Sample details: 7d14320b98d84037e82ef866d3ce0e75 --

Hashes
MD5: 7d14320b98d84037e82ef866d3ce0e75
SHA1: 05276e54f50c8718fb07afd7aec2ffeb07d04249
SHA256: b9944cffaf13e3f1e91b28e09ebd470ace90ed207ee3bfd20a0f802a7a61ffac
SSDEEP: 3072:yvSUmubsu8C2yUHrPTsB9Qim+lISUOdyyDSaS/Ofozd4YnM7nu3FmXbHgaf1a14S:yvSUm4su8C2yCrPTsB9Qim+lISUOdyy8
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/win_files_operation |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
cZ[c,>
{P0:2P0
{Y*[??%
<(1^"H+
bhQ$JU
N?@3$u
	R#eB`
{t!H:|
	kFk|&
S<r"v8H3
Sb{|\0iToq
AU%|jVX9`
s\Tp\)
DYcPD<}
'NBZG`
@2-w=D
koV[}1
Nq=XAew
N:;DJ8
"s2kl'&
oaqF!-p
*ahunvB02
[Z{ct"
.W=R{&:
^fFq=T
2/c>Jvx2|
I3@?<eo
oAfa6Z
"c7&rz
6$rcpM
~=o(8?=
*E&@ S
-^:+oT
VX<js1QN]tX
+=_K8_&
q,mLSV=
!Bl*x['
8%PMSeP
OMCFKH
=y]yh9)4
J.2VYL
+kl<I52
T{a\	J
>`_1~\
}eQ_?0
|s2#p5
b_JPC-u
pUR\Vg
%R#%?_7$2
Lt=g"b
HkD6z*
@d<{r3O:q
b.f:P>/+
z'QvH?
9KEhP-[96C
V*H<\'^
aD6zCn
(c2^ur
E+Wrw-
7\TEwDnv
I."&p`
wLu16T3
E9y0W\D
DW7n\U
{?NJI~	
nTCYYr
ypJvF1
/z<)8$
Sx&X9E
ZNX,mP
_LZhOT
*mYdY,
8QAcSD
2)=l],
^}L9l<!
kP5kLzyv=5
	NJV[A-
2Q4l[^
b	awK|
W `}$Lb
t[~&sG
\]:FE,
O!j,?g
LS'N$g;7*Uz
JT*#zP
yg:& U
dj{,Q+
'AU<lk1O-\-
fX	,6u
 %,H:~7
e;+Cmp
rP	$C'/
k Hfn::
^GDXlb
`K0_N7V
Rk)M`*
N`riVN
4X?p>j
_;#v+R
Qt(	n	
Zz|Z7NW
zGdD]!
:>1E<+
E%FA,<
56np4A
6veE_C
G,DVmT
&lW{V.
<JP`9I
0tTmPw
!J,w"L
'd# 77
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
$&(dWg
 AGC.7
xW8|3)
)LqqtA
R/mbWjx
~ke&L*-
%kq*h	3
CM_Add_IDA
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemW
CreateDesktopW
SetFocus
DispatchMessageA
PeekMessageW
FindWindowW
IsDialogMessageA
InsertMenuW
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateW
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineA
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileA
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexA
lstrcpy
kernel32.dll
60<0U0f0m0
1#1+191?1X1j1q1
2%222>2F2L2R2k2|2
3"3*31373F3L3R3k3|3
4%424=4E4K4W4c4k4{4
53595N5[5g5o5u5
6%6>6N6T6^6t6z6
7+7<7H7R7k7|7
8+848A8N8Z8b8n8t8
9+93999R9h9n9v9
:+:7:B:H:T:^:w:
;!;);3;?;K;S;`;l;y;
</<5<A<N<Z<b<z<
=!=)=3=L=]=d=l=
>#>->3>9>?>X>v>~>
?#?)?1?=?I?Q?^?j?r?
0'0/050?0I0U0a0i0
1,1<1I1U1]1c1|1
2&222>2K2W2_2e2~2
3%323E3R3^3f3r3}3
4'4/454A4G4M4Y4d4l4s4
5#5/575=5V5f5u5
6$616=6E6S6Y6_6i6
7%7>7N7V7c7n7v7
8 898I8O8g8w8
959E9O9g9
: :,:4:A:M:a:j:w:}:
;+;8;Q;b;{;
<!<'<@<U<[<e<l<
=!=-=:=R=X=e=q=y=
>'>/>6>N>f>v>~>
?!?'?-?6?C?O?W?a?g?m?y?
0 0+050?0H0a0s0
1 1,171P1a1i1s1y1
2'2C2N2T2a2l2v2}2
2	3"323A3N3Z3g3o3y3
4!4+4D4W4]4g4v4
5(575=5C5I5b5s5}5
6 60676=6J6P6]6i6x6
7%7=7J7U7`7y7
8)8/8<8H8P8V8o8
9#9,969@9L9X9c9m9z9
:*:2:?:L:W:_:i:
;(;0;<;B;T;Z;e;n;z;
<"<(</<5<B<N<V<o<
=7=@=Y=o=u=
>8>H>O>\>h>x>
?"?,?2???K?Z?s?
0+080A0L0Y0e0o0x0
1 1,181@1Y1n1t1z1
2!2'242@2J2c2t2~2
3#3,333L3a3h3o3w3
4-4=4V4g4m4v4
5+565@5G5`5v5|5
6.6>6K6W6_6i6q6~6
7)7/7=7J7W7c7k7
8'888?8X8h8
9&9A9G9`9p9
:':.:G:X:q:
;#;+;3;L;];v;
<,<7<=<J<V<`<f<m<
="=.=:=B=I=O=V=c=o=z=
>%>+>8>C>M>c>o>w>}>
?%?/?5?@?F?^?n?t?
0&020K0[0h0t0
1!1)1/151B1N1V1c1o1w1
2&222<2H2T2\2b2i2
3+353;3A3Y3r3
4*4>4E4^4r4z4
5$5*515>5J5R5Y5d5j5
6"696@6F6L6e6v6}6
7 7&7,797E7R7X7b7o7{7
8'8?8H8a8
9)999?9L9X9`9f9s9
:$:0:C:U:f:l:r:
;*;2;<;U;g;s;
<-<:<F<P<i<y<
=&=,=9=E=M=f=y=
>6>L>e>r>~>
?3?=?C?P?]?i?q?{?
0$0*000=0H0P0b0h0
1#151N1d1j1p1z1
2#202<2K2X2c2s2
3$3:3A3^3e3~3
40464=4C4I4V4b4q4{4
5*565F5S5_5g5t5
6!6:6K6Q6`6f6r6~6
7 72787B7H7a7z7
8%8-838C8J8U8b8m8u8~8
9&909I9Y9r9
:#:-:=:D:Q:]:e:k:
; ;-;9;F;L;e;v;
<)<1<=<I<S<Y<`<k<
='=.=6=@=J=b=x=
>%>>>O>U>\>b>l>
?+?;?A?I?O?`?j?q?{?
0!0'0-0F0^0d0q0}0
1"101=1I1Q1\1b1o1{1
2 2(212J2[2i2
313D3J3P3\3h3p3w3}3
4;4E4O4^4k4w4
565G5S5_5o5
6#6+61676=6V6f6t6~6
7'7-7A7K7X7d7q7y7
8$8*878B8J8U8[8h8t8~8
9#999?9F9O9h9x9
:2:B:[:y:
:	;!;7;E;W;o;
<(<5<@<Y<`<f<
= =&=-=6=O=`=j={=
> >,>7>O>`>f>p>|>
?7?H?U?a?i?v?
0!0'0-0:0F0N0T0^0w0
1+1D1V1`1f1s1
2%202<2F2N2j2q2w2
3 31373P3`3j3
4/454B4N4V4`4p4z4
555N5d5j5
6-6>6E6^6o6
70767F7O7_7e7r7~7
888H8a8r8{8
9 9&949M9]9u9
:%:+:C:S:_:k:s:|:
;#;+;1;>;J;Z;`;l;x;
<$<=<M<f<w<
="=/=;=C=M=X=^=g=t=
>)>/>H>X>t>
?#?2?8?Q?b?l?y?
0(040H0N0[0f0n0x0
1%1-141@1L1Y1_1f1w1
2/2@2L2X2c2i2o2u2
3.373E3N3Z3f3n3t3|3
4$4*474B4O4U4n4~4
5!5'545@5H5Y5e5q5y5
636C6I6O6W6d6o6
777=7D7Q7]7g7s7
8"818>8I8S8Y8r8
919H9`9v9|9
:%:5:<:X:_:e:k:r:
;";/;;;C;I;O;U;a;m;u;
<#<+<D<[<a<l<x<~<
=$=4=>=H=Q=j=|=
>">:>K>d>{>
?#?;?L?R?j?{?
0"0)060A0Q0W0d0p0
1 1+11171K1X1d1n1t1z1
2 2&2?2O2\2d2n2z2
3/3<3H3P3[3c3m3s3
454H4`4p4v4|4
5-5>5W5r5x5~5
6+6;6B6O6[6c6i6
7'7=7C7I7V7a7i7o7w7
8#8+8D8V8o8
9'989>9K9W9_9e9~9
:-:5:B:N:V:o:
;%;,;2;K;[;a;z;
<'<-<:<E<M<\<u<
=*=6=E=R=^=j=
>'>/>G>W>`>l>x>
?$?2?K?a?k?
0+01090?0N0[0g0o0{0
1$111<1D1J1U1n1
2/2;2G2W2e2v2}2
3 3-393C3M3Z3f3u3{3
4#4.464I4O4W4p4
5$5*5/565A5K5Q5`5f5l5u5
6&646>6I6U6g6m6s6y6
7"7(71777@7G7M7W7e7
9%9/959>9D9O9W9]9d9z9
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
xcyvxoxvbojuibvl
$&(dWg
 AGC.7