Sample details: 6b84d200c817fd3956d0521f4ba0d1c5 --

Hashes
MD5: 6b84d200c817fd3956d0521f4ba0d1c5
SHA1: 14c69b9b4b199c1f21b31ddbde3ce3141a25131d
SHA256: f0e0068b11df929aec7260f53bb5ddf84835a6524fe187724340f23ed09bb639
SSDEEP: 192:GjXYM3DaV0fc58UJNaNjJffnpeA9eCnshAlVFQTka0Zl6LjMaCmYpzzT:GjXYUah57oJffFnhVFQg1sjMaJYpfT
Details
File Type: MS-DOS
Added: 2019-05-24 01:05:09
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://nerve.untergrund.net/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
WPRRQP
%1<GQZbjpuz}~
~}zupjbZQG<1%
 !"$%&')*+,-./01234567889:;;<<==>>>???@@@@@
!Q,tF8A>t
80ujQP
t,Ht+Ht&Ht%
v$Ht&Ht*Ht)Hu
D@D8^:t
2T`00$
Unprepar
eHeaderXU U6WF
PositioH
user32
MessageB
ParamA
MGlobalF
ForSingl
eObject
Sizeof
LoaDd0f
SetFileP
troy,2$W
dPriHo
H7 PTj
- An @
e50.ne`t|
 Win32As
sembly C
ode :)
!NFOFIL'E.-
yTracker
PaI90-2Qp(
eiprve
isn't it0 ?epp
s to pk,
 stn, tx
ainy daMA
prepareHeader
waveOutReset
waveOutPrepareHeader
waveOutOpen
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
winmm.dll
waveOutOpen
user32.dll
EndDialog
shell32.dll
DragQueryFileA
t7Kt'Kt