Sample details: 2ff7724a34eeb4d6c2ea53cb427a0002 --

Hashes
MD5: 2ff7724a34eeb4d6c2ea53cb427a0002
SHA1: bac4e786593febef38410e3472f73951fa8236f3
SHA256: 6d77eac60e976537cd7bc2386b56ac35cac31cdbe7cb64c94af7498a42a70b16
SSDEEP: 6144:u2YOFnfZaILCyWWfHYwDEDKpQRBfULr27x3uQAwn:vfJIuXAKp2Bfo6
Details
File Type: MS-DOS
Added: 2018-11-15 19:01:43
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dns | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
4ePRESS2
v2.17s
HPj}^!<
i-yKK%_mD
3dzFUY
~l[[4R
y.V!>KZ
KZq7"-
]~LDGZ
G?@m('
i+,bqv
SK,`:j
b?M,]#
BDs{b)
I?j9O9
07%V}U
yw/6fQ
((<Jak
bgUP7(
#B51!WF9
-:_XE"
wD;5>B
!<zR+Z
 hLD9T
C}3a;g
 /A\Mw
_BRH,+
AjAiq33
Fi}W)I
\U>%mYn
X	DM^\3
&AV!4 )V
FC45=!
9K#Q1H
S[]K/G
j\mb^%
`odLLGJ>
fRcaPH6
9N,Ht:Z2
vXQ0tO
HA'tn}
*S&Amz
r*fXF!
pt;?Rp
wi,Zi@
\;\	~w
Ec_.lGs
NI4IXa
Kn<8Ki
qG2*LN
r)9E5{|
s#c?L<j 
c\0Qeq
xD&[Jx Yuy
7E_Uadv_
9N,k/2
)!:U](
Q_37L{%X
JSJe y
U8Kuz,
~!N7z4
?FOK^<
D06db_
T>oUN#
#XWSZX
xmQKA4
PhKEXZ
DP`hqI
0HBIq<
]8'pUn
>=SzL"
{rL	+m
zAbl3'a
)[D>E<
+:5-6P~
o[[$B	
sGD$*`
wOgd}0
t[unYH
X.[>Ea
H7}ane
hr("3(
f+ 9>m
)wEgjN
?!rVfm
at7WjuBv
Ra(`9El7j
'B>v  @b
Ym.pAK6
pzb9421A(+g
|o*@/d
boIVo5
V*73ac,5
%g$@O(wI
0^eMe!
jl*6*%g' 
!%\oR{ MW
;M>1HA
W!z=Fy
]gN[0D
56\DYK
T\nds!)
k;|^qt
cg3q82
~{4 7N
R#HkcO
WaY+O%
 _z>KE
yuC#?jx
m*`+ld
(xHW8-5
gOIg}W:
hV~-rp 
IHfiHv%y
\@x66j8?ZZ
)Gd$=u
pPpwXf]
U$r	#0
:6qCS{
'm6uq1
F}|M+g%
5/j_b=
4Z~@=u
w4BJv-
 A97H:Q
E	qkd5P9k
%od!O	
^mk3^wZ
><j'O6
)M_Y:RXN
;|-VJ-
57-!']
?NLY9Y
GiuS\x
}>*yhy
HP)sq~Y
dxu?x1
K=)k*	5:
:-O| 8Wt
zFUD5M
-*}h&k
Lm-RC5
.d/P49
m	*V"M
kh+\p#
.;HQp^
xdKk0f
PUPGx-M
v#D5rf
e'xX@F@
MU;2Uh
~_N1/1
	N~B#uv
pp	Vf@X
|n/wTy}
bX4tDj^
ku3ta~
V=\>Q5p
JUSk/C.
b[1cB?
q='VQ6
QxB|#.
)9[}[N
`xbm-ZT
4cv+)[X
xM/)?}(
^';2ll
?g.;A,Fd
 G>n@*
F%!E8n
x<f6`9
&>1VWqw5d	Gp`aIs
~F/3Bs
^l"Mxy]
o*f;3X
{TF_!.r
m?J`~)
hR^NCQ
-Ie2>y
HwjKv&
ztCes!IQ
oSU`;I_8
v!=gKy
+m8{&ZH
%*SkH+
&_FGfh
{u-mI_
00N@cK
7M{}O0f	L|
*&T%:V
('T	mr
AHK!H]
s_&E;uMP
p~j%n:~C
H;S~1}*W$5
KK]nZ+
fC~uc8
7``QN4>
;J=GYD
t'<h@z4
_Y`l3W\
lPg_^CBT
d]]Jg0
p0geB=
5nS).)h
o;W.z`
A~*5e5
`@~3Z P
'w;bbL
h-	m:K
<exAE[%e
H()!8/MhH
bdS^t4c_o5
OIA$wg
- |-a.
