Sample details: 3793728c3274787ae9469f7cf52cf981 --

Hashes
MD5: 3793728c3274787ae9469f7cf52cf981
SHA1: 530ee5e0e3285e68dd4eb874fe7042cd8b5f47c8
SHA256: b0c8b173964f03ed5aebf0935382e7dc06f6ad1e2b6c3dfeaca5827e47747826
SSDEEP: 6144:gEVkCmuuy2ZDyBf5idmQM7rf/B8Gi2p2mrG3rhulruYpd7:JVkWXqUf5id3Mnf/BHrG3rapN
Details
File Type: MS-DOS
Added: 2019-04-29 16:18:34
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/android_meterpreter | YRP/suspicious_packer_section |
Source
http://prostoloader.ru/upload/pharaoh14_88/Fort.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
Jxgy}e]
f`O,_`
IgiK&UxX
#.u7?,d
jd(3=F
AB@I8,
1skP>k(
})lK}t
U-ydE77(
OO[K/ 
=?{Hnl
,d. 3D
G&tI%[
0o"o~o
F8vQd9>
-ah]NA
gKS3 o
{w)K;c
TUh!%2
,(+._<`
M/}}UDj
uX<dR%
v+@xb;
RWp#qa
u,g,'X
L?LkSGo
~^/'h=0b
tqxE&h
\\^m5f8
s0+>V/
~HX![Gp
;4xoVr
t5<i%`
xVqY%R
kP^:yG
^$>}0[q
F<IzC9
d\%/cq
:r)nQx	
U]'st^_M
k_GLUD
TH|j`F
@`jRJ}
;?dL^C
s4nQ$	#_{
287L,&
4vtCGtpz
Ttg7;@
##e*CpI
QUzXXt)o
Hvq%)J
mG4p+p}
g+0/}A
AOk1Z{
+XHx+7
Cp}*`C
Y^=3G7n
Tk|%S]
<JNdne
y(hK$ 
=r[86_
kITlB)
);*A\x
11HUW-
ANh<#t (
7352{~
7"I@\T<)t
:|cm;A
O&!=5&
V*l0N$
%b<MN9n&
ZRb(6x8f
R{ybe.
#DfF81H
S:PJ''
.$kZB@
-H:l%ZG
{`cuIOhICJ
L^Oi]#
`AHF:@
	I2/%e
,9ZCHG.
93Q[Mb<
fw-3z<
{$\6]`{
&WWI=/%
_tT/T9
Jq-h0&n
z=#1BR
uubaP[
a:-L<qn
='t8^fL
,|:_r&
OHRja/u
lp*hf_
qpwV\zK
LE(P_2
#Of_&^
zcCvcC
`*<q<!
:zV^f7
@Zm^<*c
,gN m8
hn=S1V
c]WC_t
3e^siDc
!b.IY:2Q
Wgl0q1
^-m)3o}8
WG#%/T
iY"UL*
*F2P-1
hO84=qz
'JQ? /m
VL1t-(
8:EKp2
+mt+h>
ocIu9+
~=!>'<0
j\&	EwNh2?
nngSBt
v#j,>/
t+VG0rG
yRo-&IT
$&I0W-
+jDhv) 
c/OqV=Y
u8`/	c
K``)!*
N`{s:](
beGHae]*
ifX*%U
l=ADz;
)}*S\A
F/cjsrB
9'FN3,
{Kae]R
PvV34;
4%8;ef9R
1!_i2S
p79Ded
%#\$U5
p(0FL6
K3nL(.V
@):jOAp
7td_Lt
DHCw%E
jq&VB	u
4ji|i"CC
tI@yzT
wVLX?>r8^
[ ly($
U	u<	g
bT(%rDg
@8ax	"v
.i^&}kXT
[a}'t,"
LF~V_l?4N_
]inEtS
`e y-nIU
BH(FU.R
PF<)3#
7)^bB\	
Mleo	m97
#oAM(Q
L~0%TcSk
B!jHGn
UUSNj.
 N&3rIL-
CHU|oI
rt(R]z
VDHDIn+
Z%M#PX
OWStTzEE
>4b,y0
BQ&`=/t*]
jFM@g\?G
Q:0+VhY%3
K;,~M(`
~B?3D=
ZoaM~W[
YL6=fa1
 5\}dC\
I|^e3yo
izFZ7>
PC>y~\
\|tzyY
[=4:u-5
I`u, YYA{
ZNwk4Y
nUf3p1
Cvh)fj#
	y#"'5s_
<dG|bL
(cWk20r
!`L7jP-
`.+y7^
\ZYXm$
:SOG;b
p{M5yGj
A*9ey`v
5~0y*(<
"-*J$M
'#{HCD
Y<Q}BZH
v%mYu|0
qhpD";
=$8JQ~
0W'3v9-
'&Uwk^
V-2rEYB9
zEKjly5
^"qnM'
][f zw~
1l)Ti,sY
Y+>oxE
fLuja<uG
^'*WSi
\hy6g&
:GTi=(f
$|SD7M6
^mG\NR
9!&9$.
~?.:C&:M
TgtP~u
{~/3LkH
qBVoyr4C]*
in.TN#
 zF3s8+wa
i,%0.e
U5,ISF
*;du#E
'O{zp^
ZPHDB	
/1U[:*
/)"QP7
Db'GSZ
"	'c-5
(A9V6t
	:x~@f?
a1lDq_-'h
k:7vf.
