Sample details: fc18bb82e42b03dad9e5a7ee55601182 --

Hashes
MD5: fc18bb82e42b03dad9e5a7ee55601182
SHA1: 1876f94be0659881c7dd129e34bf99a64187121a
SHA256: 8cc3dd7f45fd6559188207599b915b9c0b9b5c5a046cd1c5f0b7e929d9441d66
SSDEEP: 384:SWx1gS9GhyR6r7NcgLGfHUyCN2rlzvknYie0gSR5qaNJawcudoD7UHOa:SWxpGhNPNxGv1CNWAqI57nbcuyD7UHO
Details
File Type: PE32
Yara Hits
YRP/UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional | YRP/UPX_302 | YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_293_LZMA | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPX_293_300_LZMA | YRP/UPX_293_LZMA_additional | YRP/UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_293_300_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_wwwupxsourceforgenet | YRP/UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/UPX | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Sub Files
77354af20e83223c472406a7dca65e0b
Source
http://lokipanelhostingpanel.gq/work/doc/Upload.com
Strings
		!This program cannot be run in DOS mode.
YM7;r=7K
E}HJ[Nh
A([#m(
,' Ez,
y7no@XE
Ey*md<
f|j,Q)
1Z	V4~
Dv|WN1
	}9-)u,
zYt;ng
0K\%:k
Y(`"wn
D{;8^k
{0%f[.
f>4nG,
`_"1%t
-sXtVq
p[LYeu
;.H0Ic
zI~8x14
bs8qcv
VG![,%8
48 S]:z
dwNhAUO
?1o(E5[
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
9l$\w_
XPTPSW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="CompanyName.ProductName.YourApp"
    type="win32" />
  <description></description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*" />
    </dependentAssembly>
  </dependency>
</assembly>P
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
MSVCRT.dll
OLE32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
InitCommonControls
SetBkColor
memset
CoInitialize
ShellExecuteExA
PathQuoteSpacesA
IsChild