Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 1515f7b18aab0136fa008d34fc0aa127 --

Hashes
MD5: 1515f7b18aab0136fa008d34fc0aa127
SHA1: 030e0a641b6a9ffa38f12f51191803a11ab111f6
SHA256: f395bf118100a9590380f8669e2f1338943ccf2556d9ccc1e793182270d0e2b4
SSDEEP: 3072:tfWMQ+khYbJeHOGBNCdUFbrb9lGrJVQGSbQHcAXud:tLkh5NXCO1bXkVubQHcAXU
Details
File Type: MS-DOS
Yara Hits
YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay_additional | YRP/UPX_wwwupxsourceforgenet | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/UPX | YRP/suspicious_packer_section |
Strings
		SVWjhQ
k0B9|U7
+L(i9p
7h|e%w
_t*fF,
M_bf3+f
3,[u	E
*4"*Y>
PWB\}l<
8Ska.9@
Ka*k(OA
n@j2Y ]
7$8_[]B
PSRW)=}
ALCYT'
x;F8CC
=+G4;N@
W/\c1X
,TLPHa`
^R<++o
eN0Q u+
O@;OHv
jLL00a
oO S]8|%]
WpuUUOUhh
m;0HW:P
lO>Wh$=
zQVUX 
M\jXCE
,_[`l]
W4=BLz
_gu+ 3B;`
51m3<2
h*rPBI
c6Wp!dC(
fi< @$Dfi
1[<aEx
;PzY^tiV(
e-O L0
m]lOlU3
PUhQL 
8eAp #[!
j%r:sHGu
`$sl_h
QR-`Z`
4M4D|h9
840,(N
@<84 4M
					M
4M						i
				4M
4]`3\XTPL4M
4HD@<8
injfb^
FB>:62i
						i
i					
						i
i					
						i
i					
4M^ZVR
+E/^ZY
LagK27
<lrmno
w@'=c|V
debug5w
?set_urlata_before
injectafte
s*ticconfi
_keyKynam k
o'servs!v
-a'Ivared`kn+l!w+
Np<2s5i
4M*:Pdr
4MBTjv
ipdRB0
4MtfVH4"
~jVB,A
ktop\ZeuS_2.0.8.9-So
bIs.cpp
nhookList
R_Op{/,U
AllCon
y3)p#z
iKEEA$
lQquLtDU
WSHC(<6::Y
vofim{
X#ExAK
QXryAva.
{$xgtfo
hutdownC
FromHBITMAP
672sfG
q=^3vB
@xpr4SnumP+Y
!HTTP/1.1
Au]3-do
u=c9s?V
wX1rE_vmb
`f?[hGK
fEaM I
l#(A5+	0
~ccept
:ia{i1)	
BASECONFI
YP$Q%R
U!V"W#
}grabbO
UXaddUrlMaaTo
OST[ET
?!@QGVDRU_A[SIMc
wC3.$73$4"4$
#5; %%
< 68>6
K1f47of~d,i
ig"f||X[_
_!9=??$<W
'LCGJAN@
J]]NBJQK@AUWP
NK\DYUXW
}- -zj{zqhva?!%r<
7.:)Ukui+
""2'&=4S
0Q-:*<
6 <#>(;
$?-;("0e
=13:20
TPGWAwg@K]A^CUFmyYBPF
MPlpdr[Vwm}kjq
`pfP@glzfy0aJ@y
v|knB\m
kh~YpBRRKLBqgA\LXEQA
_>EFZRZ[bVT^7
%!']?b
'.57)?'}w5>?8;
&(i.+7hghygtAG' 5#	
/0<sz),6
Y]Qqf):
qvoyWy|jj%0`
5oxlqCk
;;9>zu~
CDQGmCBTX
Ywpq7>324m=5&
,m~b}xm{X
YTYWN_hv
[M[Klgqmr
\[ZEug
TSRwZ[
pk@MJN
(a|x-ee4g0NL
4U$*!(toU
354<;3/**
nrnf0u
_Ammpnv
rhzv9[x
u}vtb#
ssnpzl;
O@@OAL
fS{~Um|
pWLB=R]`fux
o~zlwyv
7d)>,]
MXV__O/
8)(+2,
Ni}zkxcNr|~s{`
7(CmxhWKO zBAEO[ICrKM/-
CYCSF7
ww}nj}
+^SG@QBYtHFDIE
"0mqu @}
{f3KCIL
o.~~P*}]%p] 45sF=+(hC:.%e=bs
(}`ObuC
Y^*wLRN
>10;87
]H^tIFGL
pvY`(c
dvqtO`wH
~iekidBoBy8+
'0A$oi
GtR(SS
\NXD}}
hqk$he%J
$`i,`1+
+/33'px
vd}?so
sveitg{-iuk;
ZsT]\@_
l"craiaFl
To'l-m
oFB 003.
