Sample details: 22ec2dd909e5d43fdc8d12e5889ec537 --

Hashes
MD5: 22ec2dd909e5d43fdc8d12e5889ec537
SHA1: 3024a62ca3395e6f4a2df4c4db5b8d7a32cf5422
SHA256: 88a47fe9da15241b41770d26c880dd9843b1d37ff39cce3cd09e7e78f8501934
SSDEEP: 6144:FK0Pf+0oRaNmT3Eb3Ine7z1p4eCWFlWcUl9vFmYO6QyDHSFjihwBes6wFD:l9owNGu3kc16eCWDWcU1QymNIfGD
Details
File Type: MS-DOS
Added: 2019-05-24 22:50:25
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Antivirus | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library |
Strings
		!Win32 .EXE.
M6vMY:
9$Y2D~o
c}/oYL
 \?9\:
7^]z0-|jq
t<dXw,
<^zgSQ
Kk\O%Jm$]
>.^KAAW
x}.H_z
,8cU?b
Lo`^"WKW
w2}2d1
:{G>s<@H
<S^7pnK
JacrQ`1n
zbQQ*D
CsCKiv
R@8+xa
)RDFVs
x^Oow4L`
3,*1LW
:}8&7/L[2
t.Wun[.
,<r6wK
C8/Q=t$j
4:t1~[|
d	 Lk{
6@3:_sJ
!W\#@G
*vl2~	T
-?)S(n
F	\)jH
7Q=1bQ
8e<BzR
vKsfUS
U<Em,a
TJM\L@u
SM\0n$
am"R 7
A ;lk"
0kd4tT
U"2XJ>
V^=5.)
PR#1uk3
R80UCI
P?5zjF
`Py$E+
{LtEBH
z'|]-Qxb
Nyrw:K!K
KsuM=eMi@sY|b
H@Gv\:r
o#"Tg#
yU677Hvi3.
;O|B%)
uf>#-5<
'EMNLx
oD(7|n
udVc2N
#7]07f
p36ilt>
d06	!*
{Iwi2b
{J06ov
qZZ6~M
+rZN?<
~YSN4^
T:l]9<o
>BT#D6
&6Kr3z
QSkLRP
.bo?U3
)Bzzx3D
n)98E2
^C'83B
hmRDoR3
mX1s/tT
X2"Kcj
I VCq+H
epT#vcb
"A&4y	C
v.bi/4
8J}#=o
_OspOJ
d,T4 i
HwA/PvM
Sf,c*u6
r#{g"|
[xXXyM
)1**[U
xxS<ZUUJ
>F	u!{
z++xX>
`eCS^"
dLZ{f.=8
+~Ndd:nn
1l__/jg
@kF}l*
=EiUnNm
"%B;DMk
v//q4,
a8d}q$U
2K]sA;f
EFw"8f
 <EZ9e6fo
>JBZhv
^i4"0v
M=Jktl
8m0#_9o
tLgw34
J7y_*>
ug}Z xa
L-PWGP|0
XRUP\V
hJKP^^
T&!2Gau
ohk%K[:8#
vr}2h(
|?n$H8
gOqjBN%
-@X	WT
G=kQjR
zS-aWZ
x>@O)h
=,'+bd>
n%2')D
siyN\l
ZvJ(q#& 
iet0Y<
y) IqPt
H:Q<k(P
E]xSp[
"[bSX.
jn2sMV7~Wc
4RA^}Qj1
6A%,$O
"-85OW
hIhbeLM
(^]4;Q
	Z6*9Q
^}OC.XKk0
ik2hN~
:G[h@q&
% dvCh
!JdqMo
yBf,gl.
59MxEI
us,y	"M,K
G+*4nX
,C;Q=W
]N;.'$)
h%s9*a
hNP3!DT)
5:xl};
t]"OH'=
W,"tU4%
9Txq,_
)P.sZp
tX6e|Ni
djC;8C
qVXpCZ,
.N\:si
 !B9cf
w8(C;P8k
y5&mD"
=E8RGLt
#BG*.<
8kek{mk
3xJDRtN
;.f]cBh
T7b;17'
sS}2.q
^3e<BV
$I_X[S
O<CGgR
Ou7 +;1
f1yN-{
lPSfgS
zW'$\uD
DGX1j3
V$aH8`
qW}82;1
>7^KvN|
|H-Uysq}
{hCC}=9
ggB<!^
gEUa]:0"
38ym5i
$~-LJ#
m "8P&
D8H_KH
H&z.}I
b\=L!j
/Ht)<l
~#,a{OV
'OL2e]?
v~6SF&
s5[Z7b>
:B+Ov@
-~-sy1
CiMF}V^
6hm9]z
Or8]..A
M^w`Dr
M?<IK(
w[(v~,
?bZr_f
_Sc\o~
_Q#E5`
\urD1;
d9r<I=
>.c	2n
a/5Mv>
V~]wwA44
9mV!Db(
]Y6-H}o
!kYGWU|
ZX ]g%
~NuV4a
@"AQS]~
Kr#Qkys
T]q]3L
.q=<c`
L1Ho!-
)8Ru5fD
nZK/5h5$R
J&IrU;
CouDBY
>2({a#y
	+&rq9d
0T5m32\
.=IBbby
55d>O$
b3OEmR
SU-55E
lq$~R1
d!a(Br 
V?ai%W
N&:7j~z
Hf':aZ
ti63SPym>R
z;*O,#
v@NNls
Vwue6+
=8V[#<
N=+5c;R
X2bQ`8!Bn
KYQZVQ
LbNTWo
9N4mWV
lV$9).M
F}(V	K
nd(K mR
.t4KKX
O+sX	Z
CJI@S.
\G<EI~
)9,]L=&Yz
g_=cPE
&C^	vY
"?Djb|j
$qN<A/
+d_-6o
i_=q>^
)ZW(v 
ZP@UIW
3l`V+i
zUk}]S
g]N8a'[M
0s3j:f
4O$b>*
r9PBR$
<z>56{
o8gj5c
-EZufmL
;q1oRE
tjQ<x"
zbZ`Q2
AJt0S]
E|W*yz
#64?h|j
{;@	siS
W@6s(d
uAAmNohIG
q(x3'RLX
(1KjRD
t`=ms)
Qz&6_cNl&/@
a9qUg[J
SQ0,=&)
rsIH?r
c6^!oI
\F6	e6Q
wkx[qW[
2ZWT:k
D!\rv0`k"
`PaUi[
HO6#eJ
R#d.9K
uG@:2LM
86 =S$
iAp^%1
J`[%0*U
 2Q;bZ
Hr4~5<@
finApg
^<zVfV
'd$ tqV
//-\bUO
/qcqSt
Ucd]&<u
X9e+3	
p]'(Z[
jN~jeu@P
-@:wMrI
l:mI2Q
>z+>0-
bypGqJ
IjZi+E
A+$?>Xw
[3Ia+I
FnD;pXb
P|F^Tw?
^2BJrl\
.>qY8Uez:
p*M)lb
Wt*^E(
31C]D(J
g0ULgt
#"7	gV0
mAqjKt
Vj<Z_8
"L*f"w
M]t\6R
=Ooe&\
U.7_)A
eyQlU-
NJ3MbE
smQ0sS
9>;\5reK
'lY#5]
NS;vodYX
<S7VUR
1%Wu%z
wn"a}wO
g@KD~[
4|5SS8
1Eo6	g
iGbMOH
/Me{5qB5
qs~YSU
[Im"R<
sdE~dx
pcP42'
`y[gz^
OO7MlB
e;A2u c
X	5]",P
q(hUKHD
`fV5iOzH
@co2WqlG=M
C/;;b25
MJpi#L
hPcx7>j
kv;^s.x
='M3h_
v 5c<Q
Zf^,qkq
Mbk	Ptv
DWP@,M
k"4/G&*"
BeoubG~9
*e847 Z
`|(1{I
QYja c:
FS-A(K
z-Cr]'
J}}M#T
C@ZjN$}
nbALk9
k#~icx
PyGBby
#v76mX-
*-om<i(
Df-~ATB
n.8V,u
hH&xT)C
iH4rTi
2HhI|i
`n=@f6
gQ>p27
i8c(h |E
6Y`+0B4
P!Mc"3'
<4<yM6
{Rx]`y
v|>U2+
9a0r_%
XSpi*v
T.xB=p
u7`!\7_v
9["[p+_
l41U ;
RbI%=Ad
@s:ixM"
jz)xKn%
FyEwq2
U+CLgE)c
N#Jp8&
i'Ovz6
1Ymu&g
!wVCp_
=kGI3~
7<vR<h
[Y $.1D
7d]yAk*
c4&OtW
:?N)d*
Vt~, @
ChGR`A
YhX'"@
t-1>-{
,_#i]2'
StM7R*WR
Y[BrRn
_.zp<q
tN@hA$
I!on-q
-`?X-a,
AHe%(#
WL"_Eo
!A^8>n
%!etDg
Ur!.lr
9p,b@u
UfuT-G
Fzj Gxv=,
g	Pe?r(
*`PX\)
>&386<
0SJ'#@
.fA]5N
*@;JHP
-L).DJ
T$5l4V
w,_ex]
j+	|Uc
5@VDR]
$hW2Vt"z
77]<76
5zJjae
Pb!A<A,
w,F3Y 
-P\&ym
BX'wP|
2q|^Yk
lmx}6u
SlhfCm9(
Nb2Q+B
[}c*#2~
3"X)0G
]}	HG;M
z'<wUSE
8[]te9?+
^Es`{z
Bz_*}<@,
OiRuPz2
-CQYVu
`w:1/rt
/!}L7t 
M#N=~(
FqRDR!
kV^h<C
T%0r$l$
wk1LPn
aKHv=(
.@%#lLE
aEno?l
]^-!+}
rkKZif
<WhJ[i
.p: h]
ry.GJ[
^?inJf
z)d	QH
odV?S	D
_Tw^Q\u0
vI{_z.Zau1
3c63z*9
V}8Jb^
PyQk	0
a&mT`K)
*+HdES/
S`]Q="
~9kCSy
;k	3.\
Z[";k;0
kw^]n4\[
%g0OHk
#acqGh
B%	/zA
4M 5^, 
x8U}	2
otr=Qz
zicZo{
DJ2V1%
$$uhdd
%q3]el
~P1N7T
.[wJHz
G5?p%*fM
H03_0_
Kz8wKLk
Mj.{6J/N
00<i:u
zuqTQlC
5?fl:\i
CA@B5/y5
,J^_{XT:
uk1Jp;:
DX +;j
V1_Tpz6
_	G|OXs
d'[D3	]
T%4=jS|k
z(hwk<H
bcni^JG
]2yphl
+?U5]H
8pu>(}
&%VnmPn
[rwfdl
|=EO$1
jc7-!K
2}@Z;C
LS8rkRi 9
BE"-)[0
Ewrl>4
s~c0\&YS
=]<Hx`T
hdR^0l
za.a]{
~RiVoK5
0:etHI
]@oC9)s<T
CE,v2H
[:2o*^
D^:]xY'
<L2*uC{
7slI`{
P>q	ip
ue-t#0
=$?)(+%
ODN<4'
{=iZT}D
AjAk+&|
3n\k!(
??$Nm}]Vx
X2qiR 1"
p%D{=KC4 
VFREi{
:g_S\#w
p.{|A+
DVHfpA
DZ;V4@ 
oUtN6<
l6um~k
VY5g;}h
R\UW_F
89zOmmM"
e*)TnVO?
='SdC)
zbp0K 
sK8r}WMC
vs_HF/
7l}fU5
`TYjT;
EFZ+~rlT[
)^UgIx
(@_/VF
9Mi&E"b
#2p|vp60
AW~T]]`
{^Y/MA
E$MM;E7
8,{a`X8T
Xg=_-i
z(j"Ip
~=MLeU
f8r2(z
F;[K@y
r9X2jW
NATubEJ
$aQf=[
FCM<&-
RDIytgI
r}zILE
{v^*;z
{4?DfM
G>p	jz
SgS;/{N
1N-E`JG
X[^U}c8
N0!pr;|
lRnK;}
X`{5b%m&
3$EFoa
4:Speg
Y~jo"lSZ
Y/Sz6w
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueA
COMCTL32.dll
PSAPI.DLL
GetModuleBaseNameA
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetSaveFileNameA
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
|{|M_][
mkjWlhg
$okhsMJH
EED=987d
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="Win.Defend" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>