Sample details: 4657b3eccb92d7d393a1a76a7c537938 --

Hashes
MD5: 4657b3eccb92d7d393a1a76a7c537938
SHA1: 27fa4153b39bc524f3cbb0a0e721e588410034cf
SHA256: 007fa4a0f58bab6c20ba499120079a5a044af8f22cdce232df8912c170978c82
SSDEEP: 3072:+L+/LBsXVrdHziL+5rp2Ir3T99bnSp/C+9BRfdt:+tXdd0AFFZSpK+Pt3
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
tKOBrx$
wsjs6juQ
a<`4)E
^aDT	j
 zq.`[n
|)r`Nj
	)=]cFdr
B>D)?Y
u%qkle
<;z70PfQ
V8Fbh0
Um]5$d
?\u28G7
JhTNx)
CX^IG;x
E&1;tg
,O(e&wF
2ke^x!
JHQCrZ
|rA{.f{
^9i$Ot
W*q4w=_\
jRs@c(
B?1[kw
`*S8##
"4,2ay
!-jPCm
2uZ0`G
9<m1sz
ZwkW&miN
Eh]\5y
wz:3LH{
v]B3%o
w'N+0,
.y[*yK\
\!oXU#
!6g2CV
Wsz*	o
}zOjL;
c8l#9k
[HP>'(cgP.Q&EhSO
skC#{$
j"!	fPc
w9E"Ey
P	et[H
a*	" 6
b$Kw#?
 }-hhNlT;
@_-gNc
F&`,tg'
rp[J@1:
b[&Z]}u
e9>gU;
`3ZNQ8
UGlB9j
\iv{RX
&FD&8E/
W'$QLB
<nFT~!!U
CuJ%y?
L	;D:*
%2M)7)
}E0"'V
U5]Rgtw
Fcyg5I
t>P?9W
'DQ,s4P
(NwiW9
8iV~yd
_[.C>>
`Cg]'U;
Q%+bId
>|,g5Rv
a:g#"R
N#pKV.
H[a&X}lg
Z"H]FQ	|1
G^^E(	
d)dfVh
Iw_C0Ec
hAQI{h
,H$N +.
7'XB!8
UNXEoa
{JL#]!
o?> Rq?
W"kX	"GW|I
&|/	*7<i
dSZyF(
>:?@oL>
~h W5+b
OpCj}1
wwIlSE
jRtbF<
DTG'Yf
>yBz'N
y/d=H7_'
lw4#HQ
Y$7`)5
7wE-U"
&sb7V;6	
i)Pe	p
-nC(Ye
"2~ZWX
S"'\so
tKOBrx$
wsjs6juQ
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
tKOBrx$
wsjs6juQ
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemA
CreateDesktopW
SetFocus
DispatchMessageA
GetClassLongA
FindWindowW
IsDialogMessageA
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineW
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileW
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexW
lstrcmp
kernel32.dll
50;0T0e0l0
1"1*181>1W1i1p1
2$212=2E2K2Q2j2{2
3 3(3/353D3J3P3i3z3
4#404;4C4I4U4a4i4y4
51575L5Y5e5m5s5
6#6<6L6R6\6r6x6
7)7:7F7P7i7z7
8)828?8L8X8`8l8r8
9)91979P9f9l9t9
:):5:@:F:R:\:u:
;';1;=;I;Q;^;j;w;
<-<3<?<L<X<`<x<
='=1=J=[=b=j=
>!>+>1>7>=>V>t>|>
?!?'?/?;?G?O?\?h?p?}?
0%0-030=0G0S0_0g0
1*1:1G1S1[1a1z1
2$202<2I2U2]2c2|2
3#303C3P3\3d3p3{3
4%4-434?4E4K4W4b4j4q4
5!5-555;5T5d5s5
6"6/6;6C6Q6W6]6g6
7#7<7L7T7a7l7t7
878G8M8e8u8
939C9M9e9
:*:2:?:K:_:h:u:{:
;);6;O;`;y;
<%<><S<Y<c<j<
=+=8=P=V=c=o=w=
>%>->4>L>d>t>|>
?%?+?4?A?M?U?_?e?k?w?
0)030=0F0_0q0
1*151N1_1g1q1w1
2%2A2L2R2_2j2t2{2
3 303?3L3X3e3m3w3
4)4B4U4[4e4t4
5&555;5A5G5`5q5{5
6.656;6H6N6[6g6v6
7#7;7H7S7^7w7
8'8-8:8F8N8T8m8}8
9!9*949>9J9V9a9k9x9
:(:0:=:J:U:]:g:
;&;.;:;@;R;X;c;l;x;
< <&<-<3<@<L<T<m<
=5=>=W=m=s=
>6>F>M>Z>f>v>
? ?*?0?=?I?X?q?
