Sample details: cc4ab3502c13b2255bfc881fb5fdd668 --

Hashes
MD5: cc4ab3502c13b2255bfc881fb5fdd668
SHA1: cd99f5b2500c47663896f75651da2f2e8f89774a
SHA256: 8f641ae82e2f4d1c7627eeccc8ccb7d169129a4a51999c94ed8fd787f7b6574d
SSDEEP: 384:Sjv2K146RpcbIEtR1GBEVzoODN5yo8KWudTUa:Sjv514oCbIEtRcs3D0KWda
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:26
Yara Hits
YRP/WinUpack_v039_final_By_Dwing_c2005_additional | YRP/Upack_v0399_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v039_final | YRP/Upack_v039_final_Sign_by_hot_UNP_additional | YRP/WinUpack_v039_final_By_Dwing_c2005_h1 | YRP/Upack_v039_final_Dwing_h | YRP/Upack_v039_final_Sign_by_hot_UNP | YRP/Upack_V037_Dwing | YRP/WinUpack_v039_final_By_Dwing_c2005_h1_additional | YRP/WinUpack_v039_final_By_Dwing_c2005 | YRP/WinUpackv039finalByDwingc2005h1 | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10131.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
 	otX)
NH`?LfHBv
tR>&Rz
nwcU@*X
C/E}tMr
*1A/^%
&yeF`(+
9\S"es
<rP^@n/o
P)vxaN.
J#.V:-
E,S,hh
gq^Y=6v
\sK o1QM7
a.qdTla
M^Lc[(
(xj;7"
j$F~/L
+*ro%C
bU{N6SP'
yO3.<H