Sample details: a1edd8da1ae8bcfe41b0ce1b342344d9 --

Hashes
MD5: a1edd8da1ae8bcfe41b0ce1b342344d9
SHA1: afb3a2c1386c5cc68bd747027066c22a94d3feca
SHA256: fe385297f7b540e6f59f64d59503c8005f6580d0f53657728c9adc7922f0858b
SSDEEP: 6144:QP0hrxDuSzUjvJjBB1CyaAYC9atrpLQYDJ6ecUhzYMOg0BDiiag7N5u0L+Gf7D9r:bNxCOUjvRBznqC8jdV4EuNsWrBr
Details
File Type: MS-DOS
Added: 2019-05-22 02:21:05
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://103.248.103.108:6325/SQLAGENTSOM.exe
Strings
		MZ25519
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12%
iEuiJOs
_PZ]%\N
/SbsL-
L2au#5
tp:*@DN;
a&e';OLr
*|vSnh
=f.@#w]
J^?s47
EB]/?O	
(-8DSb
5;8V&k
=u8Mk;
.pYnO-#
;d+!=}:
M/PAEx
Y]Jo" zG
@-h<WI
]GK7IYZ
_7<	`LX
yG6"h~
2*(Ce1
-:d?%!
3H5Gk<
FL]8gT/
@+9B>7
2F(c6h
$]f/$@
XB#$Nx
`	YA"2*.
T!}If;m
g	xps/]
W<[5sb
46Y/gG
1rN!|Qp
E*^2k?$
6spzBD
}-1	0(S
OIz[!+`
_tU[`K
H	LUbk
1E$(46z
	:Hr}J
)wQw{`
YN]u7V
''HIQ1
~MTDq_
w'A(Yja
ut,uD0J
-(c&:l-,
I[r*W-h
$cp#}@7
/Wpx/`<
9Nw?wX
pS$#l/
3nOa~u#=
b:;%Xf
bU gFA[:
L2_KSwV
V@{+0uMD
M"s7K8?*x
8j~X2D
6?BDMt
F0[x|p<
Lz@GBo
h_C*|@
xAGV1P
|h(\	a
lA[#xP
.M>%gH
d9o)d	
ns:AE[{[
A^a2Pb
5r&>+B
Mo$";rTA
	q ~}|\
AG6Sv~
/\o	|^N
%RW35x
${~7 d
7PW1hhI
Fu?sKB6
PC>]%D
0kFav	
NVdetv);
.(7N9I\
 #Z4VB
PU&1P.f
"NdOY2
gTI!ul[
)'03 `
VE	&ft
jsTOT,
v08pcr
s:Zv.2
2Ciq}qL`%"
;S{V)V%-?IWO
o:iU`k
m>P>DCJ
xDij]Z
r`VK/~
T|S;DO
11cA<[
j&e[-V
@]1h7E
$*&wtbTe
!_${b]
L"rffw;x
~(xD,w
F.=DnY[
Pj,Mov
{qGdkX
xD,!,t
IQJ!a&y
uJAIX8
UtzS;"
wbcm6[
Rnl_kB
^f,R\f
\0'8@&9
jKesEtuHc
)`wVBPw
JpE?GgW~
bQfu& g
IB/>V^
Moa2P?Jz
!"G??\
r5eBv	B
*)B1+z
_NI(c9RX8
|3|O(`R
c&4=^g
3o",v:;
GSS6Uxy
g{hy=%m
%YdzTx
pI-->h+
J_R2^?
zq9/l.
RJmoqh)q\
 (-YN>
 >TJIC_xF
?$C&Y%
&>gZYr
t51E3y
 g^2M\
kh5%';
.s=/8Lg
,OBsm)
g>:ifG
|9[<`"
V>O83U+
A+M`7ab
*#OA{z)D_T"
(EdB&r|
eVNQ+oQ_!K
p"+u	P
`T@9w5o
H5GF`&
HA"}wPcd
@J"vge
O)!v/L
!V.0HGoZ
0etdih
]eWp&'
`W0Rdn
Mh|eRVu
Jzg8Vb
~r\JqK
R=uwc'S
JVE&R~~T~
2y7:g`n
!#(DZZ
]CgP"zyz[c
&_uA	V
+\NOh7C
:G(B=k&#
LeS**1(
Da/U~WT
nK%{77
TIu&1G
D^{e	Xm
*'6lS<
>f,S	:
WQG~Fg
/A	:E}
crKZi)'
u2c#e@
 eb&sd
FNTX_p
[<f	v1[tS?
2Nl5ws
qi'RUA	:
c-IY:m
Y-N<L`
6Nt5,T
5<`Oiys@
;oi"r	K0
w0)C)w
@%4F$;
BR	%oyl
WPN;UC<
jpbpKs7
WOGqlmt
oCy%fa
Xo}O&o
wHO)_!b
9uA\tq
2iF\rZ
;+]0c)b*
3E 3CC
bc6Doubs3
oZAUO 
X5VFl.
\C8;q?
,1DL}*W(
uF+>8B
Xn	{Rh
M+^4;P
KMC:yc
7{k;'U
-9I(].
*%841r09
k+cA"!
+h*$9>,
2ZM*?=
@}opcq
z\( %98
Lu%IYQ
g$5Oy![,
v;aq>b
ht!6QW
4u%2Q2e
3L{m_go
5]DC8-
ZR~[^T)
Jq2<,g
4dd\<zi
,<|KXe
yofwfH
1QL^S"
Fh7!>jx
JvkRg*&>
ozTBZ4
~ACs3v
R&Uw?+
7|XEw]g
\L?6/k
Y@m4|q
Y60(\J
Q&Em'&
"]A~ojL
6G3`B1
0#Yd?-%
>]/G&1'
-unwt2
$h	 vt
ue}MI}
FWTctjg
(/(j-#
"!Nw|'r"
$N9^>%
dV0"!T*
Y!>d*G
nIB GR
?$RT^7
"EJa'bv
`OAlqQF0
#&-I'sM
lJl^ix[
}{@h(L
FZ 8dQ
(TI_qM
$32E_-
]Lg&CW<
n1Pi&V?
AoCq('
E}c9D|
+rH{n{
Cz6v'mzB
JNTRx;
2<Y/]ddp!
E#^Gi#!
.8Ar7r
l_}\6u
~a1ORf!/:sGE
Q'e@31S
x'>w?N
BNT5)I
='#Y=M,
kcpR"j
P)&cdTt
{?PErp
jrc|r]0
ZP=Son
7u-UV>0=
%e'_72
uvZ4'^n
]bNCZf
v0PJ,v
VwK't8
8tmlS.
Kf4w!G
}WfB;.
ATG on
4QvMU9
?|2Z'OV
eSCc&O0);
Kj-40@
i5A?[&
skqMU2
o0x)tj
G(@A~)
lS1*5Z
EM3kA366
LA)9Le
'SD5iJ
R_\Z,5
Q6geF!
5D_AN>s
pG#26123
	8 E=A
tDtl>A.z
v|r&.1
'Z_ue#(
H@jmEQ
*#8D`r
hn27'U
;/:"fk
=g9?%Z
yw&735Q
	~P`4x
2Y'AF?)
F|abx^
Y0P/ZmNp
n<rdMq
)m&o;	3
mqq.5I+
5Zi9Mv
b[~GmO
ZoKwa`
|,LFG@
TTCRNG=
{x$&J'
$1VyK3
QJ9a2k
x)LMiY
/S0<VZ
,lR2bIJ
j,DT\u
#)DXQ&^
c4|cEy
#k[wn)
m	ow5:
Zs|*k4m
XoY)+7&
;||I3R
_.Wa+]l
ZeqP(<d
rJe0j|
ksxT"F
+?]py<
!Vo{o4
MDjS&6
x&wHW6R
oA`Y_%
Y,[(KJ
iMD+pOe"
;U-qyw
0:0h"\8*
#R.Ex&
ScC6i	
")CT=<
LdD4\,
Mh&O#=
8,}JUm
Ky0hv4Y[
N_6df)
	^/DAHk
j1j~CY
nWC/4S
Y8wF@t
&=XC;C
f/Zxi9S
qP3U|Z6r~D
){`xFXM~
>~U.NM
U}"cBi
XPf47f
pIR!8D<
	)6Djt8$y"
MPtQyU
k7pL@k
rgg*9n_
hX$mx3@
}T $1z
We"vQ8
EScmiTq
2z_\$p4
o$_$J5C
hS[vhcHb
TU[e7*
4:(39x
Px2We3f
Q '~Bs
H= T':vM
wXlQ+^
AUq5FS
p>\y0	
w$Rgwz
Xj;+w[b
[	k]aW
QJHKat$
17;;	_
$L\>oK
qV>}.(v
?i'6F"D,L
#	sjjY
3}GfM2'Ds
Jc='pF
MnYi@4
`Ze1wUd}
/WLb`d
Vr84FI
KEo3JbIW
v4!#N(V
PfhcES
3'v;{.,
$Uo[(.P
i JfV!
B Md$m
*"NT(q
c$QV.::~ 
?LtfA=
7;D@zyx
OBRlD%>
_u9%tx
T'"v6[#
hLF?=E
*	ZWNt
yKr)3qx
s	Bwq)2
o(zj.t
rh+86<
J74	quf
`*U^NK*F
[?fI?B
cnY&ix!
[w{crx<
LnW;#<
w=4^Nb
~ l ?s
#:ng}f
koQVIz
m"y8a<
K3lHl6
f&6x}wS
`_XjI6e
[Q8>P<
;PW>`bM
o"/1{O
f28z}9
:>^LO"G
DbddvU/*W
8+`GD!q
AG65,~
E fusg.
WTN)o!
HD,Uoz#
5JM9qKhO
.69H!k
o#V?F>$
aXu>!M
6oB" 89
K+l+8X
MO<jT=
W]/3kyi
s0||r#
urUO7>t
(OJ,m_
?YdZ>YI][
[/eBY2
KXkN]o
Vsy;03>
;Q~>#&r
\&kQ3}
	C`RXxMx
H6xK],!
gs|Ckz
xW#vJi
{}oI&|
Aj?2ck7
St6D(Hs
'yaYIg
+}J!^g
4r>Yyds
6}G[6^
xu)$Ho
U7@5:d
r!xr}IE
91()6J
 ^%e$]
 ,88)	
twjDa_
XeVwF1
e3Hb'7
D<2vE2
DV)|'0?
8Jx"kN
?X=u8I"J
iK6wl<
n7^mB%
&S[/TQt
<kcFFE
:wCD+R_Wt
)bV/^ 
-bPHmg
|8f]Yp
!8r_>tL}
p!dd?>+jwu
B0~V;U:
x/g5X,
-zjC%A%
z$}ynv>
ihWlTL
fOVAzd
Fo])H)
S_VgeGlPj
0Wa^2%:
}JJ@{R
C.W/c$
<;;=1)
tj>y\u
qL/V\Z
0H">:#%I
:4?S)r
$bB(B@
v.xJ,_
]I,^9p
pQ&5	&
$yKT,wo
oEA9 $
p:]9B9h
(]@9OL:5
L$lRVQ
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
    </dependentAssembly>
  </dependency>
</assembly>