Sample details: 11a3604ecf42fad0283e939de0d243a8 --

Hashes
MD5: 11a3604ecf42fad0283e939de0d243a8
SHA1: 7c362df09b815bebd93a44853149c4178876bd6a
SHA256: af5b9a3e726eabee57a20e20323bdb2147ebf2d63fe88efd66db0dfdd31f26bc
SSDEEP: 12288:kjl3moZ63tD1oyl+/Wvmv7PlYKnAxH5x8kDnJFihLt3A+:k53vk33DvmDdnAxH5KkDJkhhZ
Details
File Type: MS-DOS
Added: 2019-01-04 14:45:20
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section |
Source
http://p.owwwa.com/SQLAGENTSIW.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2h
v2.12^
KkH/VE
$hXOpP
AS|EKO
JaIYml
z!kU(*woc
7K&hbZG
&ipBQUP
>v\R=U8
f(u@obu
>0&tsV
0L_3;`
%(mBQC/S
N( ea*
v>6lUb
_c' A|
9EP2uS
;>a,z2"
rlW#"'
//#=}`b]i/
N8tA180
to"2d1
Ds@z\2v
kH{BV=ET
c;.GM`
1<		h]0
hbaA"vk
l$e)?+
SVn}WZ
HD5(w/
)JU1lR.
*v%1ep
-#]b~f
yB' [0
X ;4c<!E
Oyw?`B
hr,(nL
FAGT`w
1hWR,x
{K_5u*
T[7lQ(
yKXuGH2
s<Vx)E
s>dNKrg
r8sebA
hi$`El*xU
P;O	I:
le_pnLip
c7<[3j
oo=Lp%7VG/
ZYtSGA
RQu,ho
QLE}Td
3{lzm]
hxU`h^
3t$.Sf
:'lgdi
Qqz*"e
?b|po5
g6IKQB?0
I> e[ZJ!
A78"N&:\
LH 0]5
+6-iS)
a	!:|x
lQlr\@]
q_@Mq'
[GF6)[
igJsM8n\
j0<Ky2
u@YP]5
crLzbE
pKb;o5
)58)c1
j d`yq
F;:n.FX
_%@[})	.
f*,l&M
:!2[Gjt_n
{6>}Mr\1
W_UL?x#
-&qzE;
@|qbp8
 =r{ER|
3q)&/4S
UN)Z%.
zJg'6+'
?nk4YLw
h3PrjEb
B,:$a&
p.5CK\
{'.yPv
"U>S[M
k1>u(9
!3G6W3
\E=1(+7
fz@QjQD
$XRKqe"#h(;
;	C}1$
pUt>-;
Ogd:HL
EsNvt>+
-p"\dm
K0E]^?
X8_8J(i
-B^o\M
&!R.R7
$9T'chYw
]Xn+rmA
n!O Z0
q:hvR3(
@U=vg).(
`*no)2
W@Zj]I
xY/u;E
JfHKf{
k_A"hG
F >&M1%
6!]t	/A
ywGtp+
BY3/wk
:l3n$vf|
;_	t3I
wn2svoq
ZGV	-:I]u
T9PU]o
N!{%j)|
 sc$i#L
m6BTp`
'bn8Z@,$
lTcSq"
?	TOI>v
?xtDa.C
,nl55R
P}L	Kn
Q:7x$d
t!tHK&
?ZLo9t
!/'7*B~
czp$H.'
E8|&3}k
<Tx-	1
Y1%i:HLg
}iIt6G!
,f6i:6eTX$Z
3*PG%5
e c2ZK
p_Ai@7R
B;|27P%
fB;L~|
/})($N
-'p	c 
w'|1Eh
dt};{8RGt
Tc)wLK
;?U5el
xrRJ#`
]NYtMM
R/X'09
%^	b33
qw&r,3f
4O76tQ
7mPS,=
fx	)kY!-
9A@CrbTV
dwwU!I
)}*i#cY0};
b(I7C4
c=G*#S
mO}+FZ
F4\H=QB
Ct9-E<
jENe7*-,-3
!FAL&A
hFUJv5
IYTs\]
va8ik	
N"w7E@
vB"YA$)%
(+K8uw4
yN)'C9~
&[C(,r
>7D$Ax
8=)w78
tw}?8W5
5C9fUz
y =kol
a,mm(Z
up<U?a
iI%<2$
.XiG{1
$mH`a-
DaA*FV
(_2#Z=
Q%6c5CA
l%y2tqnn@
C	,6o	
1/V2na
>8gYZDb
0rGHFy
m_{1{8+
\)OiF1T
"qf[Ac
=T;'C+
2,Wv b
~^yX0N|)pe
&+gRI0|p
Pf\m)<
6tF`p<
d_=a;3c
Z^`pg#
|gb8U3
4JW;h.e
}H4W'^x
5g@]4I
]TEjSF9
d/=bd	
''z(.C
=uVL7P:I
WQ$B.C<
xf~.2f
S6pI#t
Xm3=7V
yDD>C4b
:mG9-7
G&Hl@p
![zU4C
,oY0l6
5]|~9@/i
:%B'fRy4$
wl]i.}@
=-6f}U
]98pH(w
+2?sB 
M\Ae-l
!U*So.
)4h8;b1
B13gR#
R5`\-u
gj`^U45
car;N6
.g*9^[
y)RqDd
J+d"id
u2ChSV=3(jh
 NCla0
U:K@mK
*JPX}e
 XHg46d
o-~75l
[gh&vG
<R2g}y
@8Iv@;q	
-F*UWr
$Jo]Dy8
SG<B*6
jQ+!l1
xI'LEf
tqN'Yb
3t(4~%&1.
luGJA77
awj XJ}
6:?j"<
S=4Y6u
;CL@qYmedC
{_2^9S
4pqIe^
U)fHBG
AI-(]U]o
G)R-r:
E@Uv4Tk0(>
8~QCq:
Nu4:KSGGW7
)As9n5p
1@{?c1
@tb+'v
RQP>rq[
RedeLA
jXx &.:
CWiw	;
kVQAtp-
xF'j2(
NLbn4 
VV&u|D+V
;|+axAn 
zF]uRj
:E_1Ur
-FF8{;
&@+_\Y
O~ ~iy0
FSduxY
N)\i- Z
Xg$NXh
=1${%N
6HA.myE
%[vg4CA"g):
S%KihGe{J
3{S'iJ
vd5Z=vgG
'o%*)~
jE0aa?
#.?ju^
xNI7E^
n/g|cq
< ;{yX
2et^/A
["Q]3,
7kb7n6&
?,<:kQJ
?4C?a*
>gm9}Q
HNzXf?
zQbw6(
u}HDwl
5!/g> PZO
NDC]tj
d9QJGjW
{%ketB
Cp8H`t
Ovd"n:U
1[{Jl),
WV/l*:
U(_od6
'Ih8'hF
zw:0{Y
?C[[N]
:I-<d6/
Bm8vo)
-s>Wl|BG
L^vl;i
9c>{.e
q6xrH+
qMu$N9
@In>C ]
kCV^5H
^&jI0@
"%ZT.<
Zt+_sMu
aU6_.j
Q~ka"3
D[;&uf
7[O^.}
,%&9#I'
*xSwYu
	'GyCS
|0(/;n
`d]qXRE
kY}e,=[
Xzid[]
0C)g~'y
VqGP$G
i0sOw%
%1YfSE
j;hgwKH
n*o Ks%a
]EehFz
L-q<1d
Z7M"=Z2M
{em#^ L
iLtg.V
2}]9}iTH
2)ku=(V~3Dzr
^zD()e
`F%/79
4oX}O$
K|t^gE`
~jtK[P
Tk2|*?
j9&ZHbm$
XC/""}3
|,Mv.@
ke^}Ca
w?pFb5
4`<e k
A5QJ[A
'rlA6s)
=@ju]P
t$ek0Q
0;Kra`
!Y2!e-
3X_g3_B
C9Dc7D
fu 	bdX
[e(kh^
f&CAlh
d|U4:o
PK3UK-
EXx{'5
|:QEJP,
G3r[f8
*+I^0Y
]qjql[
KvV$z}
*|V=kgb
l0sc@j
0t|2kh
M>T.=7
+nHPs8
?zZtasm
c3/it]0o
\E^:dm=%
]i>82Lw@
ThvLs=
w]Xk')>5
`4/5?I
N>IAA*
^}-1gc
ievq,B
=}q-l"
hjA.0M3\
j<Xi|T
kmbfC+<
{\DLaM
c#cr*#
%m8<IZ
z S['4
H4iE<	
>`=%d\
v}<d%`
Jlo<Z|s
.V Uknh
$jB.C@C
;NwpJ\
8&m:Y_
WZ@fvu
?#td"	
-|JQXmI
m[(t73
YO;+rh
q$|k\~
oEx|Zil
<1n764)
hu,<5,
(/kXx,F
g<7*!w
9B+D3e
y+F`HK
5H@=-bx
^w>Ch#
Ujn|$-
ySI0.z
6j9x}	KT
(_/V?Z
',	[d-
Sqb7I_
P/12MreR
m':T~	
HG9 ,v
im7(CXQ
,?]KY6uI
%CpsCUt
o|(>$R
KJIi}2
~iW>2+W
O"<?Y/mr
f$RniA
NOh6"i>
gk0V5~
5Bg=oS
!1}8{/
VNz$8|#!
fQzQ}a
HsS8]1|Z
8@g)pB
`PWR+5~
-swT2@
2&@$Q+
yQqQl0d23
"u]p/kZ
_BbE>E
lC7l#Y
^ePSAsY
M|T5b)b
$SSoGV4
igI;*{9$zN
40Sywr
I)^U6Ctx
s-=M"[m
((y"OO
xyYX&*
|DvEc6
Fb?wnt|A
@Y,O7ihS
=F`.EPPkE
EI,6p`
K@$ ;0HO
wB]!	t
j`-^=@f,
f*f$'OQ
0ZqT(]
7y)^]?W@
UB^4zz
0x`a	#|
'A^9R?
ba2^/d
]I/t/8
Mpl2i{
W/*=/i
qq),%yu
A7kyvk
Tv^]oe
PL}3uC
Qt&V1P
)TnVKK
~)!	S5
UT`GdL
9~f`7S
T%0)/%
t4,:)c
m.cbSr
9\W(5_}n
]ts-0B
}b$q$5Go
o;=htQ
l6<#(A
?y\)7J
7;lIKe
>t)mMx
">ti>Mp+
r[hec1_
?,fVyI
\J%60Z
uh=9u<
(\9(8-
lK[O3\L.
GO$nGe
k*^I%j!>
v_qrD=
s4j/E.
b>0D	LF
]?Tj7?
@ ON$B
G"sf6%
{9	Lqdnj;
76"6<(
J,2$z	
|qW'4Av
a7WmC&
CW[w1W
P(k1l#/wN
;G('v8
XG7lo`_
DiB:`9
9[[CQ8U
#xtih`R
<m\A?hv
f;R&Q{[5
sJeMvp-
$$ewd;t
g(GTE}
9[+Af>
(6EdB>DSk
{;eLtPrtGyY.
c^'iwU
pAtJ5*
rjir-<E
,XR fq
^?uf%q
_m>g+d
M@aMPY
u*3;*;
4As0TV
Xm(XbV
95'<YC	
z?!RgOij
"U!k<\
TVoU%r
VIRv#p
FT5_ta]Q
;!Em,T\
FEF5/v
:y C7Em0BF
e=*v6y
*g^J 42~
rk1(X1
VLJoBnb3c
v~P=[V
VW+(GTr7
~aSU)p
7L#q('`yb
<RC	%H5
[%$nvpM
3#fFr/
E+GTtl[
<[&9A{"
gW`9Lj.
q(O%{jvK{fR
y1Om#w
mMOC|*
%~=u4D
b"K":($
S+~NV+0
[Afdgg
em`g-p
U)Y|?\
m3Y2!XE
3\w-S)
VC.'7{`
xsT4FYK
'}kw*6,
sr xMg_O
=P~h8"BX
?2|r]dO
Ccmap&#
|\[(4{
sHpD"}j
H5dB'1
"vXP{^
"CH0,O*N
[Cyc<e
b}Kn)K;
_>(R{]
3>~(+&
~+,;V*
/',$vo
IJTQ65a
[j?35!&X
WhJ(5,E
?7MZG3
uoSI=A
+s*HRY
/AIgw&
G*PL]v#&
wvR5b59Sp
UT!bRF
*8s;4~VT
-ZJDw~.K
niOt5Mu}
	52aS.2AQ
E\9JD[
1?C+yuWhB
7'd.(t
9Cl')LdP
yKaJoa
?-hA}=
*j	o5u
2J()Mo
tk@=p*
#!MKoc
P.`,b;UC
BUqY'|
(GUCrI
kc!S]m
 .SG;*
d[eB_T
se)//'
9Pt[fQ
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WINMM.dll
waveOutOpen
WS2_32.dll
RASAPI32.dll
RasHangUpA
USER32.dll
GDI32.dll
Escape
WINSPOOL.DRV
OpenPrinterA
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WININET.dll
InternetCloseHandle
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
wfwwww
wgwwww
wwwfffw
wwrf""*g
ww"""""'
wwr"""""'w
ww"""""fg
Df""""&fg
wwwwww
tDF""""&
wwwwwp
DDfb"gfffg
wwwwwp
DDffvffvww
wwwwwp
DFffffffww
wwwwwwwwwp
DFffgf
wwwwwwwwwp
wwwwwwwwp
wwwwwwp
wwwwwwp
bfgs33333w
wwwwwwp
wwwwwwp
wwwwwwp
wwwwwwp
wwwwwwp
wwwwwwp
vb""&f
wwwwwp
ffw3337
kzydfw
2+(+pxoWWYddg
/'(1mNWRHHIKL_e
)'(1jJGG?@@@@EEF
::<@>BBD
:::@@@QUT
<@>>BD
;9<@BDCCN.
?A;B[]X" !$$$
!!ODJJYn*$$77$$
"/%%777777
"*$%%%&&
SS$&%~
[\[]`s
"[b`^as
rcsca|
6/Wiigj21
90ii[QZX 
IKKJJER
SHBDDJDR
ADJJMGT
CFNPP`k$+
]Oan~$)'
!T\Y{-s><
 +-ssvw
q(utwy
'aQOPbv
-Z>;69C^
*W40138B?
72:DKX
 Vqqpn
q}}}*1
t~}}Me
;6OUUUT9
xrnS]5
dhfYFHN/
Gh4Z'XJf{ @h
'x)#?]
7fYh-`
hF3,5gX5
cAb5yt:
$1TCM-Z
(,ZIB5
08J`KCue'K
*{n]ce:
2dGXB"
4Na%6J
,7EiXo
]QZ`V+
 g.@~;X
W`2g!U
6aY'>"{
=[=U]^Hf{s&
YmM?Co
at*qfm
PUi$XaP
r93Xg!
G!V;_N
|6gg{'	
MJ('EI
<JOh#2
+D=/\}
$Y`7j	TSj
%i5RB]z
m(!'y$
aF$/z:>{VT
$on8}:
Hr0zm7
p`)H\o
UOUWXFVL-
K, iqM1]
b8GRBi^
fQRq?0a
&+&>pi
u?}G#M
o/R5J3
G&RsGu
X?T#y9
*CashpUrX
/F|FBBGD
FuH0a$
!F/I 2g
,S[/!Y
#CMS!RJ
4!0-	8
5[;3V_
vUC&_6 &S
^,c$Faq
wmM9YgN6
yNoLi6
hK;Vh;j|Y
s?&4y 
C.P3>E
z#6ius
* ^p52F~M=?
.0_,H)q
eBLHJL{]L
L:1frJ
]zL=6s[3
@LIcB!P
N`	! 9
hM36mb
rcO_zP4
3Am$g.
UVg+NNN8==
'J_(Ic
+=9SdC
L9DV"d
NiJK_tcL
)iMx4rL
.PZ}s>
hO@T6b
5n8,V8
7]4V?s
M6679w
t2cv2cw
	&!!{K1
|DQ}P&
xH\]B^
,'15"i
5,(IN@
R]zSYlU!
XS#&`|
 hLBQno
`8bm:em:e}c
\~=wu)
zRCLEm
XB]nnn
}WV>}4]
IDAT]T'
sw`L;&
b<Ycm}
|Tp4", 
L%I(Ta
K'Fg~K
.\b4^#
5jlW+D
2XprzJ
M`g2g`
`w1?<yp
!0R,"HQ>>
HW[R<<
sgrRMTx
'sLOVz
s-cI^v
.3^[gm}
|E[T!8
y}|eO`
,1"8W%
<;<|N+
Zk666Y]_
0	0*A!
E$<lhAFB
1AJN*p
F@wO/mmmx~
x+"VvA
VXcM$$
,--P-WP
TXcX]X
3nv@WG
/Q~kD3
;XY^dd
-&Zkil
"5<RIV
n|DBC-
IDATmEv
X^\bia
<	@'Uv
;*QR2;=
r3Ry4b
XX\bnq
	&'/151A
Y\Zdrr
Y[[gc}
X]_cem5U
qL/I	Ae
LXk bT
Z{I*1%,
02x4Qv
\v_ 	d
FZ[,ZHis
}9guX/
Hb`kY+U
jUYaT{>++
2@[[[[O_o
Zk#cLY@Yz^
F`#K !
xk(JFBTSQO1
9/}yg3
eb[MEFD,%&%
%%$C))(
<[_We(*)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
	<assemblyIdentity
		version="10.50.1600.0"
		processorArchitecture="amd64"
		name="Microsoft.SQLServer.sqliosim"
		type="win32" />
	<description></description>
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
		<security>
			<requestedPrivileges>
				<requestedExecutionLevel
					level="asInvoker" uiAccess="false"/>
			</requestedPrivileges>
		</security>
	</trustInfo>
</assembly>