Sample details: ea8aecab7124e8f02d5c3c5345e98242 --

Hashes
MD5: ea8aecab7124e8f02d5c3c5345e98242
SHA1: dfcb9c05f3c35fb9662ac2920b4bc307f12d885f
SHA256: 353d13e06c526bd774a603d43a0ef66826604eaddd933db2bee067b86393861a
SSDEEP: 768:gT1pHrP/58ByHA/oEraNsNHPkD+JIKNMmfb+u:k1F358KAAErO4PpIKZqu
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Antivirus | YRP/Misc_Suspicious_Strings | YRP/hijack_network | YRP/network_udp_sock | YRP/network_tcp_listen | YRP/network_dropper | YRP/network_tcp_socket | YRP/network_dns | YRP/spreading_file | YRP/win_mutex | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/ZxShell_Related_Malware_CN_Group_Jul17_2 |
Source
http://www.heikc.com:2018/kb.exe
http://www.heikc.com:2018/kb.exe
Strings