Sample details: 35d98b593b0249f646c5cc84437906d4 --

Hashes
MD5: 35d98b593b0249f646c5cc84437906d4
SHA1: 490b24b28c5473b8a6b8ec3dabb6a844a1da7fb2
SHA256: eebf8f72e485686f185d8155a3dd3f4a3aaf3c286a8736041ee996867df1bbfd
SSDEEP: 1536:U2Gsfd8S8Z64ctqTHFPY3B5/JgAITu3S4cbTygN3k4wNlXsw0+X9AkVcsg8b1:bL8SdxEHC3+ugbTykk4wHswLX9Vb1
Details
File Type: MS-DOS
Added: 2019-05-14 12:26:46
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/powershell | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://103.248.103.108:6325/ma/sqlbrowsers.exe
Strings
		MZ44391
!Win32 .EXE.
.MPRESS1
.MPRESS2H
v2.12B
$[jY/tpA
q/@u r
d(z?k[:
4Zbw#:
/Kn+Je
|[aWwC"Y
p^Z\gQ
Am}z5h
!?wyfd&S
Gz,Amo
Hmg>6~7I
lVz00Z
dkR?cy3
*R%BAW
cM|h1X
CC,	;M
Bq|QL?.
XHojiG
SJ	D+mp
Qm5u%x-
@oX*gE
b5_96	
Itx@#D
#?H-HM
Yq>c33
&Qr~ui
rbe4)?!
zqXeQHJ
l.bOGr
;v<Cv2ykm}
PrG=)b
B(+U;P
z,M;Iu
5Prk*>J:
{/l2!e^
OR/xYV
\t+*Gf
K{us9qa=
}~lfup8
A)y^fh	wF
)8iaie
HS1\E!
*$aE3z
C(.-)x
G1>k2$4
uCp3|l
l[(bp|n
(?y	G-
?yq&ev
S'I[u?
Fb0A6	l
}vw|Ft
e@5{/Cf
-y7"8!
NNJ3<+
JSAV*2
?v!:m 
.g)&eWwW3
:_}l$d
qAMGRs
#f]sem
^jbX\Yz
Qq/[p;U
zL-$aL
{niP C
_%+o4n
e-W`mY
	A=:sz
>P	.H1h
yXRp'LD
l.A<Ki
s_sh";$
?p}'N&
|zt0f`
tC85:n
L*$)"Q
cC@1=]@l
"29i{G
g]qv:6
O>F1	-Dho
^5h:]/
<)?c:4
Ks/@XpV
Yh6wT4
ScmiS;
LW61!@
B^:^G_p
<JIR<5&
=.#%X;J
?o-MiN
mQy6,y
GW|,Fv
vhg>Zh
pCE)g\
2.oa>m
8KO</Tb
pSL"z3
h/3\uZV|t
,E]Pd6
|+6\@5
O:0;-|
c'Y@Dx
~zfV+K9
xLH_aP
]y<wQ9
Q3;#lJ
1U2oE#
5rdy	x
&.fqy.Z:
+ln\d9+
?[,agS
6&{yCuE
SQ6i\E
y	t)\?C
D^g*&)
BV2{WqB
PT}+o&
1s1(G_kQ
;eCJ]!
s$< E'/T
uUet2w
y*S^qy
w[y>t+
GBxz	4{
?~{wfPy
l"Cy8f~
%0O [$V>o
x51d60
1o\.'az
^0	|#w
uD&{.\~
qZe..e
`3!G;T
Z5~Gti
=P/@+jH
!`tXpxq
,P/	Pq
c>Yj>(
3[_D-8*
bkE/ )e
zG_!Rh:Q>o
\.'6O3
h_^cny
D=fMR23v*
,Hgd<|	^t
kCdb<V
k80O1~
27h,8_
mP|OZ{
k6JHSn
m;V;yP
PL1:IX
xW3P Y
r]m9wK.f
qw@$/<
bkBXWA
J&THbN
GvA]*t0
B#gA[hw
uPq%22
|sjjk= [%
7s%;8S|
I8+LZG
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
ADVAPI32.dll
FreeSid
SHELL32.dll
ShellExecuteExA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
X																		
#)*""888977
## $;@
J# /5;Ag
CMu-::55<Ah
__dde@Ahk
ollppq
rje??9`xY
X3ITJJPPPY
*]5!#(D
d``AcV
8PmVL6%$
4QkUL@
*_t***1.
8QkULC
*u*[\\a(
9OkULC3
9OjSEBA2
:RolTHD5
?psssqn>
egihfb
{\Bome
{\Bome
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
 manifestVersion="1.0"> 
  <assemblyIdentity version="1.0.0.0"
     name="sqlps"
     type="win32"/> 
  <description>SQLPS - SQL Powershell</description> 
  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>