administrative Tools
Common Programs
Common Documents
Common AppData
History
Cookies
Local AppData
AppData
My Pictures
Personal
DllGetVersion
shlwapi.dll
SOFTWARE\Microsoft\Windows\CurrentVersion
ProfileDirectory
Software\Microsoft\Windows\CurrentVersion\ProfileReconciliation
RegValue
RegKey
Default
MustBeRelative
DefaultDir
LocalFile
CentralFile
*windir
uWPWShh
WPWSh`
uSSSSSj
PSSSSSSSj
tv8Vj@
SHFOLDER.dll
SHGetFolderPathA
SHGetFolderPathW
KERNEL32.DLL
ADVAPI32.DLL
EnumResourceNamesW
CompareStringW
CreateDirectoryA
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsA
lstrcpynW
lstrcatA
lstrcpyA
GetSystemDirectoryA
GetSystemDirectoryW
IsBadWritePtr
DisableThreadLibraryCalls
GlobalFree
GlobalAlloc
GetSystemDefaultLangID
EnumResourceLanguagesW
FindResourceExW
LoadResource
LockResource
GetWindowsDirectoryW
GetWindowsDirectoryA
ExpandEnvironmentStringsW
lstrlenA
lstrlenW
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetFileAttributesA
GetFileAttributesW
AllocateAndInitializeSid
LookupAccountSidW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
3(3,3<3@3P3T3d3h3x3|3
858n8t8
9=9S9r9
9_:e:p:v:}:
;#;,;3;9;E;K;
<4<A<Y<
=,=5=F=P=U=e=v=
050]0j071I1c1
545I5V5v5
7+7B7T7g7q7z7
shfolder.pdb