8@l]QrPvyw
\mBlA8
l "%s"	if ex
|8}gcdob{[RAg
AILED TO ALC
CATE STR!
QB'*/*
; MSIZ7
 NT 5.1; SV1)|q
greK zI
%&810 
434567mtQ
icZQmu
r|$}rstuvwxyz{$>?@AA
BCDEFGHIJKLMNOPQRc
XYZ[\]^_`
fghijk
3TuBX1
jbB!I9v
kS?>O*
~!)ToUpd
3bYoPS
f%sC}A
)+ZY[WR
dWa}b\X1F
Rtl*>Q
O.w5 5
DOiVS2
x6CA547A7S
cHwY@w.
rdw gd
MBY-	4!
Q+!/1`XB(Cq;
#ag/DiQ
3]DeV6R
3'	K:,C:
#Nm-h$
ebhpwo
%L" ?#j`)i
`'CEG8
$oCD_M
Xv/ BT
EUCLmu
"||zlh4.L:0
W !W.um37
G\j'5$?
j-S@	w$}
5yu" P
ItIv'u
MUX?k,
'yLhL@hhXh|'y
h(0h8Ph@
#'$X@`
9u.)v&
Q]jt]5:
0	gLSP
*2&!V#
* t`_U9
pu9l7}
2v	g8z
=hP&QW
H0+46`2
J3|$0jv
.xe.(0
KSM^SI:(
#h$M>4M
Sj@Xj Z
y6<HN]5
<!t)<-
(Vj<_WR
~ !r./
6V86Rj
D`=l<	_
C$L2&60y
\KX?*=\
3\)y{[
/ V@,eVq
m!F+VYS
hHfu|N0
DT@yht({
t7jQ@a~
.tBtD+
,tOmuP
0t#Huq
;7J(=t
vukjbw
Ljh"8ji
]PKjV|
IWHfd3
kVgUMMgk
I*zOwp
?0 ha8
j<0E<1
U,D[uj 
.YPmr60D
:7lA[|
*{sKYME
KM1*Tl
S!!>#<
Pp@[@r
9$1%@L
KTePT`
XF7b;mo
XLSw0q
4cm;Dv0
sx8}$Nf/
DP@D`d
C#,gP(vf
lH!t,E
~`T0X+
nW t<Q
B$e84H<T
B=kD1T
9XAbTr
u(Wf*?
@#_]!G
K	f4]w
3Ha TMv
u0C(9K
Rz'$JMD
\ 2KM-p 
nV9pzHD
tHFL&g
8jDZRUE
Bl;0MSj
U:qV_=
,+0 Ww
x@1U8s
@P^u_+
ij!0}%
! VD#j,
UCq$A\
K4M[`^
	!S}`(_P" _
]s#( o
7l n ;
^}@k@T
l]\`>\
/V'\DUK.+
wj[BS-H+
'';jaO4
(t!*==
}P44;&s"2
;4-L;2%
8>v>W8
Qv+1;+
4{@A08
+_V+O4
m["INMK
	As?Al
Oew[8<
U(;|Ug
t2HQ.3
-kUBn/ls$#
 h6Qt9`
*q2rJP
\9;rcW*
|bA=*"(%
>V@G[u
Af9\`c
A\CuDxH
R^	]8V
GckZlj&
vbs<Mo
A1V@T]
m)`me*
~ztpX(
Hz]QPG
,h1/fkG
LP#(JC8
ket2<d
r9;ve&
f92:APr
+x,}HQ
nehx5;
[8#^f;
:TUWcU4
[*p$7b
8l^h8O
6~xd#]8M9
'_ksS^
#Ab?)b
CQkE36
r4rMLB
<x\uT4
09w:t>hTFV
}W:h| 
FFPusko
F?j47l2
w,UcPq
m,o[$6
3Oqmq#
jL-W} >
'd,+A}P
JJIxa_
2$CA<0
:&=Z[Q
~,WA,z mF
(^ j+^
5jjvT@W
+3h>IAHj
)4@u"P@
B ?8GW
]=f;^9V(R!d4h
C:"fgG
In>dK2="*/
lstrcmpi
SyemTimCB
Virtu3
Toolhelp
ckCou;%
8RrUIx<u
}KERNEL
VNg5dF
&{[@-z
bfo@`o	
#ToOem,
5h4hJ/2
vat;mJ]
zd 3&h4
Adjusn
ADVAPI
}#4Argv%7u
=%p+av
	if 26
TY$C2$
	l$Cr!I
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
8$8,848<8D8L8T8\8d8l8t8|8
9$9,949<9D9L9T9\9d9l9t9|9
:$:,:4:<:D:L:T:\:d:l:t:|:
;$;,;4;<;D;L;T;\;d;l;t;|;
a4D<P<\<h<
KPMXO`Qh
SpUx8 
^3p3|3
4 4%4*4/4
>4C4H4M4R4W4\4a4f4k4p4u4
)5.53585=
Q5V5[5`5e5j5o
66	B6J6
;&;G;j;q;
1'121;1F1Q1]1b1m1~1
2(292E2Q2V2`2p2v2
5Y5f5r5w5
6'MC?a6
N8j8o8
G9W9e9n9
>'?-?6?;?N?^?
1!1<1G1L1_1
2U3tx3~3
?9?L?k?
>2D2T2l2s2
3&3>3J3O
6P6]6~9
^9k9q9~9
=9=E=J=r=
>%>+>?>J>T>c>m
?)?R?l?
90E0J0q0}
1$181A
a1h1z1
2	2=2k2q2
:/:C:S:v
I=R=b=}=
|K0W0\0
;/=d=o=t=
>X>d>i>x>
6/7C7_
J8zR5_]/
/]n:u:
<"<(<A<N<e<_2
Y>`%l>~>
4$40p4`
P:i:ow
>M?U?n?t?
#4@4G4P4^4e4m4
186^6m6
?0?\?m?r?
2%2x2}2
-4?4hC
*8G)w8
5>G>s>
Ruq5v5
26K6[6`6e6j6oQy
6E7J7O7V7^F
C/D8Z8
>"?O?}?
O<n<}C
oq=7Z=
g1s1|1
2K3V3[3
WoOv4{
;6A6W6s
O8V8x8
h9u9{9
K:e:p:
]7};z;
Y2rT3g3v4
<9<@<E<
(>4>9>[>g>p>
0 0+03"0B0H
T0Z0`0f
iE3L3R
4!4'43S
5 "5?5N
?K?j?w
}]7i7o
;E;P;U;{K
G0M0V!
F;V;w;
oeG<M<c
2!2?ue2y
23I3t3
6@6N6d7
P&0107
D1T1d14
-Grt7 	p
1Z!/SB
wA)o5c
2a#M3H
bot		SUv[
stimer
Clogs?
fW5t7p
? Pta.
XPTPSW
2/+gB<7Mpg\U|sf
!!!*555
$$$;   O&&&
,,,b222
%%%($$$-,,,
(((k000
&&&2"""
+++t555
***?+++6,,,w444
$$$7(((
...x000
'''+---`..._+++.***
666)555
888L:::
999N>>>
:::3>>>
444(666
888-555
BBBsDDD
CCC*FFF
DDD?FFF
DDD6FFF
6)))6444
BBB"FFF
444h111
... 555
QKD8xoc=
'''u+++
,,,o111
+++^###
(((;---k...x***
666"777
9994@@@
888B@@@
777.555
CCCrDDD
777R:::
%%%*%%%0
---T+++T
222Q...
666+555
CCCQ???
CCC\:::
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo></assembly>
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
GetLengthSid
InitCommonControlsEx
GetSaveFileNameW
CoUninitialize
ShellExecuteW
StrCmpNIA
EndDialog