Sample details: 684d6a72c480febbc16482ab0e70e11f --

Hashes
MD5: 684d6a72c480febbc16482ab0e70e11f
SHA1: 5e4bc08e4898a77691f069cf5ce54aa7df7e89ec
SHA256: c8326708206b7676d030bca0772d34fcc3f62431b8d08372becb2e3a64dd76aa
SSDEEP: 384:v7RGwg+FAZJJrERu68yVWOaECvnAZp8KcERWnqqnAlo0of7vvxlL:vlTg+FADJFQWOxYip8bxnqq8of7D
Details
File Type: MS-DOS
Added: 2018-11-14 20:33:56
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2K
PJI{g.
^m>+7t
92B_3n
581`Kg1
v.e-C!
2D3)O&]
[h0@{.
jvK<$n
a>l-Y(
;w3RB	0
G$0DG>
cjXQzT|Q
!L%2Tp
hyP6*3
[YKd5k
a1,\v{Jn
+c>U*C
r[K?94
1Ru*Yf
uby376
K}~[m[
o2|vxn
QUjH<"T
1S4S@s
6s)]xk
H'(xkuk
73-5$O
MM.I"cYu[
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
SHELL32.dll
ShellExecuteA
WININET.dll
InternetOpenA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`