Sample details: a4364a106e8c291bb012a67bb746ff84 --

Hashes
MD5: a4364a106e8c291bb012a67bb746ff84
SHA1: c02c24cce5a7acd9404d9d407802ef3ea03d1bcd
SHA256: df1aba657f102960129d592405c1ba3d7e45906634a919481061c4ac75f84d85
SSDEEP: 3072:LLjUOv4+UHIhaHeIl1Wf0Q6P3Ohzn56Zv+WVcknMDSoaulq6e76ZdEYzlCD1:f5/7haHex8PP3KznA+WPnMxaD6e76ZZU
Details
File Type: MS-DOS
Added: 2018-11-16 17:12:20
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_dns | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRES87
v2.17f
Jev@Gq
=qx{tb
_2?gD~
!|aphc
+\_VcF
I|]LG=
&B4*9"
 ??=|bx
381TnLD8
'vu {HA
:4}Jyx=f&\sT
|S|8+a
WCFlI`>
xndSPe
{2J<!`
dyB>Lb
)&gN4a
e,@52e
-lXzLP
>=)3Dh
b{KBrt&
heP%8_
C@7Pv&
(<1Z+E-
Xv	YY[
\-6UVw
\	7LI0
:bg6lw
=!-FMH
d	>wu)
PDHSE[
\gJ+CU
z:oX	wtzR
\X@H)t
5ZJ	j-
 |`*cf
aRk7MU
"w-fIAD
mu87zA
P;:P4%
",|M2Y
^Zc)Fr
R#}F'o.
&9vT0P'
{ENx!N
 )y;V&
qx@c68H
}l9a=k
W<%bA	1*
t(Flz0
ix;7kp
3E{kJY
NW:xG|t
-:\K,e
6eIL70
{`l2;J
@&}]$/-
>;P'EF2J
}byH=5
u23/@1
r$QCk*&Q
-VVJD9
$Pd3?v
Z#M^hO
o!{sEV0
S@Oj]6
0fCwO	>EbCt
A,uAS[
$Yq^49
%:hYJzSm#
	ci(/vW
Xd='&>p
5,6X)B
,'Fg@TN\
N0M6I~
,P{92jQ'
=K^C:{.
pAU%?m^v%
u1c~siDd
<WA*kGpJ
iB{kQh
r'u ]p
2B)K	8u
U?'%7*
NK7;oA
~MQFqJ
A[5w97
41(~[w
ty,#W>
tP'nXy0]
p\/gA5
S	`tn 
F/adGH
!jybc7
0J04nF
{0s3c]t
V39/Y@
Z2eu07
2@5Wu]B~:4J_ph
[Z.jx.
Ao |S8w
IQ,\f^
20YABq
hLwq;2
VvF /"D
f2b(fl
j#r y!
gTFApWn`a
ELv?Y~
b!+2#~
U{wE(j
uTn!:#
c}^3n 
Ch'o@NV
_}My5l
sXj"k5V4C
E\Af{ 
~3>Iv{
qrbo*/
(^Bjn=x,
b'hr(%
Uk$ ex
J`"i@=
;3e'gs
YB%^aB
,zb_e	p
*'cLPF
GMR|9XL
.V!6i 
6FhEL,TU
U4VKv_@
aVn9y-
rTfT=.
uz(:Gcu
Z|\g*3&$Q
YS}<r{
GD^(Yn
6OR"e.
oTw*3HXq(
:yl((@
!P[.hdo|I
+H#+f6
xrCp-S
D8pd;q
rti1<{
If ;W,
oIx{21
@wba+lv
8bO1u{%
z1o"^+
3#&ZW=
Ak/EjN
G,DQ~Y
~|{hP	
4V13r`
rQVQc1
<G`ZZF
e,y\L~
"61if]
(T<HY(0
k\1uX"=
~l$4<Z
:I!lSsM!
d)=l.r
`Vv\n.
