Sample details: 2f27c14f1e914bdb30800a22af07c549 --

Hashes
MD5: 2f27c14f1e914bdb30800a22af07c549
SHA1: ed1a124269816d8c400c30790653262bc215b45a
SHA256: 2447bdf68afd98fe2808befe06a738c52f298aeed93d72043df67a4d1dfc2adc
SSDEEP: 3072:SL83s21VklM/NfTHjHXeye+qh3Na9u/U/:SY3hGIfTDBsM
Details
File Type: MS-DOS
Added: 2019-06-22 17:44:20
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://112.216.100.210/o/sqlbrowserse.exe
Strings
		MZ34328
!Win32 .EXE.
.MPRESS1
.MPRESS2H
v2.12?
$[jY/tpA
q/@u r
d(z?k[:
4Zbw#:
/Kn+Je
|[aWwC"Y
p^Z\gQ
Am}z5h
!?wyfd&S
Gz,Amo
Hmg>6~7I
lVz00Z
dkR?cy3
*R%BAW
cM|h1X
CC,	;M
Bq|QL?.
XHojiG
SJ	D+mp
Qm5u%x-
@oX*gE
b5_96	
Itx@#D
#?H-HM
Yq>c33
&Qr~ui
rbe4)?!
zqXeQHJ
l.bOGr
^O:n\3
PR7%Rer
X*4|-p
#z3b^ji7<
X[r&6g
OBbpch
c		b#|
K1Nw~(
T?dtc5
><~@Gl
hMIdMf
fu/6k*
<rQ8(0
E	TX?8p
k22PKY
;O6TP3`W)
X9a>>;
K4MvXH
%mv&Po
+)"}F\2=
S50_$}
A-dO=0:
mpjV !5
'eEoIq
c/kO(P
V.yWGJ
jNAEwr\,3
	]4PZ0
`6X++f
YGOX<H
*	]/d*
eN$~*G
nq|M)EpX
BiaFQ%
#l>.tq
5++M:@
,Fq]kUr
A?&>Hk
	L}0=e
-uqR[hJ
JgdLL^
8nn?S9
k";Y4[
87f/h_
)/Nh6@
1i+-$2f>u
)4E?-T
MYuC7Hu#
`:.t7,
f|ce+I
	*==4_s+X<
LD{n<0qM
U[QU7r6'
%k"oSa
L6W/O3
*#<Md~
SGVr%F
P/"E4"
49QNpE
y}rVs|
<BZ['r
0kwb;T
&3<'T4 
~[j{	x
w,} ,R
=YF^;q
Bd=Xch)
!>IThn
Uph!)N
ZPc<bC
7&R!M?
xT?QgJ
d:< 4+a
6s*7RF
 yZ.1f
bKJ*4+
[=*z\4
-)[sM2
h*!L@"
EG#	aE_
}$0iy %
HY`RU_
-d*kHL
zY.4_qH
fKzHe3
e9f"TP3
ULg}PS
jn0rL0
!wno `W[fF
x{!JFRap
{824&>8
PK8lWS
EBX| 7I
6K9QL!
ppu	wF
P7 K r
"'~5jog#
'gp<-Z
!8i.H\H$
oP=cnqp
O&)NxRPk
	i.dIE
eQhz-Fn
5M`|Q_H
WQq^lE
z&sZhG
E_K-+l
dDAA-Y
|~<vo':
LV+B{YA3k
o/c-Y3
<tb7YU
2}BHY-]O
WA:fM4
m ~M {O
m +z{4-p
$	&k?n'_@
O\jsk1
@6I:pJ
RoB K38
adKDl$o
wHIP](
E#+;(F
QKTiu,_
(s^R+)
U%tG!6
"AU}iE
u4efbb
u`Swp#|
lN`K'O,
n3Hr-'i
N$I\VY
abd=	K
T$LF/$[
odCY1B
a~LXI.'
hY"{Tb
M6'rHV$O3
ATAr6?@iH
0$J|2<
b/,xdy
71N'0T
;wq3qU
A\S]V~
c}3(/l
rf_ 6e
qjfPVQ
o@vg;^
V{Vc#k$
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
ADVAPI32.dll
FreeSid
SHELL32.dll
ShellExecuteExA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
Gjppppp
bpc[;3*IFNB>@E
GhMhA_i
Cec[;3*GWWWWD\
cpc[;3*GppppOp
G@LWW]T
=fc[;3*GGGGHJGG
cpc[;3*#
ooooo"PRZ7. 
ooooo"9dc[;3*
ooooo%gplmpkaQ2
ooooo(ppppppppp
oooooo5X`gnd^</oooooooo00'!$&-ooooooooooooooooooooooo
#M!3YUp
M EYUp
M'/Ajh
M'/Ajh
M'/Ajh
4x_)*"
,97)*"
-9G;;%%
d^C>=<i
cJG5ZmkQ
{\Bome
{\Bome
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
	<assemblyIdentity
		version="10.50.1600.0"
		processorArchitecture="amd64"
		name="Microsoft.SQLServer.sqliosim"
		type="win32" />
	<description></description>
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
		<security>
			<requestedPrivileges>
				<requestedExecutionLevel
					level="asInvoker" uiAccess="false"/>
			</requestedPrivileges>
		</security>
	</trustInfo>
</assembly>