Sample details: 7e48ffa0ec001fe5dcf2dcd4cd7f4cb3 --

Hashes
MD5: 7e48ffa0ec001fe5dcf2dcd4cd7f4cb3
SHA1: c3d24324a59664016715557a743c53b9e9a39fb1
SHA256: 1edd0bb51dfb04e45ead3cc5bbe7a649d4d96acea53928d1f863c375592cf68a
SSDEEP: 48:tcd1RKGdENuP4pLAAIhgICIQe0fAljts4h/tvPstJncss4svxCj0ieWfQyy/y:Gd3KyETOlhtliA1FtvPsvcfnp30fSy
Details
File Type: MS-DOS
Added: 2019-05-24 01:09:03
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Source
http://nerve.untergrund.net/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
+CD2 7 
ser32.dl
SetTim er
@W&U6F
Clie nt>
dFill2R
wTextA
esource
Compatib
leBitmap
Bru#sh d
gQuery
;PRntT=P
 ZORKBE
NKNOWN
(y pl^
ly usin g 
:) hoI
on  !	
- EaQrn
F0.50 R
VQuit b
http://
.site50.
Ri<pG&
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
user32.dll
gdi32.dll
BitBlt
shell32.dll
DragQueryFileA
t7Kt'Kt
wwwwwwwwwwpp
wwwwwwwwwwwwwww