Sample details: f9cd3a8fad95ef98e235aae040bf359b --

Hashes
MD5: f9cd3a8fad95ef98e235aae040bf359b
SHA1: 5cd2c33bb266d7cf237db1c2f552a013881ee183
SHA256: 92fcf9c349205c8c2c99f71e0e6b8c1d11fbc05cfd7fe168ceec8c046353b6de
SSDEEP: 384:Qw3EB9LqnGHAYaBf+57skrdx/kiA6DzY7gbT:6BpqnqAeRrdx/kihDA
Details
File Type: PE32
Yara Hits
YRP/MingWin32_GCC_3x | YRP/MingWin32_v_h_additional | YRP/MinGW_GCC_3x_additional | YRP/MinGW_GCC_3x | YRP/MingWin32_GCC_3x_additional | YRP/MingWin32_v_h | YRP/MingWin32_v | YRP/MinGWGCC3x | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/MinGW_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers1 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!This program cannot be run in DOS mode.
`.data
.rdata
.idata
4dedde
357d3ef67cbf07e276b3e54f27ba5eb1
ekJSQmdeYxA8BXJaY0Z2B2BCfFo9XnZJewVfaHtAKx1UH3VcWR17QDxDfU52Uj1ae1o=
AppData
/index.php
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
GetSidSubAuthority
GetTokenInformation
GetUserNameA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AddAtomA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetFileAttributesA
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetTempPathA
LoadLibraryA
LocalAlloc
LocalFree
SetCurrentDirectoryA
SetUnhandledExceptionFilter
WaitForSingleObject
WinExec
WriteFile
_strlwr
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
fflush
fprintf
malloc
memmove
memset
signal
strcat
strcmp
strcpy
strlen
strncat
ShellExecuteA
ShellExecuteExA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
ADVAPI32.DLL
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
WININET.DLL
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="q" type="win32"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>