Sample details: 5e72f8a9dad93cf1dbe6e2d4d3cf3dee --

Hashes
MD5: 5e72f8a9dad93cf1dbe6e2d4d3cf3dee
SHA1: c83ef09d1f3aeee75686899ad4161c39eaa9bfd5
SHA256: 8a85975836ecdb72bb4479cf0f1a968377071cde9349e773a6eca97f84856246
SSDEEP: 6144:gRBT0nTX1pvXsdoNboVTFROdtmgW9m9lf3aFr:6BTUX1pEdoNbwF0dtmDm9lf0r
Details
File Type: MS-DOS
Added: 2018-05-22 00:46:43
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://basarteks.com/lopinost.bin
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.199
33#@B`
c\w0co4
f1R[Tb
`j$tU]
_AR}!:
KERNEL32
FGQ6Fg
ntdll.
TnRVbm
1hcFZpZX
dPZlNlY3
Rpb24=
G%peE'6
mVhZFByb
2Nlc3NNZ
W1vcnk
%kernel832
3BCDEF
GHIJKLMN
OPQRST
esu meJ
cAddre ss8
WFileNam@eH2T''W
ickCount
QueryPe
rformanc@eTR&
P&VwvV&
Term1in%r
mpa3reQ
eDWindowE
ur	sorW
PostQuit
@$orL 
EIPBDII@
,AE$@X
nAAV!12
7YA_AN|1WF7G
"DM&6I
nvalid_
	onexi
EW det
G'L@_i
cmdlni
_app_tyLpa
trolf p_
xuquc2
-Odz,?$
)r~HfB
Vr!W^X'a2
t:pm2smq
30X7Dmn;O
&NCRds<
:l '|x
\%"-d"
.hn/;J
:6 jzdW
&xTG|{
<_+<nK
0\%W%c
tB)T|M
GzJ fko9
U`QzI8^
)H':-p
I,<ob4
s!9e~o
~;OV/.
Jd,][\e
xH2wM0
@t*}zyRA
NflSiJ>
_"nkN:/
8:[DQE
an@{Qll
+[N^~!
fqS|/u
G#!+"_
osWzHu!p
![e;$Ln
N%k%a-.
.KFN0<
,K+8!T
p(N3f"
@hGRTu
a@F|m}!<
}I3tr*
&`XJ%O"}v
N[]	7x}
`]A{cy
fT.Ui0
<IYb{J
UV/|S?
eiB_1j
\oO9:@7
qp>_\+
8dlbq*
BZ5EY1
KlaS)vY,
C7!/mU
A0!sKB
9lP	dW
"BV-u?
xQK>)&
c?-!`)Y1_
6j@&-s
\0pcOj"8
tw0j\YD
;3$A_Q
ok^gS8
KDHacM
&Dw"sl
u/\!UclB
5lf^!7
q2yH/T]+
c+ `'t
7J_-m-
`cAl{%
ok1G`K
:&S[KaI
\@Scgt
 vTMCM F
~Jj.;J
H]_EOD
Y3TA}{ @
sY9rtp
<4@}	q){
fSSG?P
rgBucl
];Yj<_
_$6";A
Dh"[M6
TxMKs>
CQDWg(
%hXUh3
W/b9bN
q&Mx3v]
MENh4Z
l,n[`=
	Wam[6
zPx!^q
+@5*9|
sMT%Va,	
A5f`_5
nmt;2~
\ "*l$a 
v^?SM:
6i aH@P
Td/?FD
^R	ojns
<EplV$^y
;!'#MaF8@^H+
 %c?sFM
( ]u%0O
FI7y srd
{j<*Gk
.KS+<y{\,
nMX	-P
<~9l;,
AY	dQ?
o$i)ML
19<pV\
`xU/Rf
.ahe|N
}!0kwY
S0J9%*u
pwQ:y%
-0CAYNV
*knm?D
Bg]8E<
	VMXL6
lS,&>P
+fdFSK
SWD_l:
YjwD(l
q4yh3j
 *_a|Um
8*B|0+9f
Lw2CF;e.
?2h{KD
5p7;hk
}P:W`:
};@d2WqP+
ZQ+G=g1
wt1w8_
ZYtr(#!
1	Br	(
|O:+C$
n/[c?#
	M|4h}(X
;z`,Bq
	zCqM06A$
&cR\Fgc
uXyB23"
	!E4y:
sKKiC J
ZV<IOU
GPV;&v 
\u8s;1`
qPQ`QwG"
K%ei-mF
4BY?lfAO
c|9?5:hH
3;C1Wf
wr~,+\
cxal	ZQ(
`i;0A-7
P]m\S.
J?<9'G
PQE2w-(
dB@$u]
`8P)7z
24CX6;
T_QrY.
<6+GtF
 &#CCPo
PR@M-c
Fg/OH(
K	2'^P
Z|zB}AXr{
]	fMa`
vRN{A3^1
4*!=g?s
|<fZ(4
|5a.Oet6\^~
(,Bs_}
_PoNQE
aSo2"RN
KH`W+~
TM`i!\i
$O+Lht
6AsjVQu
l*~n"^
H`LP((y
eo=cTjxnM
#Lz*>C1
f@@6W=
& RJ}_
6Hq	go
S6kFm4
`l:5I9
~KF,	o
|7 Mm,oc
&faEA>
[T3\">R
\!,Zu.
JAc#^]
H[RW<rG$
2#Y\0S%
&wO"mmr1
hWwOVu
Ej]3^-dC
k:FpGN\Y
T^FA_g(
Lt\ANb
oo0D)j
`w`y=65A
75Tc?J
C!v[Ao
"=`~ri"O
G2mNNt
^;]R)k
JS=]5>^hM3
[FXb^(
fZy|{K
GLp;Qe
Aw2lxN
?cjsB_
!N[N3x
BNhsuRJ
Vej+Nw
jC9qpms
xd9	Si}
W/>Z/JE
@%Cc.7^
SFS)_N
Z%3#<,o
Iee)V9
U*B2">
ZRiqQJ
CnL%@R
J#&5Z|
	"'<e	p
SzVQLw
GOS7IH
tsw0lWX
_<NfeW
H&+#,j
7P`y6ui
7O<>bj
vG}Lg=
%$JHv2
e	/"8n
[= SmO)
T^J> xN)
j	xFjh}
Kcwh,[
Z0Qs6<=
?~ =8Q
K}ED=.
S4G*7e
6cW-cx
Wvl^Ab
bl-L-S
/v\\U%
0-GeC:
w<jRHB
5jt/+G'
r^QSWh
-UfP@1_
Y:(xDGUt`
iuBhP}
J)B4e'%
.iNz1p
/KEu1q
[3 .Z	
SeQ-1m1
,@c9j?
^m=	Rp
j@EzD	G
Gp;!E7
6pC~.mB	
-yWyq^d
cv~r$BS
_aoM8`)
b~q~+0>
j2\~FX<
-n$`3a
jQ/sWn
E!n\bH
Ik#E4~%
eo(,p-
,s#I/5
3w0,Sj
0ql	:'^
=F^oVr
gS,'9\
':2wr"
s&#f-j
AVIgKy
'm0z_	i
RRREEEEEEEVB.exe
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
LoadCursorW
MSVCP90.dll
?_Lock@_Mutex@std@@QAEXXZ
MSVCR90.dll
t7Kt'Kt
a.IDATx
. %BRJj
}g\5eG
Y^fXJ/
y**NVWVue
jL:UV4
zCxp?Z
@S$WTS
0"x"H=
2O(`Ra
?VUyy)
RP,WAW
,XGBPH
xz9G+ 
, DSG(>{+
d\	?S@
}cOBf>AH
Q	Pfbxo
{TO5Y8E
.i+l}N
42w'_*
	W\H[mi
iO@g3D
g#&@Lk
(YWGcw~
m=2!xf
'o#2J\q
/<A(XuX
_c%.[~
" 3e?E
GMXnM[
7DWAa,Y
e?b@V)
8?FF???3+
D?F??????33#"
%F?????????3+
9EFFFFFF??????3%
9EFFFFFFFFFF???3+
9FFFFFFFFFFFFFF??3%
EFFFFFFFFFFFFFFF?3+
%FFFFFFFFFFFFFFFFF?B%
*LHHHHHHHHFFFFFFF???3%%
HHHHHHHHHHHHHH?5=P[[P%
!HHHHHHHHHHHHF5Pz
HLLLLLLHHHHHF?r
QLLLLLLLLLLLFF
vZRRXm
;LLLLLLLLLLL?
vIAIMMIAIi
LLLLLLLLLLL=k
fARRRRMMMMA_
LLLLLLLLLLHP
{ARRRRRRRMMMAi
DLLLLLLLLLLFa
RRRRRRRRRRMMMI
NLLLLLLLLLO.
{IRRRRRRRRRRMMAm
;LLLLLLLLLO
fIRRRRRRRRRRRMIX
;LLLLLLLLS,
_MRRRRRRRRRRRMMR
;LLLLLLLLL	
_MRRRRRRRRRRRRMR
;LLLPLLPS&
iMRRRRRRRRRRRRMZ
NLPPPPPTC
}IRRRRRRRRRRRRAv
DPPPPPPU
VRRRRRRRRRRRRI
PPPPPT@
IRRRRRRRRRRAv
PPPPPT
vIRRRRRRRRAf
"PPPU/
VIMRMMIR{
QPPPP	
}i__f{
nnuuyy|
s`^`bbbbeeeehjjot
$$$$$$
$$$$$$$$$
$''$$$$$$$$$$
$'''$$$$$$$$$$
$''''$$$$$$$$$$$
''''''$$$$$$$$$$
(''''''$$$$$$$$$$
-''''$$$$$$$$$$$
>($$$$$$$$$$$$
6'$$$$$$$$$$
4-'$$$
:1----16
.133'&w
.+:3333
9::33333+
;::::::333
+:::::::::3+
7=::::::::::3
?@======::/--/
;=======33Zr
?@@@@@@@3M
9@@@@@@:M
^A88<[
@@@@@@@3
O<GGGA<A
@@@@@@:S
a<GGGGGG<[
E@@@@@@3`
KGGGGGGGG<
B@@@@@H
AGGGGGGGG8z
B@@@@ID
AGGGGGGGG8|
E@DDDI
OGGGGGGGGA
f<GGGGGG<^
X<GGGG<O
uxxxxxxx
fOAAKa
pquuuuuu}
ebiilqquut
6_nncVFLPPPPPRUU
!$$!!!!!!!
$$$!!!!!!!
%$$$$!!!!!!!
,$$$!!!!!!!
%!!!!!!!!
rrrrrrrrrrrrrrrrrrrrr "
Wf^[rrrrrrr!$%%#@igf^rrrrrr)'''&
Rhgf^rrrr(+++?NOCdhgfrrrr...DlEBScjhg^rr,001k>985Tnhherr-12
Z;:98Fqjhgrr43/
`=<:9Jo]_brr76
KG=<ApVUXYrrr*
Ma\mIHLPQrrr
rrrrrrr
rrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrr
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>