Sample details: 478a23f8e68bff744fcae16bb180dd7e --

Hashes
MD5: 478a23f8e68bff744fcae16bb180dd7e
SHA1: af220b669fc5ea18a2861e6d5d9e8a23453d7d69
SHA256: f4993d956e96aeea3584d78442ed94779c1155160f0f0d937551ab0cceb1f598
SSDEEP: 768:nT0hiSmmhqD0+whU13MhSlL7N+PGTn6RMEuntwOn7D:TGSm26UmSFN+PhRMh
Details
File Type: MS-DOS
Added: 2019-02-26 00:13:52
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
}#gV#S
Mae&fE
o&x<u9
H`*"Q|
4"[r R
!tQE=2t
Va*a~:
yK0s"z;#5
UbY#l8
iHdC8~
@~#!az)+
ZubzS4
+4.H0j:
O	R@T;
m>%vmHM
d_~X2`H%o
U|WFRx
[Y{vM-
kZO:.*
G&^RMl&P}
ujEmoV
(LY,id
hmn@N~!)
.]#G|0
qVer)O
jlT93L
Cw'Y`0
Hp%1m_,0}
>nBL<s)
&}NHf{^
uf	Myfl
3'<[nn@_
,Zx|Z;\
YWH=jE
'*,]e%c
94!+6?
_)	mtj,
m,eY:)
itx]t+d8
P^1ny7
3p:T'V.Y
m?ML=A
j!BPH 
y`i^Do
.cfg B
s$/0kt
OB`#J7
ge&eq3
@=\9i'M
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
ole32.dll
CoCreateGuid
user32.dll
wsprintfA
advapi32.dll
RegCloseKey
wininet.dll
InternetCrackUrlA
shlwapi.dll
StrStrA
urlmon.dll
ObtainUserAgentString
wsock32.dll
userenv.dll
LoadUserProfileA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`