Sample details: f6a7fdc01d8104c77bcf8d6f895e0761 --

Hashes
MD5: f6a7fdc01d8104c77bcf8d6f895e0761
SHA1: 07180689135f1317fe82e96805b5641461873e27
SHA256: b0ab319aa530b95edd5eb1aa347693797a1a616551d3dc6c70a6b65c91b45f3a
SSDEEP: 384:n2Dyq0z2U5v9R/zQ8kn8INMdX9gugoL2RHul9023fR:4yq82Ud7/zfkn8I+ilm90GfR
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_Release_Microsoft | YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://newew.whatisthis988.5gbfree.com/Task.exe
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
j\h`d@
t&Qh`d@
_u\hTQ@
u*hlQ@
UQh8Y@
$Ph<Y@
MessageBoxA
GetFocus
USER32.dll
_snprintf
strncpy
__argc
__argv
strrchr
strncmp
malloc
getenv
setbuf
__iob_func
fprintf
memcpy
memset
bsearch
realloc
MSVCR90.dll
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
lstrlenA
LocalFree
FormatMessageA
GetLastError
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
UnmapViewOfFile
GetProcAddress
LoadLibraryA
GetFullPathNameA
OutputDebugStringA
GetModuleHandleA
FreeLibrary
VirtualAlloc
VirtualProtect
VirtualFree
HeapFree
GetProcessHeap
SetLastError
IsBadReadPtr
HeapAlloc
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
KERNEL32.dll
_stricmp
_strdup
_MessageBox
windows_exe
_MessageBox
Retrieving module name
PYTHONSCRIPT
Could not locate script resource:
Could not load script resource:
Could not lock script resource:
Bug: Invalid script resource
PYTHON27.DLL
PYTHON27.DLL
Could not load python dll
<pythondll>
PYTHON27.DLL
PYTHON27.DLL
LoadLibrary(pythondll) failed
zlib.pyd
initzlib
ZLIB.PYD
zlib.pyd
initzlib
<pythondll>
<zlib.pyd>
Not enough space for new sys.path
no mem for late sys.path
PY2EXE_VERBOSE
PY2EXE_VERBOSE
frozen
frozen
PYTHONINSPECT
<stdin>
<stdin>
__main__
Py_Initialize
PyRun_SimpleString
Py_Finalize
Py_GetPath
Py_SetPythonHome
Py_SetProgramName
PyMarshal_ReadObjectFromString
PyObject_CallFunction
PyString_AsStringAndSize
PyString_AsString
PyArg_ParseTuple
PyErr_Format
PyImport_ImportModule
PyInt_FromLong
PyInt_AsLong
PyLong_FromVoidPtr
Py_InitModule4
PyTuple_New
PyTuple_SetItem
Py_IsInitialized
PyObject_SetAttrString
PyCFunction_NewEx
PyObject_GetAttrString
Py_BuildValue
PyObject_Call
PySys_WriteStderr
PyErr_Occurred
PyErr_Clear
PyObject_IsInstance
PyInt_Type
_Py_NoneStruct
PyExc_ImportError
_Py_PackageContext
PyGILState_Ensure
PyGILState_Release
PySys_SetObject
PySys_GetObject
PyString_FromString
Py_FdIsInteractive
PyRun_InteractiveLoop
PySys_SetArgv
PyImport_AddModule
PyModule_GetDict
PySequence_Length
PySequence_GetItem
PyEval_EvalCode
PyErr_Print
PyBool_FromLong
Py_VerboseFlag
Py_NoSiteFlag
Py_OptimizeFlag
Py_IgnoreEnvironmentFlag
PyObject_Str
PyList_New
PyList_SetItem
PyList_Append
undef symbol
undefined symbol %s -> exit(-1)
undef symbol
undefined symbol %s -> exit(-1)
Importer which can load extension modules from memory
|O:set_find_proc
s#sss:import_module
MemoryLoadLibrary failed loading %s
Could not find function %s
import_module
import_module(code, initfunc, dllname[, finder]) -> module
get_verbose_flag
Return the Py_Verbose flag
set_find_proc
_memimporter
Test.txt
windows_exet
Stderrc
The logfile '%s' could not be opened:
Errors occurreds 
See the logfile '%s' for details(	
_filet
_errort
opent	
Exceptiont
atexitt
registert
writet
flush(
alertt
fnamet
detailsR
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
__name__t
__module__t	
softspaceR
_MessageBoxt
executableR
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
Blackholec
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
C:\Python27\lib\site-packages\py2exe\boot_common.pyR
filenamet
linenot
module_globals(
C:\Python27\lib\site-packages\py2exe\boot_common.pyt
fake_getline]
frozent
objectR
stderrR
stdoutt	
linecacheR
getlinet
orig_getline(
C:\Python27\lib\site-packages\py2exe\boot_common.pyt
<module>,
zipextimportert
install(
<install zipextimporter>R$
qFqkHjhdWwYuMWzXjdhqnhBiIBJTtxnjQIOSdbPMckYThJwRBnLmbJBgcvUtcAkCjxznQYcPEBSlnPVXNKkqneXTWsqPkKOaKeIEiUzTSWGuqCfybeUmkYpgKhlgHJQMiIVXWLfxZgi
__doc__t
ls.pyR$
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD