Sample details: 38f48d3cf2bc56204dd05335f6108dc8 --

Hashes
MD5: 38f48d3cf2bc56204dd05335f6108dc8
SHA1: 730c0ecf462ec2b8dfbce84de8c08109cb90e4f7
SHA256: 592d7eba4f2a16c7e0e01e8d00b6306a2e302187d4c2e32be4b53381ebd677ad
SSDEEP: 768:0tHMLdBjHHTUSTbA4FPjCqtRMQtRBorrJxFm5cJZxPK2KnGbx/nTru7D:0tsDjnTpTc4N9tlUrlPYAxPK2KGd/Tr
Details
File Type: MS-DOS
Added: 2019-02-26 02:54:42
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
Q6/<a:
lEjz^2|; tn
=iQj8Tb
[L<	2/
NUDF)((&
t=} i'
^:"Z?+
JJICD~
y\	j{!
L]~I9S
agf6C~
1rSGa(G
f=KFa91
#*"*vwf
ynX{	XG
J?UM(9%
]+xn(M
5I`-}fo0
PC021ux;Q
5%19eSK
}8a<Ew
O}v	]A
&)N$Fc.
{DF&M>
`XEf6=
Eji8C!<B
iVVVS.
/! IPY&
}F~z"}<
]BuUlu
*_"Wx$
yx>l4*
VN'ycU
eeEb|M
\-,hZSW.fl
5FC2@$
>X>gL[8w#
+bvlLAoO8
#&d>> 
Ui0yy~
w<F|b?9
'N82^=
f<	W)_
!XE[a_"<c
IXr]$>
XO)%HZ
t2OpgO7
Tq3*D@k|
{[0O3u
%O8	fO
R(r^GAY"$[N
=2%`=I
w^Bl7K.T
@}&$OT!
Q~XqQ9
,J>>z~RJ
|7v(Ex^
Ds~@-)Ivv
w0Waf![
bs?)a[
M##h2aAo
x;tY(Q
!p#!)[;P
u!h^OA
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
advapi32.dll
RegCloseKey
ole32.dll
CoCreateGuid
shell32.dll
ShellExecuteA
shlwapi.dll
StrStrA
user32.dll
wsprintfA
userenv.dll
LoadUserProfileA
wininet.dll
InternetCrackUrlA
wsock32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`