Sample details: d5418f364f66f4b73644d5158a224aa7 --

Hashes
MD5: d5418f364f66f4b73644d5158a224aa7
SHA1: d48e37c905e8480c56370df15410c2c95cb21722
SHA256: 0f746450d4a232607b6ca2d7bdf2cd5ae0597a32dc7e21145ec1b4c0934e9109
SSDEEP: 48:ZvtQhbHNBBgzFshMU5bUnu9X3Ui/bZHix+1f+w8ekA:Z1QhbHNqpqbUu9X5/bZCx+Z0A
Details
File Type: PE32
Added: 2019-04-23 10:45:02
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/FASM | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.apdasi
kernel32.dll
CloseHandle
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
OpenProcess
Process32First
Process32Next
RtlZeroMemory
TerminateThread
VirtualAlloc
WaitForSingleObject
lstrcpyA
lstrlenA
ntdll.dll
RtlAdjustPrivilege
carmahot