Sample details: 0c139ec060ec3d45a9988ed2d79b5cd3 --

Hashes
MD5: 0c139ec060ec3d45a9988ed2d79b5cd3
SHA1: 891e02b4936db3d7aefceb2a63604f4db14b535b
SHA256: 811816ec76d6fb289b7505202cfb1fc24b74befccc9ca5418ec7d83c30983da3
SSDEEP: 6144:+jWL5EHy9D3DMxB+fT7F2ytk5ShAe0cw1CeV6V4OIbKRNzyMbgFeak602Cn9:+St1ZTi+Y5Te0c+3MdIbKzeMbtsCn
Details
File Type: MS-DOS
Added: 2019-07-16 00:12:40
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://c.vollar.ga/SQLAGENTSIZ.exe
Strings
		MZ64916
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12*
p}82VK
o6:E:m
"|h@K9
5#vP$k
l)!`?'"
n0D~LB
T@]\ B
'k~/Kv%?fh
5>DbY:
`tn== 
Ck'GfP
K&,G C
&q(d^hw
=rw^U=h
ttv.s_
TlK[-ThX
*#TB>ho
wwqb/X6j
D03`v)
;	Y*Az
G&U`ZlJ
r>	l4~
K[*~Hv0^
]DN+)u
b{qW+1
ql'R'a
($keJ%
_0gC~{d
'n{2N6
pSH4wn
C],jU!
vp#&~{
Vtih7yW*
Q^gLI9l!
_hI,*g
<!Fit-
ieE7N85
f{~caC
.|:F)@=
]?=u06fv
q"fl]r
bY(J?;%
R]/ugm
Fttpj^
b`zv	Pe
	cTq*wM
3jfDgO
(h	(tD
S_Sfvl
pvY}MN]B
-Z7~(-
|qP}EQ
 -g=oS
.svE ^d
yOoqw1
m`%DBl
}5:g;,
+(oQkP
fY6VmYGU
\,KIyP
9 =k7c
u&S@kX
aBzx<X
F^D$7]
I;"+d+
5MM9})
2qQmw}
8,uq,/
Rwxh_:
y`5Q&|[
3y";Npv
2<~MmA
TS@r|-r
17^CgE
K5NP=a>5/
1jGj|n)|
H>[,+i
t!c0pH
BrA#Ab(
<QvD<Bq
Dlv5t|
.uh=K>
QSE9bk
~*Ve`2
"_/#	d=
%]A?%@
5}maRbjX
	: a,z{
@DT~b_
*DV,33
0O>G6p
'c[Y.z
S3j?u2J
	z|B#V*
x6,(YP
TxuuaPUC*g
{@6t:J
tXP6gQ5
6dZ0jJ
sDx/Z}N
,YXgH<
nDXZJr
~,CPz+|}
l;oUVxmX)J
}	lKds
)#-_2R[O
V9szK-'
{vW)#&
f02a*}
kt:2\a
biNd$+rn
q'5w,|
yCFBkEQ
 *'&;2
eMCZ>I/
NYjL-a
#d9^b)
K	ZRx	
ha4WH&
v_I	v?
Kh#G>P
TXl!@o
,XI	#J
|$_=;j
X(y(kt
T[Ayer
\tJv'(
XkKA%N
/l7GV=L
fReATS
(Yu7:4
w"U4@f
v6M%B5
~t[xOq^
nmyGo9c
+z!xC8
<;g{| 
5\ie5.
)/1M,lO
HQS1O?
N:0 We
K{31q3
}1lg}(
^#Eg59:
I6*]wf$n
HgX!@*Kl
4n5Ul"
n+KcGo3k
b-g[Sv+o:
Cm(I][
?^aE.W
i*X-8IjDz
z7t@"+^U
<`TAQ;_
KI6 3n
W6c<zA
QuTZ5"
@Y{}@7+
YG4b==
SZ~K{?
IWmntK@
zCQQE@
KmS~0X
_-pX-F*
6e`WLD
YM`qUZ
v#'N J
mvu<w=
KIU>f0
6kLuq]bM
<iirZF
)XvJjy
*14E!oR
``6(Mp
Pk?$nH
lK!|EH
b:m3IX
na@@Zm
/y6gV|
Hj1"/I
$C4fYk
_j|tYN
k!1<B3-
WXNUyn
0ZqqR0
7F 1t)
m19R}+
f-\,P0~
"tpXLj3
I~s`7!
QManpK[
V_Vw1B
5:S8"#
>O9>q;q~
z(^ {,
+l+Mzmy
%4_<J=dp%
4_no~D
vgt>F+
+*.L,#
EC|Wd%
0VQ`}J
r*`se]
<-J%7N. }0
NT`qWVC8E
fK]lu1
wUgX-i;
HhdP$P`Z]
<b2!V4
e:&!U3
im<>'5
Tgg1+(
L=57y~
u)k2y"
8xKj <
 `QSM@i
Y}&wP~
co&1![^R
|*X?Vo
x[xb."
Y8\<{v
ZP&D,l
r\#?Dt
\fAu%O
mcg)	=0
`GT;lhFq
\2|)&";
\p\(Ig
sNQ&	M
<[iXa*
'NR.+W_
@a^29H
7Epb9	J
B[F.)6?+
'vW5|F
)k$2~s
M1f_#N
Uzu7O~sM'
BrT;6w
VXY	@U
l?'=Df
=FI<s@
TJ?XY=>
7PsD4=
]7Vj"z
VKZ>`L
WYsJf1
A~t4"U
e_->|U
Smh9S&
\OGnO`
=c)^arW
.C:\#(
u,l1E}_
TcCEi)a
UIfve	/
oQ3tRV
a Oa[.
MPRo^1
"e8,{,l
9M{{8<
S)T;aDq
zUn)r)'K
&};{Ai
<'_6lT`>
0qFA-.%
-Apc6!
=H3d/	
x44Z1'
gr>![5
R,TCdm
d;9#Iw
.GQ\`@
-g@eDG
O;fDA)A
xD-_lj
`dN$5gR
J81)nY
~T(mO>
.:P/n'
cQ7Ckx-
tnsh@*
Zp~6W<
&<([c]
qPZw*]
@"tu@Zw;g}
0YT|fl
>_Dj[De
 jqQ}mcH
d/a2Gs
SJuBU7
7G`-]q
)mLW*$m
H(D(j}
Da"u]D
"H]o*Q
\$#IVj
W"Y!(y
wqGzz%
B:2OLV
Q"m	%CQ
yE&h>*H
TRxboO
/X1AVEq
w?	Btd
*I=`7n
qMI~"z
/R<XEC
v$Pxxr!~
$w?@hG
w7,Lp:T
/K,j}R
U1-zfI
?WGH1WO
|48P;@
5*6jKX
V*_)&B8u7:
#)~H$3
m&Yy9{
Pj CNE
`:j D]
Ofy=#y
JEXqQq
}Tq)7@
alfHW-u
L?f0N#*
b-nBsY
_BnV6	
]OyZb5
3K,lK&/
0"+hr&b
[xp5tQ2
/h'<qcT
3g+QmS
Z(^e)I
>yCSQH
B{YUY4
-MWh?&|
Tw;6X`
}O\%#@{_
?'qVZO
*@SAA`Q
-mk(=N}u
*GlMpvt
: UIA^m
N`3)nJ
blj:PP
|G\*u_
74wuHb
_,u>~k
oo]g5FJAV
DKqMtB
/N7Z2Z
n_JK6Y
c-.aZ.|
&TYK}7ae
TX9e;4
Z{a?]t\J
Iu*|10
J6Bgr4i
'c_S8Ly!
?86<`l
1`%d*4_
O=neuC
Z?H'EK
(Hzv(-
`qLn-,
gm,bcW
WpCz<;
xu+:#1
0gZfb 
y0l_;[l?
SoRQvn
i;W>,1U
0A0;_ME
t~pb"B{u$
/M}<PW Rf
Z.~Q!%F%`
ShBrM^
r8o>Qj
3TE@tO
U2$BE 
eXY")u
03MPQD
g(^2Vdy
h[Y~;)UB
bk5y2	
hH-.y@/O`Zb
!O|;'L
WlJQEaM
$F8:/J	
w:"x'Qs
";9>~"a
baBV9y
ic'scn
>0sr%A|
<n	=1B{.
?A(9}Z7
cJ(V\v
z H]C[
MTlxGP
07##5=-
)mD85g$
Z;!Ng{,
LI]*w3
^NCL!Q8E
8#3QY+q%B$.{
r^t->&g
+{v5sNV
+jyGq.
`-;6dI
Ipi7IN
TN!AhS%
og`Fn%=
?n{Neb
f:L%rF
#d-VYD3-
SMd@cf=
|(XJR3
Gymi !
X3DQPY-
bjE,@%
UT(kEJ
p"&fz1
]xQ4<B
?^HjQr
,4m(hB
Q-8Mb-!Q
NF4d]1(
)?;jb	
r3u@i1
) 1:AO
TfaUQO-
&0M_&n
l IBpHR7U
@M-!f%f
1VnMGE
,aQZ6dX
8*i!=L
KjSQa/
G@pdRS/tsuY
F51K]g
PSyHH:?
$/+t0r
/@P,sXK
J\Gz&w
V+]v[^
:)AEt6
!T/R4]
8~IC"?_
]@%-0b
;%RoFu
kg?${U
>#S9tK
k-w81t
5FKI]D:(R
kayqm\
<D]~",
hOP;&~<
>f")Tb
7S4Fp~y}
 >-]t4
(ZaT}W
.FD~Ule(U
>RB^}W
v>y9{L-
"W%	l+9
ok+66LT
,3QTX?9f7
 \=mW@
i;ns$2
&wO71+s
Q'aM6>
`jTh?i
A;hHcN
qlt@pq@@\
;3B7O$q
Ab`}gmBc
j<CU!6
ibKu:j"
p!8wYv
nq1_O4
	$Xi$0
c,X#;1q`^k
$HQ69F2~
Q'{}i	
u='>D=
5;i&\`
AOCQdh
c9|;%vC
gs2+q%I'U
1qA.MH
%a{iGO
md(KuXv
]9WT4V
Qrjt[L
C{?EmB
0dLMuz	|
Z]_3yr
mDGkL`HG
?q;R~?
GVO)p1^
[	DEdP!
i4Kb3U
}o5p -
6sj3$~5
P>58A"
:Z3>m:#\
)ZJ.S+
GMGri[
?L^P7VK
`sDLY=
DyQ>zR[U!
=ksA_7
xYNE*n*
1et;Ef
C<'41	
z]qb23I
=Oumi:0w
]o	<VR
Z&nAU;
\{OueUI
!gZ+8rF"
r)_X6'
P	H-g%"
Wc}	fK;^
:-tG	5t
M{i[`3#
X	*~.uj
/woC z
q"5"Mh#
3	/pga
~dB-+H
Cd(e\BW
] HPZYr
TG- }F
>fnu$s[
K;|en`
*teEl6
H+YgvH>
)+AU?B
ohJ5~pV
+3'1&)0
i0phYOn
Lj2<as
N|(3Z2
z_dC(_
W{~mAkp
STzQM?
0sp\-d
?nN8]|
y!lYy4x
)S.Gl8
x\$<Mu
^ U^A#
FFg)w<
!zS,hly
@z~l{6
oO	ZiF
'izF3Jz
zm2%3Z
x;fYM*
GHO{>n
r*c?Plt
u(4s-F
Gq	e=q
3@f]Ui
iX?4C]
6^&v@w p
r-Mcmz
9ZAS`u
Wtx)IIxKbU
Tx^';g
w=tg#B
2L`(%v
^7!?u	<
Z.-Kyg
`qamL:
6:r]`e
0`0L>Ec,
KB|,Ofz
v2W6+,2
 %<m.}
peb#]4
0J8uW7&
v2){ t
4WwI)W
uOiR-"
n|Lo@F
v{+N0/
mj+t&Q.k
V =Af`o
Z73qc#[
`f	c#!
QYQwX9nN
aG0!iX
;B2'{[
epfUX\s
0W-j;;,Q
!S1ye'
{Q/QMsYc
pmb5%/
Gx&HJ''
)JY~c	
1z#sJV
3AZi)5
Ia%m"#
dQutG^
blP8n^
{o3/kN
YTevr0u
W!a_<~
*AK/Ph
,+NCm_q}
7[xzQ0>
8Q [HZ
K*{$;0
20#>WPV
eGw~<C|
/.avB'
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
>>>>heee
!###5vvv
0zL.td4
>   ^<<<
BBB9kkk
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>