@v'@a\t]
lHt9SMJ&
5#31xS
cs~T'a(
0)Gylt
IIh9^')
c9$Usj
!c}16(
gb/GgI
di6:~H
Dt#Vhx
z4|K!sJ
pJ&1 r@4
ht$+TYb
o1pV[8z
M.`rg9
'\cs,U
O%WW]/
MX;P?"
I`"Bh$p
{CYW/e
)9#7U'N
7dd(9K
ekTfF6
%"Lu)h
fS)%SI
9yVeSd
-[BXz}
y<O$k[
{?#h_D9T~
SA3QBC
M(}i+"
\h`ih/
=Ywug/,[
 =yA`a2
k}MyDw
~\(M1J
I9%if,[
8g#d;q
H!Wa,H.
:&FC{y
[Uz_'4
nTB5+[
J3If_6'
du>~bV
*i9:D{T{
dNz0~W
nPW8d!}[
j*&]?B
QC+=$U
^!@g	qp2
z!B<\9^
zB/[VJ
<5Q4qs!@T/YK
Lvk9dZF
z?O.q<
"dRLUO
"hl@G[e
?6ji*#
jP7+c.
mSVqP7
>yM~"_.3
F[tu!'
HDy>jG3\
4!eic|
%5k0T$
x"1^Ad
UG|Cit
$E0THw
2EwXe;
+B>:M1Zc
hM\@2H
h6GCYe
kFP{<Fv
\:JCG9
l,CsFX
P!2+5F
 `>u8p
HM0w"i
\HQe& 
fSgiy>
3}f!OR
S/[g)7
Yqidu>U{
@SdN6b
m.(G;f
ox#la7
g`E1~%#
tWO%@7
sasqsRo
"a6T-Y<2
+*c3)	
sV,J\u0
9{dAFrZ9
]0|+p0
. R+}T
Q'49SG[
Rwh"u^
%w/F$2
xUc@sp
>nK<"H
 TKm;x
_GnLD9
G$18BC4:_
rXi|@,D
SWaX~<	
=[L[`{
WJ${[v|
|=)uw9
(3*!?r<u&B
iJ_24`
C(8sf_
CchDQiL
j`=nja
:{P"QN+1]O
s\>yEL
SK?"1m;'
u"ur8r
0otP51
%	I lC
!D^skC
#/PC"I
o=A6~V
]Hr8`i
u&H=!"
,#_o}R
	sG@ve$>	[O
E^Oa>R
}{^'0Z
z"JQfm
@l~SOk%i?
J$5huZ
7jv*eD'p
I[L)uS
1)R(1`
\=cgvN
u)pz[n
=pCVdl?x`
-l[.hL
sYzRnH
"SKt43
~3> FL
@{U<?K
uUh3Kd
/xMWpox,
Ys6%Xa
cdRv?/
!N>/Ft
^{Q]I\
O&a&,q
7|X^)g=
LJ@fJ.^
W7wCGR.
&^hT&J
4L5^TO
w5hm4W
:Dz{KIs<j
+|PMI!
A\GJnUQ
,4{	lc
1XF142
d2Uars
S4}9U<
9lbO(5Z
K4oatE&OS
6l)Kyv
v:%=a	
why9I;|?
\<nq!/
f:zxi'
 WM%(J8
}sK[K<
W_\gA}
c\Sje}
QJGAnWF\
JLF~.'
`A,YhC
')}LPFM
SvHKwB
(>C:T+v[
3&pr=h?
L:v uT
2EGB(N
S}T9DgoM
k<#	jx4G
#WT-(4m_[
GzH+7FR
Olljs,i
".	;$(
l?%	g<
U2D13m
*Cj/'4
do=~`~
N~@uCU(1
B)*cfO
p#<b\k
GEnJ$d
q0(0:#1
<"KUM\y$
>alNgJ
qT'2Wr
eZvA-m
"R0%`e4
'&Zzz~-$
YNZi1D
TNg%zO Q
oC1GeU
iIamb1
'?|W."$
fe`0kC
^[ Aied
`|EH%\<
*%7r0$[
:R6WQW+
:[dHxW
o/=LaH
xH*c{M
J}":r,
1zDzt*f
	,M5S>|T
NByagDxY
@	n@gHZE
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
PeekMessageA
ADVAPI32.dll
RegCreateKeyExA
ole32.dll
OleRun
WS2_32.dll
SHLWAPI.dll
PathFileExistsA
DNSAPI.dll
DnsQuery_A
SHELL32.dll
SHGetSpecialFolderPathA
MSVCRT.dll
strchr
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>