Sample details: 6fe3ca0e76ed3d99aa8274fea2cb7fac --

Hashes
MD5: 6fe3ca0e76ed3d99aa8274fea2cb7fac
SHA1: 8bb5ccc29d69d4bbaa43b99249aa24e678738953
SHA256: aa4db8dd681d7ffc8038cdc0852a7c519804b799fa25d0167cee03a4315c514c
SSDEEP: 768:eXYoQaZytwZftjE9MB7MBLXaASfwCLoTwAgBU7D:HoWtwYMB7sXaAS8hgB
Details
File Type: MS-DOS
Added: 2019-02-20 13:53:44
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | FlorianRoth/ReflectiveLoader | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
Rb6^E>
~bzkg.
-%[cWD
Lph[Yw
_+",>]
GP)<z2{p 1]r
	=8c%$m
:raUA,^
q5UW<2
cYd	rd
xh&owU
	um3mC
PV&|D~Y
q+Rl<^w
SstDz+
/9&"7p
N^orm\
AN-|Qv
+b+ujpSd
1-B$sY%
nmap5V
5^0-Sa
*M#Dla
RAlJ-"Ko|Zc6
GbVvx'
9K!tl,l
Hj)T1V
&4><WAw
j1U)88I4
'/lG5Y
F(5	ZH
7R/@(]
FD4lMj
9BQ%$ 5p
LSeFEQ
DcHh}xh
.D'IiL?
\^<b*Tce
QSVWj@h
encryption.dll
_ReflectiveLoader@0
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndPaint
GDI32.dll
TextOutW
ADVAPI32.dll
FreeSid
SHELL32.dll
ShellExecuteW
CRYPT32.dll
CryptStringToBinaryA
WININET.dll
InternetOpenW
PSAPI.DLL
EnumDeviceDrivers
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>