Sample details: fcb991d99796bfeac2378fb787b23d03 --

Hashes
MD5: fcb991d99796bfeac2378fb787b23d03
SHA1: 7a3c85c6d7e64b98bf029158a5fa2b40f194749a
SHA256: f842e1ebeb8787c72ab9edf4dfe5d365ad865798a5f7e2d07d48c1f12771925a
SSDEEP: 768:nUsdLspZtH3Whh11gHo7Av+EDknAnvI2c/t8b:NLspZch7Ao7ABw/t8
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/IsPE32 | YRP/IsConsole | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/anti_dbg | FlorianRoth/DragonFly_APT_Sep17_3 |
Parent Files
05b64d4f53257b911986480dff341e5e
Strings
		!This program cannot be run in DOS mode.
f0hRich
`.rdata
@.data
@.reloc
j h`y@
^SSSSS
t	j\Yf
QQSVWh
j@j ^V
URPQQh
t"SS9] u
;t$,v-
UQPXY]Y[
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
c:\users\moongan\documents\visual studio 2010\Projects\RemNPX\Release\RemNPX.pdb
GetModuleFileNameW
KERNEL32.dll
SHCreateItemFromParsingName
SHELL32.dll
CoCreateInstance
CoInitialize
CoUninitialize
ole32.dll
GetCommandLineW
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0"0/080>0z0
1&131?1K1Q1c1k1v1
3'323>3C3S3X3^3d3z3
575B5J5Z5`5q5
6;7S7]7x7
:\<h<n<s<y<
0!0*060<0D0J0V0\0i0s0y0
0 1&1P1V1\1r1
1*2M2W2
3#3)31383=3E3N3Z3_3d3j3n3t3y3
4 4&4>4b4n4
7L7R7W7c7j7t7
9!919`9f9n9
;&;5;G;'<1<><|<
=&=I=\=c=k=
> >%><>
>H?M?_?}?
1&1/1:1?1H1R1]1
4 4J4S4_4
6 6$6(6,606z6
7$7(7,7M7w7
8 8$8(8z8
;4;E;~;
>(>2>@>I>S>
?#?<?F?Y?}?
2!2)212H2a2}2
353A3L4
5Y6_6i6
6 787P8U8
<,<R<d<v<
:$:,:4:<:D:L:T:\:d:l:t:|:
8T9X9x9
:(:H:d:h:
3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5(5L5X5\5`5d5h5
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
E+QLI4
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130117000000Z
160216235959Z0
	guangdong1
shenzhen1503
,Tencent Technology(Shenzhen) Company Limited1>0<
5Digital ID Class 3 - Microsoft Software Validation v21503
,Tencent Technology(Shenzhen) Company Limited0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
E+QLI4
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
130523125415Z0#