Sample details: d27a48431ef6f48589763bdf1b3ee74a --

Hashes
MD5: d27a48431ef6f48589763bdf1b3ee74a
SHA1: 62e9acdfa1a6bcb5d430fa928a7ffb61d9dc58f5
SHA256: f990ba3901efe3275ff0b7661992053f749122f25c087ee999d331ab7214942d
SSDEEP: 768:rZXvN2+WPvD6EwwY7b2fDCTpN5oxedYP7/kUZ:G+WPvD6RLuWTb16
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Sub Files
533571354adcb9cf7560aa4ed791e3d2
Source
http://pornscope.net/pentest/micro.exe
http://45.32.237.201/pentest/micro.exe
Strings
		!This program cannot be run in DOS mode.
t1&^'m,
o2;`/ Ys
	#U.W1
LL*tFX
=AK*j=L
H_dVn1
<faH<:m
,8%&F<
uj7z=zu`
[QZ^&,
(A+J=h
V5048E
:ilNuH
E=IpC2 WG3#
c$`	A<4
z0MJHj
PspsZ`
) BZR(9\w
=n|S!cH.OS
1	#|@X
NV`VN.
_X%/HV
+Kh Xm%K
=h)Xoz
8Z"Z'ZJ
/vI@.E
O*!2x!
Z$4X@w u
r$*tPc
a5L !^
"}]h@_	
m5E2f"f
)TWZ!Svh
++d[!}
a{,[B>P
{-farg
O bR$8
9K'u+I
A j m3`
O S :Yh
h"e1	`
h4}xG0M
epBr"9
$FX@&i
BW46{I 
0z qGk	gul
8X@y#i
fiFiwp
fU02Rc
TA,%NeC
,}r%=[
r;p hop
P]#jhH,,
$IB;it
9t,!z,`R
mcu	|^
TQ&\RQ
v89b|I(UJ
;H9uM}G
QL<QKDf
"[ !|4
kbP7(,M
9I4r4sW
Mr$G2{yw
=9rd;/
aPLib v1.01  -
the sma
:)*Copyr
ight (c) 1998-2009"y Jo#
gen Ibs
, A> R)s
rved.lMorQinf
ation: "tp://w
;softwa%.com/2
123456
passwordhpbb
qwertyc
jesus(78
letmein
monkeMdrago+rM
i7youa
shadowp9
chri_A
w]3v%reegm
SdfbocHri
mi{aBk
uaBuck
Ufaithdmmm
rlib_i
maxqazwsx
65432=amh
.pffag
=yspe1
%l9rob
ap7b$+i
\!q2w3e3
6uy;w7
.mzxcvbnm
&px&Pk
dh8P0;
&YUIPWDFILE0
SOFTWARE\M
D,6ulfpyN
dPWTSG
C*u|vM
Imp*vLogg
[jj~sGc!PS{=:C
WMy D!
bq_C"H
#4mKY'
OST %s HT
Moz.a	
{%08X-
wcx_M[|
Dy4vGh`
SCAPEP^&Wk
c786B&B8-
:.xmlG
-S!thj
<d+f=&@
,SAt	[
(eUpyI
JB-22Q
_ViDykfl-
/eb;Pu
dov!\	_
.sqlv0
s/	^,7F
CXu#1,
0NTROL
fI/ers
F2C0F-8094-4AAC-BCF5	1A64E27z 
FG}?9EA
29-Eo?757
4825FT73]}
j,+/st*
l_Wn_by
T h>, 
-A95B-
E7	4+d
6p%-5#	c+2
d)a57Ic
!y A #Z@wm
-6xRIM
YKNIQUE
/@ckH*K
'IGN;S
F9043C88-F6F101A-A
RV/*4&
u 51:b::\M
	Yi*TI
mbuTTYm
'Ql.wjf+
z1734y-4DX
;926B568FAE6`B{4
RmAil6
RmM T$
!c(; @IT
-laONM
pEB0	4:IHq
6a^m!iU
4DRT-%h
;3+#>6.&
, /+0&7!4-)1#
;+|6[ 
MHcpyA
D p! 	ViewO
7C?WidR#
rToM7iBL
p>+32Sn
,o.G	j|
3WF80]
-OhS0X
s;AM.-
XPTPSW
KERNEL32.DLL
advapi32.dll
ole32.dll
shlwapi.dll
user32.dll
userenv.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA