Sample details: 4cca3ac972d2fdb1419c110ac62119be --

Hashes
MD5: 4cca3ac972d2fdb1419c110ac62119be
SHA1: e444f201bd1fdc9a17397e36345b6f511f3b2a04
SHA256: da88615ae602f88a5bd297d6170955c50be0f5c3ee34a9009236f7515f82eec5
SSDEEP: 12288:8MFEbexPOVOH2dGiFDygoBnFwRvsFghX:87a8VOWdGiBoBO
Details
File Type: MS-DOS
Added: 2019-06-27 12:17:58
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://c.eeeeee.cz/SQLAGENTSIE.exe
Strings
		MZ75910
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12=
/yuM$Y
1A2Dtm
19T%	)
a+mfU?
Mc;<O3
&zPtUh"
v`te3S
	E1Lzn
_EV-<o
#l}w-M\
 USt,|
rNX9{x
)3W\|<
eVZDct
]+qSP?
a=-c(Rh
c5w9*gXF
<CZp;q>
=ATTMB
a`xDOn
f2T)9PHNt
H\ dd$
O BHX5
u4?#]o
vZw~7C
s!,1mRg
PXfIK{a
y31aSP9
	Y3Q>J
q69P4b6
FY4SicW
`R+}Xg
Lb<1{zR
0C'zC&
Hws_;50
K}MEZb
%z"IPH
.yV6dX
IX1&5g
/%0h0(l
B_~$EM
Edl/n`
abhfmP
J<]DpH
@C2:z4
73);v$Q
}^G||F
dkBoV~
vB Vo}
s\ wA.3
!Cle)"E
Uiz])U
Ct|Y8F
HN2>bd
C{Zx{]"+s
`HeL{(
*:7Wv'
 U#[)C
{V;E:M
AhD<~?
3T-hmp
>6-&=3_
08}OK>
^0VKI1
@\$[o<R7
8Um0	n
zT'djE;
qcRO{:s
n}1E!|4k
v>KmH 
,^Z%y+
 mW/7&
gf*1BK7
g:q]CI
4oSyvY
Mt[jz9=
<ExJ-"
O(QdE|
a|jRSN
bFUrSC
^A3}4n
A|7h>K
	M7hfQoETv
F#;v$]
59Em1g
us]#g*
KR<	J#
,?j0bX
|i\9!o
eIIA<G
%,2u"y
s]WYR4
fV*i3:
m	{@/H1
ycN83AWQ
ZE#ckF^
$Syc#r
dNZ%A4
xi4~(a
!/'*#w
[2~:]x
JW/Yho
L]S)#	
Szv$o]
D+NUho
{D(4mO2
,U"y0m
(MX/"a
j?T{0L
ACnXUf
vmYlC4
W!8?gNU41K
>H\B-#
R?zNK)
gu@tf	
tqKi)?n
@[I+z3
9RD)7G	
:.c$Yz
x6G'`pFG
ZoK+Ln
;Yn"KK
*itP@E
DyvenOo
7T@e|f*
m{h{A~
G3MtmMx
$`cRH4
:Qd3iK
le[K*55
g!<[a<i
kJQR#9
)wljZT
N)iy+?2
`Z<hQ_
]N@%=}"K
6OQJ[Y
|P6{il
S8)%T6t3U[
S)N@]z$
|z4T6/
2qfcV+
SE$`@A
v[yX6qC
zy(x{.
>BCiq'F
kc3gDfw
6:]/2I/h|
)+D`t]
xw74xz)
v=_B:m
	_|<3/pA_
0(T;FV
=z.o{(
gQq~i_/
wy-mKd
_4=diVQ
uG7K4'
uMZT>_
)}7ly)
:>Euo!
gEW|qu>
HC!E7zq
F5}80XL
7QX@I)
&qSJzW7
]VZ3~r
ueN}y?
=o}"Qr
DieF2-
4};V?b
h]Pu\"v
1CuM!-
q1%^1A\`f
q!;%,?-
e{rbB#{
;gA0Q"
?Xe!3O)
7fMKp#
@BH$6X
R2:N=`aZ
vMf{#:
 =C1:|
1YN59D
J2L%qj
81\>wf
T0YlLJ
n/T]"0e|
)MV@k@
snijZW
S@82Q.
2^dS^v-
#r-v<q ,9
L2Y?JAy 
PO~z9	
	kG.?o
{)o\UJ
ctG55&
gd!;$l
zI$rR]
w;o|SJ
7"!S7O
pQH9p#H
D8 aH~
6aQD,O
Y"dR, Y
PT5;XU
Ibga	zFK
kcun76
7D~iv(
;dQJNQV
EmY32;
y3Yr.1
oO]x5!
cwN p[
Q4scI 
%/sQ:e
I|8N,V
{+<gbA
85Rz[V
6F7,t+
Q#/W`M{
#O	1h,
wR	@LU
qn${}Y@
lZsW\"
.bp'$+
:=78`jYM
EsW}G$
UBih6I'D
.~]zd|&d
AlM	_T
NHlZ8f
{/:j~"
\Px-W{
I$,s(\P
g*a!o7
C9Afx	!	
1o&xY>
	-a)ZJ
iNa)}@
y<m;[\
'v}cc+
U._o@6|
{GWQF;w
7^z48-
ax/D:i4
cMHF%L
^P	L^|
^sjG_%(;OxX
%!gW(22@l
1&B?rI
W/Un~{
Yh5/^t
jVEpcH
,[FXCk<0
&qS'0 
=0D*4+
Yb-8FF
#U'>aO
=pECdvjJ{
/1Kj]at
o=;G_]
XZQ<qM
5t#XK}
sF;Rx(
wLD1`9
}~Ur36
f24!nA
%x^n#:6
-61_8v
J`H-"Tl
=?RWbw
e~!Si.
rR+nrOu
f5svd:
g(OSJcg;
|5B&,Ys
wr"'dl
ma?Z3%
4i)sL[
/OW@oc
Gh{XV7
yZ.l|G
RDSP\"ad
eMBK[>`
X?<e\Z{"<H
DmRY#m
z>-1{9b
&488}Q
4q'e!53
*T~bIai
*]GIUs
TI&AVl
<~$([3
+V*O+9{IF
lu?+bj
!%dOQ 
ByZp`m
2S	^W+{7
-KRzmD?
]B1<2|
?!5G#t
G'd)TI+
ihz0CQC
te%SuzW
4l]ioV
w;edq?K$
BfiQ=L
EG!,2{
\bQ|uq(
-_7rH1
5)`|cou4
}HL;8R_z'~P
2Y *Zi
l31DBH
@i/*ij
uD{eS#
 a=R=	&Kh6
>;gJ<k
P:+.>	
D}Vz=Z
+x=vkR
|1fZM~
Ux~mCM>
TYAG?l%
'IQ3%$
LrBs3R~
EOciR%
,@^!Km
Y*~|]L
UQ!6rE
ocX=))S1
e`O+GW
$A~n>n
8Yea/{k
em(?6<>+c
XRuto}
$6txuF
1Db>oK
)J\Gz:
0Vn4l,
L+`Qke
fe^nw=?
IZRZW%
xgt&v%
d'6c7P
C4fP#U
Fm\Xul
Yse'=d
V54h4;
^fDy~7
#fd(?}I_
%ozL"^
*:yft=
}bgYu$
i,*m-4
*UtHxv
~$jn8x)
$2@tuaK
k3#UTy
!dRQlD
}SJA$.v
ck?Yt2
ZG?)F)
'-7_)F
>0\nL.
P^K	%i
a|h6XS
yvjD,c
{^IW<Z
As<tUZ
vKIm[q
cvcqzy
"?F)jj
j%gPJ+:
T7VeWY
/eT!e)
Y-?p#U
^u{b-@L
OSTIWq
(gYI	v
#v9-_7
	<+wMf
@#$"OC
$PN5?8
 ?nbA-%
!	cn3_
`yvj.md
[N~h_G
4[4fVF
'GVo:a
UpczE;B
@Q21[:
zHIVA	
p)T(>8
W@_0]&
St~&Es
aLWPMx
!Jcg|=
7e>aJ@
M:w\UK7
~ZPvq=
?[t.r%&&
.Icj|B
[pAbdM}
vjxQ4r
oggA{r
iRe"R2v
aY3Kq9
U&h4S+
hZzf|g
OOv>-f
[LVff%
=)HX%O
T-v^35
n<N_S1
~AZHq[
	'xP4"
D<o{&"p}
X%gqA[
fhJt]D
 X=l-\
E&aspA
:gf	.J
f."^%yh
G-E{w0
[zUl'2x8
 V N 27
rEGZUGn"%
aU%cBp
!{j}ba
[Nl(JB
MY/om6
}! lvR
NBh=F6HT
5(-Dbc	
ao#F?;
8"6Mx%
O^@@#}
_qEZ?g
,x?EA76NW
XZvKk+@
/"h:Fb
5(J=ms
W+LZ	s
RnO&u:
E> `SwW
`FjOD.
9Lay]|
GA oeBa
]}5~:2
:"r%7-m
[E[}nY~
F]T!h*{z
0Fcm,f[(
gmF,L!
@4qs1a;
ENIX{B
AjMofp
XpB33|
c{Hsg@
kE];wRY
hq:WMn
/Q;]?Z2
h?+/!J
sk@Y"p
>A1V%Y
IAn'WW
d|#\	b
<?#GFq
]^"Ww'
Hk?6r\
>5!@P+y6o
SdI,+d}
 M:)	2
pZ?c3,
#y^`n3
35C)08
XI$&%9
:v?W#0E
S9ES&+D^
{N$a(u%
EQs2bW7\
`,#<8-
N~H mI
1],z+a
o8KHZiP
o4jmRn1i
dFY",n
t+omq+!
6ds\m-
r)[`}S
0t7D75
Jbjd|%J
?,	*j,
^H$_85
_%ye{[
a"oS0g
2^]t#I
9\7Q<A}
2Oh+w85/i
V*U	$ITe
^rfOzZ\
;N^+9lvQ
wqtIy~
QA6/d4
sZ&W2u
lWMd=Ef
*Y^)n;[
-tg:GaQ
p.ZDCF
$O#:<dY
jQ f]C\
kF4<s,kU
AUu&^+
yR0;8H
8h lWP
(pynX&
?Y%s2<
y*V`R9
fn^TP<
#DzSr,
fC6P@V%
ch&!T[
,[i	v-
	I+^9N
GqVG,e
)Q?&wo
d\yMYU)4
f;3u[*6
Hn$.y;
+z	:uux
<QBV?z
3uuFdo
Nq_3!W
nByeM=
m:[x2wI
!H>2_V!
#.k!GMU
DwflN\
71`Eu?
kT\>rO
>x6b}Z
/peBEt
h\Bd9j
]  *rnF
IlQDXQ
pJ\|J/
kR"e^q
9Z:a}n
eA[1!vk
ys XV,
xM&<d.+
&'L6Uv
4[`z[;
Z()G;Ih
M#4;\W
cw.\N%
SD PCt
.Jf]a	
ZJ(KGZ"
%/9`:h$
bo?"H4g
cvlwY?
@^E2"'wb
)I0k:a/
~4.z<Ib
o6%+mS
!fr7tHW0
g5Wm9oc
8ng" 2
F)BrO4
vi]/h?!
2wfT`o
ryh8(q6
bLrns<
TyXvHx 
f',Sm/|
<ro]rQx
-u1wCL
JDah}g
4 8nX)
E:?yN'
:6c_"<US
$OREpA
0rYid>$
#&)eIJNX
G	GnM*|
0J:q R
?[YNd]P:
cfg@P"
;j{]S)
kE;0`8t
L$$_^d
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>