Sample details: d37d626929b7936e948b512207f3a5b2 --

Hashes
MD5: d37d626929b7936e948b512207f3a5b2
SHA1: c811757f916d35790fdb35578dfbe96121ae8708
SHA256: 00ff3502b7ce4b1ecabb733a3f3af0d6c1b10bdae5f263f8c6e0cf558492b553
SSDEEP: 384:HHJRkgCJ9zFFiSofRnMo73w8LmQRIbGZIrjOn/wIl7q/OU:JRkfBbkL73wSI6Zhw2q2U
Details
File Type: MS-DOS
Added: 2018-03-06 19:33:56
Yara Hits
YRP/MicroJoiner_17_coban2k_additional | YRP/Upack_037_beta_Dwing | YRP/Upack_037_beta_Dwing_additional | YRP/Upack_v036_beta_Dwing | YRP/Upack_036_beta_Dwing | YRP/Upackv036betaDwing | YRP/Upackv036alphaDwing | YRP/UpackV036Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10039.malware
Strings
		MZLoadLibraryA
KERNEL32.DLL
GetProcAddress
.Upack
.ByDwing
;GJP~M
mX/4F:
dMhe)w
S/M?_0uUkt
=~H?l?b
Db=:}N
/-'{Kd
Qt>@Iz2
@G>Xgx
Nvs$ih
~	#:\k@-
Cku_RWU
yd1tW/
)FY/9={>
[wx_PA
`rbZ^@
d djeW
;,\Pg@*;
`X[+[Q\
c*.je=
a9V uq
m(f^sw"
=?xu1z
#)vV56Q
5-=n"IE"<
kl,$]?
hy ` dI
c\oL2f
\1Sx*M
	DJrD5
X/6bya
:8PH&L
%iU?Uq