Sample details: c6fed092bc593cd02a499a4bda0b3014 --

Hashes
MD5: c6fed092bc593cd02a499a4bda0b3014
SHA1: 4e6a2fab5045e7c9330c66b6cec375ab396704f8
SHA256: 233f87e24861855e30ad450ed73d09debcf259f5386f5fee882ded94b1c2e091
SSDEEP: 48:ZvtPbyxpbJwAm0J45hlg+1eqJ8oH4Pdo0DUmXFanUWMpR6YsgMMXPxE4Ymz:Z1TyxTWeZdo0D51aSpYUMqPF
Details
File Type: PE32+
Yara Hits
YRP/AHTeam_EP_Protector_03_fake_PCGuard_403_415_FEUERRADER | YRP/FSG_v110_Eng_dulekxt_Microsoft_Visual_C_Basic_NET | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/network_tcp_socket | YRP/Str_Win32_Winsock2_Library | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.idata
kernel32.dll
wsock32.dll
IsWow64Process
VirtualAlloc
	lstrcpyA
GetCurrentProcess
WSAStartup
__WSAFDIsSet
closesocket
inet_addr
select
socket
kernel32.dll
VirtualAlloc
kernel32.dll
wsock32.dll
GetProcAddress
LoadLibraryA
RtlZeroMemory
lstrcatA
lstrcpyA
connect