Sample details: f9ed4f883513aba7266d17ee1d44b151 --

Hashes
MD5: f9ed4f883513aba7266d17ee1d44b151
SHA1: 2fe45ea402edc45090f0b6085c4ae0ce953dc877
SHA256: 2820171e29d8d35d5e8e9761fe19ffdd6a22f2ab437b3f2f9c411a7727ce0534
SSDEEP: 192:MfvvrX+R+5Dp/XIuOHKR2QwIQJtaOu0oAHH:C3rEuzR2Qw5tDu0oAH
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v171 | YRP/Microsoft_Visual_Cpp_v60 | YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional | YRP/Microsoft_Visual_Cpp_50 | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Armadillo_v171_additional | YRP/Microsoft_Visual_Cpp | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/win_registry | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
728406891a711479471be475bc567fc6
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
T$,QRh
T$,hH0@
D$,RPh
D$,hH0@
L$,PQh
D$ h@0@
KERNEL32.DLL
ADVAPI32.dll
MFC42.DLL
MSVCRT.dll
USER32.dll
lstrcpyA
GetStartupInfoA
lstrcatA
GetModuleHandleA
RegCloseKey
RegSetValueExA
RegEnumKeyA
RegOpenKeyA
__p__fmode
__set_app_type
_except_handler3
__p__commode
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
_adjust_fdiv
__CxxFrameHandler
__dllonexit
_setmbcp
_XcptFilter
_onexit
DrawIcon
LoadIconA
GetSystemMetrics
GetClientRect
GetSystemMenu
IsIconic
SendMessageA
EnableWindow
AppendMenuA
Access to registry is denied.
Norton Antivirus v5.0/2000 not installed.
Fatal Error
SOFTWARE\Symantec\LiveSubscribe\Services
hhhhhhhh
p@@@@@@@@@@@@@@
xxxxxxxxxxxx@
xxxxxxx
g######
g##(###
g######
ph=====
phhhhhh
g####(#
ppppppppppppppp
p@@@@@@@@
"""""""""""""""
)""""""""""")"