Sample details: f67eebc5d10e94c363ce096313016349 --

Hashes
MD5: f67eebc5d10e94c363ce096313016349
SHA1: a49c77f24a76924d96b8413676f0823b416fa391
SHA256: efdf5f56ce6c45950b970ee887977a70a9eea10e9f5055814ae49c11ca83881d
SSDEEP: 96:x1iEQm3ru/rS04Z1JiHxMEUQFV4JVEDvG8AKo3T35V6LiDwS0qyfCzi:ximX0iJiRQJVv73T35NDwS0qyfv
Details
File Type: PE32
Yara Hits
YRP/Microsoft_Visual_Basic_v50 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg | YRP/network_http | YRP/win_token | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/Str_Win32_Http_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/Bin/Release/BootkitInstallReport.exe
Strings
		!This program cannot be run in DOS mode.
Rich{Od
`.rdata
@.data
@.reloc
T$8RSh
URPQQh\
;t$,v-
UQPXY]Y[
mmg-studios.org
geter/index.php?cmd=step&uid=%s&step=%d%%5Fdp
geter/index.php?cmd=storefile2&uid=%s
Content-Disposition: form-data; name="%s"; filename="%s"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
--%s--
Content-Length: %d
Content-Type: multipart/form-data; boundary=%s
Accept: */*
Connection: close
svchost.exe
{%08X-%04X-%04X-%04X-%08X%04X}
\\.\%s\
ObtainUserAgentString
urlmon.dll
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
WININET.dll
LocalFree
LocalAlloc
CloseHandle
Process32Next
GetLastError
OpenProcess
lstrcmpA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
wsprintfA
USER32.dll
GetUserNameA
LookupAccountSidA
OpenProcessToken
GetTokenInformation
ADVAPI32.dll
__PINGER_UID__
0060A0V0i0p0v0|0
0/1A1L1e1
1	2(2>2N2Y2d2
2/3H3O3W3\3`3d3
3>4D4H4L4P4
5;5m5t5x5|5
:$:<:T:
>*>/>?>D>J>P>f>m>
$2(2l2p2
@0D0H0