Sample details: 16af651ee54b2028d1bc826e0ce66a83 --

Hashes
MD5: 16af651ee54b2028d1bc826e0ce66a83
SHA1: a7bf24b94d16217c606db19c81fc01dfef2eb294
SHA256: ab4a2c8f50c670a6e08b693ee795d1ce46b12eb0c29e8d4e3a851d1d611e8438
SSDEEP: 3072:De7UVwkAojI89eky3djJ9NoJY6/HjjSIYtqAE6+4bkxXxn0aRA/9b:DekwkAobe73djvNoJnDjibkn0qc
Details
File Type: MS-DOS
Added: 2018-11-13 16:31:16
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dns | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.17f
]IYY[a
{py#n+>3|
WswmpC
-jfF4y
wV@J*u
O/[#aV
{AxIUK
C+>OS 
ajgcTO&v>{
w8@+Ar!
<NQ_r2
>Ua"J)
.]Vr'(a'`
CRXP}_
={FOI.
 _*J;w
a82?%A
~/j{Y	%xt-P
b	VB-z
u2u%!e
)7-(&0
R&d-[eg8;]
LO/	1s*
Js<9`t
8Ex-9FPR
 oyL}<
?<MJLh
sR$S&Cn
{euUB	1/{.
xmHiKu
t/48Q3
/F6L-F
9f][+M
N!"XFJ
MgN%IHjI
a'Fy?)zk#o
`&{CJowa
D*EwB9
LSP[ur
VcCo4_
t |PX`
w?+#t{\
K#zyVj
"95|>z
j;!._:}
ZIre2S
Zi'v*;
Z{V"/6
;iPXXZ
2;9?12;1
iP1	0y
k2x#V%
Zb61cJ
PNV/ K
>Z(+b(
-'"($~<
,n9hKO
me	}Nu
gIo!H7M
{n-?#i
~ZsjX/@3sGx
Vn%hT:_!
yD*_q BM\
Q/K,ti
tS1;B] 
\<Gc*>LL
ULjIEy^
[;J!@S
w/tfd'
1/12@y
o!n'lAiY
q<=<v`k
yd,aY{Yp
uIyl`-JYI
_:.{u"
ZF:fBE$j
8WyNI^
Fad1{fx
(Fa#HfC
u'qY`E
)KHo|w
bW)0\0
ByMTX\@
8EuGa:ot"
2f{Qr&
| |N"2
a/v{5c
q3w"C0
x,9Z$}x9@
q'hT@"0
vrv\A/1S
)DvP	,
X^?Y;m
Po}[7D!
;Oyp83
/j}$,U
t~I#6;
NUG:*a
<zf'">
(eCqXW
I"hBU,
)iJ!m}-|
tzLh.}
2\yNMHi
|<=733
1Bm&Nx
'a7C;=l
R>g?dby
ap3EK>Q
Bq(	>2
>v<>,N
&O3k89
Vu<yYz~
B77V,F
UlvZ/(
3a<"d.
+UedT)
3%t(2g
oD+:dXc
:9\PP?
~BDO.<n
U7WfHy
QE(6!>
>	##6B
/HxRWPq$*[
f,E_`\
c(|D=s
M-se t
Mc"pNN
37)cBp
4~.s :
QJpZTw
Xvt}<Px
U=N6fIF6>
hWr0TA%
lj%r<E
bt\a!|
JeFESm
 !^#*C
#?nJi%
=07iGW
|<T.Or;^P
!*? is
H0{{tw#
'1/tk7f
C-W:aN
8/U +N
FRXU)4/
HVcwg$0 
LY~rKS%
9_P&tS
PC?YI-
V'Urhd.
