Sample details: 690bea9a9ed4422de87ce50918b157c2 --

Hashes
MD5: 690bea9a9ed4422de87ce50918b157c2
SHA1: 99475b50cec01ba67543faaad237be2b13bbaf2e
SHA256: e6ae49c4cb94f9bfb36b11aa21e7d4b80f97d8be66867c8ee7714f7ede51669b
SSDEEP: 3072:wTqV/QTdAN2G11i1gyJ5jUrDSE4miMmtF1hGxvWho4O:KdANx6gq5jUa3F1IxvWhm
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/MD5_API |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=oAB
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
7%A=JdZ8p
gG ~J5
G~R.hJ
(=77|^
ig-+Lo
,~89{+
\_~fUN
s4q	H4
?M!w(S
$/-:g/
CE?ZZ*U
Uf?'3g
V`^c&B
#)S1[dI4e
RzuS`G=
u.&R05
v<C$D}X
[3xDnrm
23WKaF
BVJ~yd
s,Mz\%
f3!>d\;.
-	pf A
o21Z\	O
* m-#Q
Uj.GO+
HR<h K
rh:g[j
]~~RNL
9rJALW
v#tizZ
9pPaxU
u973x8
fvi^l41	
A A{lWhZ
QDUHS/
m5/J(1
}ydbkJ;
+G~K#}
k)@x34
N1?dSE
vkKc%YOr
[*5X8H
4<'eT7
2O	y*N
U]EGh 
.%y*n@@
]WC'<e
a;&9.E
)hvE;c!
Ss~p	A
n	.aYH
blpoP*p
k=	w}u
Ssrkd2
j+'z^-
S4%'O>
|Hd[_f
[$yh	m
{dp[8V
kD?xF;
J"j&F,Zg
B,i0pp
d` 9s,
T	AJgH
plpkvY
5RQ[\.c
c/}oRl
M^Z'yV
wtH	)N~}
@0n07D
pvh+uCP
1?JY(2p
s5h,At
{knI9=
uJ.]?xo
PPXH!<x*
v+w3t0
D0)18;
PZDb+p@
+b3:0N>
Azl_'J
 Dti5;~
CpL#/{
TqEF,S
U1H7UC
{cZUrn
Cc|$q"
Cc|Hq"
Cc|Lq"
Cc|Pq"
^!.rqo
xwx3$E
pi;b8PJ
L")FK`
-v(c)=
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
E$]g3w
A)Avsh
#^PH6<b	
\$6/U&3
S`PZa!M
WU^@t?
/2w e(
}W9/hyx
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CryptMsgDuplicate
CertAlgIdToOID
CryptMsgControl
CryptMemAlloc
CertCloseStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CryptFindOIDInfo
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
MD5Final
CDBuildVect
MD5Update
CDLocateRng
MD5Init
cryptdll.dll
RegDeleteValueW
OpenEventLogW
RegEnumKeyA
RegRestoreKeyW
ReadEventLogW
LogonUserW
RegSaveKeyA
CryptSignHashA
CreateServiceA
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageW
CharToOemA
CreateDesktopA
GetWindow
DispatchMessageW
GetClassLongA
IsWindowVisible
IsDialogMessageW
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetProcessHeap
Heap32Next
GetACP
lstrlen
GetStringTypeW
WriteFile
GetModuleHandleA
GetCommandLineA
CreateFileW
SleepEx
GetConsoleAliasA
CreateMutexW
GetLogicalDriveStringsA
EnterCriticalSection
OpenWaitableTimerA
lstrcmpi
kernel32.dll
:0@0Y0j0q0
1'1/1=1C1\1n1u1
2#2)262B2J2P2V2o2
3"3)3/3>3D3J3c3t3
4*454=4C4O4[4c4s4z4
5+515F5S5_5g5m5
666F6L6V6l6r6~6
7#747@7J7c7t7z7
8#8,898F8R8Z8f8l8y8
9#9+919J9`9f9n9
:#:/:::@:L:V:o:
;!;+;7;C;K;X;d;q;y;
<'<-<9<F<R<Z<r<
=!=+=D=U=\=d=}=
>%>+>1>7>P>n>v>
?!?)?5?A?I?V?b?j?w?
0'0-070A0M0Y0a0z0
1$141A1M1U1[1t1
2*262C2O2W2]2v2
3*3=3J3V3^3j3u3}3
4'4-494?4E4Q4\4d4k4
5'5/555N5^5m5y5
6)656=6K6Q6W6a6z6
767F7N7[7f7n7{7
818A8G8_8o8y8
9-9=9G9_9
:$:,:9:E:Y:b:o:u:{:
;#;0;I;Z;s;
<8<M<S<]<d<}<
=%=2=J=P=]=i=q=
>'>.>F>^>n>v>|>
?%?.?;?G?O?Y?_?e?q?}?
0#0-070@0Y0k0|0
1$1/1H1Y1a1k1q1~1
2;2F2L2Y2d2n2u2
3*393F3R3_3g3q3~3
4#4<4O4U4_4n4}4
5 5/555;5A5Z5k5u5{5
6(6/656B6H6U6a6p6z6
757B7M7X7q7
8!8'848@8H8N8g8w8
9$9.989D9P9[9e9r9~9
:":*:7:D:O:W:a:z:
; ;(;4;:;L;R;];f;r;~;
< <'<-<:<F<N<g<z<
=/=8=Q=g=m=z=
>0>@>G>T>`>p>
?$?*?7?C?R?k?|?
0#00090D0Q0]0g0p0{0
1$10181Q1f1l1r1
2,282B2[2l2v2
3$3+3D3Y3`3g3o3|3
4%454N4_4e4n4{4
5#5.585?5X5n5t5
6&666C6O6W6a6i6v6
7!7'757B7O7[7c7|7
80878P8`8y8
999?9X9h9
:&:?:P:i:y:
;#;+;D;U;n;~;
<$</<5<B<N<X<^<e<}<
=&=2=:=A=G=N=[=g=r=x=
>#>0>;>E>[>g>o>u>{>
?'?-?8?>?V?f?l?z?
0*0C0S0`0l0~0
1!1'1-1:1F1N1[1g1o1~1
2*242@2L2T2Z2a2z2
3#3-33393Q3j3
4	4"464=4V4j4r4
5"5)565B5J5Q5\5b5{5
61686>6D6]6n6u6{6
7$717=7J7P7Z7g7s7{7
878@8Y8}8
9!91979D9P9X9^9k9w9
:(:;:M:^:d:j:w:
;";*;4;M;_;k;w;
<%<2<><H<a<q<~<
=$=1===E=^=q=y=
>.>D>]>j>v>
?+?5?;?H?U?a?i?s?
0"0(050@0H0Z0`0y0
1-1F1\1b1h1r1|1
2(242C2P2[2k2x2
32393V3]3v3
4(4.454;4A4N4Z4i4s4
5"5.5>5K5W5_5l5x5
626C6I6X6^6j6v6
7*707:7@7Y7r7x7
8%8+8;8B8M8Z8e8m8v8}8
9(9A9Q9j9
:%:5:<:I:U:]:c:|:
;%;1;>;D;];n;
<!<)<5<A<K<Q<X<c<|<
=&=.=8=B=Z=p=
>6>G>M>T>Z>d>}>
?#?3?9?A?G?X?b?i?s?
0%0>0V0\0i0u0}0
1(151A1I1T1Z1g1s1
2 2)2B2S2a2z2
3)3<3B3H3T3`3h3o3u3
434=4G4V4c4o4w4
5.5?5K5W5g5
6#6)6/656N6^6l6v6
7%797C7P7\7i7q7{7
8"8/8:8B8M8S8`8l8v8
91979>9G9`9p9
:*:::S:q:
;/;=;O;g;
< <-<8<Q<X<^<w<
=%=.=G=X=b=s=y=
>$>/>G>X>^>h>t>
?/?@?M?Y?a?n?z?
0%020>0F0L0V0o0
1#1<1N1X1^1k1w1
2(242>2F2b2i2o2x2
3)3/3H3X3b3{3
4'4-4:4F4N4X4h4r4
4-5F5\5b5{5
6%666=6V6g6
7(7.7>7G7W7]7j7v7~7
808@8Y8j8s8y8
9,9E9U9m9
:#:;:K:W:c:k:t:z:
;#;);6;B;R;X;d;p;
<5<E<^<o<
='=3=;=E=P=V=_=l=x=
>!>'>@>P>l>z>
?*?0?I?Z?d?q?|?
0 0,0@0F0S0^0f0p0
1%1,181D1Q1W1^1o1|1
2'282D2P2[2a2g2m2z2
3&3/3=3F3R3^3f3l3t3
4"4/4:4G4M4f4v4
5,585@5Q5]5i5q5{5
6+6;6A6G6O6\6g6y6
7/757<7I7U7_7k7w7
8)868A8K8Q8j8z8
9)9@9X9n9t9
:-:4:P:W:]:c:j:
;';3;;;A;G;M;Y;e;m;z;
<#<<<S<Y<d<p<v<
=,=6=@=I=b=t=
>2>C>\>s>z>
?3?D?J?b?s?|?
0!0.090I0O0\0h0z0
1#1)1/1C1P1\1f1l1r1
272G2T2\2f2r2~2
3'343@3H3S3[3e3k3w3
4-4@4X4h4n4t4z4
5%565O5j5p5v5
6#636:6G6S6[6a6
757;7A7N7Y7a7g7o7|7
8#8<8N8g8{8
90969C9O9W9]9v9
:%:-:::F:N:g:|:
;$;*;C;S;Y;r;
<%<2<=<E<T<m<~<
="=.===J=V=b=~=
>'>?>O>X>d>p>
?*?C?Y?c?{?
0#0)01070F0S0_0g0s0
1)141<1B1M1f1w1
2'232?2O2]2n2u2
3%313;3E3R3^3m3s3
4&4.4A4G4O4h4x4~4
5"5'5.595C5I5X5^5d5m5w5}5
6,666A6M6_6e6k6q6w6}6
7 7)7/787?7E7O7]7
9'9-969<9G9O9U9\9r9z9
l1tyhnmiopkmnyunbgt
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl
E$]g3w