Sample details: 9d7f3aa80b9ca18ca5c4065d11601250 --

Hashes
MD5: 9d7f3aa80b9ca18ca5c4065d11601250
SHA1: f87b6436ac26e162267423cb78215db30afd70dc
SHA256: ded766325ef2ea92b49776c19467d5dc08ac56da0a093783340e9b3ce485c56c
SSDEEP: 12288:MgrTMn061M36RUOTvpwenFSc+KgZwtEHU9TqgP8xmhVzG/Qb:MK96xlpnFSydGUTqgPwmq/O
Details
File Type: MS-DOS
Added: 2019-06-20 00:29:11
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://vilamax.home.pl/a/klzb.pif
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
Z4~%7aWI
CA`]jT
A&/T<y
v6&TSH
>}Q	t_
P_ fFb
Bml!(Z.
l0S_9L
	EJ(F+
	% z[M
$VS".z
KdR`@]
	ki--U
wZ^IK!
8f.mZd
Igle$F
h%fK@l6
ySm?:tf
6 A=#b
a+)~DM
q{v~g4|
?RR@;+
DlkTs+
S#a|I{
]ZPk`<r
+QyGad
EU/9zj
	P1&adk
	1NIZ0
TNZL\3v
P|W5JF
FhN!:{
!axLMG5nt
gjw6K4
\c:}\{
,"@AvE
B--o>g
S?\+_P%
$[X;f)
xbB;zcx
P)N(L+
jLXsZv
@tX*T-
&.Kf/Or
""wFHm
msNeC\M1
`vE8){`f
.A'+x-H
5/X^5?
Nj)&hq
+c ?O!
D|9#-_
Fm|t93?
`qRVSr
RT_!Dm
GxeR_b
Jw|k|_
A=}jhB
qs|\#F\
z RynM$
}8(S0k
KTC'V"
\i2?8,
&_CP{r
@.-V,h1
"u~cxq
d+8 }Z
UhF+-%
EuvxVS
@t},.@
B NMro
Tec,!.
#*kJk.H
!Cj4Q}
 MLfs*
M-ei38
;:?!Zqc6x
R`'_rEM
Qju'lA
kR5%4>2n
m56/?0
p+:i(u
MS1St\K#&ks
$qENAZ
CsQKQ7A
Sj_&+=
0_[T1B
TnDoB3F
1C23 		
k'+gX5
-)FQUc
B{,.iD8
R0_]&t	
|RVVFbi
$WU5s,3
jdf(~\{
8NHe!f{
j8(5z1
6T?:Jg
E><T}%i[,
Cpnin!
^?)+c{
Es]xd"
B[8Y%0
}x~>($
Flq%4Z
Jkdl.uO.
>"<;jM;
&PQ ]Z
-PduZa
yU}Dhb~
@Kj|o5
x}/~%yN
lw5@`qx>1
|P}$2Oa\
$%o>n[2
+fWKZV
.RR#j#
R#5k&S
MJqN[7
~%wX+Q
!*YkPB
5qzZf[+
z!>oiT
J_7a,R;
Bbl=GS)eV
G`{M#Iq	
B:c!x^
hS/pa3l
J:myr|VzP
{hK.iR
Gg*e{-E9
Tz->tB
n0vO&:"H
\1@) 8
cy(;A@D9
gr<ugY$|
\"~D}e
gm+E	.
@!E<,8
9h#l:3
SzJ*O/
54s%9m
i"`b0e6>
GPoG\A
NJ%j9~
\ehXrY
|4F,YR
?ij&0@L:4
$$jU53
B^{@>|
9!W>gp=M
H5	\VS
\yr6)|
Z"MK7H
6 ]8r<P
%g<V,1n
&S!J+'
V@5Ye!SzE
m=^*Ht
WZiTb@
"l[Q5{
 AFcoc&
8G8I<f*@
9Y&Wv^
 $#gY.
~SNljg
vgMwNd
/kftpY
b}_CAY?B
`In&9A
jv9x\q
Cvnxpv
%]+1G 
o="^xN
{[olQo
Zbuf>5
Gt8nwA
E+HGAp
,MqU	5
Mx|Ux>n
=!Anx%|
ALG+>2
s'(s"!
cv2rBc
H/`ctXg
WH.g@\
]2P}Z/
k 1NIG9
a[,6@8B
Wdi)M 
'/`"{$n
FCm;8f
>\~L`H9b
dj5-LT
RXeW[5;
SKVCgyI
}hF3]1
{8;i[%c
TGu*P>
z/"/o1
3 -P']c
4T/&-6
giC%M`
UE\P:m=
mZLk"I
e>[GS{@
/3Gw]}
TH}T(*
X %VI:
]X=:ac$
y]eEB)y
>KSWGf
	s0(00
x[ON2<
y]2od!A
GNIux.
-|Hh8R
R$lZ9Az{
}&.cjx
m%&m`,
ts<&dlP
s9wm?:
?_ePl|
]"Gjn'
+%2QlI
Uf6)eWV/
{dH8YB
1[WD1]
@l56JWc
;DA*&J
<EgceT
ErSg?3(6
7b})o&`
?&Rhx`
3-{FBAU3
{0?`5eyg
D78^qj
u)3w_@I
:I}VoQ
:p64m1M
_2n'eN
d5KP-@
ZBKkQ#
Nd]Bx 
?]8:$b}}
glW7eu
z?R> {
Stva4^<
q7}Ng]
phUXtkH
jm&8	C
A{-3&8_
sF}2I 
P:mhy1
~=T@+(
rJV{9[
`u3)E/
gvi#:9
0Lg8D3
x_^P08
ZFw??t
l(0Em>
IW[k.,
MY69Vq
9/{gX>}2
Sd^'+}
Y*;f}&
;Izcd(u]
Tq;S`W
.dlZ& z
kU5d7A
v{84|~3
J/[/bj
Uxz1%X
Yx9<Yz6B
8CS,o:j.
+f>m|\,
z{YnrP
Hab6,P#Q}
KT{O6,
7L2(A7d
8WTpgE
dhcQ}j
e3wB,q
qLe"hr
biHZ!{
&1?jvX
QYJ ;b
V;_+]Pq
TgCesy
}>NjN4
'HZEFz7B
`z]< b
w_C'8?
<o[VTT
&kz">C{~
QUuYwD
%b%Td5
h/umTo
ObF#!u
A%lRLZ
nF;(p;G
L;*CzQ
entkv,
,b5]4/R
N($G=>
y c7<^
^z%i;yN
/J|?M2
^}9D~0i
?	{no!
-,_c ~]~B
{Z}YY"p
!1yI9:P
oB:M|F(
 zS&ba
]k8*L.9
Zn6`ZU=>
yx$lJ2@
*\$kkEs@
9=0T~3
ZQaJ{:&xy
>ve+72}!by
j}lPTgor/
wDf4%B
41&3f2D`
TO NXf:\
?W#Na^
4a[(?0
-74p\@
\8PS?)
*'m@kn
x=-l@x
)heL$x
}y[:#v7
AY\l,A
Lq{oE'
$rOL]j
*])#Ly
G!u7yk
Afo1_b/
G%'aY.
{lcL:mbi
' X;Td'
PE'r%2
s4?L$bu
y)kkfe
Jw Wd!
Wa|6;?
ggH`P{w
%w6/56C
^	lX}l
fc{fG 
\s^<;~$+
VQ>wtNb
bR;!C=
o^r,[[
Q="Say1
mz}JV^
B4{Ou-
/LtNG/
9R,*v!
$`*>>*
cXbU&e
k@YE`|
"{j#gR
?i)Yd=
NXVwO,
W<0bI$
2;?CGT
+Ryg8E
t:BAS7
0EN'o/
!(>O49
@]U4#}
Slmr;I!
AzA%v)
6)cnIz
VUr~o-[
&hgY/ 
k):LP	V
v3IIha
`@}sDp
8}t,a"D
t-O6%|
JEfLtQ
YA+J0!9
7=wu"R
{u^.(0
$'( ni
[bb;&p
TUkC,Y
wA]?rG_
?a?ly2
.Yj?S+b~F
3J-Wl=
Btujx{
!xy/!P
kP7_Gl$
!FC:F5
gF:\,R
>3$_&0
tY/v-Oc7]
Mww+zY
D.gMUU
o{FP"AmKzB
r^EqI7Bn
R7k'@S
Uev1;Ju
1_#dH|
d[+Ds9|Cb
v}\rls
.~kjW5
"Ph+"y
<c(oH)^
98,0g7
&dr]0j
	0&s#p
N~Q"mU
hsoj4z|
0L;5P{8
)|ecxXA
lm#=)M
))DkU4^p
r2aLfj
9jmqPN>
QoXh);.
%o@|cZ
88$lr(
,f:Az)
=KQb:a2
]"ET	2
TfOS};
[o}&0):
=,NLI<
7Ql,/9H
sHub9b
(|=O\)
1v{co{
Mp9i~mBkq
EY>Icd
=q6yws
Y7Y7#o
<(_~&pd
*,NT"B
w^L<]%p*
pz.`u}
v2hVr(
60GJSw
AB?w?+ 
W_+>Gc
B&J\7O
<z@wSS
r`?;l=
~B<{FR
'9^ J.
)CN	iaX
CqsCK:
nE_{9J
_Jz/\&
hv$*oz
Vc9mwPw90n
)Ghu_4g
{%kWX6
$upA^f
.(Ctsv
OTxQ`ML
KmGO2!
^7c_Nhu
R5ec~(
x"N4R1
/I9<8Q
G3\b;ao
'*xLl)
J[)?[8
JnoB6!r
$|D;r.
"l/h@Ra
.(*,e	
E@1X\0
Z?i;!R
_ T-\S
& [OnD+
b4hiz#
j;?Fs5^
O>XERI
mW'"$2
.ubM_B
{T8	-[
.7@sV(
)6:yW@
7H	vKQ}5
sG'o#]
U|le,RZ
pmFft)
>V	tq~
`?mlZU
k^xs]~
nI&2nNwH/
\tD=@K@
U:?^J:
JC|l =7;
#*n W2
@1Oi*e_F
9"Pxb82
BGa){e
z|-jibtty
Gl) !J`
Bkz@5r
U[JeVU
 7%*Lvg-
:8aNF/
MV8R)f
pq;P-O'
i"#Vj|i1f
)f|vRkAG
Ka2fdo
c=_69	
GNfwv 
Y4&In7v
eFTNsq
acp>&5+
pen5*WJ
MVuq&h
No5	np
V4)vqR
	XJ1EF
~}u=nf
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
"""""/
a~J%w1& 
7qFnby
+1/M7xz`
	w WAb
[\*DZ5
/	zz4 
g"nG_#
5m`ujpbx
bB%//5*d
gM`	_Om
PF]9x."d
peC)kMg
o</_0>
4a W^Mg
0#pb;j
oO|/|D
yzex_A<D
N^RKynZ
ePnVhHM
W_{u|Q
-wmo ~
<m_r{8On
LD1jN	
@W6$9#
8^mhh%
Dzj`*T]R
|_C&ej>M
000{{s7041%2
q715s7
73777377:
3w3w7737{
7777;{z
sss{ssz
79sw{s
qsw77878877
779w77
yssSSS
s73S535
qwyw{w
71s;w3
779{s773
57ssqqqq
]lvWuVeeFdl
YrK[64
B6AxWq
PD4cyI
yE&-u3
?(!0qZ
fv^ CyE
e9nTVH+K`e
u7ucu[%
-kYLwS
mUJ+1x
^-JYz!
|Xv+yM
&a0-wV,
@\_yAZ
)^a7E@
&O!2 Uw
IDAT[P;m
N+mB|9^
gO[}XZ
L,U7o=x
rrTjb)
N{,5M|M
"]t7{p
2BCpG!
