Sample details: 61c2bc63986f8ac5767a0dab57efa85d --

Hashes
MD5: 61c2bc63986f8ac5767a0dab57efa85d
SHA1: 3919cd19ee6016c78112563c30edc66882736c3c
SHA256: 54ab4cb2bd04872eb07055e07d76a09729a869473237abefaf3f58218e98c730
SSDEEP: 6144:SbhGWSeMuo0RQKaZhy503bYYOWTnzDmW4FCo+hLETzYqbr3T5XtoK5cUb+8VQu:SFtxXo0R158Y9WTPmfCXhL9qbr9XtVc8
Details
File Type: MS-DOS
Added: 2019-05-15 14:23:45
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://103.248.103.108:6325/SQLAGENTSOM.exe
Strings
		MZ52621
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12"
dB?O{M
`&0C%|
vhWi(V
1"!MP=
1JTMo.F
a)x$!wA
z7kvt3
h4ec#g
CY,JrI
IAt2Jdr
LND&:{
u kP04E}L
^[OydDh^_
ZyJ_t(
L%j)+o
Y	ZSu[
+Nn!b	
^B"@Go
t7RmH~
XoL$r~
o\)0K_
iK2|1S
S	%ox8p
8#2+$1_
Pp)o:jt
ocm3GVT[
,1,"'rD
_G3kJm
&G}M*4}
<Lj?'F*Gm
g$#he`A1g
qjD%v-
?m\k_Z
o(QNG1
z,1ZF&
E8q]zOH#
Y[~{7_
1{zN~sR
ooUzSr
ElJ`fn
d;!qk\
 Wbs=X
%wMwrz
&93cf 
[7B^15
Glba:U
"5fK5iU
P${C&?u
$}7I*E6
H	J	D&"+bmX8
-+a.Fb
S"zMo9
ES<v+{1
Wc=&IM
s'Tv9*
2GIPHx
FTC_f~
	,PV2&
6hOhK	
K!dF_[-=
QV-eo=g
KI=P\_
hM_~$d
l3}Vmn
^:745H	
r}t$TK
#8"=ZF[
xO@tuD
9"'n6e
x&{AJ_
vz/_U)
P9$a.c
ebXOiF$
!hO;f/t#
o\d_7}
8J+%o@v
Ymu:821
joZ,&k
I!WlF:
zrIEKw
!"q-\-
P !(Tr
|#1(Ib7~
>~O@K 
10tsLjC
N(I0U*
WHk,Zv
xw$!$L-
NNenc/
ctGT3 
sN05"y
:aUa&]
RKS{Q})
V7t@SH
yw*mm1
4\4E2#
=|nEtoz
ktHfJG
nv0`w\$
]v"ozQ
q=B!=`
07g5dY
6Cw`bc
5!{=!&
3wLD#eG
<eI:~V
n2}RzA
UEA+rm
s0vgEe
&R+eJ+~(
coRMA%
!}5&W(V
`{m3E]
.O8.p9
"= T/\,
(d:e5/
huEtk+
|l2kOrp("7
9^7&)4Q
o|?U!o
u?&xUxv;
H1g AI
G3wGb|
|ElZm~U
ft>CuR
qpv;^l
44^j$G
4UO-5">
|pY_Uc
4 }q,S
=KkKTxCUt
Bm3rnYm
(%<	^W
sd03;n
zp+h;0d
)6YT0go
lb\NqCvD-
Z:<c|V)<
]?Y5y9
R;#?I8
.ke!+i
,9_-'lW
eoA:D]
SgAwS]
 q}T,B
iFb\ZT
y~7,e){
D?RO:8
xT"R`fm
58X] L
3u]@TB
iqgI?&w	
A.sxJ!
3	c"$}
#j;?W/
:Ux<]O
;cevL	
J.pJ54
,xO&d/
:>k?7c
)Ae/JG
1Uq;-Z
SLQTlj
a~o|(|@Dq
J|;:}/?
PUd_08
/PGKyE
zPoqLfK
&]j]RX
u]q^>rFo~
@[@)2b\4
|yb] )Ly
8=,j%9
7 Q.)	n(C
AE"Q`(^0
_mU-\T^
Wr},Wz
69< Kk
^0Rh~@
L>3p!q#
0M4"A;
=TRb$b
Gi1y m"
#"l"|l
[T bew
T+k/aw
Pebw@W{
S&{[Bq
b\<DwZ
8SKVFW
g!*dW%P
96pM6DF>
BkP`Wa
f\Id-1T
!@PZm|(}
?^q)2q
vNT^	)
,^drB<
2O^Yrc
^'}2'=`
ZF %Bq
]w:}vo
0rxD.y
xv32$A
W,[Vd5.
	6Z=Psc&
BQ9"qI4s
" >my-
|fvE'f
Sx0^Us
Lo;fK;
bm"Mtg
"I&u?!
NSVv})mp#V
2gy;6'a
wrm`l)
1TdE`t
Z.JKi<
!&8dZ#O
`QSa{Y
+1&YaCVc
YNY>kj
,oL=yo
)Gt"u/
1 W_mT
b[Y<u1
b6ts2q
>| 8,:kj
/Zw4Z9
Aj3Ckp
\GgVfq
0oQ	7.
T/z}nr
Q|@>C:
EoDDW7
2m;^l:
!(:K&r
T!S^]h
#puVIY
ZcTV<Y
1sLOi^:
O+@M--:
q05<Ura
]hk|n7H
Vm0NGY
X#GF)"
9Ng1@F
;W:-Ch
1) A2S|
E?JHK!U[
p`'DcW
Xvk6u(
&9u$.{
DA_mM>Ndk
oHUf	?}
#U8X`E8
mow|<@t
u^SW&MG
89S@Nx
_rbSKBc
iU_/[g
)JcBIy`
Qs`j3M
nGwYaG
kPLjv<ot
L.FNpv
6TS8ZX
xiq0tr
,d%Xgq
xho[[+
\J6.A9v
 `mmWs
bo6b}2y
2?A`xX
7kX]bF
S"m~dl
l"bA@'
yNa>RG
c8	)ai-
>VLEs%
~ZNl}?
z@KO\s2lul
)Ez&EG
"}{\`.h
AZ]NfT|
s3j_Pg=p
o|f^Nc
G:qO.,r
rBm4%j
>n&xkd
"1-ztd
^B(*p0
7qa*k)
]?iK:s^
:U  (|p
<JCTM*
H\-Ba0.
G/V$MQ
CP#-y[
z|RS3o
XO7q3_
;,Ue#|
'B/s\X
~\i6cn
#e&4$%HH
*psz:E
rR"u)Z
:$C\0E
DMQL39
/[a<k^v^
:83{t#
+>-pZn
 iq~fg
}{1}_t
@.=jIk
f6TOB)
{$9q?uON
[IvmWK
\BJDAE
^`G>HT
9so1,V
XOK#V|
Z.IVV}
]Hdyz@
0VFxOEw
8vcL\J
B/M8EG
^L]:oLx
/.'yv%
3t4w;"
5YeTxf
4xVm76>
?tGp=9
86zJA}
d|=SHJH:	
~%Q{j>F
fd3C>V
v]g*EQ2
n$5|TX"S2
A0.6cQ
X"`*:T
=VI>}5
v?_^Hz
[bm:,/
naG~ab
&rB)+S
HhI__f
:\#CP]<
qjg?S)d
uHJ6>S]FV
yNY2|!
9xHAYt
,.aN*s
m+OJEfV&
Xdu&%E
m?Zepa
f"Mdpr
=\ITT>
}:s-h0
F-]$Ss_
j1bi5l
~p_eo,
o*g@1vM M
Dxb\n5
ubJ-\{
YLB>;8no	6Yx5
}}nuB	
K5T&1DoS
}(%?5R<
ISI3Th
-+VHFq
>K]4sn
t"M`;T
{<:#~%
hS_)nw
{%~S71
rX>EsOf
nM}D\&nTn
GoY6|7C
iAb\j-
lV,^Pl2
"AYb{Ub
k1x(I7
z #f;tU
%"3xxu	xD}M{
Q?"-<u
q2w^#\K`
q-%gUARl
[8$)Vr
@,Cc+u
dRJ>Bj
r*t^E]
j,]aBZ
[t.P$}0u
^D)>ph
`n/pBS
nj?ZTY
	_9cg>
_<@cgW
.oWfH>(2
D5ADbLT
7+zPz1
9	B25LC
Grg/oq
u,?}n	
M&PcNm
3/XO,Z
,g'.#,uAq|I'
1-ww_J
2];pR_
f1A9- 
r|2'/_T
-nubrOC
ba[&Ka
#@-jA8
%+$xMX
e76a b
wy[)llr
<BZb5D
tYspNx
|7sZf{
	1%^%e
D9&@>a
0Y3kV!
 |bl>[B
P5L{EU
a<blBC
\n*%9cY
M)orUq
zcxsT!^
Zc,oC.
I7Zx")5-
	6UPAWz
v,OLQF
@D`{G`X
kl,B0}
iqDB	w?y
a};Or8T
b["Y@_SFyH
Hc``4kS}
k/Mp i
=usyUj
)iy#{x
D_7tXq
	y!a59
I#\+/F
b)l7^_
&H"Bi5
Vu2	h3l
"8(9v{
kEunxH
txAY0u]
 skErn!
L\c7G8
CM#^2b?
u~,#DpW
KO0r}[
x%]x)6
^kEvlf
#VCh)x
\aRK"H
n{*Sc9
W E-!-
VNTDe`
^:*96H
(8*=,Nu
(7ehV-
E+|ZhD
GVC?J%
BrtBgG
+OAc6}
YwyO	I
)8iX"J0J
]Zg1B(Z
=S_u"F
FX\6,taA!<
9,U@(h
)=^UP)
NjuSbB
1.)}G\Q
^VZPb8
><A'$L
ziJtFI6
T	|QY^
\.*T9J
(&]R\M 
,R]-!0P
Sj";MW
4~,h.#;6
Av|ZDVg
g4rjL:+
,.B1[{*
@j'Eea
 0.l,Ri
	c3{Dm
J}(}k&_
VXXr&v
z?/k[ye
.Fg#j_`
"sy6 >
/S7%%/b|
<0fZ|D
?9%nl_
."oKxV0
	FSZF/|Wm!
v237hkh
K4NprW
I^AGHy
W=%ct7~
o[cQ8(
@5&	_Q
2I3-8%
YA9nS58
dpDIQ;
m%a&F5
1u-l=u
wV`NY-
;kWDh<HaX
0m@Xv6TE
.ri0L4
"$f^l6
hFotz9
;gFGJ)6
X?.CZH
o.Q\(M
47`<y#M
Qy]wT'
%DVeQ{
+HYF3u
%QwJk3
!LK|cj5s!Q
c+pW=P
)or$Rq
HZ]	8J
vHo=kc
##'(OKC
'ES)v$
I@p!qM
7]Y-F0
(0N<xW
-Ga.')<<
j #M6K
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>
 Company Limited1
Tech. Dev. Dept.1503
,Qihoo 360 Software (Beijing) Company Limited0