Sample details: 1d7a579a3ab3e27c725879a9a55807a2 --

Hashes
MD5: 1d7a579a3ab3e27c725879a9a55807a2
SHA1: 61d28db68e57839d8c83d1e11c68a50a5eff5135
SHA256: f3c7d2666cb03d760bdc8e7c4843b12014255f21a10e5c10ba8462169f65de4e
SSDEEP: 3072:JTqV/QTdBN2G11i1gyJ5jUrDSE4miMmtF1hGxPWho4O:NdBNx6gq5jUa3F1IxPWhm
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/MD5_API |
Source
http://79.133.98.68/lord.php
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
=0=oAB
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
7%A=JdZ8p
gG ~J5
G~R.hJ
(=77|^
ig-+Lo
,~89{+
\_~fUN
s4q	H4
?M!w(S
$/-:g/
CE?ZZ*U
Uf?'3g
V`^c&B
#)S1[dI4e
RzuS`G=
u.&R05
v<C$D}X
[3xDnrm
23WKaF
BVJ~yd
s,Mz\%
f3!>d\;.
-	pf A
o21Z\	O
* m-#Q
Uj.GO+
HR<h K
rh:g[j
]~~RNL
9rJALW
v#tizZ
9pPaxU
u973x8
fvi^l41	
A A{lWhZ
QDUHS/
m5/J(1
}ydbkJ;
+G~K#}
k)@x34
N1?dSE
vkKc%YOr
[*5X8H
4<'eT7
2O	y*N
U]EGh 
.%y*n@@
]WC'<e
a;&9.E
)hvE;c!
Ss~p	A
n	.aYH
blpoP*p
k=	w}u
Ssrkd2
j+'z^-
S4%'O>
|Hd[_f
[$yh	m
{dp[8V
kD?xF;
J"j&F,Zg
B,i0pp
d` 9s,
T	AJgH
plpkvY
5RQ[\.c
c/}oRl
M^Z'yV
wtH	)N~}
@0n07D
pvh+uCP
1?JY(2p
s5h,At
{knI9=
uJ.]?xo
PPXH!<x*
v+w3t0
D0)18;
PZDb+p@
+b3:0N>
Azl_'J
 Dti5;~
CpL#/{
TqEF,S
U1H7UC
{cZUrn
Cc|$q"
Cc|Hq"
Cc|Lq"
Cc|Pq"
^!.rqo
xwx3$E
pi;b8PJ
L")FK`
-v(c)=
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CryptMsgDuplicate
CertAlgIdToOID
CryptMsgControl
CryptMemAlloc
CertCloseStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CryptFindOIDInfo
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
MD5Final
CDBuildVect
MD5Update
CDLocateRng
MD5Init
cryptdll.dll
RegDeleteValueW
OpenEventLogW
RegEnumKeyA
RegRestoreKeyW
ReadEventLogW
LogonUserW
RegSaveKeyA
CryptSignHashA
CreateServiceA
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageW
CharToOemA
CreateDesktopA
GetWindow
DispatchMessageW
GetClassLongA
IsWindowVisible
IsDialogMessageW
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetProcessHeap
Heap32Next
GetACP
lstrlen
GetStringTypeW
WriteFile
GetModuleHandleA
GetCommandLineA
CreateFileW
SleepEx
GetConsoleAliasA
CreateMutexW
GetLogicalDriveStringsA
EnterCriticalSection
OpenWaitableTimerA
lstrcmpi
kernel32.dll
:0@0Y0j0q0
1'1/1=1C1\1n1u1
2#2)262B2J2P2V2o2
3"3)3/3>3D3J3c3t3
4*454=4C4O4[4c4s4z4
5+515F5S5_5g5m5
666F6L6V6l6r6~6
7#747@7J7c7t7z7
8#8,898F8R8Z8f8l8y8
9#9+919J9`9f9n9
:#:/:::@:L:V:o:
;!;+;7;C;K;X;d;q;y;
<'<-<9<F<R<Z<r<
=!=+=D=U=\=d=}=
>%>+>1>7>P>n>v>
?!?)?5?A?I?V?b?j?w?
0'0-070A0M0Y0a0z0
1$141A1M1U1[1t1
2*262C2O2W2]2v2
3*3=3J3V3^3j3u3}3
4'4-494?4E4Q4\4d4k4
5'5/555N5^5m5y5
6)656=6K6Q6W6a6z6
767F7N7[7f7n7{7
818A8G8_8o8y8
9-9=9G9_9
:$:,:9:E:Y:b:o:u:{:
;#;0;I;Z;s;
<8<M<S<]<d<}<
=%=2=J=P=]=i=q=
>'>.>F>^>n>v>|>
?%?.?;?G?O?Y?_?e?q?}?
0#0-070@0Y0k0|0
1$1/1H1Y1a1k1q1~1
2;2F2L2Y2d2n2u2
3*393F3R3_3g3q3~3
4#4<4O4U4_4n4}4
5 5/555;5A5Z5k5u5{5
6(6/656B6H6U6a6p6z6
757B7M7X7q7
8!8'848@8H8N8g8w8
9$9.989D9P9[9e9r9~9
:":*:7:D:O:W:a:z:
; ;(;4;:;L;R;];f;r;~;
< <'<-<:<F<N<g<z<
=/=8=Q=g=m=z=
>0>@>G>T>`>p>
?$?*?7?C?R?k?|?