 KN*i7BC
!&G/S+
fmy'8&4
T;585r
u%I|CE
ZGs0DE
#}v\ct
-RP-O|A
N~4VO6q
'|7=6]
={BLK 8
O;9?>JxCB
UK26_E
$S+X6O~M
Se$!Og
98D}c+
.Eb,nRs
vRnV^b8
v+`]]/
pu909s
QI0\]2$s
.4M#onP-X
ue.^YG
g)YL|'E
dWwC:^8
^X~=AP
"IIa|t
L2#15{
193A,"
Yr:N`m
@6P!vm
WUHi"sM
X:Nu%P
`,/R2,.6asJ
15SBLB
TlLG@v
$ek5+-
1*Q6|<
PBbqNg
$L'HZ%"	
Kgyho?
[WnVr=
H?yEaZ^
IVyho?
^69Vn1i
"RMx$C
RSqqww}
;;!6==422%%$
#%2,,=cc==,;4,o
?22fd6??c=;6c;^|
[[fpbc
peb[?bf
___jll
>__jlll
nll___
>>_hll
nlkh_]>
>]_hllkllnll
ngdaka]]99
>@hahkklllnn
gdZ9Z9]9997
79aakaadkllgdZ9999995755
Cimmmmmm
nkihiCiCCCCCC@
XJEEE///
#,-JM)4$7
MRRNONQ,MM`
6FY[]]]
~]\WF0
6WWYY]]]]SHFE0/.
.ETTWY\SG//..''&
:6;<<$6O
=SQqWP>Sp
I]y~y~
'@IklnotwmG@
&AGLLlkkLG8"
"ABBLL?5!! 
IJ@"/#a
nechdUuvK`
*=Yhwtra
j*8A[^^\\m
Pj.>BY]]_Zm
-579:7,m
nMRRTNL<;m
G4!>"F
]ug#fOB
pnaM.?
PE9Y g
pCc2vX
NT&&^/
>xEmg6
s[g'0R
0!^[;7ND
)k?^D!Q
^#Je`B
dbLEP&
>$J{	n
	c&@n7lw
CO1L>8
e9qeN9
 o_fDhm
T|MB3L
T1R=c0
Hn&f~*
PhKDts
	lY/@qS
IDATr^
.}Fd!2
Gv#.IV$
0.]	w4
q%#HFj
bAN)(<
M+,cyvT
%myNKe
1`\`;<
#}|/G&S
$h7}!vl
#<\7K&]"
MlHgS(aKyFG
npxh"[
'i:JZn
BZ2Q#1
IPqBb:
~	O$7`/
nl) )mi
^atD,l
.DM*K_
]%AjId
6qPt"M
[7)fSd
B!]b{g
n-.048
93;M*7
331K-h
w\_&C\l
T	nU0q@
'8!Osk
84v KDB
<]c89y
IUosfy
>7ECsS
^6I/41
  ;(J-
KX\L&qy<
7xl<oo
;FiW+d
hhm^83
GX/^b55K~
;e@e#4
kXBBRMJmA
7dlaaX
P\e*Sf5
l5($UZv
o "eEv
u>vW?Q
9}2E,*
BX-QvC
G~%xeQ6
KMWYJ5
3S`%W%
F\n2])
<}<Oc%
x=nzBn"
y_/n[C
HHbyI )*n
sa6EYk
GX/^DV
RUf8.(
l"'LdK&Wi
fQXk!$
ae%A&m
	jZ SH
4VR^^n
,@u%a!
04:10-
Zk	5/Fj
2@kb%82Q
f=9'6_
K;t"w\
BMJ	2jW
Y]\	>BA
(((,???c???k???k???k???k???k???sV
???y???s???n???l???k???k???k???k???k???k???k???k???k???k???k???k???j
sss!TTTLUUUNWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWOWWWPVWWSGHHYNkb
???eNOOPTTTOWWWOWWWOUUUORRRN777)[[[
$'&	<==
M*B:}:
# r,0.
#SD*+_P}
\\\)UUU.ZZZ.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.[[[.ZZZ0MNN4-<7L8iY
&92t8:93QRQ.YYY.[[[.TTT.LLL-DDD
.!rU^[
tttnsutpq
npo|tttruuupuuuptttprrrp!!!
FFF3O_Y\[
IYUhNNNMOOOKOOOK<<<6
lll.xxxCxxxCwxxCg
^ieX^^^0
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>