Sample details: 561c464714f38c9cffed8f54fdffdb47 --

Hashes
MD5: 561c464714f38c9cffed8f54fdffdb47
SHA1: f54cc50111ef06e3e3fc37901b989e1b3535cf89
SHA256: ee2b02c90ce3df0d5c752113d0a827a95b9084a316d827b62ace0542dcabc081
SSDEEP: 3072:hYAPSjT6w796tF+j93Wc62KEYN+oAnCZpXavmTQKwxsvoF6VjqjocDH/BX9vgS7w:hSjTPlmcS/+rLmBIsvoF6Vjs
Details
File Type: MS-DOS
Added: 2019-02-26 02:54:31
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/antisb_threatExpert | YRP/screenshot | YRP/spreading_share | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.19E
uY~uc6
8nY&<c]
<Z 1ie
4\bT&J
]m%1Jg
>wx5z.$j
.$o8>U
L39o@!Q'
chRaz6!
lbYu?V
{u.pPV
u=3lB{Ag
WaT2^y
	D5m(v
BxC`G8
Ur|($>!a
HBU+qg
eC^&Py
UYGncX@=Xl
K0mzD%
_25Y{7j
e.x,*Tz
oIKl5:'
Q6W<ca(
:*7uB.
F9Gfy=*7
|1-.2R?
_QeOC+9
j@Zmh(VT
|sg3`w
nO<03w
5oZ>ic
uYAiI=
GI'nYQ
I&."mk
$D2&xz
=c(!_j
;)PToojyc
<RQq&;
}cVYRK
\^FD2/S
#2*R~T
>$>`B9
bi{	|G
-_^T_3
pn!X-O
u=~.-sS
PK>~=3
UEs;xlS~6J
}L\_0cR
7KywC.
p>%o2lJ
 4V6<f
raH([)0
L[U`s]
>*H@?\
!RkfIs4
I$qLSt
"F}GW<
+$7tE1L9r
Z'#]C("
bworqfV-=
aNHC-q
R!I	C)t
y%:$n^
oP/H4^
gfPoO]N<
U{x/XO
;^GOa)
'S_`f}
q*8"*5
>"Q"f58
IZhy\u
5"r.^]2
{	f,^He
:4g<	V4
u8WvYO&Ju>
I9}Q>"
P&!t?pc$
w?70ru`o
$x6@3],
-%d5qP
[/7/&-
k$EgfM
"vG]H[
yOqF|g
@~dYGe
HLmWV4l
|mDDO=7
R^L|$pR
~ \T<d
k1lJ\/
UOq|?a
,*^OLK
BR}Jm<
{!Snj/
 HO}^	
s:^+F6
Q<iSDN[VT
lgzZs\
S^U=[6
d\e		8zm
Hy)/	H
Yx?y\(G 
/u(mZp+
FN~343
`"0{hq
e>WdL!o
!kILaO
10q4[6
R:l{>~v
?(/{2Y
zo=[PX
p$~.n!Y
b$m;6z6Dutr
yF5YC2[
l)HQ}S}
T<Z>"@
	,>C<2y`"L
j%7o;73
 Dk9l/
y8'EX2
>37|w=
@hslbc
sk-C(@wD<1
nX,!Nv
xGDrT&5
+M3jhr
|qsEPb
|8.MR_
?}d}6p
x|O!>{mG
e."Fkl
ha{6n{
12?9:"$
1aO?p1E
tSL+`T<
J8K3?$
p\Z#/z
M|t\H$I?
NF\!!^
E%X7gn<
x}eZ	e
/Y	']4
 ldc-V
a\v&fh
z^vE4-
o}1o&?
7AN32E
$O]0j/
Z)*{br
G?I"*]
nisy0?w
tyu"&@
H	{66jl
z"j"7`a
jkqA%.
qIBBepx
||SYlMn9
6Qa%@J
0S@*E$
:pnjS{E
y6+j=rn(J
-?LW1,
Ay/0xff
+nV\,/
s/rd l
6_$&NL
906'=	
nB\E7D
R-}`m}<
jPvQpF
-jwv5"
[')Wb3
d8XMRE
8wL1y"
:Cs.T)
=+`~Sl
XV6x;+e
7" '.'
?(SQFSY
Y_I,MBA
(|5j5d
o1TxZ8ZF
x+$"Aan
/HKJG<,S
n$":@T
iUl+wUr
D\b	}/
kXJtl	
ahy|PN
0q]ENH\V
myQ^wzBd
rNnQ%c
5`3Ydn
`Qwv: &
g[$!@^"2
8w."`6@
-+vkUm
e/1DNE6
&XKuFri7
g)~%J1
a11bf4
CmR	'%U-GG
S8K3 u
mebEir
txI	enh4
'\-a3k
I9	lg\,
AUnEC*
Xo,pY9	
LOONr 
BnOtHF
4Z_JcC
N/^GF>@
{^1'0wG,6
Wg%Ub|*
_2w.cMd
>/xR7x
Pe(6t@0,
YC!2(A
bVDKK_k
tTg?;N2
jAjJaU
NQ9h(D
_4u6KM\Cg
Kq|[}+
vFyK O
+N@'nq
am0Ce'
9&.5'Q
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
ChooseColorA
ADVAPI32.dll
FreeSid
ole32.dll
CoInitializeEx
OLEAUT32.dll
WS2_32.dll
WSCEnumProtocols
NETAPI32.dll
NetShareEnum
PSAPI.DLL
GetModuleBaseNameA
MPR.dll
WNetOpenEnumA
msi.dll
MSIMG32.dll
TransparentBlt
VERSION.dll
VerQueryValueA
COMCTL32.dll
ImageList_Add
RPCRT4.dll
RpcErrorAddRecord
OPENGL32.dll
glMatrixMode
IMM32.dll
ImmGetDefaultIMEWnd
dbghelp.dll
MiniDumpWriteDump
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
IDATx^
#[y'2@
}RcoAL
	FZG|	
_o-"+KH
_k	"*LED
8#&pPL
YUvL 3
8p uZwv
h-@W_!
kVKi1r
*GjFc>6
X6XFXV
p~T0Rt
UprS\#
`}Q+9y
Q"sd//
9,VWH\
T|>j1{
kuXXXR
YYYa			
nnnj}}}
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>