Sample details: 81a9184dbcddfb70f8afa187df5bdf33 --

Hashes
MD5: 81a9184dbcddfb70f8afa187df5bdf33
SHA1: e0acb5612116725804334f10c49020c6848d32ce
SHA256: c6799d8bd6101b75fbf858752aae6dd9ff980ec8e3f474cd6618e04269f77655
SSDEEP: 384:xV6FXoK2USo87mzLlgKx6Fk0/1rtzV0A70vA1aW3jR4+GdWSY6R3hAmDVk6T7vvD:X6FT0qzt630eb8eF4+GdWSY6lhDJ7D
Details
File Type: MS-DOS
Added: 2019-02-26 20:24:06
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
AR#(8_
>}UL.>Y
g%j>^;
\TEIcB
)6Su(+j
Ur))0.
.`1o]$
!XuqzH
B'M\.?U
S+Zo-`
O!fq=M
Wmmj/5
]opOUt
(uqIuE
u\3#fG
>RI?{L
">d04I
$Acge{
H4Hk\,
*Grz-E
z]?7m1
CAr&1f
Y]/A58
ik4X~1
eBvhp&
}{Y!\3/
EU&9pyo
36VH+9
Q=Ei-~
_waLJ*z
4)-Lyc
'B@niTJ
A_'Yzl*
GsNeiv
r `+'	
[)qA1w
cp:!Pz
\Ot'}X
	7m!V0
t~NkQ]Z
g`>HKG^
>n)^PJ
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
CharUpperW
ADVAPI32.dll
RegCloseKey
SHLWAPI.dll
StrCmpNIW
ole32.dll
CLSIDFromString
SHELL32.dll
ShellExecuteW
CRYPT32.dll
CryptDecodeObjectEx
WININET.dll
InternetOpenA
PSAPI.DLL
GetMappedFileNameW
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`