Sample details: 1969f35f73396f867204a4b8d780e959 --

Hashes
MD5: 1969f35f73396f867204a4b8d780e959
SHA1: 1affdc1865adc3f24242a42780c5e16760fffd35
SHA256: 10d69349791aaf736ba5a419dd15a99d2d7ce81b5f5712a1a000a2e158c30955
SSDEEP: 768:C/v0wWzHc+v2Pssa1pGyTND7D8WQK+oU888Rxf7G7s3zE8eJ:OvEzTv2Ps/7G0GQU1
Details
File Type: MS-DOS
Added: 2019-06-19 14:30:22
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section |
Source
http://112.216.100.210/o/MsDtsSrvre.exe
Strings
		MZ92043
!Win32 .EXE.
.MPRESS1
.MPRESS2
	&{yG@
em[>gr
M%Wh9d
U>:aWp@
gFQf)2
7[A[dT
$j%rPo
u,0X8>
n-[oPY
Ort(za
CI#g?I
UEeYrq6
Gp!9b3Oa
LTcNf4v
&Ro4|1
_fp%-H
RAOham
7><,ot
Yb 2A\
J<}CA|
;K}@{*
V`yQZ!
23NG0L
"v2NAx
W/SOk,
Qg/9:ZI
"aBR~]
1"6*Dg#
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
MSVCRT.dll
USER32.dll
wsprintfA
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
WS2_32.dll
WININET.dll
InternetOpenA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
X																		
#)*""888977
## $;@
J# /5;Ag
CMu-::55<Ah
__dde@Ahk
ollppq
rje??9`xY
X3ITJJPPPY
*]5!#(D
d``AcV
8PmVL6%$
4QkUL@
*_t***1.
8QkULC
*u*[\\a(
9OkULC3
9OjSEBA2
:RolTHD5
?psssqn>
egihfb
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
 manifestVersion="1.0"> 
  <assemblyIdentity version="1.0.0.0"
     name="sqlps"
     type="win32"/> 
  <description>SQLPS - SQL Powershell</description> 
  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>