Sample details: 94a8091ee81341e360030d16524ddc78 --

Hashes
MD5: 94a8091ee81341e360030d16524ddc78
SHA1: c0ff332ecb3cabfbe88c36b96043a82ccc255bb2
SHA256: 38e0024e26caf807ba00a9966070347eed3c334a9de1a764f061a015efd29347
SSDEEP: 768:/ZL5jeeDoqEZ74Xug7UnZxfHrQQ0o7DLO:/ZNjeD74b0Zx8Q0CO
Details
File Type: MS-DOS
Added: 2018-06-22 22:24:46
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
RhN}=g.
-ng0]We
IMaG\]Bk2
hU?:J1;
f4v8\Y
ze98_N
Ts7xK,j
/QB<joK
(l5!b_
8T2h.6L
{<'9t/c~	
[6?!Zx
RF2|#5
1I+67^
_?]F7K
'Ghp_{
9UU8Y'
X\,	*P@x
m0`P"	%
"tS{%.
 roY:d)
!<:)%tw
x8PBZs
c);_ok
a_:uK	
J[,eb#
gc|lTaj
T+$TA5
H >}/A
6&yl3G
m	umOI
{ZoOXo
ES^|7V=
G>R;=`M!
1u	q)@|
O`uPk;
8"2d&h
NLO[ap%
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
MSVCRT.dll
COMCTL32.DLL
InitCommonControls
USER32.DLL
IsChild
GDI32.DLL
BitBlt
OLE32.DLL
CoInitialize
SHELL32.DLL
ShellExecuteExA
WINMM.DLL
timeEndPeriod
SHLWAPI.DLL
PathQuoteSpacesA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="X86"
    name="CompanyName.ProductName.YourApp"
    type="win32" />
  <description></description>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        processorArchitecture="X86"
        publicKeyToken="6595b64144ccf1df"
        language="*" />
    </dependentAssembly>
  </dependency>
</assembly>