Sample details: f6c1e34488dfaa4c1c1723915a5bcede --

Hashes
MD5: f6c1e34488dfaa4c1c1723915a5bcede
SHA1: 61a2db2810aa618a11d0839f888a4094b2ede2c6
SHA256: 4bf1daefb30ee4c067c984ff54de9df23bb3af0d677c4e74e169590a4025c9aa
SSDEEP: 96:qtW7Tfyo/+t7WjJlFVneqkfqsFtJ3KPLjbfoWfP68:rfyX5WjfLxdsF/ofoWfPH
Details
File Type: MS-DOS
Added: 2018-03-06 19:34:28
Yara Hits
YRP/WinUpack_v039_final_By_Dwing_c2005_additional | YRP/Upack_v0399_Dwing_additional | YRP/Upack_V037_V039_Dwing | YRP/Upack_v039_final | YRP/Upack_v039_final_Sign_by_hot_UNP_additional | YRP/WinUpack_v039_final_By_Dwing_c2005_h1 | YRP/Upack_v039_final_Dwing_h | YRP/Upack_v039_final_Sign_by_hot_UNP | YRP/Upack_V037_Dwing | YRP/WinUpack_v039_final_By_Dwing_c2005_h1_additional | YRP/WinUpack_v039_final_By_Dwing_c2005 | YRP/WinUpackv039finalByDwingc2005h1 | YRP/Upackv039finalDwing | YRP/UpackV037Dwing | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/domain | YRP/contentis_base64 | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://52.161.26.253/10141.malware
Strings
		MZKERNEL32.DLL
LoadLibraryA
GetProcAddress
 	otX)
KkL~zj
foi{"\
`WQVCE
p6'z`l0M
gY33he"
inrtau
rot;gY
`)m*U9
JZtI=KNh
5}T,!R