_j$uU;
p5^:o;'
_PJ__5
JrC&CB
vnXLcK
,zC<%;>
]`J-kf
mqmO`fx
U*k46K
Kovo\y
M;dCzv-<
U-9!Q/
c]&wc=BG
+8.`{Y8
W_x ;9_:
_jd'YK~
b\pO(/
%p?9Uf
]-C_qPH
u7Dwb\
^p>}Y`9q@
zd,K^MU
-jn&xZn.g
3tw>{<
&S]$%8&
qG,lN!	
|`0!p_
:Ou`!i
fCw~d&
gCTnxI
f n#KD
Bi`ooX ]
/py5vY
ukQAinP
A;,03G
LM&$w'
z>XulB"
R	Tw? 
V=~R4vTK
gi~WR(
IL)ppy
=1IunD
.\RB&5|
QB=Ql?RP
^}L|	B
R_bl6/
g;i-o3
`xH-@KT
P'N(7S
*HgT%t
zo)oC{
in~| ~G
nLT%LJ1
T|!@H?,
O5Sp##
QNzZk.u
~/R)Yr
8zvY	\
\\pDtS
S\3pT2
{[2gqI
'9SQ`q
V>M?Rr
k2ci^9
Thsa^T$g
oX(RTm
>Z/8lx
t#fZEL
BD>AkB
W|||7>
Vv!$n3
(_"f~6
f49dcOA
ccAW}Q
yME *xM]3
CE"c5Q
si4&>1$y
mVNL</
"D Q`r%@	
EE|oZ9*
gZ/'X}N'
Q#;c)Q-
|k\F-&s
sd|@7y
8xLDy\
WVsv:"
(2*#;k
8YP&Y<W
`pBFiA
ir Us,eq
J3:Ozl
iT.uc)
w-a)u`
bI,< s
k:Hy>P5r
s4h.Zo
C9/6I7
xN"Ud=
)I.d/s
"fClL6
cZWb	:
r5.\:~
L4LBsS
<IS.+/&
CK@E^mJ
8Pqunc
M,'EMQ
N%@w_{G
<r@tM$+_Pb
TqPh6Z
#,45C?
w"*+9C
![	~T'
0%Mfgo
:3o~Bm
.BDQof
wt'YSz[$
n/qVj]o16*
K[]9/.
RB2]B+(33
c"[gBW
#+_I:OEz@"
dK  WS
+Q<#~=
b{`6%W
\}0F`H
Fb1YdD[
/m?95K
e$Y1s;
#4SUd$
|-Zr6eq
+!!V_{
0(H1~7+
W)_APjo
xkL1mTL
NHn?{e
=$F'1S.
ZK[x"~
<=TlCc
]t=8"m
/rJjmGE
!#(U,O
6oC91@
p"vyyk
v4c^/E
Prc)*x
Cn:!8}
0[a9wB
m"@kL~-3Z
,U"@3!
: NDJ0*Hl
0 c?' 
7'"[ `
@T^&xk
_	y);Q)z>M
c/`p%#K
vk?]~+
<|\((W
|^S[Qe
^-M@jZu;
K:W)%f
Ue@f\	
iQ"n4p$C
:W$zAG
^Pw5IKZt
UiR_oh
c.nMUo
[fhS$v=:
q1$S&&
&}3N(F
yc3BF@
J`]b-E
P'#-rC
!K2g%Y
}J )V(
R>X$Z&E
mB @GKM
	ldIw A
09nJt~
rt$8Ee
4Zd_aL
Lk!OQ=
(K4|vt_OjsW
{rPx5~
zm,8Y?`
~#mXkOw;
`#Yvz)
A_h7-"
spsAQBz
ZrfI|H/
lP+bwb
dp{$|}
re ~g 
	pk''q?
`TXm'$k[q|+6
+@VYB/
\XCvHk
0+-TshF
<h_Kvv
3OqE&H
l.$	'[	
@l+~O[uH
Mqg*Sn
fY(uKd
.@-rB4
_pZ_d	
H`=2>_
f.[Y-T
z:9!l5%=
n/17JP
LFn(pp+
x*P4a}
qHzHcRv
JaHsYpF
tW?H)=
k#,3<5`
YJ)HR$@
(,(v@([
|&ooLU/
ko[pu'
ag3k'a
&fD:OT
G_[G#/
%J^D|\
Z.:9F+Y
RnFk*pK
lVm,MS
FkN}"%`
m7a{3!
,=rf	B
L5cQ(3
zipg6R
<h*ug	g
T$ VW3
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
1IDATx
mVEl @]t
W$L	@X
|rI	@	
s,]Xec
,n>>R{
>X`in5
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
130327200825Z
140627200825Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B8EC-30A4-71441%0#
Microsoft Time-Stamp Service0
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
130124223339Z
140424223339Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31595+4faf0b71-ad37-4aa3-a671-76bc052344ad0
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
@18u(^
	microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
	microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
	microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://microsoft.com0
:^p|zZ
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
131005085427Z0#
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
130924174141Z
141224174141Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1301
*31642+2860b52e-c4a3-454d-bc1e-32c5add17e900
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://microsoft.com0
%BY8_e
20131005085428.174Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
130327201315Z
140627201315Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service0
nks+<,
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:BBEC-30CA-2DBE1%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:B027-C6F8-1D881+0)
"Microsoft Time Source Master Clock0
20131005002638Z
20131006002638Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010