Sample details: c1e8ddd5d790adb37be9ec5515ecea15 --

Hashes
MD5: c1e8ddd5d790adb37be9ec5515ecea15
SHA1: be02ee8323204af718a72354be0c22166c647347
SHA256: c5ac68328600a5a99f12d9708d77da04aa231895b633d47c5db56ec67c2ece64
SSDEEP: 48:ZvtqeqbJwAm0J45hlg+1eqJ8ohJAJo0HDNDinUWMpR6YsgMMXPxE4Y1Dyx4dB0y:Z16Wevo0DNDiSpYUMqPFaDyx
Details
File Type: PE32+
Yara Hits
YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.idata
kernel32.dll
wsock32.dll
IsWow64Process
VirtualAlloc
	lstrcpyA
GetCurrentProcess
WSAStartup
__WSAFDIsSet
closesocket
inet_addr
socket
kernel32.dll
VirtualAlloc
kernel32.dll
wsock32.dll
GetProcAddress
LoadLibraryA
RtlZeroMemory
lstrcatA
lstrcpyA
connect
select