0)060?0J0W0c0m0v0
1*161>1W1l1r1x1
2%222>2H2a2r2|2
3!3*313J3_3f3m3u3
4+4;4T4e4k4t4
5)545>5E5^5t5z5
6,6<6I6U6]6g6o6|6
7'7-7;7H7U7a7i7
8%868=8V8f8
9$9?9E9^9n9
:%:,:E:V:o:
;!;);1;J;[;t;
<*<5<;<H<T<^<d<k<
= =,=8=@=G=M=T=a=m=x=~=
>#>)>6>A>K>a>m>u>{>
?#?-?3?>?D?\?l?r?
0$000I0Y0f0r0
1'1-131@1L1T1a1m1u1
2$202:2F2R2Z2`2g2
3)33393?3W3p3
4(4<4C4\4p4x4
5"5(5/5<5H5P5W5b5h5
6 676>6D6J6c6t6{6
7$7*777C7P7V7`7m7y7
8%8=8F8_8
9'979=9J9V9^9d9q9}9
:":.:A:S:d:j:p:}:
;(;0;:;S;e;q;};
<+<8<D<N<g<w<
=$=*=7=C=K=d=w=
>4>J>c>p>|>
?1?;?A?N?[?g?o?y?
0"0(0.0;0F0N0`0f0
1!131L1b1h1n1x1
2!2.2:2I2V2a2q2~2
2	3"383?3\3c3|3
4.444;4A4G4T4`4o4y4
5(545D5Q5]5e5r5~5
686I6O6^6d6p6|6
70767@7F7_7x7~7
8#8+818A8H8S8`8k8s8|8
9$9.9G9W9p9
:!:+:;:B:O:[:c:i:
;+;7;D;J;c;t;
<'</<;<G<Q<W<^<i<
=%=,=4=>=H=`=v=
>#><>M>S>Z>`>j>
?)?9???G?M?^?h?o?y?
0%0+0D0\0b0o0{0
1 1.1;1G1O1Z1`1m1y1
2&2/2H2Y2g2
3/3B3H3N3Z3f3n3u3{3
494C4M4\4i4u4}4
545E5Q5]5m5
6!6)6/656;6T6d6r6|6
7%7+7?7I7V7b7o7w7
8"8(858@8H8S8Y8f8r8|8
9!979=9D9M9f9v9
:0:@:Y:w:
;5;C;U;m;
<&<3<><W<^<d<}<
=$=+=4=M=^=h=y=
>*>5>M>^>d>n>z>
?5?F?S?_?g?t?
0%0+080D0L0R0\0u0
1)1B1T1^1d1q1}1
2#2.2:2D2L2h2o2u2~2
3/353N3^3h3
4-434@4L4T4^4n4x4
535L5b5h5
6+6<6C6\6m6
7.747D7M7]7c7p7|7
868F8_8p8y8
9$929K9[9s9
:#:):A:Q:]:i:q:z:
;!;);/;<;H;X;^;j;v;
<"<;<K<d<u<
= =-=9=A=K=V=\=e=r=~=
>'>->F>V>r>
?!?0?6?O?`?j?w?
0&020F0L0Y0d0l0v0
1#1+121>1J1W1]1d1u1
2-2>2J2V2a2g2m2s2
3,353C3L3X3d3l3r3z3
4"4(454@4M4S4l4|4
5%525>5F5W5c5o5w5
616A6G6M6U6b6m6
757;7B7O7[7e7q7}7
8 8/8<8G8Q8W8p8
9/9F9^9t9z9
:#:3:::V:]:c:i:p:
; ;-;9;A;G;M;S;_;k;s;
<!<)<B<Y<_<j<v<|<
=	="=2=<=F=O=h=z=
> >8>I>b>y>
?!?9?J?P?h?y?
0 0'040?0O0U0b0n0
1)1/151I1V1b1l1r1x1
2$2=2M2Z2b2l2x2
3-3:3F3N3Y3a3k3q3}3
434F4^4n4t4z4
5+5<5U5p5v5|5
6)696@6M6Y6a6g6
7%7;7A7G7T7_7g7m7u7
8!8)8B8T8m8
9%969<9I9U9]9c9|9
:+:3:@:L:T:m:
;#;*;0;I;Y;_;x;
<%<+<8<C<K<Z<s<
=(=4=C=P=\=h=
>%>->E>U>^>j>v>
>	?"?0?I?_?i?
0)0/070=0L0Y0e0m0y0
1"1/1:1B1H1S1l1}1
2-292E2U2c2t2{2
3+373A3K3X3d3s3y3
4!4,444G4M4U4n4~4
5"5(5-545?5I5O5^5d5j5s5}5
6$626<6G6S6e6k6q6w6}6
7 7&7/757>7E7K7U7c7
9#9-939<9B9M9U9[9b9x9
l1tyhnmiopkmnyunbgtybvc
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl