Sample details: 5bdad24b238a45d7c2cb2d8a6ea9a096 --

Hashes
MD5: 5bdad24b238a45d7c2cb2d8a6ea9a096
SHA1: 622e31f50f1677149d312c1969989ce8276dff7f
SHA256: f464a180dbf739eda8b783f459df814f9e64ff36cf3e0279510705228c131cfe
SSDEEP: 3072:uL+/LBsXVrBHziL+5rp2Ir3T99bnSp/C+9Bxfdt:utXdB0AFFZSpK+PN3
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
tKOBrx$
wsjs6juQ
a<`4)E
^aDT	j
 zq.`[n
|)r`Nj
	)=]cFdr
B>D)?Y
u%qkle
<;z70PfQ
V8Fbh0
Um]5$d
?\u28G7
JhTNx)
CX^IG;x
E&1;tg
,O(e&wF
2ke^x!
JHQCrZ
|rA{.f{
^9i$Ot
W*q4w=_\
jRs@c(
B?1[kw
`*S8##
"4,2ay
!-jPCm
2uZ0`G
9<m1sz
ZwkW&miN
Eh]\5y
wz:3LH{
v]B3%o
w'N+0,
.y[*yK\
\!oXU#
!6g2CV
Wsz*	o
}zOjL;
c8l#9k
[HP>'(cgP.Q&EhSO
skC#{$
j"!	fPc
w9E"Ey
P	et[H
a*	" 6
b$Kw#?
 }-hhNlT;
@_-gNc
F&`,tg'
rp[J@1:
b[&Z]}u
e9>gU;
`3ZNQ8
UGlB9j
\iv{RX
&FD&8E/
W'$QLB
<nFT~!!U
CuJ%y?
L	;D:*
%2M)7)
}E0"'V
U5]Rgtw
Fcyg5I
t>P?9W
'DQ,s4P
(NwiW9
8iV~yd
_[.C>>
`Cg]'U;
Q%+bId
>|,g5Rv
a:g#"R
N#pKV.
H[a&X}lg
Z"H]FQ	|1
G^^E(	
d)dfVh
Iw_C0Ec
hAQI{h
,H$N +.
7'XB!8
UNXEoa
{JL#]!
o?> Rq?
W"kX	"GW|I
&|/	*7<i
dSZyF(
>:?@oL>
~h W5+b
OpCj}1
wwIlSE
jRtbF<
DTG'Yf
>yBz'N
y/d=H7_'
lw4#HQ
Y$7`)5
7wE-U"
&sb7V;6	
i)Pe	p
-nC(Ye
"2~ZWX
S"'\so
tKOBrx$
wsjs6juQ
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
tKOBrx$
wsjs6juQ
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemA
CreateDesktopW
SetFocus
DispatchMessageA
GetClassLongA
FindWindowW
IsDialogMessageA
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineW
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileW
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexW
lstrcmp
kernel32.dll
50;0T0e0l0
1"1*181>1W1i1p1
2$212=2E2K2Q2j2{2
3 3(3/353D3J3P3i3z3
4#404;4C4I4U4a4i4y4
51575L5Y5e5m5s5
6#6<6L6R6\6r6x6
7)7:7F7P7i7z7
8)828?8L8X8`8l8r8
9)91979P9f9l9t9
:):5:@:F:R:\:u:
;';1;=;I;Q;^;j;w;
<-<3<?<L<X<`<x<
='=1=J=[=b=j=
>!>+>1>7>=>V>t>|>
?!?'?/?;?G?O?\?h?p?}?
0%0-030=0G0S0_0g0
1*1:1G1S1[1a1z1
2$202<2I2U2]2c2|2
3#303C3P3\3d3p3{3
4%4-434?4E4K4W4b4j4q4
5!5-555;5T5d5s5
6"6/6;6C6Q6W6]6g6
7#7<7L7T7a7l7t7
878G8M8e8u8
939C9M9e9
:*:2:?:K:_:h:u:{:
;);6;O;`;y;
<%<><S<Y<c<j<
=+=8=P=V=c=o=w=
>%>->4>L>d>t>|>
?%?+?4?A?M?U?_?e?k?w?
0)030=0F0_0q0
1*151N1_1g1q1w1
2%2A2L2R2_2j2t2{2
3 303?3L3X3e3m3w3
4)4B4U4[4e4t4
5&555;5A5G5`5q5{5
6.656;6H6N6[6g6v6
7#7;7H7S7^7w7
8'8-8:8F8N8T8m8}8
9!9*949>9J9V9a9k9x9
:(:0:=:J:U:]:g:
;&;.;:;@;R;X;c;l;x;
< <&<-<3<@<L<T<m<
=5=>=W=m=s=
>6>F>M>Z>f>v>
? ?*?0?=?I?X?q?
0)060?0J0W0c0m0v0
1*161>1W1l1r1x1
2%222>2H2a2r2|2
3!3*313J3_3f3m3u3
4+4;4T4e4k4t4
5)545>5E5^5t5z5
6,6<6I6U6]6g6o6|6
7'7-7;7H7U7a7i7
8%868=8V8f8
9$9?9E9^9n9
:%:,:E:V:o:
;!;);1;J;[;t;
<*<5<;<H<T<^<d<k<
= =,=8=@=G=M=T=a=m=x=~=
>#>)>6>A>K>a>m>u>{>
?#?-?3?>?D?\?l?r?
0$000I0Y0f0r0
1'1-131@1L1T1a1m1u1
2$202:2F2R2Z2`2g2
3)33393?3W3p3
4(4<4C4\4p4x4
5"5(5/5<5H5P5W5b5h5
6 676>6D6J6c6t6{6
7$7*777C7P7V7`7m7y7
8%8=8F8_8
9'979=9J9V9^9d9q9}9
:":.:A:S:d:j:p:}:
;(;0;:;S;e;q;};
<+<8<D<N<g<w<
=$=*=7=C=K=d=w=
>4>J>c>p>|>
?1?;?A?N?[?g?o?y?
0"0(0.0;0F0N0`0f0
1!131L1b1h1n1x1
2!2.2:2I2V2a2q2~2
2	3"383?3\3c3|3
4.444;4A4G4T4`4o4y4
5(545D5Q5]5e5r5~5
686I6O6^6d6p6|6
70767@7F7_7x7~7
8#8+818A8H8S8`8k8s8|8
9$9.9G9W9p9
:!:+:;:B:O:[:c:i:
;+;7;D;J;c;t;
<'</<;<G<Q<W<^<i<
=%=,=4=>=H=`=v=
>#><>M>S>Z>`>j>
?)?9???G?M?^?h?o?y?
0%0+0D0\0b0o0{0
1 1.1;1G1O1Z1`1m1y1
2&2/2H2Y2g2
3/3B3H3N3Z3f3n3u3{3
494C4M4\4i4u4}4
545E5Q5]5m5
6!6)6/656;6T6d6r6|6
7%7+7?7I7V7b7o7w7
8"8(858@8H8S8Y8f8r8|8
9!979=9D9M9f9v9
:0:@:Y:w:
;5;C;U;m;
<&<3<><W<^<d<}<
=$=+=4=M=^=h=y=
>*>5>M>^>d>n>z>
?5?F?S?_?g?t?
0%0+080D0L0R0\0u0
1)1B1T1^1d1q1}1
2#2.2:2D2L2h2o2u2~2
3/353N3^3h3
4-434@4L4T4^4n4x4
535L5b5h5
6+6<6C6\6m6
7.747D7M7]7c7p7|7
868F8_8p8y8
9$929K9[9s9
:#:):A:Q:]:i:q:z:
;!;);/;<;H;X;^;j;v;
<"<;<K<d<u<
= =-=9=A=K=V=\=e=r=~=
>'>->F>V>r>
?!?0?6?O?`?j?w?
0&020F0L0Y0d0l0v0
1#1+121>1J1W1]1d1u1
2-2>2J2V2a2g2m2s2
3,353C3L3X3d3l3r3z3
4"4(454@4M4S4l4|4
5%525>5F5W5c5o5w5
616A6G6M6U6b6m6
757;7B7O7[7e7q7}7
8 8/8<8G8Q8W8p8
9/9F9^9t9z9
:#:3:::V:]:c:i:p:
; ;-;9;A;G;M;S;_;k;s;
<!<)<B<Y<_<j<v<|<
=	="=2=<=F=O=h=z=
> >8>I>b>y>
?!?9?J?P?h?y?
0 0'040?0O0U0b0n0
1)1/151I1V1b1l1r1x1
2$2=2M2Z2b2l2x2
3-3:3F3N3Y3a3k3q3}3
434F4^4n4t4z4
5+5<5U5p5v5|5
6)696@6M6Y6a6g6
7%7;7A7G7T7_7g7m7u7
8!8)8B8T8m8
9%969<9I9U9]9c9|9
:+:3:@:L:T:m:
;#;*;0;I;Y;_;x;
<%<+<8<C<K<Z<s<
=(=4=C=P=\=h=
>%>->E>U>^>j>v>
>	?"?0?I?_?i?
0)0/070=0L0Y0e0m0y0
1"1/1:1B1H1S1l1}1
2-292E2U2c2t2{2
3+373A3K3X3d3s3y3
4!4,444G4M4U4n4~4
5"5(5-545?5I5O5^5d5j5s5}5
6$626<6G6S6e6k6q6w6}6
7 7&7/757>7E7K7U7c7
9#9-939<9B9M9U9[9b9x9
l1tyhnmiopkmnyunbgtybvc
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl