Sample details: 0652c4c2aa2007e3186851cc9a0a1f53 --

Hashes
MD5: 0652c4c2aa2007e3186851cc9a0a1f53
SHA1: 04dde3e48cb9147c55870e08e83ffe3ccb438d42
SHA256: d0351eda79794e3f1d1fdce01a3ca74183705e1db6c1d488ddced756ad05ee5f
SSDEEP: 3072:Sa/1X+9bCJHziL+5rp2Ir3T99bnSp/C+9Bxfdt:292J0AFFZSpK+PN3
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
tKOBrx$
wsjs6juQ
a<`4)E
^aDT	j
 zq.`[n
|)r`Nj
	)=]cFdr
B>D)?Y
u%qkle
<;z70PfQ
V8Fbh0
Um]5$d
?\u28G7
JhTNx)
CX^IG;x
E&1;tg
,O(e&wF
2ke^x!
JHQCrZ
|rA{.f{
^9i$Ot
W*q4w=_\
jRs@c(
B?1[kw
`*S8##
"4,2ay
!-jPCm
2uZ0`G
9<m1sz
ZwkW&miN
Eh]\5y
wz:3LH{
v]B3%o
w'N+0,
.y[*yK\
\!oXU#
!6g2CV
Wsz*	o
}zOjL;
c8l#9k
[HP>'(cgP.Q&EhSO
skC#{$
j"!	fPc
w9E"Ey
P	et[H
a*	" 6
b$Kw#?
 }-hhNlT;
@_-gNc
F&`,tg'
rp[J@1:
b[&Z]}u
e9>gU;
`3ZNQ8
UGlB9j
\iv{RX
&FD&8E/
W'$QLB
<nFT~!!U
CuJ%y?
L	;D:*
%2M)7)
}E0"'V
U5]Rgtw
Fcyg5I
t>P?9W
'DQ,s4P
(NwiW9
8iV~yd
_[.C>>
`Cg]'U;
Q%+bId
>|,g5Rv
a:g#"R
N#pKV.
H[a&X}lg
Z"H]FQ	|1
G^^E(	
d)dfVh
Iw_C0Ec
hAQI{h
,H$N +.
7'XB!8
UNXEoa
{JL#]!
o?> Rq?
W"kX	"GW|I
&|/	*7<i
dSZyF(
>:?@oL>
~h W5+b
OpCj}1
wwIlSE
jRtbF<
DTG'Yf
>yBz'N
y/d=H7_'
lw4#HQ
Y$7`)5
7wE-U"
&sb7V;6	
i)Pe	p
-nC(Ye
"2~ZWX
S"'\so
tKOBrx$
wsjs6juQ
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
tKOBrx$
wsjs6juQ
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemA
CreateDesktopW
SetFocus
DispatchMessageA
GetClassLongA
FindWindowW
IsDialogMessageA
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineW
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileW
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexW
lstrcmp
kernel32.dll
50;0T0e0l0
1"1*181>1W1i1p1
2$212=2E2K2Q2j2{2
3 3(3/353D3J3P3i3z3
4#404;4C4I4U4a4i4y4
51575L5Y5e5m5s5
6#6<6L6R6\6r6x6
7)7:7F7P7i7z7
8)828?8L8X8`8l8r8
9)91979P9f9l9t9
:):5:@:F:R:\:u:
;';1;=;I;Q;^;j;w;
<-<3<?<L<X<`<x<
='=1=J=[=b=j=
>!>+>1>7>=>V>t>|>
?!?'?/?;?G?O?\?h?p?}?
0%0-030=0G0S0_0g0
1*1:1G1S1[1a1z1
2$202<2I2U2]2c2|2
3#303C3P3\3d3p3{3
4%4-434?4E4K4W4b4j4q4
5!5-555;5T5d5s5
6"6/6;6C6Q6W6]6g6
7#7<7L7T7a7l7t7
878G8M8e8u8
939C9M9e9
:*:2:?:K:_:h:u:{:
;);6;O;`;y;
<%<><S<Y<c<j<
=+=8=P=V=c=o=w=
>%>->4>L>d>t>|>
?%?+?4?A?M?U?_?e?k?w?
0)030=0F0_0q0
1*151N1_1g1q1w1
2%2A2L2R2_2j2t2{2
3 303?3L3X3e3m3w3
4)4B4U4[4e4t4
5&555;5A5G5`5q5{5
6.656;6H6N6[6g6v6
7#7;7H7S7^7w7
8'8-8:8F8N8T8m8}8
9!9*949>9J9V9a9k9x9
:(:0:=:J:U:]:g:
;&;.;:;@;R;X;c;l;x;
< <&<-<3<@<L<T<m<
=5=>=W=m=s=
>6>F>M>Z>f>v>
? ?*?0?=?I?X?q?
