Sample details: 1915a429d2592089646410e05eea4079 --

Hashes
MD5: 1915a429d2592089646410e05eea4079
SHA1: d016dbf0d9ba884edfbb0edb3189e78b6131429a
SHA256: 8843b2ecc4b4d6381ff4283d5ccb44a631c9183cd4bb7e381b7611fdbba784bc
SSDEEP: 3072:3faOEPOO2G7bhIUsPDQcz4RNLNUT1E97lN9F1poLTJzOd8MAWvkzxBR7:GPOObBIHVmNLuTephpoLwGQvkzxBR
Details
File Type: MS-DOS
Added: 2018-11-18 08:22:08
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/network_dns | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.17n
vQs&'s
Mm/Hjh
:X)P(R
wYn>-)}
IeqNCp
AFeMHk-
[tM[=g
_XYw6R8,
){m*eV
vf'zMJ
c	]^z	
[9 /=G
ZYpM Y
XEZ|na
dYkRBe {V
a`z@j{b[
o<eD?&
$EgA}v
MAJzn;
d&*Jm'
Ia5oS#VF
9O|Vh5IB.w
"l-vbW
f.q^ ~t
QsbG">
HTQ(yt
8XrgYpe
}/hd@6
oN}9$j
V&(\a!
7sNzcS
]F*8},
VrY$!NzU
'\d{mf60]
yr/ixt
S4)SXk@M1
g#>%HE
]`lOd9q7f
SI@r1NCT
]?RNM-9
)q3*S%
*"1O*+?
u4i)+d
8;P~eF
i0^<,l
X&i6V@
jTbBx<
VsU>wl
yu0a(Z~
h(D`	GH
RFMN6 U
@[FN(/)T[
"+8:\z`
g)xK"*&
^b91?(U
s(dWUd
$/L8FP;9
[=	o{9
6,}Sn'
gz<Ni^%
q'!&[38
rqP8a[
/x\^89l
:^/`&U
6<\D(EK
20$m_$*
&W'~bA
b%v\mx
XWNKAd
e1~l-S
R^-);F
Ex%}%r
i(Ix)|b
tI*5jM
 c#g8`
$NM2.R
@(5[Bv
+"9hp3
>K23*QhO1H
58e4],
m6.Mtv{
k$' 1~
(]Loae
(1"tg&
z9Ky~S
O	#0wR
|caY""^
YTcmij
\,}r`D
u2Yhp&
Lhe!Lf;
eWL 2v
yRU+:v*
|#>#yj
Q#h,dJ
YSp-3"
eXZ|\mV
-Xswb<
>R'yvk
JHYY(>
hwiF)8
S=.y2jf
jhv0yy^
X2@]H26I
Nm~v{%
0C`GL	
77'V}YN
Y]B$9fJt
'be%'Gu
LgVcIZ
/3Dx|k
z?a'?r
vPLG \
0 :!-3
!<#F*?
hs?+c:
//`2jx 
sH,X;[4
!"w'_F
+ydm/qg
ufU6dM
2+qvY}
W94+UR
@u{Llz
8_;`e#Tf
<D:01:m
?9{GTlO
Ql0aMj<
RhF5"VFNd
xzlxh5
?Z%[lB
8_'bX8
irO=4T8
["nvl;
L $d>>
d7$GA00
'@B`z\
5?-QiN
i+L;Bz
~O*NZp
^L%-8>
-.8;`%
$?x5iC
!)EeZl
`OKY?5h8
E*K}Ov
\{<:Mt
E,9DC4
59W&{X@
YDl5l6
-U6\oD9
z{F X"8
r=|AYz
|"{WM*m
u/Wn$b
a.e>BA
xKiQrH
.WSR"6
6ve%#S
7C275:
~40N|ah
t.NkpS
*>@B-UtV
"k]fK`
wjV<I800
vXF{lo
.F`^@E
-Z0h(7
(:ecs2
%MqsA"e
$c#B^],
l2T%dQ
Cnc\NU
8gPybI
\iESRc
ybJ%X$1
rTy>7\AU
DNuR RH
`>G#33R
jSY?F<
HU>PZp0
Up9u`1
-O2-s"X
M%SVgo;8
ahXSo[
i@dN{C
[_*cCgs+
LWzl.g&
T[|}+r
{EVuFWGB
$QV#V]
k,e!z`f
~*~	P=
	iv{m`
TpXO-o
nFQ)s^ 
?G' pc
M(W#NX
1US'uH,D
rx':9:
I {`OZ
R&|k(S
b#s*Ks
izy0cv
g<}ug 
aE6/1P
hF@X9h
cz#F-j
PS;VG"Mv
1 Fi0B%
MG"A&O
n~kbbj
L`!\5N
1C=btL
%t4OBk
"]O86|
+'P#m^
pqte)|
!bUufK
,LeZ0&
0<jY<l
nsB3	(
^V~rwp
J	HMkq
qs7&X"#
$SVd2zw pj@
oTYDUP
Y7Xa(;Q
	B82UZ<
]q>z@eLJ
Msut1#X4r
?|A]n'
_UzPwW
)pc9%\u
>H1d{<
].xOkgaq
,N!(e'
.?B?r,=^
7z-=/R
]z_!-!X
7[_a*[u
{-hq*Ul*u
twn?yv
+rwrzQ
G]Q.8iY
>;rIKB
OL^pSw
[PkXf{
	4:5Zr
v2XjU2
]}%r$|
kP(>V/Y
,cslG2B
h9J][9N
+6W[$T
2LZ?, 1x7n
023C359E44D993B2B2A4318E46DFDBB7C5F43755E0C543B87E50C9CE9152FB49056E71
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
MessageBoxA
ADVAPI32.dll
RegCloseKey
ole32.dll
OleRun
WS2_32.dll
SHLWAPI.dll
PathFileExistsA
DNSAPI.dll
DnsQuery_A
SHELL32.dll
SHGetSpecialFolderPathA
MSVCRT.dll
??2@YAPAXI@Z
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>