Sample details: 458a7afe9b8beac057270d40c3c81164 --

Hashes
MD5: 458a7afe9b8beac057270d40c3c81164
SHA1: b3e942f01fa97dc06662fe95cb02a3e11be0316a
SHA256: dcadd9138e6ef790381602a7e13fc8ec4a6c16f72ee54df76a9ce892a27eb85e
SSDEEP: 12288:cjj60x36gTL0XwXVulDvH835KnRhAHa8/N+sBUH0Yw9:+bLfXVulDvWERmHaW+suH0x
Details
File Type: MS-DOS
Added: 2019-05-14 20:27:12
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section |
Source
http://vira.ga/dx12.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2b
fINCiI
^?^ksYCdW~
N#b.ui
^z:/*|	qi
9i"};'
kOo(3o
Hu/$6zT+
Dx[	WNK
CRQ1?;
J_d (%>
I|$9$I-$
=hgYo!rV 
77s3Xk
jk}.DYI
\	'TW7K)
w_zlBr?xu
1	..I{F
+:}alG{
T"\y;7
*pM'/ 
;+_S\i[QzD
lv!,Q6
0SJ<Sh
#&iJS_k
pCMd/_m
uW_SqC
]	CuHw'
OKMyx:1
kl/q@7X
Up&\li
axaWeE
tM3kHb~f
|GNRgE$Tv
aaLEK3
PT7ve1p
*q%+;E=
s**Y~3~
4+(]z[j
g+Ab~ZB
LN	&ra
0a/Jitw-n
	6	>:M
AR#UR:
"TXQ=f
h~.9eKAe
}mXh\m
Fj 6_D9
,-c;_=V
7^pxdx8
eD`;*j
5%@E+LJ
It{_mK
CJe,gu]
p0B`56
men'F$
d4#8dUv
d`] l;
2!vwQK
c"/r?r&T
EvDlH.
T?{e9F
i=9Y^;
nFg'hRvP
SAfN6r
H>Z:|Q
9irN!8
`e_TQ)
$seBm[,n
T6LJMW
0gOO:T
P#+e|#
G[u1|$H>
ziF|5_]
"|MS5S
Hg<(dW
3\o_~J
#RHaJ/
:Y5<)c%a
OK1+`e
-H,Yoz.
<H`j:T
O~%9+w
l@"bHR
n|?5*'5
C/<qCl
} T%/p
`<vUQV
CEI*-%
_.b</#w9q
Ob*5s+Cl
Rsx	G`
wO_BFps
=l_q0p
Ay63oM
z*/Icqj
8ju)m8{
!+VWm?hX)	8
5t7(b m
+avl~V
o]hSKL
a=<=87ku*
h`_>1M$
L%hY3/Zh
`6$YYPT
z>!w]d
dsAezl
7zsi7%2
Vu#Y[h
ut+9-2
y&&t-D
(kx3P)&Dt
R(%$j'
/jcc*ul
&3X7+U
6p\3jLX"
/c&_L/h
l+J3VD&
S.:%51
"iMPI%
m?!A0z
`t6|Z}]
l(I|uFv
k-SVD^DD
T?[.i4
`vfQfT
WSH(-E$
qm	*3j
V-fwIM
|pv-];F
=D:U*d
wYq=ic{
|"VdTd
xYbrZc
]nf1j&
WY\ #A
2C+"fo
1W19cy
vPvU(e
KP82X=
 `x}hbC
[7JN\G
+0dM Db
o`J/^v
L ve_/
bUO=88
X>mF	v
lkqT/5
c[+N8I
RTY)Kz
EsV_6R>
GU([Jd
^=$-t*
4EMG`f
@vZe+vb
g-@Qa	z
!NdVm[
`bLZ?X
0G/u%da
Z<!*GZ
~!KG&sS;i*z
/m!&Q2
cQH$C=^
9N`+(Q
G&9:QhF
xdaohu
 ,sF",
sK|{R~
Wfpxb'
13Q8-p<
rO`9\TT=
&G%tZsi
%.3<z$Us.
