Sample details: daa8e8d961d0eaf5d6faf6599f264642 --

Hashes
MD5: daa8e8d961d0eaf5d6faf6599f264642
SHA1: 1bb65bbcc17794505c45f1d3c1cbe3f54b766c46
SHA256: ce92b1e00d9e59e937006032453e2036fc560b85f2da2cf9c91a23d8e823b1dc
SSDEEP: 384:CaOqhKEMc5gYjbaDxwS751LB7DjtpTPEBo0V2su:CQKEx5LbMVVTGl7u
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:34
Yara Hits
YRP/Upack_0399_Dwing_additional | YRP/Upack_v038_beta_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_V037_Dwing | YRP/Upack_038_beta_Dwing | YRP/Upack_v038_beta_Dwing | YRP/Upackv037v038BetaStripbaserelocationtableOptionDwing | YRP/Upackv038betaDwing | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10175.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
^]YQYF
~aH/N<
>#OnFK
Pg<VO;
V^!@V/
:{ml^r
KJH|3ju
FKs7x9
|]^7Ns}"
P<-,0At
BMFlfD
NY>;qf
E j7IRi
EG_F#]K<
5Q\g_!
6+vdMcT
yY~CDo?
=Y9jun
"0o%Tm
p7*w-"y
>v'\o56
"G.,=X
1c@K6Rg
]r+;V)7V
y_q-&T
 /dIZh
gSf5Tw
YN 1^i
+t>	1%Y;
}IqosR