Sample details: 33b4d55b9597e64a72657661104f7ae7 --

Hashes
MD5: 33b4d55b9597e64a72657661104f7ae7
SHA1: a52116d660b5978b00dcd691ddbdd18d8722ad6c
SHA256: cdb58c4b8f99d9907c21aee6c0541c1dd0d34c949b7ae3a453dc0aea0b722988
SSDEEP: 384:vVklkBLXDmIdk3JW/3wOsyshmYL/k19S7vvxlL0:vVkmB7/c7mc/uS7D
Details
File Type: MS-DOS
Added: 2018-09-19 01:18:56
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://www.heikc.com:2018/kb.exe
http://www.heikc.com:2018/kb.exe
http://www.heikc.com/kb.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
}$S^)c
&_d;`zz
KU(,n1i
nKcg"&
Y-="T)
;Mh[$l
4(V]{{
l:)0a/
KcXC2\9XD
\0)IN7
v\<7jq
fol(DcIN}
d<	+p?
IAUuE}g
Dj=mj9~
MJ.hkU
Z>'lqr
cIrW[ P
(I-c[G
Vy'RI5x
$	~qbg
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
IsWindow
ADVAPI32.dll
RegCloseKey
MSVCRT.dll
WININET.dll
InternetOpenA
WS2_32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`