R(J}UR
JOr6J9H:Y
U5	NZT
t/aCY3VT
87+^=S,
plL(f[
)v3f_h1Y
%461'9M
1n;=Ea*
2nMl>J
I-x]^U
X"|.w`
`-%FfzS
}o='yB
E\L qG=
 "vScy
Gozg'Q
KI?i)CQ
YK:/<]
WQALLF
$rT(-J
WT+T#x~
!t[.z&
'jjgZK-U
\~C8k/
ZXoKvo
Z86.&-0
	jeZYi
M[}q;-mW
tz'uwb}c
73r[$N&k
0mL8~/
TP-l~<
a'LBa_
_XN*Uq2
vg%'Y"
Y{upD\_
(x/R<4
c+,S* 
{\D]ME
%J3)"<'
-'~.%S
X?L*"|
tUziJy
mB{,K$V
sRU-\,cw
Z5E{W>
Bqhc2#
>9Qa*~
Qd;n!<
05{S|a
lO\OwP|.xe_<
&!~G(O
2O"N+d
M42XO>k
VH-#>M
Ki%:+&
V+iv.]
e73}SA
Qz9sVk
T`WT9!
hYen"Kj0
x\os<[4j
#gw*"K
fv)O]wK
;d#O(N
^J2@-<
PETRLQ
6SiF:"Z
`gCxXz
NF@]"gn4-g
Gt"gQ2s
KKeo2v
kR)6'35
QeIx<&
g4eKz!
k9Ee!Z
*yW^O3
w>E<k7h
Ek#]F.
D+TLaI
:4co(_l
*j?9c	g
0Eb2d_
=.Qs'h?T
8to`84
k3pcWz	C
2\r}(r0"
X	)'^V
v-Qi*_
MVNT5	
yDzTk~
a9>H79
[ad8uE
F}X=k^1
f9^uM?
NuLP1v@
,jUAPs?'}
m`/wM.(
_<fL$2M
`mk!EJ
YgD7?#
l{i0.a
]'T3k*P
j;Fffc
?\G8m-
-j.H)&
qY {Y,
2,t^oTd!
Oom'ub
:MV@V{
VS3ieG
vzHwBk
qlIj=A
jlA$V3
~BtMgWa
!~FP)m
l^/z:#
Ps%DP4cD
-Da^9]
\ObA4[Z
K0:YtB
*3N4C#
2[8`W*
/'z,o4
?6/dW3
vyTQO~2
C(++NK
("B_AO
-g-=(?:
>$Fz%~x
	=\o4zz.7b
A_V@*}
rXO*N(}
`+qrNZ
wu3Gdt*
DjQU o
7Pq54X
sv9$aF
)KPP1S
rV7^38
?ofyWBGp
HD_oIi|
PPMb5/
eGJ3Tv
h=.AbcU
gMKf~1W
2 Ode]
w ^ASm|#
X16["T
ft\q"7
aVK/|}
nV%S5R
*rvB\JQ
Vq ?-T
++G#.&
TE)6@&
L6@6c`!
2l$5As
vfZB,G
0iD@jv{
h<<;Y<
+)C[~I
g1Y.a6
/kS}+$P
0DEBb%
5%^FSe
gARN`.
m.l~`}Ut
rfS+0DA$
~,Zeyp
b4MwNvU
Zvt@I]
5Y4AN&
8r*cd7Ll8
(<hr~V3
*Z8s,[
%mG8pL
vK$,PTj
V	rc_0
E9'_'y"!%
3q>\^!)
\KP+QT8h
+[f4I2$
JxiG9#'8
;J3"61
A6(V>U
j>nmd`
wPK{9y
|,XOtMHf
L`:A~H
Ehv#h_
paio>a
(o@h>r
~a4w?Y
c7:-K[
0Q	 ek
"Dcy2o_
m@jh1%
wsZ6QOLi
-sV)@q~M
BB%]\x
9']&&Y
Jm:'B1
91Ad/R- 
u8M	B5
7>nmYQ<
HfGT!q;
&@~mW0
3O}Qp;
>mQF,\
o|P$%H
4q.:Q[
+'=lL#%J
_xz6z!RU
1Xi&x 3
,`w[#o8Pa~
-;Kalp8
fg`VxJD
'&FRU2
?oR\iR
L;48Rpx
`/s.[dPIj
+^|2!7s
,]9ZR7T9
vWAJ&<$
G|2hA}
Z>o-UnpY
]n)wr5
<0SM|:4
8<i~Um
hv/-\2
-H;x>w
W@ag'x
G\$R[{
XyL=8[
M/5Y/g
jHk(j2P
).'iKp
_X7#At
HBj/;j
2~Am"^5e!J
h]Zlfyy
JPvB{ V
9%Gs[P
vWa[N7)G
\Fw`>G
jxU Ie$7.YE
(2I*`ED
@b.mXc
5eQ}Tj
h"isU'
ap-)Ko
]lLr;y
DhA?zg
 (ST-dC
yvt!`?@
Z%08:t
q@nfob
"Bf_kn
.H,/6U:
H|ia:7
1B$wmiw9Va
*UVJ/.
9jWUU.G-`
 79a+2
)f)D r
qPYlu`
.YVE=J
c:=/-yA
)L$&H{
!;7o9d
uyt)/r-.p
sNH$vB
vffV=:
KWsYlc*D
2hit}"n
w{Zo )a,
uj,+kz
>||N}h:
14+``|;
b9pE/=
qT_uh:,W
nN4V:Bd
ixG1,(
C"GN4K
RU/p.b
MzZ+y8a
.$5s-d 
t}dc{-
]Kq%J,
L}{+8.*!u
SfC)zk
7)9bR(%0
_k8Vw{
HgvM<q
'WU^ZY
kHe@]A
BbU9i~7
s?%G c
r}hnYCohh
;y^-3Z_2
ERa7Ju
>#}Xo<
^Q^zjq
*g9Rt-
j2WsumE
tsyL^,
E(G U<
E !NRn
SX$7[k\M~0
^_gypy
sq.KR2'w
uGAis8 !
(hJmW7;
j~6P5n
fGwnd`
m|`EXs
JuvbbO%
Y)><(-12
;6#'iB
?*;Zok
~pD	h#*
	4dEy[
-Zd98l
0	Zv85
ky1F6Q
)?|Ulm
P{s p"
u` `y/
	$=QXT
W`h%Df
aip(b}t
VJN{c(
>--fA[O
=4jNZ.
OW({'jU
sH0A(f
Ix/Txk
Eqq_~r.V
1dr>'o
yr{5=Z
YmJh	c
 |R]zD
?z@3'T
t\/tK9s
FcYpi_
HX;,3<
Q*Z;=l
S6Z?zV
h-4dR 3a
``%@?Fbz
{%Rc'b
_PfVEyt
<LEK"'
x+H|"u
qTPC#N
F~<5#B
a8,(AN
b"p!=):x
DV3%V'
f3R}(> e`
O;`#S0
VofD2~
} @i^%
K:t%e0
	?SF6x
/5x8pRt
zLBe1A
 j;34s
Vv&`AEe
	U1<-yk
[uLo_(
M]<IM @
@&ZX}c1
~oxA#V
4I99_6b
d 1>ynH
+y5UJP
rAO[^v2
"LLJF=
k~)(RC
uKL}/'h
i$xYqpU/
@{\	~o
f'l.`z
B*cTkM
afP?%`
I|<t.3
QduPI	
n,}6zB
t@!GnB
8heL8&}R9
"A2rtz
AI<o81
4,_Z`U
zv,HO>
7*%|[F
88s6Y"b
M*}%*<=
}/o\o#
^eLp\X
 }_Z}Aq
<*L6&Q
Yip_rBr
:.UkG{
zYu/L<
^c('wiK
|h)c|nD1
| oohlC
;iN5a\&
	;4}31
e4-6wi
vpCCzV_0k
;NR^:2E
!QWOD|
Ow.=xi
tA#]Rl
`1!h{|
t#QeFm*
CC-6)o
1@H8YN+O
%OskR7x
O&gGcs{
F[yM'9
\fwT-=
.GP&)3
$c~@ir
snlS"I
.%uzhvG
a,>oiz
/"'Mq x
1Gjt|R
23GUNO
m.zy+u'
3jfS"4
% Ez=NTbd
sdMx,:
p0By+O
lPp\ L
hwY9^6
RQ~0ES
[t43R%
fD%tk;
&!o^bv
?:/SRp
Z:#BQ%`
lN> w:
'oxV.31
$9]Fy]
Sjl*Uh!
K{Wa(unLr_
a2~SHae
I\~(+*
8uREiR
R}p&0q
Ex>#Zk
u?c\:z
v5RMCf
aGH4Cq
_xdR./L
 |bFdqj
$#7+FC
S+h@-N
kF>TG:
Hz330c
C57 F]
(bvunV
p):8r5
Ilyf	S
:%A9.6
2?	Gf\
R>qv6S\
'E	1ED
u:^f9M
PYK4Pw
/LS}/t(Z
Q<_@v=
i ,&6@
c:&[NG
 q)|Asf
)1BY2t7]X
!YR'Gm
[c^2@Da
l.*D4|
[<4\Yd
-Jimuk
A%g-:~
^Bx+V[&
}5^#-EX"P
#(rGs"
C'+}^;
/"m	T!H1r
s<G(OD
{JP~Sl
daY=tj
K8CcG9Dl
S|6z&n<{7
_|na8d_
Ae?<,}{
>u@.e$[
&vZ}@W_5
/~?q$\3=
,9^{ri?
VpbBrd*	(}
31g$LTL
(*7$HL
AWE|Wak
5$M/oBI
Q1~N#<
MoxkY&
	Sf0W]
y(S:|>
.IFKn}
6*{.~ L
pP'T?W
[@IS_p,bP
kDd"e(
ifZxf9
6owFJ9
hv~5Lc
TI,nxX
R%jA[6
]	Yin-H
	&>VH]bTbw|
)"|6`Ut
$Q{fvF
<#yV:}O
	-9wha
w38}%cK
,iPK]5
J0N"Z bQd
/8Szv[
ly=EgP|ip
yDTR!Ze
aU=#Lk~P
r Ql<@
i/ZlHEn
;4PJC!