\?V0+`
qOMir>d5
f].#^j
S":+~;
]A. &s
BHX(^)	
oO@pmI\
M\.)[g
<&I$yiW
g-j&e!x
#w6mfLa
yYLL2=
O}),<{
D'NsSi
6SLz<|
uhi<0FI
LseP3rz
H|DnF;
!Y&wmm
a(&#~2Q
(q]S`J
	oisqg
@yDw?'
I`2(95>g
VwV~~fV>U
b`'({`
TdF* L
Cw!1(2
u>a2R5F
*y"4,v
r$mDr@1x
Q([`07
"zy#(!
m)X^o	
7)zZIT
F2R\YH/
C"4]=#
ypZ-G~
5y\f	2
C'b]R"zE*
 q*/5K2?[
]?L2Lw
P>c%un.
[CA@sQ
>AJX_sb
0&Le$e	
I%u;%Xz
M]=<S3
ZauT93a
nG@;M&b
p-;RO<
aE(Pig
$EqT5 
 * oz?L
g^8b=v
m#/y?4
NtcXlpKI|M
tP?n/(Fj
k!2Wnm
7M"Do+
@4ZuwV
F&O3bkQ
Cq*jq%
GS ncZ
:$?in=
@0`47<
sc-z[p
k-)/";
p:"4&Pv~1!
i	1=>+q@2`
~X(Q*$V
/BJ)07
!|D0]<
;HeptZ
H$PZ?.
t@LFRa
c%#GLU
&=BX*8
h)P=Dm
]MoK!ubK
kx74[zZ
Uv)NWn>6
gk9!rKS
`F5DP[f
DIQ|B"
)3ndw2Uq
Wz{"K#!
}J:]n1
lEl({L\
,a\zSH
#NH.^B
#Sf%a]An(h
jmggBi
'v)"3N#<F29
`lI:P<
E{QV1w
#`sP7cTT}s`
"d{$;{
2NcRR&
v!<rlVT
VreJ;t
v;vDR8
ZH{Rw7/
eRnZ*QOh
rdPm7~n
@	$kDqp
/}#[n1
~#lIXc
]^.'0tJ6
rl4:{N
i<v?:`P
9EXb]@a
kt3$:-
.g.Uc>s
7M!'nI]
	<_Lwd
We$C0\
LmF$T}
D+wQno
g09?Quo
W2X(!{
nHt?v {j4
>#:kh"
sJ u/b}'
7\;R7n
;`,%>@
!|)h^X
m|cY$g
h01m7C
5.[CMW
*.=z\+
31DFED41204D2FA3D8E2A7FE4F04AA56537FD0C3638D38EE9F172C5497EFCB4B41592B60290D2DA007F52319236508216C65E819599C13
68C5A4A17F0FFA5B
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
MessageBoxA
ADVAPI32.dll
LookupAccountNameA
ole32.dll
CoCreateInstance
WS2_32.dll
SHLWAPI.dll
PathFileExistsA
DNSAPI.dll
DnsQuery_A
SHELL32.dll
SHGetSpecialFolderPathA
MSVCRT.dll
_CIfmod
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
uO7mI1]8"P.
Y8$eF1T6%5
H,!}U2uM*zQ0
Y9oL+lL/xZ=iL1aF,[C+ZC-P;&:&
nG{[7rV3rW5t]=lT6R< 8#
pKr[5YC
G'"nHC
zM~f<u_6p\9kZ9gX7dU5]O2YK/SE.PB/P@3I;/?1%0!
xIog?neDf_FncUF:0.
yal_O9(
uVQ:$ 
kEmW;*
e<vZ1z^5vY2oS1]B')
n=pQ$lO(kM*^>
j:rL"Z3
qB~j:zf6~k8
nIUC$&
t43i86iB@
q@}p<|o;~q=
vF{o?}rF}rF{oG
qMSH($
;$"A-(^A<
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>