Sample details: 28e2592eb1a2f564e452923ad8a5969f --

Hashes
MD5: 28e2592eb1a2f564e452923ad8a5969f
SHA1: 798d3f064649031473d0f43f925f1278ef88778b
SHA256: d46bd254dca93d2164e4f540cf17ed33a0ab14a8d0a4474bbe82593c4718baaa
SSDEEP: 6144:Kyr1dTjHSzjkA/LHennszCZqBCU2Xzd9g8tClsqNaX4uF4GQDZ+ZJa3I:VrvTjHwPLHkwMhC8tQNHnDoZJa
Details
File Type: MS-DOS
Added: 2019-06-20 02:20:15
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://112.216.100.210/SQLAGENTSCE.exe
Strings
		MZ01021
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12)
InP3b{
wY8U0t:
P}CwJ9z
G3m5-S
kB{5Eq
kG ACqNY
9+o3:{
<M"~]\
7E ,0m~a
L(qC.\+
#Ba^um~F
6Fc @O
!s7K$\
x%vGp4
5_9Q>Q
1Kl&334
T1vf,Nm
Cp'j?7&
~:/JE2:
-uQ$-"
e[6ja3p
]OE7Nm
Oet]&0
65L#(7rs
s/6o_;qX
aSm7Gr/
6|5A1p
euH";$C
)w%:++xF,
L;(lnR
exnt_yb
H&	:V:
I&yGRGw
)NUZ\iV1
*ncwv4g
B.0e!'t
XOT3:#
SW@wn3&
\16-D6
xeo3'I
(ZrN]Z
K$`K%@
8nR+o_V0
&M"L_%
(HH9^X7).
t4n[!2S0
5DPtr]<
'_JXw4
14!&kA
-9+5N}
!_W&Kj
C{OElL
)FVC\_t!
/AQOWn
,rrwNHw
WLue~+t
<Hl~j$
Qx5?&F
W[+0'~
j|54,F
v.#y[P(
8-+8Fx |
Cz{tVT@
[(1VRC
["(c-Y=-6
HP8li&
5v.0U_L
`aetNJ
Pa|nG[
#E"fv\
H_3>]9
#AelNz`%
v?sa5~
/X[y;JP|7
|gr0'.K
*}-hrziHVH
!AvA]`/
.^^b/W
03^0)o7O
M)mL7hC
!X5Qh.U=
Q[<ST|
a!l7WF
g='FN.
#vR*'</1
f$&JVMzt
To4^-QQ
CX3y|3T
*]s)6k>
$Ae #}.o
:EM9nx<3_x(X
OD{\d1E
SV M[(
W}Rg$g{T6
(qQg$0
\Q\?u(
gMu591
#	@rD	m
~!c$*w
[5"i&,
s$kf9e
#+l28_m
wStpaZ
Lrqjra
whN*YA>
\bDKMT"Ijy
Hw}2^Z
h3JV#L
4-Vm/l
eS)k	M
t%#?7t
!:uj:x
uxv@<D
FV6e]3
`.]p^P
K0,H	W:
UWm7wt
|)Q'4J
('.C~7DS<
La_7#O
A@d+ J
qX"r)q
YrYWRt9\
nt>&5A
)XMUZ=
?VlQUw
nv|?;Ln
9,?})"
od	3f:
#%c6<F{w
)gJVc7
xkjw;;
>@bemJj
O|XuF/
}N*4#D
:D-Bs3
$e$qzi
Jk^| L
^G![!|
adxYR(
.v7]pUi
vXf/\>H
8MrKe$
Tnl}WZ<
 0Mul)
$E9?)1Q
n 'CMA
pM.zFL
C'~)*w[3
b{nD1U
lt0S5_7
Ze*#Su
	frl-k	.
AyPNeN
$F=if>0
Kx06Ogz
H8n	V}U~
HM|yd/:
o4Z0X+
[1QSl+
~e?([jeD
-gFt\\
ydTB!$
'cYcxN
HEYn=+VlW
| 7 *J
"#i]D.
g*LV-W
!ZCUlM
_!sO2a
F0w$E5
wHU@6o
*2L1`J
buRcL^
kuV`z8
S/IcVs
\Gstv*
[J#]xw
S:pZ9K>
:%ksp%JO%
?aX `V
ZYZN/<
_W%7c9~
GGM0KF]
<Svp	3!(
ES")C=_nT
B3xq|>
gGBv!N
`xEhq2
0d$NG?