60<Sl%
kx%,_z
|F,/)b
D'CUQw
FoJjtdQ
HD+64L
)2*^Q(m)
XybQ^bN
Mp61(&
V5eo},
%.,f|xA
o.wIwk
$yY5y7
Q<jxVW\
?*>,:J^
,{&l9lBBIN
\9|%Nq
uBOzbg
Y}#42&
ElhV 4
63)]u"
^/$bZL
d>=: \
}1R6cX
G#Y=zy
`_<Tz:[<
TQk-}o
~IVB2ze
+S}?4$k
jV:qsZ
fL,#]XP0:
i9y<V*7
5~3FZf
3il6[B
adU5gp
Wi+CpI
7a6e[%
/0rI	U"M
|8sT<c
o;Z?v>
B'*"JA
h"62)lZ
&eUzGIw
16p<Jw7a
[k\HEa
y=KG1g
43*`7JMEM
z\]Bw8v
uOiwK/
[18FlE
zqM>X`
i`ZP?^
cF8GYb
*6<0;/K
z.*Dbr
pSpbaW
$q-%91"
2h.J$Q
UJAJ.	>>
X@a	wS
r,vDu[^4
_m!V(#4
1]Y2OMp
{Cs>Ky
'\sxcK"=
CAT)*#L
\+N	k1
$f]_U6
&h@\;C\
2w,=*p.kf
6H$NYbo
k}yh="
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
VERSION.dll
VerQueryValueW
WINMM.dll
timeGetTime
COMCTL32.dll
ImageList_Remove
MPR.dll
WNetUseConnectionW
WININET.dll
FtpOpenFileW
PSAPI.DLL
GetProcessMemoryInfo
IPHLPAPI.DLL
IcmpSendEcho
USERENV.dll
LoadUserProfileW
UxTheme.dll
IsThemeActive
USER32.dll
GDI32.dll
LineTo
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
GetAce
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
wwwwwwwwwwwwwx
wwwwwwwwwwwwwx
xwxwxx
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
~~~~~z~zzzzzzzzzzzzzzz
vvvvvvvvvvvvvvzvvvv~zz~zzzzzwzwzvzvz
knnnnnnnnnnnnnnnnnkv~z~zzzzzzzzxzxxxx
nGGHHH
nv~zsssssssszxzzzzx
nGGGHH
nv~~~~~~~z~zzzzxzxy
n..GGHHH
nv~~ssssssss{zzzyyy
n...GGHHH
nv~~~~~~~~~{{zzzzyz
n+....HGHHHH
ssssssst~{{zzyy
n++....G.HHH
~~~~{~{{{{
n!!+....HGHHHH
ssssstts~{~{{{{
n!!++.....HHHHHH
~~~~~~{~{{
!!!++....GGHHH
!!""....-HHHH
!!"".....HHHHnv
ssssssss
"""+....G-Hnv
""""..-.-Gnv
ssssssss
"""...-.nv
""""..-nv
ssssssss
nU_[_[D
!""".+nv
nOTUTU[[ED'
"""+nv
ssssssss
nCODOSSSWWWWXWLWaanv
n;;>D;DDDEESLWLLLLnv
ssssssss
;;:::3***3444nv
'''*"31nv
ssssssss
mnnnnnnnnnnnnnnnnnm
ssssssss
jurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrruj
juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuj
juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
J>>>>>>>>>>>>>>>>ACA>>>>>>>>>G
>S]]]]]]]]]]]]]]]]]]]]]]]]]]]>
>S]]a]aaa]]]]]]a```____R_R_U]>
>_]]QQQQQQRQRQQQ_``__STTRRRR]>
>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>
>_]I$$$
IQ```a\a_`_URR]>
IQ^LLLLLL___RR]>
	IQ`_``a\a\_SRU]>
IQ````ca\a__a]]>
IQ`LLLLLL\]a_a]>
$$$IQ````aca_a\]_]>
$$IQ`LLLLLL]`
IQ``_`a\a`a
IQ`LLLLLLa\$
>_]IE=,
IQ``````a\a
>_]I66;;80-&&7IQ`LLLLLL`\
>]]I11255880::IQ`````a\ac
C]]I****,+...-IQ`LLLLLLca
  ""IQ````aca\c
C]]HIIIIIIIIIIH]aLLLLLLa\
C]]]]]]]]]]]]]]]]]]]]]]]]]]]]>
C_]a`a]]ac]a]a]a]a`a\a\a\ac]]>
DKLKKKLKKLKKKKLKLKLKLMKKKKLKL>
APOOOOOOOOOOOOOOOOOOOOO
>>>>>>>>>>>>>>>>>>>>>>>>>>>>J
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
 	<dependency>
 		<dependentAssembly>
 			<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
 		</dependentAssembly>
 	</dependency>
 	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
 		<security>
 			<requestedPrivileges>
 				<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
 			</requestedPrivileges>
 		</security>
 	</trustInfo>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 		<application>
 			<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
			<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
			<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
			<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
			<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
		</application>
 	</compatibility>
</assembly>