Sample details: 7bdd00e9d4598a053a5a5e0e8f9a6a58 --

Hashes
MD5: 7bdd00e9d4598a053a5a5e0e8f9a6a58
SHA1: 488734b874686cbe58183769d48238136af429f6
SHA256: a6ab4e9690a52736fb2690468b288a6d81d5528e8310158f850286a8abb904fb
SSDEEP: 12288:tAAOFnmfkhvSfaJPJzTBPxFubu+K2+j0DDhDhqg7:XOFmfkdWY5BZFuS200ZV7
Details
File Type: MS-DOS
Added: 2018-11-15 01:43:57
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
v2.19:
gAzWUE
bHeU	?
i~`h)d
sGx`]}
D8eQW>
~@52-oz
~P80Xkd
"t-^A'
Z$\abK
&Jf\u2`
rV/'5O
)eOjPw
~|G>:}
S2_Z915
T@ccyn65T/
I6V;@d#
3Din?%L
A2;;Wm
oRX0%9
J6h_6e.`
|)	d'4
C,\_4X6z
]xsNQv
'u9|	gMnO
|z-<ej
H-E"Jp
9GD`9~
.6pSHah
rkcXG2
6kd&u~i	6
[=!s?N
wUa~9N
ybxx8Ph`pa
'&CI9(
ng?Pfn
Qu0%	Sbo
v $R1z
uGyjVH
Hp/;lW
$QEQFN 
IWCx u
z}e ]1M
saL_rw
];\%4d
AX@W}R
$`K@<k
K=$5e`
w@EG@p8
S^ w?o
S2k`o7
n!NOiqR 
X%n]]Qpi%Q
-b`!0*
2.,v;}
mL1ine
c;Gq1d
4ApAJ7u
Fk1F#!
y8%H*>^
3:lx+f4
(.jZLc
1qtXr+
k'$v/.G
Ql lV7n
j	LL@E
5	C7;,
s "pOg
!eypGi/
_,>l'5
0)J@H/
|[	a9-
\0Tx#j
V?_!S!
t,w0lRw
lL|30,I
*>"d7.0
/O9NR*.
MCTf~' 
mKwv{:
V3z~Z<-
v"c,=7
|'dCkm h
pRVQp2
c+MH[z
BM1w{v
Ce7>,&
[bP<g*
>1rjt,
73r$~F
8W0,5j
4 uml X
*OE~7~
>b kJ0
bp$6Yd9R
k02*)u(
Rfe)O8
E\tp,+
U[>iv0
U;siEMc
$DlE=D
Lb]X8NN
	Y"}YIpP5
ji%<>a
(}jS"$
H>lag<
OF`52C
?9[1c_
/%Hw>7
+N+.H[
[mY;#2#
4.f@4l
gU!zk'v*
pe{x1Y
zvA+PQ
<'`B61
z0)1wk
#BYxcq
*"81k_
r5JMDU]'i:6
NN=`0J
+-B!7*o
PRq5AE2
w&{A3_$
pm8\fi
~_]'nP
fWkJOQJ7
pJfy6E[C
y- Kd_
_Zqpg+q~
'~*(-|
M:v4Lm
LUOS>57
g3?Jb""
whQb}a aWamE
?do|By
+D@]|!
+zOODLt
k;<N`a
]16CkE
`/a>V[9
A_6LuxU
Sw^\H*
_<~fpw
SA\i -k`u
#WafG=(7
*bdd4f
R*FADP
gc9@P!uX
u+k1OfA*,
PS(V6w
9T';Xn
[A\fvn
(G'"Zp
NX/r7L,s
v",Qz4
:*%`/!|r;
{6y*An{2
pVHHUWs8.y~}
v,9$$u
G>|:OO
J$1:n(V
CRz'pc
[:_gt*
{9*n><
O8d=o;
!&W/GS
90B*i#
QDsL_H
:-pc~r
tB6#c`
Ck5GG.
qXF&gX
>9//<t+
?_O2Z7
PQHes3b
h[z^ g
2-B{D@4d
x9x[3&;!
e2E4LZ
'])J=#"
b$|gYC
R.uEuD&{
z]vpG!
-u$F)y
yN{i,/
f(Ywf]
KFNNn$
;FK9K2j
_nKQ5?6
.hP,5M5
B|C.``
Oszy*A
UinRv^/
{j*]tL
kjiS2S
^Z[+",
jD`j4mD6B
h9HBY{
qc8DDyA
+=!]9QC
,	D&QE
m`6iN0el
[zmN[y
I!"aC<
kdu*DcX 
*^rH:NP&
P+h-|=#
aGA]it
6`Dt*{
&76'E~|d{C
F\h}y=
H-[EtH
-7Ais)
A ?dPumqP
2JL:`&
s~@[?|b
hILA-I[l`
:'|:v@C
?Dagu(
;hJdy3
pksRB7
$ <@gt
}y#G]{
13ma(.
=d|ol7(9
jV6~`t
jyjR*D
kX]tp+
vfrkd-
:1ywA=!n
]#vMTv^
6`l@HW
.:R$>y
j54:^*
F)61~I
=p)KJQ
"u	}a 
cL&Uuhn
j9W\RQ
No/8nT
>b8Li/
QJ)|2":
W:bHk"--
"wwe+}5
I0r{c8N
/@q(H^
d	FdB!
 V%?ZmO_
;=lw_'
i[E_DE?_
O]<syUH
svKNY]
4ie:qpg
%KP4y/9
S00<BI
]s5(&V
`aP\N%
{csc&X
X,4K%bB
93zeQ]
`	Kl~8
HjEA*TM_i
<\Mc.*
?s?3H%p$$$I<
%MYg=j
LF8e(x
j3aSYb[
x\xN;}
wy8TrF:
7GIIR~u7
f1{!>%
WD0y&T
Y"E`|y]n
(jK3XB
pByvES
G4kK=.1
@c}1IG
 ?8g*i
k?sANT
=s5Bnqoh
Lc=^Z?
g\R	w	
SX~?^XV
2aAV&YWj
YB&+}r
{BcH@<
fW^7}g7G
+>b(-Y
)a?Xz,C
d'+qv&
LK Ycx-8
6H)DI>}
krF+ypt
rV={QDT
(R]NBQ
f+J(j=
0|4p(*%X8r+
Zx5aK7
"3sB7NQF
=O$-LF
#oH_ojsE
l8H\r	
dpdaX?!	S
'09WDv:
O,Xed7\
D'~w P
_am'^g
y>4aa6
q5Li%2)
XTNdBtT
",aZ,5
)tV9ZP
S|euzS
F}ExPq
EV/mbT_Ql
YuOJGr
V#zF{k
AZL+LXF
kz06m,
2hK[*z
s[^* r
Xa]HOZ
bOpB;I
z>2}<$
9c6cl+xW
JkDhEN
0Jo#doD
V5K+/#
)kM_8\
- )&~x
Cxvz-P
zfoLz	/
:I@0_hf
T;xA@L.
H(?/]q
60:inU
%ib4ae7
lx8$p<F
guZU@Y
V]^C@K
c'Ywy'
c.6$a[
j/S%[n
r?o;yx
hW8&vj
0RNI#k
,@"GXR
,eOxgc
7a[mS`
}6<Y8H{
ZrSx(Xo
n*2ZwB
@j ~nFc
%we@m)
1~*M|n5
vR.gaM
sGQ6R]e
H CYb+
^&)ob)jBbq
>@%FSp06
:O{rDaKB
3P7z$m
Q.Sn"w
I-7u`_
"jU)\[
x/2bKl
^L1~t=5
ZkFA'?
UBQpn~3
eR	VsX
5J<,,y
mo&PlIL
IGtp6'=
 C4/072Zs
#" o;%
HW_#fGX{y
ws,THq<
6wxkua
F'](T<l
+,TC6Eq
^k~r3>
`sGv4w
bTemsx
LN,=DRo
Gv2&1C
AwJqW'q
U7qs*?W
^6VY]j
SBYdp2
M!6?f/
OT$2tf
$8&_ve+
bON<q7s
;`'YEo+>|
@.6#d{
/Pjh+J
Fw*+no
YE"Wg9
Zd [q%{C
gM#6tS
LW	h{sg
#q~l W]9
sDaov`o.
^>I)Oe
f(Y+:?
P	y'X*
Ha`3F+pI~
^lAF6A
CR"!>kG
UNkx@u
<G>3C!N
n@"sg%fz
pV@n 8
+pA9`<
z]4X;x?
F3(H|{!
9JS[=1	5
_34hyj
h&I}836lZE
s/-<}l
OMq{%/
:UNluE
*-X+l,
d@~Uuc
CWsO-U
^`@v+/E
x;>`fP
C%S/o_
QIi}8m3\
Q6&)Svq7
;9>c21N
kF/D;:
WSU)zJ
GnhBo$
""Gj=[
c"^a0[
\*^r>,
`_\`5GL
S{lM}[
lU2L0GeY!
bn`&kV
	5D!Ha
fU-tAR7
V2u-W&
,C:gFi
[lvbQ8Z
P^AtHt
C~s!ej72
clH'](
9u#QGLF
[@<jQ[Hz
$>E4_[
3">;;II	
`. -Lc
!6.4L}8
5'H6iaA
I1s)n{
OZ\_G56
V(%M,!
LG17v>
6U&R~E
3l}Xmes
s$;|2d
2K>&qk
7mBwYr
	j*0@"
+&#3jq4
D=_W{:
WI2dd?
(`f%*=
$0]kK*R 
UnT2s,
\ycp"c
xZt	@(
jmB2+U
u<Tr(bcu
4\>c|s
$'BMK5
^44y[!;
%UmG8Ux
I*2*_X
z~T++_'
Z2WBnO
]WA	_(>M
2$qMNQ
y<lDEx
a'2P8>i
{31w_<
1}v2Q;
Z|UZ9Z
ngyqnn
qL\N*>O,J
*,NHKe
(=HPt6j
-i|6t9p
P<a\JixZ
_uU< 9
brHx9#
%mM|1c|_L 
a$U**P
Gfy$dkm
[%&Q7KB
s<i#7s
o|Pm%Ez@
n(3c=Q
eR:*rl
m.[hw%
^&jm|:
Uqi8NP
y**/43
]A?]1p
~Z9lzp5
)8AYcx
\Ks	Tv
QPduko
1)=*^Efa
ps,o4p
l7Z6?BK
 ([c(|5U	2wb4sF
MR7#]A#I
^i~s/n
*v&^~V
p,K;}=
M0^mm	
:4OMed
/_h(xbv%
O GkfXK
^FW*t?s
M{]I0w
30.>RDb
[;5J\&
/3-nX+T=u
p:7h:^P
Ngz!YU
4+&16tT
fdD${>
bP(L,(~
H#B`Ht;>'8
]OL",C
|L)2UK
iG9zDf|Z
]7GB,T
Ca6=2sh
kf9_/R
O"uUq|
Heo  0
[lt@gX
z!)/Z3
?3o+^}
>XgXKs
*t3Ri6\
E3lQ#0
|Lz=m.J
ss-JES
?$y7G]
B}0S]iI
|6'9/-
YA1[Ca>
kJjs%c
$x<{4y
tEl[Rg
r*NKN[
.T'XsZ
zqqNA9
yxin!\
de}LvD
u%f1ms
}xrgJ	
GsaMhQ
!Th3:r
P'2=A%{
N`V?"EH
*!FuIU@
'kfGa"
BFK '~Iw;
0x68e(#i4
1eAF%,	s
ZTe1zc
+{*y[?
<[qxx(n
!P7U_'
d>{4[`
|=YmU5
`kS7l`,
\Bl/-0	
>0971T
br`~S4
AFaoQ/8
c/c"#pRw
c:IWY$
]jBlO'
JU-mi{k)z
.8#6C}
?gdpoO
;yN!eN
c]k{iD
fG4G2_
sL``i,s
a*K3/+
##f7';CY
-so^H226
E@|-QF
&x]gi&
SNxI9+SW
$>s<#}{
<HRdI"d
CWsb<8
^.0>F;o
hp3%-E
nyCOb8
Pfe ^a
#80Hzf
< 6N	@
[Yh!sK
_'&NX6
@/;$Li
3}[\'}
\GgZV8
N'S9t3sn
/cmP@W
0FCE(34B
FpesLt<Q*
t3b.L.n/
G5*}Dn
$4xKA.
iTf>(D
L[Iqrc.
l-LzY\
"x~nN;
+`{*E;
U"![o_*Wm
]>g'SI
}620d,
'S!90@
'Y{M3(
Y(o]Vn
yBb7#qE.
@RR	r1X
v"X2T!
mgr88(
KQo&7Y
[gxX]$
|CyXy:!{
2#ToYL
yK2HWI|
O(9+|^
IE{K</
e44R{0
>\Q3^~
3??.ZG
!o:%>6
!*YPd#
93nreE
u>t`t/
	8sCD=.
?%]LF6
zFd[7B
4lNG"?
qK+R5)
rvJy (
.l{ZU9
]XMG"O
~v_@C5
m"|}zo
dL; EmQ
%-JG9=
@uMTUr7
	Y^N4l+
YV[f^m
;0vE'>
::-KN'$
<@*6_$Tu[
qvMtR}
048Qq[=
5M<164
7%H5DGs>x
N\RvYG
Ts_mqb
7$^0[j
o7x8F(
L>kI@3
_?qtQn
oT%CZYB
&%(Mg(
Azx9xY
|FvMNi8>
8|G9PB
:5uN}I
o~S7{a\:
	Y'SgW
)LT|2c
}CU+	)
pZ~CmF
V%jfA;E
]QV,%-RX
c#pZyC
9BnlI@v4L
obPN)DaL4
!-dRVL
FTFEKoAv
#~g2F9
F=x+<m
\aFWT>
JFa#zf
|%i(73
n3{wsj
jZT2Zp
R]QF*F[rlm
m4T	5]
jj-'mP
3P`EsE
NLw8h.
!Bgv=D
	"8ndj
hfO*"I
Gsm>k-
m*N/4?
^PuM>#
I'/(!W_Wl
e46t{C
wV$i-$|
R,lU#+
 un+E|zsGO_
5~<_.<
eGUFuO
nWXz\y
br <]b=
:K7#(2
kITk?m
F}C5F}
~s(@T'$
r5Z<9cf
#Ov~S_
Ntfn1,
SsKuH-
HJcVD,
6O.qFV}:
u?9M]\
;LaN'L
Gr,DSp
<H<_(^
)Q6rsy=
[o|F^v
~y`zPE.
	Z'kgi
`f IG8m]
uBU:07
d[~z})65
zx^y|H
J SGSh
nv;JFU
KWPI_/la
@ Gipt
T.5e[w
m$V^ZU
dIbR$fE
_C11yo
bd5||]
hj;"aa
YQ5`nI^
^GT"8@
'w=>&^H.
oTX"/L
d?-00T
wymyzt
SvR;3P
eiP\Xb
JLYjQ8
I`.r1f<
4X/YFv
'vXoA"@
0n_[i<
UbhP-{
yQ;hzI
waBzEE
Rfdxc8m
CC]#[j
=~qs*L@
lkRLAF)
c:^v9D
c(NI->w
(w*ez`=X31M
Z~oxxJ
)CB,yq
PrSsg	
t	E^?j
1Wce`S
A'JBi%
>+?(N:+
n+LLF3
Qc(.#u
~":<qFF.
N<)"`%\
f#9$?[
*1R)R7
m?/8!d
&>]+pIx
~?#l6H
	 :6Z8F9
;!qOT*
?OPdw3
E-cN4)p
EMp'BG
sG6a}h
	/*4h>G
i	1(r[
J@Fzn6
0P8\3b
KeH"yX
tN<r_6
'IfvV7L
j/})<'	
IV{7uq
FrK7T#
{j7ON]
U9w8x<
F_i%Q_
:dh=L(B
c0r!id4
EG_QTQ
:]y%-l
`#x!d/(R
2#<plr
e1W"UK
%405UF
XmJp+Fb
MVFw6>Kb
s!l"ov
E?a>C(
^]2S*w;
y^	Ne|4
$-$1AH6
 1=TI2
S^	K5jRiK
FLv0D{
DqI~j2"	?
am\*Q@
NF 8Ov
nmMZ5&
(D/HbVw
&]EKat
n!!6HW
PF[#m1
V}Xj1I9Ws,
-jq(h5
p95\kt
X?s2vf
Ep~<YR
aeaW7M
=yEs>2;
vhj,Gv
X2	@X|
P7/'`YdK
v;?aZS
n/+pTJ 
Q0b(/LuE
nIjInW
'Hq=eo
2<MR]?
x&tNJQ
]]+kvn]g
bqDB14
\|;c%`
`Ul6tQ
~,9;_eP
/ yW=_
9*V ,*
mN%>b,W/%2|
=)biTfDOO
c.j4O2
3+<NL/
m{ZEY0gPw<
t+_^][
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
^W:q3~
/e^W;^
UV{;<>
"""""/
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>