Sample details: 0724a763e52178fa8be13a735946221d --

Hashes
MD5: 0724a763e52178fa8be13a735946221d
SHA1: 3d2caa1c6a56a78dd57a2957f1e796b56c382064
SHA256: 4e74dbcda5658eae54942d5a67372aafb9a2cba7da2dfbee7a87eddbbd373e29
SSDEEP: 1536:FqbVlNXigx2offr9cdXnouy8WIP9WvnrVv:FqbVlMxofT0outWM8rV
Details
File Type: PE32
Yara Hits
YRP/UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser_additional | YRP/UPX_302 | YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_293_LZMA | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPX_293_300_LZMA | YRP/UPX_293_LZMA_additional | YRP/UPX_v30_EXE_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_293_300_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX293300LZMAMarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/domain | YRP/UPX | YRP/suspicious_packer_section |
Sub Files
fd58aab2a651d84459de1e09259943d7
Source
http://abc.buysalenet.ru/moneyscript.exe
http://abc.buysalenet.ru/moneyscript.exe
Strings
		!This program cannot be run in DOS mode.
duZ^nq
ef#dO3
MSE=5g
ib~l>n
K)5xVO
u.p#16
&9!Rztj
Tu9BTZ
.I{/#.
&1=?kd
ksS)vQ
T8Z-u@wJ
hRyw`)
.fbtF4
$E6-<u
#7kDUA
C)-qN[T
DZEU!SV
3KypV=
_%EfG)#
Ri[Qe4{
7E	FkR7
\QsnhW
nAe9XQ
vjRS	w
7AUo5b
<Frs06)~{6
H-LcmW
.Agw*n6d
3:z}S?V
?oPJbw
%2fL.kf
AKr/&1&
Vn9ZUn
oXW0LlSB
HdW(D[
}Kf{Uo
d^S<OfL
PWV9tL<
gQu9i<
%&/*Rg
GmA{g7
_#Jy7	
j~?jdN?
>f>~q)^
BqI`?	
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H)
s`)L$4
D$t+D$\
9l$\w_
XPTPSW
123456
-LUUU,
CJ8/EEW
HG6[?&
//&&!u
$)1hYal
 %,xx~
$.W/38
!(/UZf
$)1Bpw
$,Vbfr
'7Zp$3S
 "6<D~
#)}(,2
06>x39AiEL[
 -KF?Y
KERNEL32.DLL
advapi32.dll
ole32.dll
shell32.dll
shlwapi.dll
urlmon.dll
user32.dll
userenv.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
CoCreateGuid
ShellExecuteA
StrStrA
ObtainUserAgentString
wsprintfA
LoadUserProfileA
InternetCrackUrlA