Sample details: 8c8aa5dc65ad048c5aa5139f0c9dd341 --

Hashes
MD5: 8c8aa5dc65ad048c5aa5139f0c9dd341
SHA1: 0e3bbe681a4cf4dc181d292e3815d613a3be4bc1
SHA256: 283a0c6491ec9d7ea558a3550d1cf4d4ae0c78e7dd6f30b9f2c7664ab982ca44
SSDEEP: 12288:iBC/i6ZCDIWdVmQFay8UnEjlWFaofUPVg7h:iBC/HtyBIfjkAgB
Details
File Type: MS-DOS
Added: 2018-12-25 00:45:22
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section |
Source
http://www.tecnopc.info/software/puliscitesto/puliscitesto.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2b
Mxe-#3
oLX7+Wn
UY>qV%
p4wC?nYU
8$ij.t
>lfPt8
lb7yv"
_CJ7xl6
88_gJ=
GE9*{2
cG?pG{
y*IBS\
	Muhyj
[@S9\G
~w,9`@
ojUKE2d
k}yI{%
")3cuv
.x$$8P?
VBjE:"&gv
WPhDHV
'#,>\0
t")FQb
@ M-n0
'1j?O!
Q3{$5ztg
C~RbqZ
}/'UHs
^"?89#
0b)o2x
/%T~am
+ifKfH
	|[*cB
VKA:A'	
@#O](uP
9WN0uJ
i?e-pV
;Kj=dR
B>L*k!so
KyC:|*+
A9 j C
VLGHfO
3YTUz<^7
JPJj^?|
/U[+r7d
]ug>nq
+#(ev6
M'6 .T
kT*9O5KI
[(H*!7TK
yrr@\L
W9(qCK
5<2Nh3
mSoG	R
tpk0v-p
bR*I7;
,	6W1=
m|#.UF
<8Z-1<
`#S '_3
yxO\hU
Wb9SN~+
HhRkpe
KRX{g~
GpTG}M
-` \:Zv
a4OP2c
JnCj6A.s
-a#sfs
Oa&om}/%`
gj<rS?
d[SQXEf
!yi@<9
?Cn^-[
8!j^I>l.
C*#cfHp
hul,Z?
3TO}K.
JeUy,{ir
wWA2^/C
YvgSH2
.s!	a1
] _eh3K
> y$)F
Ep/LD&
bmO=eG
mG<m|2
BRXN>F7
p\'VV 
"2i96<t
}]J~{	
1mDIZ2
|8#cx(
sTCLRmz
cu0OD@
Cp4wgl
"2Jc+F
PjFx 6]
0"'379
ncC\Q=
/mapUq
19zX:l
w$nz_5
ob}iRP
]KCPNr
[LP'Ivq
=*|VwA2
h|dv}T
f+#TWg
zo}Mtd
;@(c`5
0BU3lY
0d+>b	
Iz{Wez
8[+7h|
o/!n0\
Iw5@{N
5D`{sx
ZI(?=Y
m"#K-s1
[/G]$F
f[SJsOG
7%20l<r"
aCBA?7
:^(RGk`
E[OJiS
jT(4yD!
Vx!?l<Sg
~|?KZW
&R'Yt1
:Y~9cG
>-*e%'
9,Hq)w
ccJ)ib
3F\%z,
25NvQP
X'`gQB
W<z9)cTf
fi`aUG
 B5J[Ww
gBqiLM[
E'@#.;
y=lA:2
G[{I&X`
-o>06kS|
[BGlK-R:
Z!~M/td
[l'zcE
(*d7P~
W0^SbWa
:La$!o
Z|$x}"n
76OETY
68Jf:GY
*\iY>g
q8f<hU
Qbw%Qd\
&pC9O$%Y
nX'F/D
sI\$e"1O
cbQ2Bey
Dhs_TmQ
g<f6fV
Ze8D=c.
cf]$'J
]Gaf&A.
U4WcI"/x
8qjlUu
euyn~?
#q$t#	
>n);Jv
)I;P LD
]j,NOr{+
QM=`f"
(l;Qsu-
wY[.WA
VWAP7p
Td]itN
Hn?)`q]
M|9llZ^
w,I9Oj
\H"-H{
1jz>?3
Tz~.Vz
v<d1j}Y
}0xym5xq8S
G9eQVAJh!
e3I^3\
sb9 >(
7#c@-;n
I~t=A)@
ymm3]#
]AIu;G
$7Tl+i
d=hffj
M*N$<Y7k
;#b"CO
;YUC4@@Zx
e:!+!!+
wO0d>|
5,Zk	u4
!dl&.	
""r)8G
p2M{`e
0	;}\o
P"q`9t
zjS{/s`
_r?T@~
g(9wYH
#Tr{-t
L4Ua?)
#d&bi63
?VK[	>=
R~ic=RO
Rvn$K=
ZEyi=h
h['HRU
(	4@",
qQhE}p
@!dhyAH
:J]H*S
#pidQ_W
o0,VZO)de
>Bq"(c<
j}=OTD
baZC!;=
$BrvSH
d-7s03'
C&J=z:&=
 3im*@
+*Ho0Uh
49gm\|
PGb|jlu
Z|YRr&
z!%9MD
nCW\Gx
rb%mqD
pmX2(4
Y{[9Ib
l@OVzm
_*%HtNA
jc.^#,
8`tC6/
Gov0I$
IJ#aOu
_ s$BSc
?@4<C~O
~*t2g~
8w"B8Y
8F5>Ka
2`}`zJ
q"3U$e
{T<&Av
<fxz@?
*`bzjS
;"|\q0
DAq}D 
zb8VW5
37\I]k
'[WM}UB
T-HH`}
5Hm~WHp 
+O,Q-ut
!!m'Ee
uoE	"w
[agAe- [
oTz7Wl
+D35uc
Z^xL?q
H-F??+
{i#sa>
4VKIDz
)n2!t	
!aJwW[
[al]QdN7
YfJTk*
-V9\bv
F	WLWK
MYg1	Mx'#
gL(V/P
zrHB9>@O4
} 	bnYy
[xL,k!
'i10n~
gvlp$i:
#V3&-t=
?J2_;(W~
Pe{C7h
[VQzJj
:r(kqHo
d+W%Tx
4REo&Q
DR*P@q
>5%Z4-mj7
1Bk-	9
4-iQ&b
f`*(=`
ls;;d@
I_b(,y
{-` DR
NI<pks
y_MJ&Q
Tlj/>}
 Y!Vdq
 e,6%jpKY
(kvU&4
r%q\1`
zKz<O0=%
xB~69d
+uQ6C'
lrKH(I
bWuRSjZTR
uRsTBn
$s3^$N$
"pIeqs
`oYrx|
jqV"]:Q
8:fmj+hoK
e_#]Y&
ECej*L|
VEglIC
,@it^c
r{g].~
Q.<~zrZ
bUQTf*
bvL*)y
\$A-<]4
(7gjhI
#[Qxl~
HehN{h3C
i/[.B<
	G}P|%CQ(
'l%FB7
@(+:>$
U49C~'
?*:c"	
*[/pox
a\En[K;
 QaY ?
/Z`F?`
,A0I*L
OM~evV
Pq!$) D
SlE\L@lu
[~Y+Kp
 /i`A>
<4V&i(e
#8F_shu
R$n!6M
%9}Q~_-
\qA4y]
CC)T=.
:z4hkZ
~=%@^(0
IvS,5Uj
9:`T-y_M
HQ+c[&
*ST:rf xP`
jQQe$R
cSvkC1
+S@_QwG
&C@:qk
-@~@u#
hCj-O_t~E
x%5vT"`y
#B5._"
+f/Da+
iD2C\_
t$].3T
`y8+Sv
j7Gk:;
a!Tnsn
q:6\dW
N5N[i:
c\	h5.
k8I4RL
l~%FZ2
05]BmvU
L=Z?5O
&?19%N
jdlQACB
18Cp(1eb~,'8
|-.%;`3
(:?.->
%w$_c/M,y
aF_Acs
7a6h<$
6L*AIo
H6i,2M
q0?DnW( 
-k&_4v
1S&/gRs=
Xh,;\t
II1;B`V
]U]#T{
Uh*m$4
'6|b7h
bjr{WS
|4+9Z\
Ie{g0)
,4ce;)
?W5>h6
,p*g-a
q52d o
"y]P~h
DL20aqX
ZE]EXOed;
.Gj(TP2-
,c#m^g
\ 0;\c
k.WA<6
-"~Do#
B'u:<uL
*{$`k?w
GeY'\q
.:I[\X
F@yd*Z8
E)$G[[
c$X$0N6
_$K^RS
$8z"=7
w}ol*j
`>=nNwr.
#5Cj-P.
@IlH^7d
?fD6|0
>l	O+O
t$g7S=
*9){$'5r
`e.43<kG
'!%d6?n
A!+hX[s{Eu
W'v:|wPQ
JSpIVJ
ba|CTk
i?P|M/kA
/-|;O~
|xAWSP
_;%pS=
6k/CFj
9ofQT.
s[Cn4W
}r9_M|E
t0H!>B
<j=SUm
Xb>pg=[
k7%H~F
&3K5jP
ol~	"4
_VClXA#=
;-^pU4
PAH5db
&;H'9	
-QFWj=b6hN
D;]mLz;>
i3*=&v
07eI$ER
_|.#s$
"w/*Q;A
_n}%]:
'{2:-	
"XT3#+
Yzi3jPq
`<BcxFx
I!-zJO
EGf0F_
I;UJSNJ
m.72,/#
B~9FO 
4@-_I4
,Gtz"}
ChWjf:V
_H:3SD
4OS3t;E
'8]y|W
PFLl]V
dPE:P'Xh
L7g)q_e
$$}IPBT
aYf{_=7
18U|tu
AZ'4V;
mU7';c	
;ju"fM
bQWUk@V
q ~7CSx8O
fi`ar=
&V#A8FF
o$[10w
|As)g,
4	sU5"
/hCpaJe
HAchK:K
bW?8oc
$-S]m:
R[JJP2
#~% ;r6
;EK9@ 
Rrw!	E
GLm#ku
A<63OT
N.o;F":Ky
]g6KD-y2
O?\H#,
dLzHY@
:xbuAj)D
	;RQ,8
\WSJXx
3n3DD 
W=Vg,3
Rv}`L}~z
&@E63,J
-j'm/k
h1)C^rw
%isw~g]
%}AMK!
AW@n"(U)
x4@&z/
>eed"6
g@wZ=;
):!r"$
aa\7n4
Ein>6W
wL6rg\
)`_qDk;C
LIF}BP(
cV1j#.
 }ba%O
2[wufn<
0W00S2
YY<d(9
X=R>kq
xG{HJ!Ox
mni=.Es
m1_.5p
fU?1nk
Cg4})Q
:\@z? 
lrqUQ%
>S	}CL'
4=&b:uM
lRRp,!
=1sDf^p
W	 s41yjd;}Z
tJ}<Z&
-(_@Dh
>@^GFz
cFwL;PLC
aUZIdD
Pc06g3U
&"3@<B!{
:y4S['
v0{YWQ
4[5icu
wsnkFMAwxfx1
(*>QtB5A
2}iPV5
9obe'	
Q/OpJ3\D
jo APK
j+;.dR
)>|Q%>
o:T &/
bMppGg)
Dw,-3)4F
rS\-7	_
ixdF+T
p@VbzO 
r>fMF.+@
Mi2fxJ
KX3g6amS %
SH!Q*x]
E@Vd.'
Q"d[`a
hl:=+[;Q]
pc~Wa#%
M$"EDGd
5Xcse?
{&nWo(
`;KTRrl
@J$ Bg
q8] nO
87SOK#
)S3<D<@
C*-$wv
7B652`3W
4V~;,s
y/` 6R\
]a8h}z:S
ojHOf!
AMc+eq
?ODds*a-F!
cB@7[Gd
=]5N9'
JH76<=$
GoeX'uRlL
4[x/4I
Q{Glnn
7Ev9=E
woc|^<
}.	r>+D
~m[jH78K
6/e*?$
;AV.)?`
?36R(E-
cpwMqAn
L!xRrqN
Oa|1QG[
/^9EJh
f{#@={}
[J?B+H
FE_p?R
Lexm]=
_Vsi7s
wT2yZ:
)/L.j|
[Y(	w7-
^PcP20u
QEj2~]
Qh>=SR
AmBV@!
g9"vJ+
d(fh\ !2
YVO<	JD
V7t>'|
F(L@|i)
H7:Osg
sdfZo4
3Y,@4 
6{@jiN
l\o,ON
{%tJ?E`b
+^u)@+7d
(2jE2	
ntK@78
kEueV8
P%]&'%`e
)3EVudZ!
9b1t=7
|SBUcn
$JGp!P
4dB/pLpC
M[fDk:
1:5pwQ"
1EU5o[|J
="D\1g
V~|WK5|
"-a5!g
Rf_D	1L
k\W}ZjKg
7!rt+\
xty+Bp;
3&GFzs
Yr5Mpv
bY]	B\
STK\QY
/YTYF<
xbnG:<t(
@3DG,B
#".( {k
-.0]/[]UW
UI'(fD
Qtk?5zl
;G2J:]
'W9"d.
LVr5-t&
HX=}q	|
RLB;q`
Q3_`2[
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
VERSION.dll
VerQueryValueW
WINMM.dll
timeGetTime
COMCTL32.dll
ImageList_Remove
MPR.dll
WNetUseConnectionW
WININET.dll
FtpOpenFileW
PSAPI.DLL
GetProcessMemoryInfo
IPHLPAPI.DLL
IcmpSendEcho
USERENV.dll
LoadUserProfileW
UxTheme.dll
IsThemeActive
USER32.dll
GDI32.dll
LineTo
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
GetAce
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
CPO- 4v
mmmhhh
\./jf][K
"`b">o
ccc}===#
 WRLu~
0S"0Sm<5T/$
fCss3:;
(j`vvv
D"}uuu7#
hnnFWW
z#p90P
{;kWd{Y
	q{z>B~/
x|	'_9
Goo/L&
r,,,`zz
466bqq
4	8M-]T
m-z444$
'1Blbb"
MZXX@}}=ZZZ
:;;166
HYg	5"
$eXrmdN 
 1%I;4T(
NPKaDD*h
Ntuuq3
&;cYD 
uvvbtt
n8=A4l
hooGww7|>
?755aii	
C)+~+w
D	VHEP+
+n[]99
[v!,A_R
4:::8N
J6K`5BP<
.lsz0rm
cpD)4n
 Z*[!#
1i2#"Tb
q,,,`l
pF/F|w
s|D<e||
.\H2FRn$|
36&kI1
,OW&Nc
1tma	2
jttt`dd
!LNNbS
FFF099
912Rlhh
CWOC&I
py!Qh9
z*Rs $
ccc}===#k9~
BZH"p=
w(e$FQ
CCChoo
}}}I!}{{;h
Vtttpy
WY  ]~
FFF8f y
R6$H,&
o7[mNe&
Tc`ttt
Ht	WM~lo
kj("+V4
yM6jRQ
lin=Q-
%tEXtdate:create
2012-11-20T09:04:43-06:00
%tEXtdate:modify
2012-11-20T08:59:53-06:00
:::DBDFYK=/
zWnF8)
&@2$}}`E
Z[\l>70[mU;
uU$~cH
[[[olll}
bbbx%%%F
ddd})))J
ddd})))J
eee})))J
RRR^???
uT&]I5
79:PB6*
RRPl~xq
rR[|bG
mNifL3
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
	<!-- Identify the application security requirements. -->
	<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
		<security>
			<requestedPrivileges>
				<requestedExecutionLevel
 					level="highestAvailable"
					uiAccess="false"
				/>
			</requestedPrivileges>
		</security>
	</trustInfo>
	<!-- Identify the application dependencies. -->
	<dependency>
		<dependentAssembly>
			<assemblyIdentity
				type="win32"
				name="Microsoft.Windows.Common-Controls"
				version="6.0.0.0"
				language="*"
				processorArchitecture="*"
				publicKeyToken="6595b64144ccf1df"
		</dependentAssembly>
	</dependency>
	<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
		<application>
			<!--The ID below indicates application support for Windows Vista -->
			<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
			<!--The ID below indicates application support for Windows 7 -->
			<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
			<!--The ID below indicates application support for Windows 8 -->
			<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
			<!--The ID below indicates application support for Windows 8.1 -->
			<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
			<!--The ID below indicates application support for Windows 10 -->
			<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
		</application>
	</compatibility>
</assembly>