Sample details: 0199115496c2cbd531d6cf215f58bd62 --

Hashes
MD5: 0199115496c2cbd531d6cf215f58bd62
SHA1: 2c828e325db58e9f175285649afb0e28be7e4a71
SHA256: 0bc4b51f70d50354b0f96694887ea582f375accffc15c2608f7a550c0dd02afc
SSDEEP: 768:LOs5LsWTu/6ZwsErunSl5Odw5NkDq1HTIm4y5NTaaRa7eOPLwprjlF7D:is1+SZbiuSXKw58q5ImRRa7eWLwprjl
Details
File Type: MS-DOS
Added: 2019-06-17 05:09:10
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
https://dabelmarket.com/blog/ecard.EXE
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
lPg3!b
VikAFN
~Fn>Kl
"k!3,0|s
1;K#e8
Sj,A<1
Cq)?qa
jja4%4
"4i.a.
7uQd/e
e\Ey">o
/F%mwR|(;
r,'_c7
Cv%w&Q
/*_<F`
(AE}#J_X`l
Yf(j]	8
S!=BmHZtZ
$[Pd~ ;
\%zwvA
?+sy@:
K`~ZtF~+l,
%S%iS!Q]
5P4_OU
<L?#?z
ib5&rr
XCeXq5
G_{oTD.1
+~8F^A/
\wj`yA&NG]h
-@0+]g
$!Pr]w
`r"Q9R-
 384auB
	J"]nL4C[
b K>iP
_4x,en^
\s!I8IB
)DeYKg
5)?pTm2
T<Fs\}
k9Byc\}
+92"XR
KPrt/[
%6w'R/W9n
5\saCKJ
JyPq-H?
Sez~>W
o;*j62u
ZSo1a:
WsDaXy4
<OE}f4I
3WQ3 'G
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
SHLWAPI.dll
wnsprintfW
WININET.dll
InternetOpenW
gdiplus.dll
GdiplusStartup
DNSAPI.dll
DnsFree
CRYPT32.dll
CryptUnprotectData
WS2_32.dll
urlmon.dll
IsValidURL
ntdll.dll
RtlGetVersion
WINHTTP.dll
WinHttpOpen
USER32.dll
ReleaseDC
GDI32.dll
BitBlt
ADVAPI32.dll
CredFree
SHELL32.dll
ShellExecuteW
ole32.dll
CoInitialize
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`