Sample details: 21cf0965b34b22d6e042ef3e4ab30bce --

Hashes
MD5: 21cf0965b34b22d6e042ef3e4ab30bce
SHA1: c94a23c8f8ac7f3bd171c810ba2e005f5f042882
SHA256: 4a9d9a198c66400067832d34f3509beff7de709acda78408699687be3dff0b54
SSDEEP: 768:H/v0wWzHc+v2Pssa1pGyTND7D8WQK+oU888Rxf7G7s3zE8eJ:fvEzTv2Ps/7G0GQU1
Details
File Type: MS-DOS
Added: 2019-06-22 04:36:55
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section |
Source
http://112.216.100.210/o/MsDtsSrvre.exe
Strings
		MZ21424
!Win32 .EXE.
.MPRESS1
.MPRESS2
	&{yG@
em[>gr
M%Wh9d
U>:aWp@
gFQf)2
7[A[dT
$j%rPo
u,0X8>
n-[oPY
Ort(za
CI#g?I
UEeYrq6
Gp!9b3Oa
LTcNf4v
&Ro4|1
_fp%-H
RAOham
7><,ot
Yb 2A\
J<}CA|
;K}@{*
V`yQZ!
23NG0L
"v2NAx
W/SOk,
Qg/9:ZI
"aBR~]
1"6*Dg#
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
MSVCRT.dll
USER32.dll
wsprintfA
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
WS2_32.dll
WININET.dll
InternetOpenA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
X																		
#)*""888977
## $;@
J# /5;Ag
CMu-::55<Ah
__dde@Ahk
ollppq
rje??9`xY
X3ITJJPPPY
*]5!#(D
d``AcV
8PmVL6%$
4QkUL@
*_t***1.
8QkULC
*u*[\\a(
9OkULC3
9OjSEBA2
:RolTHD5
?psssqn>
egihfb
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
 manifestVersion="1.0"> 
  <assemblyIdentity version="1.0.0.0"
     name="sqlps"
     type="win32"/> 
  <description>SQLPS - SQL Powershell</description> 
  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>