Sample details: 5b2374499e26f600bced33ee159e92a4 --

Hashes
MD5: 5b2374499e26f600bced33ee159e92a4
SHA1: 1958570485ec9e31310b98f54c5c0cad07dc61fa
SHA256: 396bbb76b0072bca8e8dc20bee1c1a0a76f966644b070706b33b1332e464f2dc
SSDEEP: 768:1+XGuXKBKTDcqno21X3FLJEALCTkPZSoRDl+0vLMwhemQWidzxYgLuEjiG7DQUm:IWmKBKTDcqosFROISoVl+0vLMmxkTliP
Details
File Type: PE32
Yara Hits
YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section | YRP/UPX | YRP/contentis_base64 | YRP/domain | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/UPX20030XMarkusOberhumerLaszloMolnarJohnReiser | YRP/PackerUPX_CompresorGratuito_wwwupxsourceforgenet | YRP/UPX_wwwupxsourceforgenet_additional | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay | YRP/UPX_v0896_v102_v105_v124_Markus_Laszlo_overlay_additional | YRP/UPX_wwwupxsourceforgenet | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/win_registry |
Source
http://sonatrach.us/otic/micro.exe
Strings
		!This program cannot be run in DOS mode.
t1&^'m,
o2;`/ Ys
TF[po$
z=JK*j
yfaH<:
,8%&F<6MW
w[QZ^&,
HHyOjZ
K`-bys
!C23#a
`AR,Ra
7|C!Gdp|hKj
@H!MJC/BZ
y \,R@
^1+cH7	#'
]h"W@q$
Kh)Xm%h2X
FX=XAr
BCWHNE
CZ 30s
*O*!1\*
q~'TuY QS0!
X`+!{:
{@xv0^\
"~"hI_	
ho"ok(
bi*,:B
l	rP*d
oa{a.:Y@
B1#(xIXT
Fh |qvGLh]
zOP2#V
&P=&D(
$h$dV4	
/_9K'u+
Z,uB/V
\r$\\,
%p,a[AnuJ!
* 8@rK
$@&iBF
.!P=07
sKvD61h}
^n@0Pb
1s6 g7
~! hxp
v,ZX]'5out)
.P2+Su
PTX2222\`dh2222lptx2222|
dddd $(,dddd04<DddddHLPTddddX\`dddddhltxdddd
D$f6~){
IB;it,
,!z,`R
v89b|I(
UJ;H9Lz
a+;B=]
QL<QKg4
TPqKgo
|oI4r4sW
uXL4Rw
TCHN|*7
$aPLib v1.01  -
the smaller
:)*Copyright (c) 1998-2009
"y Jo#gen Ibs
rved.lMoro
koQinf
ation: "tp:~
.i;softwa%.com/
123456
password
qwerty
jesus(
letmein'{o
monkeMdrago+r
i7youa
shadowp9
w]3v%reegm
SdfbocHrn
uaBuck
Ufaithdm[l
rlib_i
axqazwsx
65432=amh
crxJgr
=yspe1(
%l9rob
p7b$+i'
!q2w3e3
Cmzxcvbnm
mtx1 <
qp{4ce
p/YUIPWDFILE0
RCRYPTEDC
SOFTWARE\M
.dPWTSG+Ac
CjscS!uI
]3*vLoggOnk
jfy;<wh
}Gc!PS
\TY'+P[r
Ke*.C;
?h7_No
OST %s HTTP/	
{%08X-K
wcx_Mp.
^Gh`lr
sH \Ip
P^& 6`|
7c7d"d
?L	;gKG D 
{S!the
k?XFJq
2B-22Q
_ViDyk2
@],Knx
ouN!e.
_1_0_5
.sqlv0F
bik,Lu
SsCXu#I
_ 0NTROL
\{CB1F2C0F-
8094-4AAC-BCF5	1A64E27F
P}?9EA
}29-Ex?7577
4825FT73]}
hVoy{`.Ff
80)SP"h
-A95B-
ESTX2mQQ8
uKE7	4+d
-5#	c+2
d)a57I
4L_1I_*
jy A #
YKNIQUE
b9pl++.
?F9043C88-F6F101A-A3C
>z[EAya
 51:b::\}
:jX!a;
549.3a
4pYYi*T$	
mbuTTYmX
$l.wjf4
{>$173
B4y-4D;92
6B568FAE6`Bx
(,mAilF
+E;?O(
la^m!i
NsJt\.
4DRT-OK[
;3+#>6.&
'2, /+0&7!4-)1#
+	K_K6{o
DHcpyA	
virons
p! 	ViewO
C?WidIko
rToM.iBy,'
5+32Sn
" dS,6
pN3WF8<
j9 `)}A6G
.rsrc+i
XPTPSW
KKiuRFWqFeiuXZU@3
MZF_qo==Xqqu
WYMi|K==Xlk
ZDRoi==@Zel9
RKK@qiqR:
uoqRROOqq
Ou_a__T
ee[l++++
@__ab`
[e*q+++3
@9T_`d
'_eq[l+//3
ll[lq33/
luUlq/3
+//'qe(qu//
''/9/qq(u[
'/999F
//999=
='/99:ou
'=99:uu
u*(VLL
|'D9:@|uu
KuFKMuW@K
FaR=i[
UxUXWxfUJ
eXuUgr
3'ws4J
tDCBVj
$133ww
#33BxW
ohe!#3$B
R!#3DE
KERNEL32.DLL
advapi32.dll
ole32.dll
shlwapi.dll
user32.dll
userenv.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA