Sample details: 0b958cebe151e6bbf45a8e53e9353961 --

Hashes
MD5: 0b958cebe151e6bbf45a8e53e9353961
SHA1: bf273585e184d8ba41286745759c87eae606ce48
SHA256: 3c7bd691b9c18b40b76e7fe74491593d0e0a9bce447ca8e26ca263848efc2617
SSDEEP: 12288:8SWe1yxcOHFTpuHQrdk/fXeB687JEmGTQTFn:Ke1yysVuHQruHol3GETFn
Details
File Type: MS-DOS
Added: 2018-11-14 01:52:57
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Parent Files
9dfb46aef9f86890b36b733f818ef763
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
evTg\;#
LmG&W@
 Zm$g~3
x)pMN{
Op]9YjJ
eU2^!3t
';-6q6d
O(nlv^
ka*:c;
7ZA.TF
hh{c+E
E7IK5J
PN;o76
*6_uWaR
DRaK*FQ
U^tCTt`
f^S0]a
hi(b	nQ
glNprw
i=W-lo
hPyj?B
6VL4BG
mM#	LL"
,*.V]@
A_xV'R`
8a*02O
qI`_ O\
#eA;>;
7[nescL
7kDmpHh
k`j^lg
R<:*_/F
Owum*B
tm!SUW
O.?e-NY
=[[IW?d
/Tkt[90N
hNGIx)-
ARS!\]
ZQ0hA`
^.z^yy
, IK"}
A_XAO`[
Ym<9}o
WN;]'Y9	
k	v:3}Lq
jmHll+
G'bSxc+
%wY_7&
l>"qlz0xjha
+c%-gH
>RUP>4`j
1gZ5%hO
~,4Y}s
h$NW*P
b{lDUXo}
L#POY~
s%fwEv
EjgQV?
<#;$t7
&z0RwJ;
j%&2q;
SnA~?v
sY<=M#&oK
|>cv1C
O(K('$
SBe#Sk
Sn2k5yXB!
A2z1tJ%
uw'lCD
%Wsm{l
(dh+2k
}MCAG\l
H1xm+w4
UadZtP
e:+EC|
}[xtPjb?
$:"%&k
eC0"Z/
Tt)>0>*J
yF\7S8
^ti/et
=QT:sF%
K5><j8L
:7`};t
e^l!gV^
~eIg*h
v5O`56Y;
C:f6x`
j]aHEw/
G(NN1^ei
Cc+)Xo
{?2f:9
bcQ2S r
(}b$@`
fE7Z3u
$wMkz|}
O6V2|:8l
o)9hmL
5Ff`%X
rAxQZA
b.^nusts
@l8\ HO
?^{UvY
|)W]C7
i( "sc
y4CI>8
%^Ejf1
mo<-AG(
oE]GnA
C\I2Ch2B
~w>ul:
AF#C\Z
]N_%zF@
AGB%v?
vP;AE$
8-.Y]nK
Vj{'%m
g	|+QB
y]/i0$
%8Thle
5d8{4i
4ut7HN
g5Y} y20
=RbfPS
(eYDtD
<6u()m
}O$>!QSFcE
 -C9hh((a
+FKhf4
#6tVdl
azr^yv
}7Nj)rZ
jI-dh/i
@urICU(
AfL1M4&
2l9|!_
}],dOg
U.6.nmy
gDE$7c
ghd4S#:
LacAkcT
up2rRz
8r{T2R
<|[/<T
(Uh.Pw7
V!31Ga
`T$4,N
u@iX<;
:[hN@)
 <NjSx
pFH~Q9l
=CEKs.
yfdM\>+
z5F.mF
,mrBsG
eb] !G
Zrt$H 
TGe /%
BB w,n
>^-~~V
ngH[<~
^TE5B-
S	VY/-
Ki2kF_0>
GT+G`k
ATcPYaV
ag{(^j	
IDy$J[
hw96%?S;S
ua3Czr
C|XGC@
KSF|8/
	Lqd}	iT
&m4]%|
1O1QVR|
1Q?}wQ
]}AD0{
H'VB)&
4{ef1@
&-naV~
e0	).}
eK<a-C$
?Od7F 
%rLW;W
iiUh*/
4ZC	;V
2~_g{2
o=G/AbF
ix2-OQ
?cn$/A*
&(d+%t6u"
%yvt>N,	Ei
xTu@/$
<lG)Ba
3KsilN
N-!  Z
Q	??=]6
V5w1U`
{0wK:F
,x-H7B<
qb:F_s
GwUTH%
9I~++W
NGw*;Rr
 *KT0/8
ka|L1OZ
"x	uAE
Hu]ZJ.
2HE)9y:
%e"Ja4
%i?B)K
 F?Ro/
+#S,.ii
V:0"6)e
3)s"09s
+h+@5>
2D=6yYP
|0!ciJ
Ow0+X[H
~(O47vR
M>/O7D'W
=$!yV%
CBP4^h
PKP<*}
hjY P;
2<92^r,
@Gqj$3_t
(`$}yL=
ict _j
aN'5<@
?V#Es\
|Kk7`5
UBg+@^
A+76G3X
iFRm7v
%zZzl|
.2BY|?
C}#G46".	Y
	6\I%h
*<M!O[
y(d2')a
600;"z
-_laSR
5{%G-N/m
BG=1 Qc
k!i?DnhS8K
xp#*E/
mvGegF
y6ED6M
a,^7Qi;+'e\\
=LxW}*
.vFZ[v
?,'u=#
A^YWlb
GAwKC)_
%Bwd1\
IKm{ut
Fez_b{v
$MB}bW
[U*PaA$c
4uBvn,V
P"Hb!ki
&QPEa<
xPo/P{
tsK+b,3H
sp;qaLT
/9L"XSN
I:6>m(6
 W]0>b
+FU']S
l{C[!"8
?XeN52
>se3T2
0Y*+\=
We),"P
WGNj-%X
gKswui
c7*iRY
``{yEGJ{
|%R,@u
{B(e^3
$2F%AB
,v;ZrJ
@1.aRd
A_^a58
+7[x&t
)_#x6+
z(5ZaJ
K njlJAI
$PFv|i
Hiwq9.
wcw]."
W9{VX!\
"Zs//b #.]
 $ f1,
@\8QDCU
6es{9W&N0
BLt~Nz
qS)RxA
U*J\qn]
"5{W)T
7ih]?5
ZGHA}8`
m*vf4P.o
<GhIXP%|q
My7d[5
j##H~-o
usD(hD
dw W1a
Wu}0"/D
SVun3($
Ogo6V"
(QYp'9
,{`O5:*z8JM
4BvXTU
81+uBn
vrRf:S
IKS}ta
5&B:J5
t/*@("\
Aw2{6(
/MEWd/al]
d43+@1i
Kv\Rk%oK
<Pkw7V
?7yETH'"
}_aywP
we~t}n
L4x^Z{
4'Kswq
k3^mqZ
Ns`K`	
Zl:eCr
|i{Ue\
F/x(>_
;(/L^/N
J{#.0`0
6`4x	vZ`
CwaPbj
][6}>pj
Cn%3h'r
82^6zyZ
]o.\0S
o!|/*e^nF
[hYr|;
avRI(B
fTn7x!
IIJtH#
YZq*Y	E
)hT,_W
Q9z9~r
a-+@.m*T
e=	TjX
~"`>A{Vwf
&tk>nLU@W
Qt,jx\a
k?tEVP
:@KA+BQ
#kZrEl
q%!M>m]
z*g39p{Fz>
;|e^-)
%&~[Tr
[g3f{2
u]E:n<
34=|W.
ohwvd9>
?E]frW
0	FEK9
>O{QiDG"
v[_>GC`
)v,2ms
G_1Q<,
r`su\W
I%c4T,
o:vl&}
gUE-C	
.1(;P"
q#3;p'
x@UUM%
Ncv1XI
`r%V%b
266w>o
(sS$=2
8c{2uk
		Ea]a
]t~\,c
nAv#6.
CVCB0V
h@1W :0
coaIH>
&bZz%W
212l?f
9NL`O^
a}	OGf
xkeSx8
FHyk;#
2)jJvN
3m:Oiz
FNOK0[l
$L#Cf{
M'+8,~
4qH?##k|
;zZglhC
6nJm;*
iY;u39
dJL'TT
eCS(+Y.
