Sample details: 911c4ae779e7af73f21e1afdfeb951f1 --

Hashes
MD5: 911c4ae779e7af73f21e1afdfeb951f1
SHA1: bc95d722e615b2862ffbd745944ac1dafa189943
SHA256: 24a4530516dfca76a310740a3abeb76b546956d54144bf96d45cba853f9dc916
SSDEEP: 3072:CL+/LBsXVrFHziL+5rp2Ir3T99bnSp/C+9Bxfdt:CtXdF0AFFZSpK+vN3
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
tKOBrx$
wsjs6juQ
a<`4)E
^aDT	j
 zq.`[n
|)r`Nj
	)=]cFdr
B>D)?Y
u%qkle
<;z70PfQ
V8Fbh0
Um]5$d
?\u28G7
JhTNx)
CX^IG;x
E&1;tg
,O(e&wF
2ke^x!
JHQCrZ
|rA{.f{
^9i$Ot
W*q4w=_\
jRs@c(
B?1[kw
`*S8##
"4,2ay
!-jPCm
2uZ0`G
9<m1sz
ZwkW&miN
Eh]\5y
wz:3LH{
v]B3%o
w'N+0,
.y[*yK\
\!oXU#
!6g2CV
Wsz*	o
}zOjL;
c8l#9k
[HP>'(cgP.Q&EhSO
skC#{$
j"!	fPc
w9E"Ey
P	et[H
a*	" 6
b$Kw#?
 }-hhNlT;
@_-gNc
F&`,tg'
rp[J@1:
b[&Z]}u
e9>gU;
`3ZNQ8
UGlB9j
\iv{RX
&FD&8E/
W'$QLB
<nFT~!!U
CuJ%y?
L	;D:*
%2M)7)
}E0"'V
U5]Rgtw
Fcyg5I
t>P?9W
'DQ,s4P
(NwiW9
8iV~yd
_[.C>>
`Cg]'U;
Q%+bId
>|,g5Rv
a:g#"R
N#pKV.
H[a&X}lg
Z"H]FQ	|1
G^^E(	
d)dfVh
Iw_C0Ec
hAQI{h
,H$N +.
7'XB!8
UNXEoa
{JL#]!
o?> Rq?
W"kX	"GW|I
&|/	*7<i
dSZyF(
>:?@oL>
~h W5+b
OpCj}1
wwIlSE
jRtbF<
DTG'Yf
>yBz'N
y/d=H7_'
lw4#HQ
Y$7`)5
7wE-U"
&sb7V;6	
i)Pe	p
-nC(Ye
"2~ZWX
S"'\so
tKOBrx$
wsjs6juQ
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
tKOBrx$
wsjs6juQ
SetSetupOpen
SetSetupSave
CoRegCleanup
ComPlusMigrate
DowngradeAPL
clbcatq.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemA
CreateDesktopW
SetFocus
DispatchMessageA
GetClassLongA
FindWindowW
IsDialogMessageA
InsertMenuA
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineW
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileW
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexW
lstrcmp
kernel32.dll
50;0T0e0l0
1"1*181>1W1i1p1
2$212=2E2K2Q2j2{2
3 3(3/353D3J3P3i3z3
4#404;4C4I4U4a4i4y4
51575L5Y5e5m5s5
6#6<6L6R6\6r6x6
7)7:7F7P7i7z7
8)828?8L8X8`8l8r8
9)91979P9f9l9t9
:):5:@:F:R:\:u:
;';1;=;I;Q;^;j;w;
<-<3<?<L<X<`<x<
='=1=J=[=b=j=
>!>+>1>7>=>V>t>|>
?!?'?/?;?G?O?\?h?p?}?
0%0-030=0G0S0_0g0
1*1:1G1S1[1a1z1
2$202<2I2U2]2c2|2
3#303C3P3\3d3p3{3
4%4-434?4E4K4W4b4j4q4
5!5-555;5T5d5s5
6"6/6;6C6Q6W6]6g6
7#7<7L7T7a7l7t7
878G8M8e8u8
939C9M9e9
:*:2:?:K:_:h:u:{:
;);6;O;`;y;
<%<><S<Y<c<j<
=+=8=P=V=c=o=w=
>%>->4>L>d>t>|>
?%?+?4?A?M?U?_?e?k?w?
0)030=0F0_0q0
1*151N1_1g1q1w1
2%2A2L2R2_2j2t2{2
3 303?3L3X3e3m3w3
4)4B4U4[4e4t4
5&555;5A5G5`5q5{5
6.656;6H6N6[6g6v6
7#7;7H7S7^7w7
8'8-8:8F8N8T8m8}8
9!9*949>9J9V9a9k9x9
:(:0:=:J:U:]:g:
;&;.;:;@;R;X;c;l;x;
< <&<-<3<@<L<T<m<
=5=>=W=m=s=
>6>F>M>Z>f>v>
? ?*?0?=?I?X?q?
0)060?0J0W0c0m0v0
1*161>1W1l1r1x1
2%222>2H2a2r2|2
3!3*313J3_3f3m3u3
4+4;4T4e4k4t4
5)545>5E5^5t5z5
6,6<6I6U6]6g6o6|6
7'7-7;7H7U7a7i7
8%868=8V8f8
9$9?9E9^9n9
:%:,:E:V:o:
;!;);1;J;[;t;
<*<5<;<H<T<^<d<k<
= =,=8=@=G=M=T=a=m=x=~=
>#>)>6>A>K>a>m>u>{>
?#?-?3?>?D?\?l?r?
0$000I0Y0f0r0
1'1-131@1L1T1a1m1u1
2$202:2F2R2Z2`2g2
3)33393?3W3p3
4(4<4C4\4p4x4
5"5(5/5<5H5P5W5b5h5
6 676>6D6J6c6t6{6
7$7*777C7P7V7`7m7y7
8%8=8F8_8
9'979=9J9V9^9d9q9}9
:":.:A:S:d:j:p:}:
;(;0;:;S;e;q;};
<+<8<D<N<g<w<
=$=*=7=C=K=d=w=
>4>J>c>p>|>
?1?;?A?N?[?g?o?y?
0"0(0.0;0F0N0`0f0
1!131L1b1h1n1x1
2!2.2:2I2V2a2q2~2
2	3"383?3\3c3|3
4.444;4A4G4T4`4o4y4
5(545D5Q5]5e5r5~5
686I6O6^6d6p6|6
70767@7F7_7x7~7
8#8+818A8H8S8`8k8s8|8
9$9.9G9W9p9
:!:+:;:B:O:[:c:i:
;+;7;D;J;c;t;
<'</<;<G<Q<W<^<i<
=%=,=4=>=H=`=v=
>#><>M>S>Z>`>j>
?)?9???G?M?^?h?o?y?
0%0+0D0\0b0o0{0
1 1.1;1G1O1Z1`1m1y1
2&2/2H2Y2g2
3/3B3H3N3Z3f3n3u3{3
494C4M4\4i4u4}4
545E5Q5]5m5
6!6)6/656;6T6d6r6|6
7%7+7?7I7V7b7o7w7
8"8(858@8H8S8Y8f8r8|8
9!979=9D9M9f9v9
:0:@:Y:w:
;5;C;U;m;
<&<3<><W<^<d<}<
=$=+=4=M=^=h=y=
>*>5>M>^>d>n>z>
?5?F?S?_?g?t?
0%0+080D0L0R0\0u0
1)1B1T1^1d1q1}1
2#2.2:2D2L2h2o2u2~2
3/353N3^3h3
4-434@4L4T4^4n4x4
535L5b5h5
6+6<6C6\6m6
7.747D7M7]7c7p7|7
868F8_8p8y8
9$929K9[9s9
:#:):A:Q:]:i:q:z:
;!;);/;<;H;X;^;j;v;
<"<;<K<d<u<
= =-=9=A=K=V=\=e=r=~=
>'>->F>V>r>
?!?0?6?O?`?j?w?
0&020F0L0Y0d0l0v0
1#1+121>1J1W1]1d1u1
2-2>2J2V2a2g2m2s2
3,353C3L3X3d3l3r3z3
4"4(454@4M4S4l4|4
5%525>5F5W5c5o5w5
616A6G6M6U6b6m6
757;7B7O7[7e7q7}7
8 8/8<8G8Q8W8p8
9/9F9^9t9z9
:#:3:::V:]:c:i:p:
; ;-;9;A;G;M;S;_;k;s;
<!<)<B<Y<_<j<v<|<
=	="=2=<=F=O=h=z=
> >8>I>b>y>
?!?9?J?P?h?y?
0 0'040?0O0U0b0n0
1)1/151I1V1b1l1r1x1
2$2=2M2Z2b2l2x2
3-3:3F3N3Y3a3k3q3}3
434F4^4n4t4z4
5+5<5U5p5v5|5
6)696@6M6Y6a6g6
7%7;7A7G7T7_7g7m7u7
8!8)8B8T8m8
9%969<9I9U9]9c9|9
:+:3:@:L:T:m:
;#;*;0;I;Y;_;x;
<%<+<8<C<K<Z<s<
=(=4=C=P=\=h=
>%>->E>U>^>j>v>
>	?"?0?I?_?i?
0)0/070=0L0Y0e0m0y0
1"1/1:1B1H1S1l1}1
2-292E2U2c2t2{2
3+373A3K3X3d3s3y3
4!4,444G4M4U4n4~4
5"5(5-545?5I5O5^5d5j5s5}5
6$626<6G6S6e6k6q6w6}6
7 7&7/757>7E7K7U7c7
9#9-939<9B9M9U9[9b9x9
l1tyhnmiopkmnyunbgtybvc
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
stnhmyjzjt
xcyvxoxvbojuibvl