Sample details: f1c482aa72f8cdb7411339e16e68a1da --

Hashes
MD5: f1c482aa72f8cdb7411339e16e68a1da
SHA1: 9e031b18da32e999753045ea58edf1b7fb62ec82
SHA256: aa6c28b5f3f6fbfa11a38e078eb602ae12c732f359656afe28a5380928611340
SSDEEP: 48:ZvtDTvN71k6zeziKT3E1uPS3cCCVNAvlre8Ao8:Z1DTvN71k+gT3Nq3QAlre3o
Details
File Type: PE32
Added: 2018-03-22 17:23:07
Yara Hits
YRP/Safeguard_103_Simonzh | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/FASM | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
.a0000
`.x00000
ntdll.dll
RtlAdjustPrivilege
kernel32.dll
GetProcAddress
LoadLibraryA
VirtualAlloc