0#00090D0Q0]0g0p0{0
1$10181Q1f1l1r1
2,282B2[2l2v2
3$3+3D3Y3`3g3o3|3
4%454N4_4e4n4{4
5#5.585?5X5n5t5
6&666C6O6W6a6i6v6
7!7'757B7O7[7c7|7
80878P8`8y8
999?9X9h9
:&:?:P:i:y:
;#;+;D;U;n;~;
<$</<5<B<N<X<^<e<}<
=&=2=:=A=G=N=[=g=r=x=
>#>0>;>E>[>g>o>u>{>
?'?-?8?>?V?f?l?z?
0*0C0S0`0l0~0
1!1'1-1:1F1N1[1g1o1~1
2*242@2L2T2Z2a2z2
3#3-33393Q3j3
4	4"464=4V4j4r4
5"5)565B5J5Q5\5b5{5
61686>6D6]6n6u6{6
7$717=7J7P7Z7g7s7{7
878@8Y8}8
9!91979D9P9X9^9k9w9
:(:;:M:^:d:j:w:
;";*;4;M;_;k;w;
<%<2<><H<a<q<~<
=$=1===E=^=q=y=
>.>D>]>j>v>
?+?5?;?H?U?a?i?s?
0"0(050@0H0Z0`0y0
1-1F1\1b1h1r1|1
2(242C2P2[2k2x2
32393V3]3v3
4(4.454;4A4N4Z4i4s4
5"5.5>5K5W5_5l5x5
626C6I6X6^6j6v6
7*707:7@7Y7r7x7
8%8+8;8B8M8Z8e8m8v8}8
9(9A9Q9j9
:%:5:<:I:U:]:c:|:
;%;1;>;D;];n;
<!<)<5<A<K<Q<X<c<|<
=&=.=8=B=Z=p=
>6>G>M>T>Z>d>}>
?#?3?9?A?G?X?b?i?s?
0%0>0V0\0i0u0}0
1(151A1I1T1Z1g1s1
2 2)2B2S2a2z2
3)3<3B3H3T3`3h3o3u3
434=4G4V4c4o4w4
5.5?5K5W5g5
6#6)6/656N6^6l6v6
7%797C7P7\7i7q7{7
8"8/8:8B8M8S8`8l8v8
91979>9G9`9p9
:*:::S:q:
;/;=;O;g;
< <-<8<Q<X<^<w<
=%=.=G=X=b=s=y=
>$>/>G>X>^>h>t>
?/?@?M?Y?a?n?z?
0%020>0F0L0V0o0
1#1<1N1X1^1k1w1
2(242>2F2b2i2o2x2
3)3/3H3X3b3{3
4'4-4:4F4N4X4h4r4
4-5F5\5b5{5
6%666=6V6g6
7(7.7>7G7W7]7j7v7~7
808@8Y8j8s8y8
9,9E9U9m9
:#:;:K:W:c:k:t:z:
;#;);6;B;R;X;d;p;
<5<E<^<o<
='=3=;=E=P=V=_=l=x=
>!>'>@>P>l>z>
?*?0?I?Z?d?q?|?
0 0,0@0F0S0^0f0p0
1%1,181D1Q1W1^1o1|1
2'282D2P2[2a2g2m2z2
3&3/3=3F3R3^3f3l3t3
4"4/4:4G4M4f4v4
5,585@5Q5]5i5q5{5
6+6;6A6G6O6\6g6y6
7/757<7I7U7_7k7w7
8)868A8K8Q8j8z8
9)9@9X9n9t9
:-:4:P:W:]:c:j:
;';3;;;A;G;M;Y;e;m;z;
<#<<<S<Y<d<p<v<
=,=6=@=I=b=t=
>2>C>\>s>z>
?3?D?J?b?s?|?
0!0.090I0O0\0h0z0
1#1)1/1C1P1\1f1l1r1
272G2T2\2f2r2~2
3'343@3H3S3[3e3k3w3
4-4@4X4h4n4t4z4
5%565O5j5p5v5
6#636:6G6S6[6a6
757;7A7N7Y7a7g7o7|7
8#8<8N8g8{8
90969C9O9W9]9v9
:%:-:::F:N:g:|:
;$;*;C;S;Y;r;
<%<2<=<E<T<m<~<
="=.===J=V=b=~=
>'>?>O>X>d>p>
?*?C?Y?c?{?
0#0)01070F0S0_0g0s0
1)141<1B1M1f1w1
2'232?2O2]2n2u2
3%313;3E3R3^3m3s3
4&4.4A4G4O4h4x4~4
5"5'5.595C5I5X5^5d5m5w5}5
6,666A6M6_6e6k6q6w6}6
7 7)7/787?7E7O7]7
9'9-969<9G9O9U9\9r9z9
l1tyhnmiopkmnyunbgt
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl
E$]g3w