Sample details: e455789badb125d500469a20ad21ab35 --

Hashes
MD5: e455789badb125d500469a20ad21ab35
SHA1: d50659d2d59fbd2578e69a2cd8bc396c0d83d72e
SHA256: 2c96152ff6bf0e2749d95af1cc9e189ef1e45b196fc29ec51dee7b0e048cd268
SSDEEP: 384:Vund8Lv/5fV64UvePcvLfMRGBfA6DzY7RbT:GdGv/5VI/fZhDA
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
1c7325
23b4d1c1bbad099329ebc045b8861b9d
ekJSQmdeYxA8BXdYekZ/SGpedgR9T2cFYgV6RHdPawRjQmM=
AppData
/index.php
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
GetSidSubAuthority
GetTokenInformation
GetUserNameA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetFileAttributesA
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetTempPathA
LoadLibraryA
LocalAlloc
LocalFree
SetCurrentDirectoryA
SetUnhandledExceptionFilter
WaitForSingleObject
WinExec
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fclose
fflush
fprintf
malloc
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteA
ShellExecuteExA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
WININET.DLL
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="q" type="win32"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>