>&GeeTs
=rsRKTxm
g5L=&m&
brGNq 
G+D;uy
z=n\[$W
_4d{u-g
j3OTy*#4
K+nXn$w
:}\VP^>fr
Hne~#4
a+h^S/
4Ir7w68IT
9]!@58M
=bk>^M
T-\f1 
_#X?&R
@pDou.,~3iSl<r
ry\9:<
RllFL`
$Utea{B
(ovuBO^
lpwsgX
yD'pJ)
]T\qeT
M>Xp,+f
q#bn#5
]\V`T@
[<H}:}
)+A%3k
zsp%Q>u
A.\y=Q
xNwJzu
Y|w6\{
DK2o8b5
#V[J-9
`mQ;MU
)#j(|d
<r`Bgm
*rXqfqm
ZIAO'2
Jj]!Z@!0
f3NQ6j
(`M7YSa
 R	m]T
I^CZDf
Wy2314
=|nvQVf
|87MPEo
udBP}gc
hv@8#	}8!R"
:XH?`=
5jE>dF
'O/{^<
PmPUzB
B5t0Ftca
>mj	S2
"f^zxPR
X4#"v!=
@:8atR]
Uy.NI*
Zg'V%/
4%p;5AD
g&g_$;
A4=viKV
S(.8)j
gTC-}F1
QW9TU|
'.h|a(Ya
pxzDQD
a(DU3A
W\f'_E
L,W*T+
fuX/]T
*;R,s0
	vK#RJ
IL[WgLO3A
t: +$w^
cQ|K=s0V=
LRrafwF
yd$hZ[l@k)
	?sygW
5GI!_%
5Z/BX9t
0x2/WV
}8[]5!`
)_P1"`w
o(rd(r
1h4|A;
'6%^Ck
q`-3] 
t;>i	62
}t3gy|
 Jjrb?"
%apwX$
phM}0H
]P~jtu
fHQ1,H
*IVO\~
1Kf}Q)wG
)N;".aJoiZ/
)hvZ~`]
,P96KR
$-.&D\=1V
I[I*P&*6c
UPhWYY
n}j~<(
J]9	x?
]xN0>?
PQ vlf
p![9%)
d gG#f
5n\_,)
9]wg%gL
]aV~l@
l)&e@b
lbFX6Ho
v	>s*;[D]
<_jN(S6.E
22|2QH
[F(u-K
wOB=j`
KZmkc"
Y.sK0f*
$cVil 
(o:RsF
~e)SQA
 4{Gz1]Q*ok
x-#Gf?
UUq8WDP$
rN-Y}MF
@@,L3%ZWD
i6^f&~
)IKhY{?>
-/%$$l@$
T-"nV	
~j2)QJ
x(ls`=k
4w%N#=hs
i(Pc-ZH
F#GHX+ 
q1	d]S
b^c'H^
['CB5n
#{3^a&
b?z!4jk
,AG6YMY
k2;4$jbo
Yr40'mT
S`hT9X
*I7mv 
JSg'0r
1o`f@z
fIpk}\Y
 V!qUv
kH6(y<
fdm+;x
t^]?VB
)JFBM>
  ZM0<o9k
E$z&1G
z},Ws5H
*/OGA0	O
*JK_xw
[T|_*q
tH{E?ZRy
(I.k&.
qH|B_Y
fUB5u?
*UFKnF
HS>f1Ex?
j~VESOJY
~5o	+v
9Bs%`Q
`{"`(= 
&oumD8l
6PN[c.H
tK&*y{
57o|zyn
:p.fRNJ
b|{N&qp6
OHT.vl
z  ~p9
vs^;{^a
KIlw+eJ
rj*2H+
#JC5mw
AZ2fT8
?62b.x
>Hy'-x
qg3i(W
JU5%SE
6B./y,<
RhYLy*[
R$yKNzNm
zaZ$<+
_`S]8^1_}
TzQ#;p
hDN_b!K~
h>/Bh`A
FA,Zuw%
6xho(r
,aoiHL
wiR{lv
84s"jv
Uy*u'5|
U#sI=Q
}yd	|~|<
_L72,QH
	Hb^cY
!"(|!6
&%l7yDw
!Nk03!
L9Q:;P
#l@"><6/y
nFM:tj
'Jc9Ee
L$'"<5DW
fCmEccK"
,09wyZI&Kd
s+[srA
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetSaveFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
FIDATx
?ymFrO
0h_Q`p
wz]vqq
ul31#/
bZEx_(
3R'*3i
(:ow7[
=}pr~r
sK%pi]
H<"k<XY
B!x*?a
g`%!lE
%9DW6*R
x*T"G<
P* P-<
D"Q<<X
IYgD}0r
6"cMCC
gAU.RnC
 6H2tU	
:hkTn\
@w0gmX
)3hLYIX
@o0b}X1
7>N	u"
:^Anvb
SK~B 6
cq^N4P
CYk=)$j
lxwdn[
#o|m(U
	N98Ai
SN?mn( 
e22RFxrw
@-&XJ+D
YMYEF(
ObkGO!
L/rv[d[3Fh
 BOuz}
pSX`1$"
MuXpfl
1kOD'W
w4=WP`
eV.~]&@
p:gl4+
ay\9)3
TX``k=
"""""/
p_LtlXE
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>