0)060?0J0W0c0m0v0
1*161>1W1l1r1x1
2%222>2H2a2r2|2
3!3*313J3_3f3m3u3
4+4;4T4e4k4t4
5)545>5E5^5t5z5
6,6<6I6U6]6g6o6|6
7'7-7;7H7U7a7i7
8%868=8V8f8
9$9?9E9^9n9
:%:,:E:V:o:
;!;);1;J;[;t;
<*<5<;<H<T<^<d<k<
= =,=8=@=G=M=T=a=m=x=~=
>#>)>6>A>K>a>m>u>{>
?#?-?3?>?D?\?l?r?
0$000I0Y0f0r0
1'1-131@1L1T1a1m1u1
2$202:2F2R2Z2`2g2
3)33393?3W3p3
4(4<4C4\4p4x4
5"5(5/5<5H5P5W5b5h5
6 676>6D6J6c6t6{6
7$7*777C7P7V7`7m7y7
8%8=8F8_8
9'979=9J9V9^9d9q9}9
:":.:A:S:d:j:p:}:
;(;0;:;S;e;q;};
<+<8<D<N<g<w<
=$=*=7=C=K=d=w=
>4>J>c>p>|>
?1?;?A?N?[?g?o?y?
0"0(0.0;0F0N0`0f0
1!131L1b1h1n1x1
2!2.2:2I2V2a2q2~2
2	3"383?3\3c3|3
4.444;4A4G4T4`4o4y4
5(545D5Q5]5e5r5~5
686I6O6^6d6p6|6
70767@7F7_7x7~7
8#8+818A8H8S8`8k8s8|8
9$9.9G9W9p9
:!:+:;:B:O:[:c:i:
;+;7;D;J;c;t;
<'</<;<G<Q<W<^<i<
=%=,=4=>=H=`=v=
>#><>M>S>Z>`>j>
?)?9???G?M?^?h?o?y?
0%0+0D0\0b0o0{0
1 1.1;1G1O1Z1`1m1y1
2&2/2H2Y2g2
3/3B3H3N3Z3f3n3u3{3
494C4M4\4i4u4}4
545E5Q5]5m5
6!6)6/656;6T6d6r6|6
7%7+7?7I7V7b7o7w7
8"8(858@8H8S8Y8f8r8|8
9!979=9D9M9f9v9
:0:@:Y:w:
;5;C;U;m;
<&<3<><W<^<d<}<
=$=+=4=M=^=h=y=
>*>5>M>^>d>n>z>
?5?F?S?_?g?t?
0%0+080D0L0R0\0u0
1)1B1T1^1d1q1}1
2#2.2:2D2L2h2o2u2~2
3/353N3^3h3
4-434@4L4T4^4n4x4
535L5b5h5
6+6<6C6\6m6
7.747D7M7]7c7p7|7
868F8_8p8y8
9$929K9[9s9
:#:):A:Q:]:i:q:z:
;!;);/;<;H;X;^;j;v;
<"<;<K<d<u<
= =-=9=A=K=V=\=e=r=~=
>'>->F>V>r>
?!?0?6?O?`?j?w?
0&020F0L0Y0d0l0v0
1#1+121>1J1W1]1d1u1
2-2>2J2V2a2g2m2s2
3,353C3L3X3d3l3r3z3
4"4(454@4M4S4l4|4
5%525>5F5W5c5o5w5
616A6G6M6U6b6m6
757;7B7O7[7e7q7}7
8 8/8<8G8Q8W8p8
9/9F9^9t9z9
:#:3:::V:]:c:i:p:
; ;-;9;A;G;M;S;_;k;s;
<!<)<B<Y<_<j<v<|<
=	="=2=<=F=O=h=z=
> >8>I>b>y>
?!?9?J?P?h?y?
0 0'040?0O0U0b0n0
1)1/151I1V1b1l1r1x1
2$2=2M2Z2b2l2x2
3-3:3F3N3Y3a3k3q3}3
434F4^4n4t4z4
5+5<5U5p5v5|5
6)696@6M6Y6a6g6
7%7;7A7G7T7_7g7m7u7
8!8)8B8T8m8
9%969<9I9U9]9c9|9
:+:3:@:L:T:m:
;#;*;0;I;Y;_;x;
<%<+<8<C<K<Z<s<
=(=4=C=P=\=h=
>%>->E>U>^>j>v>
>	?"?0?I?_?i?
0)0/070=0L0Y0e0m0y0
1"1/1:1B1H1S1l1}1
2-292E2U2c2t2{2
3+373A3K3X3d3s3y3
4!4,444G4M4U4n4~4
5"5(5-545?5I5O5^5d5j5s5}5
6$626<6G6S6e6k6q6w6}6
7 7&7/757>7E7K7U7c7
9#9-939<9B9M9U9[9b9x9
l1tyhnmiopkmnyunbgtyb
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl