Sample details: 18a4a9011e3eec05020a786773105ae1 --

Hashes
MD5: 18a4a9011e3eec05020a786773105ae1
SHA1: 7526ded05447401e1fb9bf9985057ade48f76de2
SHA256: be168be3c61d1e75719d0a307bf62d2fb88736fb1130df02637812c11a6f3d0b
SSDEEP: 3072:tE40YyKrvX5kSFvuKgZBDJ3MHgDLblbPN/lR:tSOzX5kwvwZB+sbRPN/
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
B!=]@B
G	5qAB
C1=?@B
0+=(@B
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
G~ufJB
462n	@
OFF`P0
hx#zZ9
L7@T~6
T1)NAD
$s$cZ~
K-	=Lbd
i@:{:_
Mp075~r}
A$3[:j
Kg\R}e
F6eF_w
8oi[Yn< 
6zqBpD
wf2B_'
iqR$tC
I+pmxj
wvdiJ7
CQuTTK
p~'&mB,
~PO/?aS%]Q
;toCzQ
i20g[p0
kwA77k
J <f?7Q
r?P9ae
+)S7j%>)
+x!AIrc
_=Wwop
{.aMC)
vD:qPcxq
-)-"x"
z;^IP	
ln*f5s
5wksWE
+EL7jP2
t33JpD
SVck	0
`eU_z)"
L0;YL3
f7"D%5
 _jM3$v
G#_>u3
O/U&O7ggA
LEQ?j0
EcROv"N
QaAiN'
g$@{%>U
^InS.)G
#4*mF]
?z9ar;
#`Cj>B
Bho*`/s
#LL^5oe
#>5l8!w
T&0pKo
$	O}'W
R/59`n
kM;i'o
sIcdJuHg
0z}@7`
Pkw:Yv@
3R'9uK2
oU]O<;^
Z	YJPH
]'bMoi#
|GmX%._&?
JD6.F&
R3^^ZV
|y_rNy
8d)=.Q
ekT*$0?
neor\$1-
YBFKk<
<v/5}X
Lu97U:
t"gBVM;
jSRh+D
P-Hqsc
w&qoEgM
xf/!ngNhe
:=Ge+[E
tD7~	9
1<JMp^
#8P`oBP
HZ<mq,
\~dN*O
tb	Z|_H
w[	!EGK
'9&!_bf
b-\Vw"
l0*D^q
k&~MY5
T)gp_0
/RJF6x
S1L	#;
z4Q`oZ
m6qj; 
-xi!_9
ge0pU7M
Y,+H o
BG_nzLo0
dpp	;8/u
":mwf|	6
wi-}#[Xj
+'AOm*
Qf8sc'
Qf8Oc'
Qf8Kc'
Qf8gc'
Qf8/c'
Qf8+c'
Qf8Gc'
Qf8cc'
Qf8{c'
Qf8Wc'
Rf87`'
Rf8o`'
Rf8k`'
Sf8wa'
Sf8Sa'
Tf83f'
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
ResUtilGetBinaryValue
ClusWorkerStart
ResUtilDupString
ClusWorkerTerminate
resutils.dll
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
RegLoadKeyW
RegEnumKeyA
ReadEventLogA
RegSaveKeyA
RegUnLoadKeyW
RegCreateKeyExW
OpenEventLogA
RegOpenKeyA
RegDeleteValueW
RegRestoreKeyW
LogonUserA
advapi32.dll
GetDateFormatW
CreateFileA
CreateMailslotA
LoadLibraryExA
GetSystemDirectoryA
WaitForSingleObject
lstrcpy
GetCommandLineA
OpenFileMappingA
GetCurrentThread
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
CreateMutexA
GetEnvironmentVariableA
lstrcmp
kernel32.dll
InsertMenuW
GetPropA
LoadCursorA
DialogBoxParamW
LoadMenuW
	wsprintfW
FindWindowW
IsCharLowerA
SetFocus
LoadBitmapW
DrawStateW
CreateWindowExA
PeekMessageA
GetDlgItemTextW
CharToOemA
user32.dll
RecycleSurrogate
SafeRef
comsvcs.dll
60@0G0M0Z0f0n0y0
1 1+181D1U1[1h1t1
2"2/2:2G2S2w2
3'343?3O3\3g3t3{3
4)434@4L4[4e4k4q4x4
5$5/5<5H5X5v5
6"6.686>6K6W6d6q6}6
7!7)7=7I7T7
8)868B8V8d8q8|8
909=9I9Q9W9b9h9o9u9
:/:9:S:\:g:m:z:
;+;7;?;E;P;];i;
<(<4<B<P<a<i<o<u<
=4=A=M=]=d=p=}=
>$>5>;>C>O>\>h>x>~>
?"?/?;?N?[?h?t?|?
0#030@0L0]0c0m0v0
1&121C1J1U1b1n1
2%2:2G2S2k2q2~2
3 3-393F3S3^3o3w3
4&4,494E4T4a4m4~4
5 5*505:5G5S5`5m5y5
6&636?6T6`6m6y6
7,727<7I7U7m7z7
8%808=8I8_8l8x8
9.959?9L9W9d9j9p9v9
:$:/:;:G:c:o:|:
;#;/;;;K;Q;\;i;u;
<!<:<@<G<U<b<n<
=*=H=U=a=n=z=
> >0>7>=>J>V>e>r>}>
?%?,?2?>?K?V?g?r?
0!0.090J0W0c0k0q0{0
1%191T1a1m1}1
2!2'2-2C2O2[2l2x2
3#3.3B3H3U3a3q3~3
4$414=4N4[4f4n4{4
5&525E5K5Q5Z5g5s5{5
656;6A6M6X6h6u6
7/757;7F7R7^7n7z7
8$808@8L8X8`8f8u8
9'999A9N9Z9e9k9q9w9
: :-:8:@:I:T:`:l:
; ;4;I;V;a;r;x;~;
<!<-<9<I<T<_<k<v<
=#=/=;=K=]=d=j=w=
>#>0>=>I>Q>^>i>q>w>}>
?$?1?=?M?T?Z?f?r?
0$040;0F0S0^0q0x0
1%121>1]1j1u1}1
2)2:2G2S2^2i2o2{2
3)313>3J3Z3`3j3p3}3
4#4/4E4R4]4m4w4
5*525K5W5c5k5q5w5
6%6/6;6G6V6a6n6z6
7#7/7E7W7c7p7|7
8!8(858@8H8N8[8g8w8
939@9L9W9_9h9o9|9
:(:5:A:Q:W:d:p:x:~:
;!;8;E;Q;e;r;~;
<&<2<:<G<S<k<w<
=(=8=E=P=X=`=f=q=~=
>*>:>A>K>X>d>l>w>
?"?*?5?B?N?^?d?j?q?|?
0'060C0O0_0e0q0
1(141G1T1a1m1u1{1
2!212;2J2W2c2w2~2
3'343?3G3M3U3d3q3|3
4/4<4H4U4b4n4
5.545:5W5d5p5
6 616;6E6K6X6d6l6w6}6
7&717>7J7]7j7v7~7
81878>8H8S8`8l8y8
9(9;9E9P9]9h9p9}9
:+:;:A:I:V:a:p:y:
;(;4;L;S;^;k;w;
<(<0<7<D<P<X<^<f<q<~<
="=(=3=@=L=]=j=v=
>$>1>=>U>a>m>}>
?'?/?9?F?Q?Y?_?f?q?~?
0'020B0X0e0q0
101=1I1b1v1
2"2-2:2F2W2b2n2y2
3"3*373B3J3P3V3c3o3
4#454M4T4a4m4u4
5'5/5>5D5J5W5c5p5v5
6%6+6@6F6P6f6s6
7&7.787>7H7U7a7n7t7
8!8,898E8b8~8
9+979L9R9X9b9m9z9
:!:,:9:E:U:[:a:m:z:
;(;1;>;I;Q;Y;c;o;|;
<#<)</<<<H<U<]<g<s<
=#=+=5=V=\=g=t=
>+>F>L>Y>e>x>
?&?,?2?8?>?K?V?`?j?v?
0(00060A0N0Z0p0|0
1"1+161C1N1_1l1x1
212=2H2R2_2k2x2
3(343P3]3i3q3|3
4"4(4.4;4C4M4c4l4y4
505@5M5Y5a5g5t5
6 6,6K6Q6[6f6s6
7%787H7O7\7h7x7
8)848G8M8S8^8k8w8
9"929>9J9Z9`9f9l9r9
:":.:::B:M:Z:f:
; ;*;7;D;P;h;u;
<+<8<D<U<\<b<q<
='=4=?=Y=e=q=
>)>5>F>L>Y>e>r>~>
?"?-?:?F?Z?g?q?~?
0*020@0H0T0a0m0~0
1 1,1<1B1Q1e1x1
2"2/2;2H2O2Z2g2s2
3%3+363C3O3g3t3
4"4/4;4N4Z4g4s4
5-53595M5Y5e5}5
6%6I6R6_6k6v6|6
7%7+757;7E7R7^7f7q7}7
8)8/858@8M8Y8j8u8
9+979G9S9_9g9t9
:0:<:C:I:V:b:j:q:w:}:
;&;3;9;?;];h;u;
<7<D<Q<\<s<
=(=9=F=S=_=o=z=
> >&>,>7>D>P>h>u>
?(?0???E?S?`?l?
0+070Y0d0r0
1+181D1T1a1m1u1
2#202=2I2_2l2x2
313=3I3U3f3r3|3
4,484K4Q4\4i4u4
5 5(525?5K5S5Z5c5m5z5
6*656=6J6V6^6d6n6y6
7,787N7\7b7o7z7
8,888E8R8^8y8
9$9*9;9H9T9^9d9s9
: :':2:?:K:`:m:y:
;&;,;2;?;K;S;`;l;y;
<"<.<?<L<X<}<
=#=0===I=Z=`=f=p=~=
>">/>:>M>\>i>t>
?#?.?>?D?O?U?\?h?n?
0!0.0:0J0T0c0p0|0
1+1>1K1W1m1y1
2*2?2E2R2^2f2p2v2
3)353E3R3^3o3u3
4$444I4O4\4h4p4z4
5 5.5;5F5S5^5t5
656B6N6_6e6q6~6
7%797B7O7[7p7
8!8.8:8D8R8^8j8
9%9.9;9G9T9a9l9|9
:,:6:@:J:Q:^:j:r:x:~:
;#;.;;;G;X;^;e;s;~;
<-<:<F<V<\<b<h<n<{<
=&=3=?=P=V=a=o=|=
>&>2>H>T>`>q>w>
?*?5?;?H?T?\?i?u?}?
0*0;0A0I0X0^0k0v0
1)131N1[1g1y1
2+2;2H2T2_2e2k2x2
32393?3Q3^3j3{3
444:4D4P4\4i4v4
5*575=5J5U5]5c5p5
6"6.6>6K6V6h6s6~6
7)747A7L7]7c7p7|7
81888>8I8V8b8s8
9'959B9N9a9h9n9{9
:#:):6:B:R:_:j:}:
;);2;9;@;L;a;n;z;
<$<*<9<E<Q<]<m<s<z<
=#=)=2=8=I=S=Y=b=g=n=t=~=
>%>/>9>@>N>W>]>d>q>z>
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
gqirojgnipqxccpst
uhhiyotlhnocwt
tkgpfvdndlsujgw
H<mqz|
6|?w4	t
QvD5v7