Sample details: 62ee60d5558eaa60a330edcc4e8689ca --

Hashes
MD5: 62ee60d5558eaa60a330edcc4e8689ca
SHA1: 0da7ac2646cef345ac97f8cc734a8aa284290720
SHA256: 75a35e033a928a673eeb005aaf391caebfc332a83f3a9a3cb1bfdaeacd2d43fa
SSDEEP: 6144:x6b0KQhoIHa+UsyJqiZCwTKLsU9H028dMVGFaBFs4O48maW5Y:x6AKEvHa+tyJ9ZCpLsU62SHFac/4rS
Details
File Type: MS-DOS
Added: 2019-05-08 23:02:11
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://103.248.103.108:6325/SQLAGENTSON.exe
Strings
		MZ5061
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12$
DN\TxN
t|#+]9#
(M.3c)
[$ImvB
#!n'cs>
(H?yv@
LUdZXQ
D{)Xwu
d+7d}{
m,*	d0
KxDh_i
*k:Dgh
-!i7Nn
2:eAi)
s0$Tpr
n7ZF%L
h]"KDm6o;\Zq
$"<'eA
]i}+KF
6x@T/l
=/D*}:
y)`6eD
/c3^}b
t8Ck^g7$L J
rY]U)0_
z2!sxc
@Uvu)x;g
WVHI1fJ
s#v`1'
!*fn8G
y!T{;@
]y9	>%
lgXel\
2 =	Ek
rNe'm.
G,e+sZf
?(KXF+
x4w{RE
NZOm3)
I1hDEV?
'58ARf
TJ?3z/H
G"!"Xl
LkK;X^<
o]s	:Djo
w}Q zl
^DbVrOf
)@l(:X	
~Z(4l9
d>!vE==B4;
e(dF2u
3'Vj$!
by389jl
 n]fcF
pE}EkO
Sl3S7H
/	J*O`
D{uW8.
0PgPA5B
=PtA0W
)T~@8sE
 uok^N(N
SJ\\o}
}5>_]{&
u\I~[[
 #p+TQ
EvIH>\.
HB~t1/
")NW0#
A10\8b?
NLJ]>7
q;NK#F
|8D=~A
mH3v:f
 I=F|Gt
Vg$_;r
J6!^Q	
UI;hO#
@"P4[J
0	3Z'c
'oCJG\&tV>
h\S'[)O
bu%1eGp
j}r >V
Ezqkhj`
>UgD/%
*$.Umv
^_"8Dj,
H8#xul
n2K]p`
Yq]l|6
fou=K<
Z1U9#j
?U4dn<anf
]pHW5j
zaN(K8
M	<}5of
Mr`4	<
;V52;C
~rpM?l
E0EMgU
r-2:y5
ED?;A	
Iw{A"AK!
T8,Y]:o
:pLumr
U.i1yp
qiD `@\[
m>^sUOU
$|Y~S-
/T*.8r
oT?1&N
	$5	v>3
?}%X*g
DPU=	'v
I	"s1!
`_C.X>
%nnU^O
( C+9y`
YKGuu5Y
)6y.i<
s{=.,X+
.n.[]}
;|,RqQ
7UE5K,
1dBg?5
!lX<\'
I~:R3?m
oTR.;9>
9^k4p"
W Lz!m&s
	]N#%G
r+CD6ao
+,1Rv|
)}PaL%
/:yluxFdz
x+^O(?L
a^'s^5%
"b-s]<
Ud2N}Qdt
5Lxp0Px|
ulTj/ 
4]PQlE
|>!'3x
8[U|aO
\k.c~CP5I
)+9U,?
Y&p{R},N
"gPP	b`=
rZGgKTL
~=WqZZ
|#NOGF2nu
/YMC`R
U_r'oan
GaB-p'G
JM	;+Q
V(RX||VW
[~UDJ-
Hq:ND(
|(wa6`
e$A89%`
Kh'M_[
SeNArFP 
nZZWi7d
0_o9s4
	?uat>Q
 lG>uSAY
kD\no3.
-Qdy1z
6AqB=h
B]\?1m0
}Y>?T5
lX`,W.
5'I#M0:zL
A::&h_NW
` (9&K
f:a]\t
* 7}x|
0!Iv&s1K
gTi8a$H
*B5;+O&
Qp0&~u!!uO
Ps#vHd
>rLLSn
]yMgX"
LrGXgX
aIFCJ>[A
Pv88wi}
$%{4aO*
4y(r{{
Zhe=HX
Z;1-]3-0
GT{x/J
@r5^jZj
q;04%E
e~+mgh
K.<uv\
pWWh}^
#eSqN>
^LaYjV
<R=J%I-
[Pw7:j
]B^P@4
3-("7>
^yb.%P:[
r2m=)3
RPrGq96H
<'#P5]
	0+Xm?,
,A{u&'
2tTx?S
(+V*Q"-
37 jv!
JK]|<,Ps
VZK_yw4
r~CmzQ@
@o]MJq
Xe]Z$7%~
GMa4]#
7"<e?R
]4eSBY
 XwY6/
#[zjk.
Cj~S5L
J)0y't
G>6Af7
o68OGO
VeT&+L[
AEfh!&
BgrCB(c(
c[8N/!*
>mEsGQ
ZX:8;p
o`T	ej
Df96vv
J.z#jDx
MoCG?4l
j}(K	\78
L?z4W\
O5'e;I
B-1-_+
}*\pd|
0cCkQ#
eEj9 D
)-'pj/Vc
E7h4-q
8$z8&c
q:?@_H)q
	*>!%Y
]'4:t0x
9!pTvA
>]hA?/4
?DJe?JX
aa3|}c
1O=YvSb
g-/xU-
t+S[/U
A=]|<B
l{^l]nE
\Inzw5J
6t	rs{
<pllP?
J"igxg
2Fjk8wA
v:2wT[0|{
'|d]3#
r|Odh1
Urdv*5
	|c^pc
EQJ~r8'
|L59Mu}ilx*
Mxiug8
VUelYkvE
C`}2Bv
a9R-+u+
*iGlJ/
O_@bAe?
S]M5XUI
1#K I+
rC~N@V
IHe/J@
'oxO9ky)
}p4Y{4
By_SE,
Bd=#@; @
"hN.#ed
=Cj$ $
J>)%[a
fFPiKC
Pzx[?K
*:TL6f$
~"Zb5r
4~}AWau>@
:@&oBP
'vaD_O
*kXueW8
J*d}c"l
[;%Qf,LGa
AG{x=4^
G?,et&o
P<0b#D
Jd``#	v
X8D:Ph
w Y7}@
ol~Al*L
YCvX!$
*.b =F
twyW3s
FvE{H`
?]r/E8u
a98@rjO/
Zm\Ry-
g\	hbk	
_8A"LV
3m|!,\
pH|(GCo
;r5GvJ
CB'K3wC6M
'>`u?t
$8$&#^
Oh2*z]I
`x296V
>(HY9}L
Oi*r[~
lD6GGQ
\Ed?{h
\Gt;{oq0
G&	{Ws
n/7G{`
NPO#*A
HA{@aL,
f%9Gi{
%_'Gvn
wJJS46
BB?\5R
zIlPHy
A>OnN)
vMr~iIz8
EMS{Za
o;p0+'
*oF5^}F
/}x1	6x'(
v&#~s\
]:%%>H?
0<b5i*_
2.cS5vL
?p /,W
Fa1%:-4x
F?p3$l
TIvV:v^
Os5,<-
9J1FKc
q8gFS~
=nEF=`
LV2G9x
f\~ia)&y'
w	='.9
5c=P} 
3^{@Eq
PuAUXs\
}lkXVa
xN(zb,
EVW}2E
HS;+Of
X(L,\@
Hd`Zhk
P>/h#P
_r	qBJq&'
`a)}xm$Z
HSD\1A
ofORNvD{S@^
2H_uD`
GH!qK$
dpMpog
><c"<T
	;oW/L\{<
 vSx!Q
bm5Jpt<
$jAj'j
S=g}K^lX
^9H~^t
x3RwUkF
t.d)AP_
=9HA\r
\8Pw!:;f}
r/G;i!
>f`<$}I
DUL%lr
-HpXWv
'K7XP6
${@Nk}
3@U.zFc
jxPC2S
:Y~vx-
fZx #V
6Yn^:%
g2q,PV
qjt-^R
70c='F
{& {ci
O<3	77
s?^}12`'
a@1{|D
L!_BdOQ
 K	x67
o#C~57
h,1JT-a
MG\]a`
X;wQ)~
^ViOmc
 |=|[mT
L-`+MIV
~RlqO$
/Ky}0N
>Mq5p[
co*(Jk
@]f|^SD	
bGn7PP
VsDD804g
7SmI9g
o5+3"s
<LBy9K
x?;?!N
1>v$+'
iSrj~o
A<UrH)
u7R1=G
9}cp	7
l5	-r%w
'~w	X:
$gQrf@\]
F6-o_BUo
j9}%%}
E}y&,z"f
e5Ox'7Q
xTOW,|
z/_rK^
[-h"@z
.CV0WM
35<y~[
\1ln^U5
C5+^aG
a=y.ts
!p%dY_M
x^#^;<
 TP60X
AB'.;/w
W<Tl[u
N"oi DE)!
ElSc:\
11&_J-
Hqa1W1(
I0J{2u
NfF8))
_'386^	
XgrK+l
r>EHvB
n8e{BB
"yjBZ*
^YuyIA
1AnL(CW[tq
l.Ukj6sS>
Kg)dYPl
t`;Iz5
XEE8bY
TeQ]n+
Hs-Ef=(
4tOF[f
uD<USGi
_YU[9,
bK)*@O
|  9Sv
A/C,.Q
hZk8Sp
ZW11`pX
yxZ@+S
?B$QZJ>
#u'R8ws
R6`5^l
BJ"}ck.
MYT1*!
lWR72]g
m8>/,="
0X;lA$
Jx"qXZ
.TT#=W
Bj+8k?
E @AkA
.JFmTK
hEm+F'
K@SS]6
n;1i&-C#
2Pruwa
mrD]?L
n}]D_$
j8xt:s
.A]:6Z[hQ
"=a,hq
H@wu2XP(i
,*kS>]
V32Cs	
8EpEK8}M.ff
,g,\P+
>Pq+?e
Ow|+/a
;S q\Nk
]LT,"@
gxfPMm
H7"t+*
%\0IT<-
c?np{3.
3C`dsN#=
haAa2;
6{U:bZ06}XO
.}mHi/
Bf~z6mt
ijyIS9
.#nQ}n
b;p\*M{
Dd=P	;,A
-WUIf;
eVYIfn
0^TumB
-T-[gJ7A
D}@lwt
hs?Z	n
?y1(5sb2
,h"#uV
qL[Ovj%
|,o2	:
L\o}tOp
vOVLTg
!$V)Pn
)-j!D:VS
nva%/:
;pshe/
GqH<7W+5
Z!@	O>
c%B%l-
}uQ<?%
'`2U,U
 ([-6p
QDx_zA&
ulbme+
jT;<S1
[_aw4-
G{+12C
-uN)o6
] Q]GdY
 C(bCJ
	sNQ#K`
J'ZZ*p
dRpG9L
:5b|Tn>
&+#%"EG$
>}I8ZG
#!+yHL
vSUspN^[
zDw)BjEM
~"c97f@Ns
|!Bzy{
R	I0t!
(xNInkp
btoij`
)8BY!.)
5HYFzL
MGE=<I
rq'Hxf
88.`+}
W!7?7s
#"9IEw
<+xeks
q~puOj
aDs1|V
PUtm`KY
hm)4_Ip=
i-sIWnFfO
Gb;FR}{K5
E"t8S{&
_R05Mt
"*K<6 
Y4cElN
!Ruzxk'p
{$&*Jr
ogOZHU
1S*hkm
+T6-BC
[coS/Zl
%]`'tE<	
V+\a3z
?)/syq
.>|lH!
bTCf'9
?`ewbM
bhpY/!
|r[HNH
d=uE*a
W[G#	/
FQW=m{6
OG3q\E
-*qe	0
	7cyG1
^'G_BwG
/c2bmV15
q%<#Ns<tw
Z\{g!]M
[>Y-`$
tN1|M#
Rr)"PD
id=XP)
qP9'Q^
R<=.k'=
RN5Mpy0
N:z#"1'}
I`l|^)
.%Af|xS
(sU/`>
M?E#~T
mi+OsUm 
o=|?oy
f6ke4Bx
lr	Bmg
/F][4	=v
!	e$BD
t"*nwy
k	Qjo#
\5(EER
{0Zsx?+
&[C8]K
Zb+>zR+
B'N|9H
lnYu3!7
=QlM%?7
C&LskU
rJ_-E)+mC
Yi!M>6
3d[%C4
i>XU#B?a
Fb:"L[
Wb68KR
VEHQC4
5_o@NQ
AXQ.,<
5TQ%a*
&m?V97
_s7<!"
L$ PQh
L$L_^][d
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>