Sample details: 0d06681f63f3026260aa1e15d86520a0 --

Hashes
MD5: 0d06681f63f3026260aa1e15d86520a0
SHA1: 12c42b7fefdefb752a8118fb928b913c0ef7562d
SHA256: 2c7b1c5c51f6952e7b8d0ac8137bc890f0edb43f878d0e356a4bdbe1ab325127
SSDEEP: 3072:VYfuVGYJYN5XRu39qWq+5EXzBbRDtgTjcFgHnqfqeg8pAwyy3PZYl:iD03EWaV1SbqsaAwyy+l
Details
File Type: MS-DOS
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 |
Source
http://94.130.104.170/wirelesskeyview.exe
Strings
		!Win32 .EXE.
`4`h%&
v2.19_
YEM0+Q}
A[ ^	$
~B-`Lk
-28}9?7f
#2[0n6
s8ao3hp
oxn&thi
ZW3PK6;:w
A	iTWt
|gm8%wr.Q<
hTn:%o
Se$mn4
)5C/Dp
ZIe lH
4MOE;`X
L"e.=6
qn56(K
Q8zy16At
b=e7|J
(}I;hh
qyq4/8
F-:te2
Cac0|U
u[rvR7
KI7!ox5p
>	+o8T
t].UL1h
'K7AQ[
;GxI34
>ahS%Hz#
/:SsJ\
!mY;[:
cu*+-m%d
fLX%[I
2R95EE|G
xyW5y0d
}q0mnDi
0<AT:|
i$N(^w
L%fqPH
f(=z'3
bo[TKp
qlU9%)
(3%9Uu
s62WT{
_Wvc_h
N6v@<l
r5S``n
Z(pE#	i@
TL$H,/
<%U\nH
n,Ovl*e
:=YX,g
[UR#dk`
tfeP!a
5g=H+j`m
oXg9%,
7"Ku^@
0{'>6l
%gL"F'
_Tp.xg0
`0:.rYH
	_X&j`
pYwH-hy
S|+n lv%
;""@`0
\~5Lkp
yP5c}s<
q/>,4}
LZk}T6d
'KWoaCmH
$uuXA,
y\7nxb
8hnq2TvqA
|"FY}Y7a?
u^m\JsOq
'Nwdg$
j;FqP-
O<a#>/,[
,}!qe7
p<o%N"a
*w-0q~
s42C2#	
wT{V_*
*BA[B]:
/[eh#|
y$c[si
;4-V>%7Zo
}F}-'c
G#U2YR8
"3L;y`
dcZ'Nq
7NI8UPM2
S,	S.,Q'
D.4f-!
Qj!?;zE
p8QWn?dK
8hwtdD
r2}X\,8
4Evv$z
"bM(-?pv
:2Eo:V
;Ndnv%
0[	@<D
CI9u	Q
EIC3.W
*,AHJ)
,dtl7gd5fT)(A
$$'VJK/
mCC?N2&\
1b_J&J
<3!JmX
(	Z0t"
HgcDkf
"(C .*
Qol,7*
Zw;Ze\
34B$gC
z	@JXu
Q9"&n6
J,GF4Zcf
uz>^M{
Z%}d`8
_DE4	H
:`m,_gAr
Iuz*4=
n:~5da
'9/T*<
x! gQ=
nbi~u&
Lub}`Xo
TussZLy
,]"--Gt
><WW2d2
mGv@{e
WI&(nU2
K$y$W`
Gz\\c>os
2(o3	c
Ara>\()]
!(T*iY
ZI;U2by
#zB{R4
x!e	kS
*c[}@g&lX
E#_'x*;
?S.gT9
YVjD`J
mj,lo*
:bYvw[.H]
>S[r62
#wplJE
mBAUx*t<78
#5N	gFJ(jH
s`B ^W;qpw%_
, `0;|
2JEs|@
ngUf<O2_m
zp+tCgr_
,Wfy;j{'
%c5^Ni
j#S*yt
OA|@+-
7X2Fu1
5Hptjs
RHL_%v
"o vn2
QcF/oFg
-d_Dhe|
L'z4~B
?by]]7
F4/y{>
^$	/\r
@s]fuO
^Erb4D
y8B5dZ
WUV=g 
/_J@V~
9iVLCs~vJ
V=r:`s
B.xC:j
E$M@_C
Qc`'1c$
s8P#lM
!3(/]$u/
^<&1lb
40V#V{QU
o?TBe&
b:4X z	
3k h]@
[dY_(R
f~/8"Ue
\lO#_FUu
rEaF$;
	1*dFn
b}!pHk
D}.O$!
'cQ.^A
V~n>Q'
p1]Fvb
*~.~dg
}pSul3
4>~t(E
lP/O@N@
/m[(N0
pE63`u
~<^{~x
KfiSCB
YG,e%c
KO'>Y,M
-6=W&V{
u|c$'r
I"=Np[oH
1st5p}
oSaF2=S
"][S	Sk6
54t#jFv
6UHV<k
yT,Xv8
TzD;gE
&y&P71
lh"]Eu
Qt'xg1
m-ak%a
,R_jkB#Y
8*O[v'
l+0\QP
$b6;Nb
F5R[9~K'
B/t*TYl
Wp/t0)
t7<$#bE(0
St^-N$R
}g7"]<
bfoqY|
Gcl)CO$
0WIq X
>|pZ/B\#If
2!_^lN)r
3c<.v5J
|@q-J5s
 ]wcO	
7pt9}z
t/iL%n
SGLC)/D271
u$8+-$
7GxQyTJ8
	c8I>4
Kil|ah
B%zq?P
|zEyTYm
0C=U9t
hAOe*dw
4?>L_\
$HzS`e1
K'S?-<>
u2.Eqq
pne4is
53]3A6
fqvxj}v
|{$#	@d>UK-
YwY#tI4
4Rk5c*
$n##~q
(m'T1o
,q"/#Z
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
wsprintfW
ADVAPI32.dll
RegOpenKeyExW
SHELL32.dll
ShellExecuteExW
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
        <application>
            
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
            
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
            
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
        </application>
    </compatibility></assembly>
e:4878377;u:4fe0cf9f-1fe4-4abb-905a-57915bc06f2f
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
110824000000Z
200530104838Z0{1
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
000530104838Z
200530104838Z0o1
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root0
mA_rZq
AddTrust AB1&0$
AddTrust External TTP Network1"0 
AddTrust External CA Root
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 20
140103000000Z
150103235959Z0
082251
	Barcelona1
Terrassa1!0
Balmes 1, primera planta1
PortalProgramas1
PortalProgramas0
=lc-%y
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0-
"soporteportal2@portalprogramas.com0
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Greater Manchester1
Salford1
COMODO CA Limited1!0
COMODO Code Signing CA 2
140114154023Z0
~>05(;-
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
140114154023Z0#
$jLN5Y