MalShare

Sample details: 2eb9298d16c8460375cb151dbcc3ab72 --

Hashes
MD5: 2eb9298d16c8460375cb151dbcc3ab72
SHA1: ee3f60e47afdd6ac6f1d06675027307edea4678b
SHA256: 7de7e2620d9e26f426b22180811109ded87b55c64262f67d7e170acc1b3ef5d8
SSDEEP: 1536:uUpkhZCnGceQ6IdwzWaH+YkTliG7DQUm:upm7eQWWaJBUm

Details
File Type: PE32

Yara Hits
YRP/suspicious_packer_section \| YRP/UPX \| YRP/contentis_base64 \| YRP/domain \| YRP/UPXv20MarkusLaszloReiser \| YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser \| YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser \| YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet \| YRP/UPX_wwwupxsourceforgenet_additional \| YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h \| YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay \| YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay_additional \| YRP/UPX_wwwupxsourceforgenet \| YRP/IsPE32 \| YRP/IsWindowsGUI \| YRP/IsPacked \| YRP/IsBeyondImageSize \|

Yara Hits

Source
http://sonatrach.us/fidtest/micro.exe

Strings
!This program cannot be run in DOS mode. t1&^'m, o2;`/ Ys TF[po$ z=OKj yfaH<: ,8%&F<6MW [QZ^&, n (q o %9y<4c 2`N Y, Uv#R(H7 K> JNh ]h'W@q$ Kh.Xm%h7X KXBXAr BCWHNE 0Z5Z:Z RO!6\Ze #hKa=P LK< !^ "~"hN_ 2 .Z@.{cE aQ{-eS T3 %<j YaVtB.auE * 8Xfe $vJ<r_? BWB6 Z E<G}n hVj&dsH M?^GFCj! ]Fv,Z':ou GE@tkh'sYo ]P2+Su TX\dddd`dhlddddptx\|dddd IB;it,% ,!z,`R nQ&\RQ v89b\|I(U I4r4sW $aPLib v1.01} the smaller :)Copyright (c) 1998-200 9"y Jo#gen Ibs rved.l MorQinf ation: "o tp://w .i;softwa%.co 123456 passwor qwerty Mdrago+rMtno i7youa footb{g w]3v%reegm SdfbocHri mi{aB5 uaBuck Ufaithdmm oux`ly rlib_i axqazwsx 65432=amh =yspe1Ph %l9rob Bk182a 0p7b$+i _.!q2w3e3 mzxcvbnm mtx1lAx8^ cyhotg /J.u4YUIP? WDFILE0 KCRYPT SOFTWARE\M u,<{\W c;Mf} S .dPWTSG CjshS' 67X?N< DwhSAS ImpvLogg sGc!PS O%My D!d %s HTTP/ Moz<a/4u {%08X- y4vGh`lS_Cpr MS_b1C SCAPEP^& Zi 6`\| 6t;smw50 ]SQ(\|] 6(eUpyI JB-22Q _ViDyk \`z[6i .sqlv0je CXu#bX$ 0NTROL L4j+,r" \{CB1F 2C0F-8094-4AAC-BCF5 1A64E27F EU}?9EA 29-E}?757l 4825FT73]} XV^st* T h>, XGmK`F P"hFl7 -A95B- ESTX2m E7 4+d %-5# c+2 d)a57I cTCy A #4 YKNIQUE )F9043C88-F6F101A-A3 RV/uhL ' 51:b::\ YiTI mbuTTYm 'Ql.wjf9 z1734y-4DX ;926B568FAE6`B{4 RmAil6 `mM T$ !c(; @IT +E;?O( la^m!i T$bi.\ NsJt\. 4DRT-OK[ ;3+#>6.& '2, /+0&7!4-)1# + K_K6{o ?HcpyA vironn p! ViewO C?WidDko rToM)iBy,' 0+32Sn "$dS,6 pN3WF8@ .rsrcx9 XPTPSW KKiuRFWqFeiuXZU@3 MZF_qo==Xqqu WYMi\|K==Xlk ZDRoi==@Zel9 RKK@qiqR: uoqRROOqq Ou_a__T ee[l++++ @__ab` [eq+++3 @9T_`d '_eq[l+//3 ll[lq33/ luUlq/3 +//'qe(qu// ''/9/qq(u[ '/999F //999= ='/99:ou '=99:uu u(VLL \|'D9:@\|uu KuFKMuW@K FaR=i[ UxUXWxfUJ eXuUgr 3'ws4J tDCBVj $133ww #33BxW ohe!#3$B R!#3DE KERNEL32.DLL advapi32.dll ole32.dll shlwapi.dll user32.dll userenv.dll wininet.dll wsock32.dll LoadLibraryA GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess RegCloseKey CoCreateGuid StrStrA wsprintfA LoadUserProfileA InternetCrackUrlA

Strings

		!This program cannot be run in DOS mode.
t1&^'m,
o2;`/ Ys
TF[po$
z=OK*j
yfaH<:
,8%&F<6MW
[QZ^&,
n	(q	o
%9y<4c
2`N Y,
Uv#R(H7
K> JNh
]h'W@q$
Kh.Xm%h7X
KXBXAr
BCWHNE
0Z5Z:Z
RO*!6\Ze
#hKa=P
LK< !^
"~"hN_	2
.Z@.{cE
aQ{-eS
T3	%<j
YaVtB.auE
* 8Xfe
$vJ<r_?
BWB6 Z
	E<G}n
hVj&dsH
M?^GFCj!
]Fv,Z':ou
GE@tkh'sYo
]P2+Su
TX\dddd`dhlddddptx|dddd
IB;it,%
,!z,`R
nQ&\RQ
v89b|I(U
I4r4sW
$aPLib v1.01}
the smaller
:)*Copyright (c) 1998-200
9"y Jo#gen Ibs
rved.l
MorQinf
ation: "o
tp://w
.i;softwa%.co
123456
passwor
qwerty
Mdrago+rMtno
i7youa
footb{g
w]3v%reegm
SdfbocHri
mi{aB5
uaBuck
Ufaithdmm
oux`ly
rlib_i
axqazwsx
65432=amh
=yspe1Ph
%l9rob
Bk182a
0p7b$+i
_.!q2w3e3
mzxcvbnm
mtx1lAx8^
cyhotg
/J.u4YUIP?
WDFILE0
KCRYPT
SOFTWARE\M
u,<{\W
c;Mf}	S
.dPWTSG
CjshS'
67X?N<
DwhSAS
Imp*vLogg
sGc!PS
O%My D!d
 %s HTTP/	
Moz<a/4u
{%08X-
y4vGh`lS_Cpr
MS_b1C
SCAPEP^&
Zi 6`|
6t;smw50
]SQ(|]
6(eUpyI
JB-22Q
_ViDyk
\`z[6i
.sqlv0je
CXu#bX$
0NTROL
L4j+,r"
\{CB1F
2C0F-8094-4AAC-BCF5	1A64E27F
EU}?9EA
29-E}?757l
4825FT73]}
XV^st*
T h>, 
XGmK`F
P"hFl7
-A95B-
ESTX2m
E7	4+d
%-5#	c+2
d)a57I
cTCy A #4
YKNIQUE
)F9043C88-F6F101A-A3
RV/*uhL
' 51:b::\
	Yi*TI
mbuTTYm
'Ql.wjf9
z1734y-4DX
;926B568FAE6`B{4
RmAil6
`mM T$
!c(; @IT
+E;?O(
la^m!i
T$bi.\
NsJt\.
4DRT-OK[
;3+#>6.&
'2, /+0&7!4-)1#
+	K_K6{o
?HcpyA	
vironn
p! 	ViewO
C?WidDko
rToM)iBy,'
0+32Sn
"$dS,6
pN3WF8@
.rsrcx9
XPTPSW
KKiuRFWqFeiuXZU@3
MZF_qo==Xqqu
WYMi|K==Xlk
ZDRoi==@Zel9
RKK@qiqR:
uoqRROOqq
Ou_a__T
ee[l++++
@__ab`
[e*q+++3
@9T_`d
'_eq[l+//3
ll[lq33/
luUlq/3
+//'qe(qu//
''/9/qq(u[
'/999F
//999=
='/99:ou
'=99:uu
u*(VLL
|'D9:@|uu
KuFKMuW@K
FaR=i[
UxUXWxfUJ
eXuUgr
3'ws4J
tDCBVj
$133ww
#33BxW
ohe!#3$B
R!#3DE
KERNEL32.DLL
advapi32.dll
ole32.dll
shlwapi.dll
user32.dll
userenv.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA