Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: f26f910963bd7e057c8d9fba06fc1029 --

Hashes
MD5: f26f910963bd7e057c8d9fba06fc1029
SHA1: d12bf671cd34c31fe0513a739e6ff829dab60e29
SHA256: ad91f90b65c6dda21e67c1f077f8f6ecc29f7edb6c488e2daf3951d8fde2989c
SSDEEP: 384:BmiiX3z8fThMsGg7qoJIfy1th4tfp1lTZYbBWmjHQM5bTyrqFAXsgnMvl644JYd1:yj8fmsGg7q0TC9VSYmLQMkrqq8gM0AI
Details
File Type: PE32+
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/win_files_operation | YRP/BASE64_table | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://wuenschejetzterfuellen.com/Plugins/pipe64.dll
http://wuenschejetzterfuellen.com/Plugins/pipe64.dll
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t>ffff
@SWAVH
|$ AVAW3
|$0A_A^
(HcD$`Ic
l$ WHcA<3
|$ AVAW
,0<6w*I
|$0A_A^
WAVAWH
0A_A^_
WAVAWH
 A_A^_
SUVWAUAVH
(A^A]_^][
\$ VWAUAVAWH
D8(t	H
A_A^A]_^
t$ AVH
\$ UVWAVAWH
pA_A^_^]
@SUVWAVH
pA^_^][
ffffff
@SUVWH
@SUVWATH
A\_^][
},"plugin_
User-Agent
Max-Forwards
Mozilla/4.0 (IE 11.0; Windows NT 6.3; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko
Mozilla/4.0 (IE 11.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Mozilla/2.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; Ant.com Toolbar 1.6; MSIECrawler)
Mozilla/2.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Iceweasel/35.0a2
Mozilla/3.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-4)
Mozilla/3.0 (X11; U; Linux i686; pt-PT; rv:1.9.2.3) Gecko/20100402 Iceweasel/3.6.3 (like Firefox/3.6.3) GTB7.0
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
User-Agent: 
Max-Forwards: 
connect
socket
closesocket
gethostbyname
WSAStartup
inet_addr
inet_pton
Transfer-Encoding: 
Content-Length: 
chunked
 HTTP/1.1
Host: 
Cookie: 
Connection: 
keep-alive
aegislabs
agnitum
ahnlab
alibaba
antiy-avl
avast!
arcabit
antivir
avware
bitdefender
bytehero
quick heal
zonealarm
clamav
comodo
crowdstrike
endgame
emsisoft
fortinet
f-prot
the hacker
virobot
ikarus
invincea
nprotect
f4cky0ukasperskyyouwillnevergetfr3shsampleofthisbl4cken3rgy
jiangmin
k7antivirus
kingsoft
ad-aware
malwarebytes
mcafee
panda platinum
qihoo 360
rising
sentinelone
sophos
superantispyware
symantec
tencent
totaldefense
kaspersky
trendmicro
trustlook
zillya
webroot
whitearmor
plugin_execute
plugin_update
plugin_miner
plugin_brute
plugin_stealer
plugin_getinfo
plugin_injects
plugin_social_spreader
plugin_ddos
plugin_spam
plugin_ads
plugin_userkit
plugin_backconnect
plugin_network_spreader
/Panel/callback.php
185.177.59.179
CreateNamedPipeW
RtlExpandEnvironmentStrings_U
RtlEnterCriticalSection
NtWriteFile
NtQuerySystemInformation
NtFsControlFile
NtQueryInformationProcess
NtWaitForSingleObject
NtQueryVolumeInformationFile
NtCreateFile
RtlNtStatusToDosError
NtClose
NtDelayExecution
NtFlushBuffersFile
RtlLeaveCriticalSection
LdrLoadDll
NtOpenFile
RtlInitializeCriticalSection
NtReadFile
RtlDosPathNameToNtPathName_U
ntdll.dll
GlobalSize
GlobalAlloc
IsDBCSLeadByte
GlobalFree
GlobalReAlloc
KERNEL32.dll
wsprintfW
wsprintfA
USER32.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
memset
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>