Sample details: 07c58ae3e23f58e913297ddf3cc1b3d1 --

Hashes
MD5: 07c58ae3e23f58e913297ddf3cc1b3d1
SHA1: 809258b0c0e12cc93ca61e2ec0b9b404b7cbb49c
SHA256: f14b02f665c00c8375d456002c12d8fac51f40ac0bf4a32e4df9406d7087aae9
SSDEEP: 768:g7hLa4zIfXmPvUVPKbb8SCHxpi5ivLHkGM5RzuR8XXnyTFWnDfsPl7D:gdeunUCbb8Sg1LElDzuynnyTFiY
Details
File Type: MS-DOS
Added: 2019-02-26 02:54:49
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
Q6/<a:
lEjz^2|; tn
^@D+:G
z.j|?a
ykAvlu=h~q
LtrOvYz
!qCvI'
=}4Wqg
>zf]ET
h``1_1
_Y_1hu
XP i0!
C:o~P;
^Kk6LE,
"ER:an
*t"fAj
gbjAxg
)@0b(!Y#)o
Vw4)#A
+wvAc_
,.@0d{
2\7_!K"c
Q_0t}-c
b?g0N~
e8&ndo
v%mfw2 U
qI*_Z@
#-q~lz
VhUOVx
%<dUJ`W
PM6A4#
vRHl#v2q
)B|Yk#z1wJ
%P%Tjb
{so|b1
%IL E64
m/(S/mc
2;GV/a
3.(Jytu<
pR\u~7
hYG;yT
	C;tv1WX
q^Y#n+k
LM&7Z*
2[sf%_&
@Z`(N,
9=x^2L
tmy,q*
a`;EwH
tscTOk
)cuvJo
U\vM01
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
advapi32.dll
RegCloseKey
ole32.dll
CoCreateGuid
shell32.dll
ShellExecuteA
shlwapi.dll
StrStrA
user32.dll
wsprintfA
userenv.dll
LoadUserProfileA
wininet.dll
InternetCrackUrlA
wsock32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`