Sample details: fbe3a07978b91dcef8ecfaf5b96b6a94 --

Hashes
MD5: fbe3a07978b91dcef8ecfaf5b96b6a94
SHA1: 4fbb572708687e4ac3937f537ca7974d9af2544a
SHA256: 10ad1b79e0ad9cf97e8386f8492c47945272ebcfe358392f0643d3dea7e82499
SSDEEP: 384:ROzXkpGyyCMy8KDD/235IGsdl3h3BrOPdCyAPAi1LR:YC38KDD/GydLBe2j
Details
File Type: PE32
Yara Hits
YRP/Borland_Delphi_40_additional | YRP/Borland_Delphi_v60_v70_additional | YRP/Microsoft_Visual_Cpp_v50v60_MFC | YRP/Borland_Delphi_30_additional | YRP/Borland_Delphi_30_ | YRP/Borland_Delphi_Setup_Module | YRP/Borland_Delphi_40 | YRP/Borland_Delphi_v40_v50 | YRP/BobSoft_Mini_Delphi_BoB_BobSoft_additional | YRP/Borland_Delphi_v30 | YRP/Borland_Delphi_DLL | YRP/Borland | YRP/BobSoftMiniDelphiBoBBobSoft | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/borland_delphi | YRP/domain | YRP/contentis_base64 | YRP/keylogger | YRP/win_mutex | YRP/win_registry | YRP/win_files_operation | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
YZ]_^[
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
_^[YY]
_^[YY]
tYNgofPM
QQQQQQQQSV
cdz{yx
UmaKaruna.as
g`~v]E\^]SVf]t[^Ws
W]BWXQDYCF
\YY[ZW
SamuelLeroyJackson.pif
ADQZ]AF
e^SZZsNSUCBSw
QQQQSVW
Runtime error     at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
kernel32.dll
SetLastError
OpenFileMappingA
LoadLibraryA
GetTempPathA
GetProcAddress
GetLastError
GetFileSize
FreeLibrary
DeleteFileA
CreateMutexA
ClearCommBreak
CancelIo
user32.dll
TranslateMessage
GetMessageA
DispatchMessageA
0"0*020:0B0J0R0Z0b0j0r0z0
5	6[6j6
9"9,969@9V9\9j9
:":G:Q:[:e:o:
0@1I1c1
2W2`2p2x2~2
3(3@3L3T3u3
4,545:5@5M5S5
8$8=8N8c8p8
8A9.:m:}:
:-;J;^;f;|;
1#1@1J1o1y1
2%292E2^2
6#6,686?6
757F7S7Z7^7d7h7n7u7y7
8"8*828Z8
9'939@9R9_9k9x9
:":*:7:C:P:b:o:{:
=,=0=4=8=<=@=D=c=r=
>->;>Y>u>v?
3 3$3(3,30383C3Z3_3
$0(0,0