Sample details: 4288d031c3cbfa57906c09107bd5aa2a --

Hashes
MD5: 4288d031c3cbfa57906c09107bd5aa2a
SHA1: bf200e893694ab342696642de9b033b83733edc5
SHA256: e4f178a052b1e75e922b0c57feb9ea08489e3e27f99081341af315c4918bb0de
SSDEEP: 6144:gvZzQJVb5p72cHF1ybDFwekh212KhvwIb759QOaBjpaVRPu23E2rJmWjFS:gYVOiF1WD7kE1dTYOi8V5u23zmWFS
Details
File Type: MS-DOS
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasOverlay | YRP/HasDigitalSignature | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/suspicious_packer_section |
Source
http://c.vollar.ga/o/sqlserise.exe
Strings
		MZ04359
!Win32 .EXE.
.MPRESS1
.MPRESS2E
v2.12a
xD0xL@2h
ejUPL@
@$c###
_[.1@6l
Nu,M3u 
2`D Vr
8<#}/F+,
BG!x50
MSVCRT.
trolfp
except_h
andler3
__set_ap
p_type8
Bc om04
tmainarg
4#S)rT
Library
B'G%AU"
S5 Loapd
PtIBnDB$
lidate
 ss1agi
"Enab0leQ@
GDI%C@C-
teComp
Point32A
SHBrowsA
rFolderA
COMCLT
6VVWBu
ct a diAr 
Mboyb+
_.t]cDm
3"-P:Hp
Gy?X1.
j7)%@K
	5lpKOf
}4qc	~
GD%;1Yj
TG>Zic
8$2DZ?
Od9IM~
?Zg486J
C7P9qb
\~	?#.
KPj!;NY}X
@_QMi6*
gsxc%C
#?GUvo
h~Y1!G
rOW j$
Pwxap1
bsR\@<
3UQ:@w?
T@fm%j
R4YcdN
ubZyb`
U0%^k;
/ R)7|`z`
JO(9VD
ZF.-;)
(Tc>R+
E{<U]v
j~xc|,V
.YO]Wo%&X
r)._~w
Mi6w-x
HS5dTU
h5P6cg
d7WX`\r{
-cB-QG
,_{r<w]fG
}hq-IL
uv`<10
D9h-['3R
_%y44m
?y7RaH
PB]2AU
ng?1Kw
5:~Kkd
K.InbB
N.tJZP
]t0<>O14W*-
;qa0f *
X}*2C?,
y3 2_x
rhT9twb
)y"^Da
O9T5eVY[
o8F:G.;
g-0&ks
k:Ez@FT
+6([3\
~N{j#y
	SL!&@\
O51i*-
!B gK%`T8#
\~J5TN
?C%OD6NE
MwF?uh
u YY3LX
JL/4%5
z8ZYfC;b4c
d o0x0/
avq .m|
c5O!l/.
A;*W*l-
s{Q{Y+
4wN|Pp
K`2U<Lh
j^sRn^
2=lHf|c
x[]6Mf
`0hnku\
nB,%#V>p,
	6>0uc
}2r,w?R
8uV-'-
fq?e'@_
;+T{QD
OU>,"g
D- pp/
dBG wS
0ztcJy
(;oXdkK
]$}?C]M+
*?p t<
e^f>mK
9bv.M4
w9#;@U
bB&^^o
hO(U%i
*3Hq0|
/W68yv
yjF\ma
U6,KU=
#`h_-{
0Or}F>
#nTbY8
}Ur=Q%
5% l0D
>`AQ[YT(
T4,u810\
e$1.E3v
!^VicH:esE
`e+{Va
CkG#I%
0xb- h$
M1y5=-
p2l%Hc
]/l[k1
>\$g<H
~UKwgk(
whcs8r
\S["l	
hs"	}A*,
E8{C'.
@..	[g
ZfI7r`
T3>HV!
=XGoR(
/4Btx#
POk-NI
am-wfil
GG.NL+
+U9A3R_*
f=:P/yla.
@/ca\#KL
!F3[v|
*9[Y:R"
d\_klU
,O#NKP
_JD	XLjN
q9o0}D
sr1Uc$.
BfU0tD
.2M=DH>
7p4Lnae
P3496VQgK
y5_7	#)
@t^'q7
OSzz3W
"q`D+]{
a,H0Dl
	PxPVq
yQCriQco
/Ua9Jk
+^ATci
oJ32#*)Z
9a79#%
x~i(4-
0Kzw gNM
"jJ*>M
N_qZ7Ud
AGL!l3
Jh{<i#
nD*eB&
9zlC>e
	@DEUb
tV}bh!
Y@L&/O
Swsq8f
c*8jZatS6
jljW\q
,A(NoyT
b/qDXV
'/!Dz~$@o
Ka@j5	
b5=40/
;dLm>r
G/zri_FUE"
sqEe(r
)3 c(g
e&,thlW'
,Be`#)
RM7rMj0
u?)<^j
;,^tOC
;ghSE+
pTJ;-&
!=FH.x
9cC]-6
nX_-LvJ
q1.Mq8
Shpeka`
)^}uj.
-Ug.;(
)KdUkq
v)P=n?F!J
TbS>30!
_PR09[
$&f{pK
8,!{Rl
6nDEw^
'd#0k2;]
FR&[`Q
dsi'1}
s:1W2-8
\2{ERY3
73<M@6
c-t~l!Tm
'x42Os 
t@UfY9e
x!X{|+
g9(d/s
Q!&z7h
_@CA;Mm*ooU
PZPA@E
CS5#63
nza[lh
ne62Bz
HoHsy{
\iw.q4
>tRx/:
wy=u$F
G)FJRQ
utGE<Hz
g[3f Y
7&@%V\
C=+g$w
r[uW7k&
Q#q-8#:
z=Q(wd
wXA=Q9
U~T1zV
:"BFTK
'FC*$dh#z
9-	4/8#
q)s(rl
1g!0d2A
G(`Y7E
Y%	m%@
<&evZrif
Iv-IQR
o-0'1F
NYj-K1
%\wlJ,lZ	
{hnXe7
l5-<<mgc
 >`:Yv
-~NWRO6<Jm
bUk4B{
v8	sqR
w[Pu0x
q;rsD-
o>"D1K
P@wC==
}1?:^f
y%;=/C
:FHku8
Mpx?yoz
>p4c)4
qlYY[>
mS*lzn
iuP`X`:c
tq4G(#Y
w oBd;
|(v/1z'.
mFT%]*E
;=F?x'
jQX=^L
vH&.V>
i=ta=E
pG5/y\
E-)=I1
xTu2~F:{
	%Q4($
dY<$a+0!t
L\r)Uu
X<P[AW=
jSTj\SI
U~H;$/
cq!yl3
}}uyh].iE
Vy6POE?H
P;4Y[dk
g>*p4L
Xs&Y'%U
e[OE9k&rP
"h*&v1
" G6(-
#c$2hp
`1a>|x
W@Vt#I
H*bHw< a
S3Vfp:
[A7_S=
cMr\aZ
5S@UEx
Kq#9b% 
k,S).N 
VU,E"C
t=hYa]
}_*jU%
=|'	PlC
1ZtW2S
Xyc2&$
Ta=eqQ|m
x$g$]O
e*uo&U
K*$vP	~
,e~ CZ=
we tZ<
:D	C([h
*a}fq!
YsP{)^
nD8L%$
cZw[n1X5
fL11\Q
`xuO* 
1~:&>`&
S"u<V]
Z$>[!	g9
nP%8DB"
Ybs|-I=
"&h0Yf0
Y]G}2gB3 
NTQnOb
n*q$9E
^Z?^ttv
S3cUcQ
D-%.z1.H
^>b$;p
z&BI,=C
*TA^(U
h2G4ah
U\tb&I
C-!U"&9W.
K58)U)HO!
Aba>	5
dRN1oWn*
'j#a.)
#FfiKL@9XB
@_A?v@
Q_:>VF
u_W.<u
XF[f>.
4d=n(`F
zT~Fu0u
u(j/O=
hbe=WG
LgEf]l[
RThlUI
Pk_r-y^
Y~">sA
Z%,K9d!
N&r<)a|E
*P&qRv
;_(zMU
ulAN`^3{
CFX84s
2flX=m
}!`r"^}Q
j^WUHhy
LT=10@<
=]mCFp
:JFQ^\
Uk6j/y
W/oT.x 
)oEHZBB+"j
{G5p-o5
D>I g:o
``u~Jf
I=SRQ,
:OnaJQ	6<l
h>	8N#
rzJSi4
F*DJmd
1@7?}N
s),Gc6
Wu_MAZ
;&;~/O*
u|Rh)|
oo\V09
&`?:fl}5
.	=S92
b*^.+ 
0Y)9)SO 
mDxU[=k
>]:~(t=
d5esK2
&Wj5\9
ll+crh
mf~=	~
h_4b06
%wdkq="k
UdF-ct
4?L3C,
*+kZNw
4#Q:]?G%
#oIMso
Xj;O3*1
N"|/vS
o`o+oXt
B>z-:^
V^Z~aZVK
6V6K[8
,?3Vbv
IN;5Q&
^]0om/Q
,}[qP(
UioARQ
jz|<t:WL7q
\-P:]D{q
	6!3|E
F7-\2p}
4A:@%w$U
/'u3uv
XS)5ak 
(l24K:
UtZ9'!	
|w4q,.z
h$I<HE
%;WQYb
^2Bk\O
b_	B4B0a
Sw{R;t
<DGN|#
eypess5
zN}7hV
kd3[N|z
AR_tSD
Efsvyi
n~NsWF#
fHroTsBN
!R	KImKg
az5H6Z
+jt^Gb
7!i,}>
g6<G_DL
Q!o*Fwo
nm\C=d
Z`	7W`N
WE'"!@
=,6*R*s8;|A.Y
.&f]Ze
e`,CS	
>a~84y
[ff-}g
bRjNh5
OlS@Hd
bVa#d)p
"<5=qb
QMlx9M2c
_#;C9N
ga 1!$E
j/mpsZ
JaViFS
J4kvb3|R
}79]h]|
k{m]\E1
!'a5!,
H&'"An
d}Yh9x
id V+7
~zyjI7D
IaE(ZH
{%Q?P(
P}uim~h
ZZB/\J
+2=)(T
zfYH>}U,
XWHq8^
A=&C-w
 X~")8
C8{(kL
P)86gg
zP=tr,
^|L4/I
*+m$sM*,
p7k"CN
lAOyipZY
QuL~R}W
u@VOEb4
V.`<C_
H&T#9Z@
o#-r|)m
bWC3<0yF
Wv~_\"p	
cmne/[
i3-U(i
A	JzPm	
wxPQ>af
8qE;p;
H	lqev
cf]=#+
$qqr%W
6W`}@GD
XXZ@-0
8s{D--
-=&71X
BGbgrb
;X1ibmK
#{h|A(
dp[.8y
MY-ZR0
X}qX,KQ
\'<WN#q
#OH'GI
G]AqglwE
%<:Aa-
N<=GnFy
P7kV>W
YrDX>DX
=4$ltl
)Pb]jb
nZk_H2
kEd"+g:
)?OVkK
T0rI|#~
\UXCV)z
[J.gqc
HTj\eFjon
^9&PJm
*3vSZU
*`^{dW(
#>@8K(
oTgUCg
(7X+9;N
aj['+<
ZA$C*c
\|\K[Z3
&R-C)t
(("+/U&
e\u-!<
{@<+@`
849S^|
y\z?[s
tD{Cz+
o~8`'m
AdF%;#	
EI}&<I$
e'p-Ng
[{hb:g
`~e#-Y2F
'I5:@i
4,>}5u
,T54R:g
([km!n
[Ucz{r0
U.Iv]8
UgEL{y
?.Tl27d
[{SL6x
@yv{Y/_S
K	]8chd
Wu3~ h
Ek/]c02
%j_M:kR
g;T3$z
Uc*ZQY
O7tXYx{
En{	nA
$/&p<w
,v S(U{6z:
Bc}nJ4.
Z`m!5)
~K+|)V
&bw8 %
C6J=p5
G#S\8I8
O2yGJ+
%<4Z_?
4D^V4[
zqu}._/Hj
#(!;2YfCX
c9,!TA_
)J$OI+
H;F:2y
3*kH.2
dx/Xd=t
O$Tiu1f
V]l@}s
/'r1vJ
]a<3!d
=+ *g~
~a<P>Cw
t2gj+.
rTL,sf
M;O$<fc
|t]bV'I9m_
erU-:z
o2l96SZx
bq9SDEe3
qVVF0vhR
wQMe2l8C
1SplHH9I
e06zQKWS
+vwKxpiT
pgARkUst
IrcrdYJJ
4zcR0suV
38S6s5gr
bJQBUkhJ
PWhc9yhK
jt3iMxhF
rnbg515n
BjUPiYLz
nSLNPIRJ
T19UHTBo
05dnJHzw
H+dMOzhd
T9+LmRl+
ABCPY/CB
7jOAFnDu
GLy5vjoQ
xS0tojWy
DE+m4cw3
QyK3BAHW
GdPz7iEv
nQzFfD2x
6UqxyoNJ
MnO9658H
1lwT38ag
9hELGoeJ
Macvcq4D
PKc4gemD
GmLeHlm5
FnqW2mmh
9640wXAl
lWsZlcnV
P9uAcWJ6
h+HAW8KW
nzRXoens
A9gRp6A9
INGR05WT
ri4TCkfF
0nXKpijB
4eKtODUB
APHbwgIc
cVaz88Y/
7RTqbhcw
xpBI/O3g
isTLOZT3
e9jEfq1G
fzMKuyPj
KJFP/XOF
ZDYHxqAv
jFkcyp4=
,Q{NL@
Mail:Son
g_0962@s
ina.com
cpe/5f
O2yGJ+
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
MFC42.DLL
MSVCRT.dll
USER32.dll
IsIconic
GDI32.dll
BitBlt
SHELL32.dll
SHGetMalloc
COMCTL32.dll
ImageList_Draw
t7Kt'Kt
&>jQ+M|
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
100510000000Z
150510235959Z0~1
Greater Manchester1
Salford1
COMODO CA Limited1$0"
COMODO Time Stamping Signer0
GS@(YC
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
130311000000Z
160310235959Z0
Beijing1
Beijing1503
,Qihoo 360 Software (Beijing) Company Limited1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
Tech. Dev. Dept.1503
,Qihoo 360 Software (Beijing) Company Limited0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
fjYMtk
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
http://www.360.cn 0
f0+b~R
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object
140806124529Z0#