Sample details: 5891839540cab1d878ddb1bab05a780f --

Hashes
MD5: 5891839540cab1d878ddb1bab05a780f
SHA1: 870d325003f37900aa502267a0aa8472df3fef4b
SHA256: 7c6cb488f180733d816a2474321dab35dc40a5f59cf832f5da78708170cd30dd
SSDEEP: 3072:ivSUmubsu8C2yUHrPTsB9Qim+lISUOdyyDSaS/Ofozd4YnM7nu3FmXbHgaf1a146:ivSUm4su8C2yCrPTsB9Qim+lISUOdyyC
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/win_files_operation |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
cZ[c,>
{P0:2P0
{Y*[??%
<(1^"H+
bhQ$JU
N?@3$u
	R#eB`
{t!H:|
	kFk|&
S<r"v8H3
Sb{|\0iToq
AU%|jVX9`
s\Tp\)
DYcPD<}
'NBZG`
@2-w=D
koV[}1
Nq=XAew
N:;DJ8
"s2kl'&
oaqF!-p
*ahunvB02
[Z{ct"
.W=R{&:
^fFq=T
2/c>Jvx2|
I3@?<eo
oAfa6Z
"c7&rz
6$rcpM
~=o(8?=
*E&@ S
-^:+oT
VX<js1QN]tX
+=_K8_&
q,mLSV=
!Bl*x['
8%PMSeP
OMCFKH
=y]yh9)4
J.2VYL
+kl<I52
T{a\	J
>`_1~\
}eQ_?0
|s2#p5
b_JPC-u
pUR\Vg
%R#%?_7$2
Lt=g"b
HkD6z*
@d<{r3O:q
b.f:P>/+
z'QvH?
9KEhP-[96C
V*H<\'^
aD6zCn
(c2^ur
E+Wrw-
7\TEwDnv
I."&p`
wLu16T3
E9y0W\D
DW7n\U
{?NJI~	
nTCYYr
ypJvF1
/z<)8$
Sx&X9E
ZNX,mP
_LZhOT
*mYdY,
8QAcSD
2)=l],
^}L9l<!
kP5kLzyv=5
	NJV[A-
2Q4l[^
b	awK|
W `}$Lb
t[~&sG
\]:FE,
O!j,?g
LS'N$g;7*Uz
JT*#zP
yg:& U
dj{,Q+
'AU<lk1O-\-
fX	,6u
 %,H:~7
e;+Cmp
rP	$C'/
k Hfn::
^GDXlb
`K0_N7V
Rk)M`*
N`riVN
4X?p>j
_;#v+R
Qt(	n	
Zz|Z7NW
zGdD]!
:>1E<+
E%FA,<
56np4A
6veE_C
G,DVmT
&lW{V.
<JP`9I
0tTmPw
!J,w"L
'd# 77
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
CM_Add_IDA
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemW
CreateDesktopW
SetFocus
DispatchMessageA
PeekMessageA
FindWindowW
IsDialogMessageA
InsertMenuW
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateW
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineA
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileA
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenSemaphoreA
lstrcpy
kernel32.dll
60<0U0f0m0
1#1+191?1X1j1q1
2%222>2F2L2R2k2|2
3"3*31373F3L3R3k3|3
4%424=4E4K4W4c4k4{4
53595N5[5g5o5u5
6%6>6N6T6^6t6z6
7+7<7H7R7k7|7
8+848A8N8Z8b8n8t8
9+93999R9h9n9v9
:+:7:B:H:T:^:w:
;!;);3;?;K;S;`;l;y;
</<5<A<N<Z<b<z<
=!=)=3=L=]=d=l=
>#>->3>9>?>X>v>~>
?#?)?1?=?I?Q?^?j?r?
0'0/050?0I0U0a0i0
1,1<1I1U1]1c1|1
2&222>2K2W2_2e2~2
3%323E3R3^3f3r3}3
4'4/454A4G4M4Y4d4l4s4
5#5/575=5V5f5u5
6$616=6E6S6Y6_6i6
7%7>7N7V7c7n7v7
8 898I8O8g8w8
959E9O9g9
: :,:4:A:M:a:j:w:}:
;+;8;Q;b;{;
<!<'<@<U<[<e<l<
=!=-=:=R=X=e=q=y=
>'>/>6>N>f>v>~>
?!?'?-?6?C?O?W?a?g?m?y?
0 0+050?0H0a0s0
1 1,171P1a1i1s1y1
2'2C2N2T2a2l2v2}2
2	3"323A3N3Z3g3o3y3
4!4+4D4W4]4g4v4
5(575=5C5I5b5s5}5
6 60676=6J6P6]6i6x6
7%7=7J7U7`7y7
8)8/8<8H8P8V8o8
9#9,969@9L9X9c9m9z9
:*:2:?:L:W:_:i:
;(;0;<;B;T;Z;e;n;z;
<"<(</<5<B<N<V<o<
=7=@=Y=o=u=
>8>H>O>\>h>x>
?"?,?2???K?Z?s?
0+080A0L0Y0e0o0x0
1 1,181@1Y1n1t1z1
2!2'242@2J2c2t2~2
3#3,333L3a3h3o3w3
4-4=4V4g4m4v4
5+565@5G5`5v5|5
6.6>6K6W6_6i6q6~6
7)7/7=7J7W7c7k7
8'888?8X8h8
9&9A9G9`9p9
:':.:G:X:q:
;#;+;3;L;];v;
<,<7<=<J<V<`<f<m<
="=.=:=B=I=O=V=c=o=z=
>%>+>8>C>M>c>o>w>}>
?%?/?5?@?F?^?n?t?
0&020K0[0h0t0
1!1)1/151B1N1V1c1o1w1
2&222<2H2T2\2b2i2
3+353;3A3Y3r3
4*4>4E4^4r4z4
5$5*515>5J5R5Y5d5j5
6"696@6F6L6e6v6}6
7 7&7,797E7R7X7b7o7{7
8'8?8H8a8
9)999?9L9X9`9f9s9
:$:0:C:U:f:l:r:
;*;2;<;U;g;s;
<-<:<F<P<i<y<
=&=,=9=E=M=f=y=
>6>L>e>r>~>
?3?=?C?P?]?i?q?{?
0$0*000=0H0P0b0h0
1#151N1d1j1p1z1
2#202<2K2X2c2s2
3$3:3A3^3e3~3
40464=4C4I4V4b4q4{4
5*565F5S5_5g5t5
6!6:6K6Q6`6f6r6~6
7 72787B7H7a7z7
8%8-838C8J8U8b8m8u8~8
9&909I9Y9r9
:#:-:=:D:Q:]:e:k:
; ;-;9;F;L;e;v;
<)<1<=<I<S<Y<`<k<
='=.=6=@=J=b=x=
>%>>>O>U>\>b>l>
?+?;?A?I?O?`?j?q?{?
0!0'0-0F0^0d0q0}0
1"101=1I1Q1\1b1o1{1
2 2(212J2[2i2
313D3J3P3\3h3p3w3}3
4;4E4O4^4k4w4
565G5S5_5o5
6#6+61676=6V6f6t6~6
7'7-7A7K7X7d7q7y7
8$8*878B8J8U8[8h8t8~8
9#999?9F9O9h9x9
:2:B:[:y:
:	;!;7;E;W;o;
<(<5<@<Y<`<f<
= =&=-=6=O=`=j={=
> >,>7>O>`>f>p>|>
?7?H?U?a?i?v?
0!0'0-0:0F0N0T0^0w0
1+1D1V1`1f1s1
2%202<2F2N2j2q2w2
3 31373P3`3j3
4/454B4N4V4`4p4z4
555N5d5j5
6-6>6E6^6o6
70767F7O7_7e7r7~7
888H8a8r8{8
9 9&949M9]9u9
:%:+:C:S:_:k:s:|:
;#;+;1;>;J;Z;`;l;x;
<$<=<M<f<w<
="=/=;=C=M=X=^=g=t=
>)>/>H>X>t>
?#?2?8?Q?b?l?y?
0(040H0N0[0f0n0x0
1%1-141@1L1Y1_1f1w1
2/2@2L2X2c2i2o2u2
3.373E3N3Z3f3n3t3|3
4$4*474B4O4U4n4~4
5!5'545@5H5Y5e5q5y5
636C6I6O6W6d6o6
777=7D7Q7]7g7s7
8"818>8I8S8Y8r8
919H9`9v9|9
:%:5:<:X:_:e:k:r:
;";/;;;C;I;O;U;a;m;u;
<#<+<D<[<a<l<x<~<
=$=4=>=H=Q=j=|=
>">:>K>d>{>
?#?;?L?R?j?{?
0"0)060A0Q0W0d0p0
1 1+11171K1X1d1n1t1z1
2 2&2?2O2\2d2n2z2
3/3<3H3P3[3c3m3s3
454H4`4p4v4|4
5-5>5W5r5x5~5
6+6;6B6O6[6c6i6
7'7=7C7I7V7a7i7o7w7
8#8+8D8V8o8
9'989>9K9W9_9e9~9
:-:5:B:N:V:o:
;%;,;2;K;[;a;z;
<'<-<:<E<M<\<u<
=*=6=E=R=^=j=
>'>/>G>W>`>l>x>
?$?2?K?a?k?
0+01090?0N0[0g0o0{0
1$111<1D1J1U1n1
2/2;2G2W2e2v2}2
3 3-393C3M3Z3f3u3{3
4#4.464I4O4W4p4
5$5*5/565A5K5Q5`5f5l5u5
6&646>6I6U6g6m6s6y6
7"7(71777@7G7M7W7e7
9%9/959>9D9O9W9]9d9z9
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
xcyvxoxvbojuibvl