Sample details: 0440dfc8a0945da2a9633a19157438f9 --

Hashes
MD5: 0440dfc8a0945da2a9633a19157438f9
SHA1: 5575b3597b7963a636833b6ab13f97b4a97d6c4f
SHA256: 8ec11287391403c0eb185e3e4cf13d62f9bee4e4980d0b808b564d7a9890dbb2
SSDEEP: 384:tWBv5JwfxVjagvIzaxytSWB3rKKAq87vvxlL:wUpYgvIzUWBBX87D
Details
File Type: MS-DOS
Added: 2019-03-17 14:34:10
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
u.>4)c
'|gl)!I9
2Kj<l>
BTpDB]
oJ#Z"|
}*\m:b
Wa R:q
@xC*l m>qJ
v76gve=c
 ?/a5J
@		G}Ny
6i_zY2
j$4OMl
Dw_8iNTI
6@&H,.
I9}tzbI#c
RCz2\?
L3b*,&
@5HlBG
|a+m!U
a!4uBc
w*Ca "
zgM;dD]
dd<K^yS
ws?+,G]ph
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
SHLWAPI.dll
StrCmpW
MPR.dll
WNetOpenEnumW
WININET.dll
InternetOpenA
SHELL32.dll
SHGetFolderPathW
USER32.dll
GDI32.dll
DeleteDC
ADVAPI32.dll
CryptGenKey
ole32.dll
OleDraw
OLEAUT32.dll
ntdll.dll
memset
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>