];'	I{`
|/dk2UW;
>: xPa
L0q+XX
pJu^\\
A,6]|_
fv1^VH
\0XTrb
/bI}4z
jhw4K?[*
_`h!n$hdj
WQ#/O8%
>oiqHbL
D>g}IB
x;[eT3
f%j<$&o fR
k OG0y7\
`G-zAu
p`//`\
hR}P6UY
8dZuBx
Mp3<oW
9-L{pc\
Z70SS%
YSxYq0y)iytr
vu` rO
4slY}@$/R
M<Xnc*
U(?bCY
 }VP0C"
1-3!|V
Cy+gt=;F-Q
kVR9@1
<$,DXr
1*9.?v'
MQ2%T]fF
^/W` J
UNAzs[
`B5	as
7Va6Y*
TSAJ8v>p
Y6MR*rS
th	"3&:mT
YC|&VY
7wR9HqJS'z
iy>*TX.} 
d|R#\|
d]JL0|t
{F\sXj
8$#A4\
tM#|{-
u8<]/c
pS	$fE
l~BF1}
>~=wbC
p(DnOA
==/AM[>
u!16+{"
j|@5(l8$
`.,\9.
Kt.T)_l/
T3U8.z*?
i|/P*}
*hSSSN
2;?NR=TK
I\Ptu 
zD}ZD,
:cylT\ 
+^R>gA
aAE9cXz
ow3;mB
 ORrL8?
fcO&&*
ZwB0u/
D 0~R&-
(a7@ S
B3G-fH
{+[/cM
l-=rT.
Xkclxk=
DA5+Gr{	<V
izSSO^SIGc
TERyual,a
&MPy2r
|1Ty!I
ms[:14{
5*03#e
jutx[d1s
nZ/n-X%]`*b
gcGudoE
i7C2/Q
uo(I[d
^5/\kW
%F*cs#@
h!avV`d
oB&g{X
wBV55M
G{8:)ee
3n;xv^
oF2{mw
nD0F%tR
p(I.dE
/|+cRwI
@j*FKC
QB,u>R
N{=TF~
k*zmf%
^^Rk=g8m
vaj5?$i
q.N9Jn
Ee6n8(
[JWK/q
C)H#3q
-rZ/7&
'ig+eY
TIZ~Wt
ajp?m;^|
G^b1HpI
(0{PqUI
|VEL~h
S0"r{&R
k,j4|>
>i|on_B
q(^g}5
7	E_DDj
*jx9sd
X1Tzr)
2y63F##
7B'hu)
X#:]l/
!}GEoC
7h\V|Q
;E#9L?
~u$'1d
7:BKt~
a9T	C._
Wm3h.x
-F#"ah9
xHK3io
eg`'k>
h+qmfW
?r` s6
3TJRKN
QH9js\
0AD2828CADEFE28702D6A5E0F90B926D36ACCC672B86F3BF41BEC62626BB44EE479CD1417AC6B0A3A970CB7648B48E50E117E4D7BF5FC8B265664CD70EB8B0DC672615B4C30CF73EE8A506798C8B5C09B4B9D6FBA588D9C7D7B77671785D625E2D3FEF2B173604B48151CAD2D20B66FD69607FFA2B36ACF2C180EE9773AA9EC4F3EEE4E4A0BD707B938EDFE1CBDD69F065F7952FC4A8849ABB0EE45E7D1C5144F7BB070627BDA06ED8C9C80D496579DB2DCA0F895DB9A860BCD1939AE8C6BFF8C0E1F5
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
DispatchMessageA
ADVAPI32.dll
RegSetValueExA
ole32.dll
CLSIDFromString
WS2_32.dll
SHLWAPI.dll
PathFileExistsA
DNSAPI.dll
DnsQuery_A
SHELL32.dll
SHGetSpecialFolderPathA
MSVCRT.dll
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
xzt{}j}}m}}qy{u}
z{|wv}yx
}v{|x~
[W]|wy
w[=lJ&gA
c=Sh@4
x=mU'\I4p`qwj
fDcnMTeI>cL=]HF[K\`Q
fKwA+HP=XfUzqc
{}j}}q}
z{}yx}
fDceI>]HF`Q
hBmU'p`qOB
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b3</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>