2uP6C"
i9(0Xe
{>SaMF
Je	pYT
rC78MmML
1*8`m}
?6m]`}
_(ZESt
pM[6,jC
sC$`z`
6L\=eb
{G|PzY{
NfK'`[
=:sV,s
p@KMs>
/d<54Q
G:y;Ulo
~,C4>|
mK?G$ z
:S6#(_
F-s]E#3;
$	P"?n
+IG-%ts
 mVvLh
ZRyXpxa
u|iy2w
"AU$?j
qV;tkd
ncK>&8xz}
GI`<kP
|4JHv0_W
Tx;%EQ
	/_]sA
GC{'zb
=fqZy[
H6<},$T'u
~(|RcG
d<$-an
y(N:vM
,Z*	cT
C3{aWf
c#F<)W
32Z1	e
d@IZV3L
S6_@KB
	eK&-Ex}[
:jX|_y
"w;~#~
=7<i~:
,\:	$!
}	C;9^
folGDx#
G0?%{4
1-X@3u
mLB1I(
%`x6f*0
9?\]!|
+=i$ER2
;}FcV*Y
)XEhF	
oo(*?>m
K40Pm1Ai
n	*lXi
;"3s4~
/eu*E[
~ )E1<y
~Ks6!R
3F@"4z
HQn\KF
n6Q5Hv
,["2`tge
;gv)u;
N^NUqf
P}o4\!	
`By$ji
H,O;qz
^bk?F8
4yx:<K%
&	<!6h
\5&FF}
jt1yWi
OK-fMT
M'{cV+D
RtpL\,D
z8&vFx
Mi?>}(
@AJ?7;m0
!+UnPQF
ia3IjJ
E1	/^>A[
nb6mZm
c=%b3f
MiG"A&
n}Z>T*
	KOrd]
d3k#~[
X}u_j<
ITFN `
Z}E'-P
qGBt-o
?#E6IC.
2gOqsr
$d!yEM
B'E!zv1R
Of'h2B
m2['E38?J
8ueGbE
ffxy|'
W/}@]`
oj__WH&
hQC_V@
H)h%{D
h*vW;~
a8r_C"
y3UC$Yh
hbL.+-a
 iXspW
jH^E	)
`16js$
pW3jLj
b^=vmz%7W*
x%<+x,l
-J*d7HM
eja$(w 
8X#&[r
$YZXNy
l'l[]n
ZTqWjj
;L'SZYA
v#,D;[
\MK"1 
?8/dg:
t*E*][kL
F@+*XO
ua]=[S7T
2Sq,DJ
.;DIKi
Jh}xJvd
og"'!y
(GGR{9
B.UvZ;
j6c/ut<
Ev"OAwT
aci=?t
qs;HA:
{$R#b"6
/hkL-]
89\OE-
/=]<tYq
A8#TqVH1
Scv0U LX
eWbd"9
LasS2W
%|uqb=
:ta/3Tp
9_v^)W
\H6v^q
VGvN.%,8
kQnMDk
@6UZ].
#VTO(Z
o0K;<cWe
7|2G_k
Awk(6x
 1-=Rih
oh@UUk
>Ibg'~
>lbd-;
A3\wAs
PVZLR5
"TQ:GG
+jJ+iG%
L49.	,r
GvK\x}{
-,_6+t
ZB{']w
hq|oh	
/P7d+$
1j0$-9
~^<Lx0
N"ffHlG
1RT/d8
S=+9q:)
ZBk')#
TT$	Nd4
pX$Wko
`si:YB
hN<?a`{
"P/TvGH!%
6Eby~K
~u5j0'0
,DK M8
X</\*;
Kr9ckrR
+vhI	BM.
o%Hb1d
'?Lj(v
P/;{Xgz
y'2{omv
Z3.&@SrTJ
rdEx350zQ
n3	O8f
M;I-="
FokCRW2
Oa=B35%j
/_e%x"
<~>!|[d
$u+ipl'C
bA_l0K	X.
u.CT+\
i5z_V,
)N(B6Y
nTk<S9
)HSRtU.PL
0KsT2-
]Ix~m_7u^k
`p)Rb'
}xd?nXW
e;1[H1
c-;rZ)
bW?:[h
g:*W^*NA
>DzzmO&
<)Le<u
nHEv"]b
dkoF,ht
H-}|l;:'
G8}	L6
:BUY[;
4d[NF^R`
R K@)?.T
W/2w)S
\NQc~&
ncXTz@
&0WA{vR
#M)tr%
|7,tcv;
y9Nk&q
E3u/2F
QCwM"@b
YTOdinQ
d;uH&8
+_xS?4
hH8Q#3
hGb.]o
z.)o[<f]
Z20lEb
7#vMM;
{dQtWg
%*T=-2o
l4lhe$
vaB,:	
]/cgg2
2+<_@I
xdz|i	
$2Qak1D
,1oD'K
]uyRaX
1@El`cY
?5.<>8
tYA|n>
{pmlTx
DbIn4ik
	~&L3u
nyOq$g
~"i*U<
sI4IY~a
@[P%P/d?u
noZOsw
3F*OS-
CF?3N.VG
l?dkt1P
wj9zH/
81O;#X
BC@3um
K|3c&{
03fxqP
X/zbMZ
\c$m	tp(:B
FGSUO@
,=S!Pmee
HgA/:f*oG
v0@_gI
4A0&w\S
X/?F|U
r<AKc>h
u`W[^dB
.$[=?Dw
kTRpWZ/
r0_Lc>r
>i1bA1(
U8i_Jg#
;sGdR-
2a,b[C
@?I<sX
itH];lx
S[2?s~6l_
;WhO-T!6P
LLq_'?Y
$:t5tV
lJ6B.5Jee
x0Z2sy
N;ABlm
	sf	o:
iq\RIf
e@f/=F
p?Mc7K~a
#=1EUP
8o~-K!{
k$!V^NKPN
E/w2yN+
LCbY~,K
GV7f01
Hy+ l^z
"b1'GR
WAsL5y
{#46#``/
)u4?"{
"30 E	
sbRTr'
`E_s&U
bjUA| -
jbRa$S
/AQ	BL
x1>2;g
P1R6Yp
5dr7.9D
IoKwD+
hL,N%9
dLL/;M
-6Y#Eg9@
2n<ii	
n5"?1Xgy
HYj*x>
	+Ur_x
Dp6*wp:
97|7`>
BCs4v8wb 
(of=QCc
|\wi5do
8bNsp>
EPy9eP
TxuC}@
Oi34jU
|	)S9=
S=!^qN
< AkaY8
WVG<a[
Zf={Z:
^mXRi+
pm,ON^f9
FQ3n*	c
#$VX<v
)~7weP
zU8	J.
0=d6-3
~EBy"Q
'&"I%q
KvgXaP$
Al\[cd):O
amf	jF
	<dwpR
Lzt)mAy
$gdV<%9
7::cOv{
	w2e#d
NkFD%j
^M3}/F
[VLq`*1+
xvhVEO
&?CnG@
3	r~^ 
U~&~'1
KD@up3
DTk&<y
:&|dop
dU@e~]:
RrLj39\
P.dHK.6
QwvP+KG
1+)J`~[
dXc[.m
{',81T
Tpgo*QlM.
EfrP(ue
U4'Gd(
&u*lR7
H274(At
L3U&%l1
.RQhkIV
k$/H9f
%hv?jI
C]E8ds
NvaU~I
u4_qHn
C\a@0W
iJqul&/
}IPz5N40
Vw;.$wA
HurXdl
92##T2
~`"7@W@
jmG~kbf
S(Tq*W
~-D/id
,Tn&ZCx
[l87u;
&3H/U'
POO6"a
o3u0hKh6
FYS9mL
*IA4}6
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
.D/	8S
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>