Sample details: d2fa2eb918d03cc3e0ff377ba90f6358 --

Hashes
MD5: d2fa2eb918d03cc3e0ff377ba90f6358
SHA1: 2812b2d30c4f7dfa87b6d5bdb20186af1758c776
SHA256: 4d5d3c145e682fcd023f3082c426e60349c1f413d80de6ee7d096088ba7b78bb
SSDEEP: 96:Z1MCMbMohNqpB6upyKMznZpiAqarswvIRPfGCnMfGCnB4wn:ovAohNq/TUjQRXTyTBN
Details
File Type: PE32
Added: 2018-05-07 04:57:12
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/FASM | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.asdasi
.c231asc
`.rsrc
kernel32.dll
user32.dll
CloseHandle
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ShowWindow
ntdll.dll
RtlAdjustPrivilege
s2lxza0d
3rYt3J
5qYt3B
sJu[`n
wwwwwwwwwwww
wwwwwwwwwy
wwwwwwwwwy
wwwwwww
wwwwwww
wwwwww
wwwwyx
wwwwww
wwwwyx
wwwwww
ws33333
wwwwwx
ws33333
wwwwwx