Sample details: ad5cb15f49c3dc12911fd31802e0d2e1 --

Hashes
MD5: ad5cb15f49c3dc12911fd31802e0d2e1
SHA1: cdd7886812186fa5e5f3e6cfce2324b8c56c8554
SHA256: 741d94d087eb91ff00f58c0e16ddc109b41817350e26f8e4f174973b20a1d8d9
SSDEEP: 3072:wkOKKMyrvX5kSFvuKgZBDJ3MHgDLblbPtO9f:wSyzX5kwvwZB+sbRPtO
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
B!=]@B
G	5qAB
C1=?@B
0+=(@B
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
G~ufJB
462n	@
OFF`P0
hx#zZ9
L7@T~6
T1)NAD
$s$cZ~
K-	=Lbd
i@:{:_
Mp075~r}
A$3[:j
Kg\R}e
F6eF_w
8oi[Yn< 
6zqBpD
wf2B_'
iqR$tC
I+pmxj
wvdiJ7
CQuTTK
p~'&mB,
~PO/?aS%]Q
;toCzQ
i20g[p0
kwA77k
J <f?7Q
r?P9ae
+)S7j%>)
+x!AIrc
_=Wwop
{.aMC)
vD:qPcxq
-)-"x"
z;^IP	
ln*f5s
5wksWE
+EL7jP2
t33JpD
SVck	0
`eU_z)"
L0;YL3
f7"D%5
 _jM3$v
G#_>u3
O/U&O7ggA
LEQ?j0
EcROv"N
QaAiN'
g$@{%>U
^InS.)G
#4*mF]
?z9ar;
#`Cj>B
Bho*`/s
#LL^5oe
#>5l8!w
T&0pKo
$	O}'W
R/59`n
kM;i'o
sIcdJuHg
0z}@7`
Pkw:Yv@
3R'9uK2
oU]O<;^
Z	YJPH
]'bMoi#
|GmX%._&?
JD6.F&
R3^^ZV
|y_rNy
8d)=.Q
ekT*$0?
neor\$1-
YBFKk<
<v/5}X
Lu97U:
t"gBVM;
jSRh+D
P-Hqsc
w&qoEgM
xf/!ngNhe
:=Ge+[E
tD7~	9
1<JMp^
#8P`oBP
HZ<mq,
\~dN*O
tb	Z|_H
w[	!EGK
'9&!_bf
b-\Vw"
l0*D^q
k&~MY5
T)gp_0
/RJF6x
S1L	#;
z4Q`oZ
m6qj; 
-xi!_9
ge0pU7M
Y,+H o
BG_nzLo0
dpp	;8/u
":mwf|	6
wi-}#[Xj
+'AOm*
Qf8sc'
Qf8Oc'
Qf8Kc'
Qf8gc'
Qf8/c'
Qf8+c'
Qf8Gc'
Qf8cc'
Qf8{c'
Qf8Wc'
Rf87`'
Rf8o`'
Rf8k`'
Sf8wa'
Sf8Sa'
Tf83f'
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
ResUtilGetBinaryValue
ClusWorkerStart
ResUtilDupString
ClusWorkerTerminate
resutils.dll
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
RegLoadKeyW
RegEnumKeyA
ReadEventLogA
RegSaveKeyA
RegUnLoadKeyW
RegCreateKeyExW
OpenEventLogA
RegOpenKeyA
RegDeleteValueW
RegRestoreKeyW
LogonUserA
advapi32.dll
GetDateFormatW
CreateFileA
CreateMailslotW
LoadLibraryExW
GetSystemDirectoryA
WaitForSingleObject
lstrlen
GetCommandLineA
OpenFileMappingA
GetCurrentThreadId
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
CreateMutexA
GetLongPathNameW
lstrcmpi
kernel32.dll
InsertMenuW
GetPropW
LoadCursorA
DialogBoxParamW
LoadMenuW
	wsprintfW
FindWindowW
IsCharLowerA
SetFocus
LoadBitmapW
DrawStateW
CreateWindowExA
PeekMessageA
GetDlgItemTextW
CharToOemA
user32.dll
RecycleSurrogate
SafeRef
comsvcs.dll
"0,03090F0R0Z0e0r0~0
1$101A1G1T1`1l1|1
2&232?2c2x2
3 3+3;3H3S3`3g3m3x3
4,484G4Q4W4]4d4q4}4
5(545D5b5p5~5
6$6*676C6P6]6i6y6
7)757@7v7
8"8.8B8P8]8h8}8
9)959=9C9N9T9[9a9n9z9
:%:?:H:S:Y:f:r:
;#;+;1;<;I;U;k;x;
< <.<<<M<U<[<a<n<y<
= =-=9=I=P=\=i=u=
>!>'>/>;>H>T>d>j>p>v>
?'?:?G?T?`?h?s?y?
0,080I0O0Y0b0o0{0
1/161A1N1Z1u1
2&232?2W2]2j2v2
3%323?3J3[3c3p3}3
4%414@4M4Y4j4u4
5&535?5L5Y5e5m5t5~5
6+6@6L6Y6e6r6
7(757A7Y7f7r7z7
8)858K8X8d8t8
9!9+989C9P9V9\9b9o9z9
:':3:O:[:h:t:
;';7;=;H;U;a;r;|;
<&<,<3<A<N<Z<q<
=4=A=M=Z=f=v=
>#>)>6>B>Q>^>i>
?*?7?B?S?^?k?w?
0%060C0O0W0]0g0m0z0
1%1@1M1Y1i1t1
2/2;2G2X2d2p2|2
3.343A3M3]3j3v3
4)4:4G4R4Z4g4s4{4
51575=5F5S5_5g5r5x5
6!6'6-696D6T6a6m6u6
7!7'727>7J7Z7f7s7~7
8,888D8L8R8a8n8z8
9%9-9:9F9Q9W9]9c9n9{9
:$:,:5:@:L:X:q:x:
; ;5;B;M;^;d;j;x;
<%<5<@<K<W<b<r<z<
='=7=I=P=V=c=o=
>)>5>=>J>U>]>c>i>o>u>
?)?9?@?F?R?^?k?x?
0 0'020?0J0]0d0u0
1*1I1V1a1i1q1w1
2&232?2J2U2[2g2s2{2
3*363F3L3V3\3i3t3|3
414>4I4Y4c4k4}4
575C5O5W5]5c5p5|5
6'636B6M6Z6f6z6
717C7O7\7h7{7
8!8,848:8G8S8c8p8|8
9,989C9K9T9[9h9s9{9
:!:-:=:C:P:\:d:j:w:
;$;1;=;Q;^;j;r;
<&<3<?<W<c<o<y<
=$=1=<=D=L=R=]=j=v=
>&>->7>D>P>X>c>p>|>
?!?.?:?J?P?V?]?h?u?
0"0/0;0K0Q0]0r0
1 131@1M1Y1a1g1n1y1
2'262C2O2c2j2p2|2
3 3+33393A3P3]3h3x3
4(444A4N4Z4r4
5 5&5C5P5\5m5s5|5
6'61676D6P6X6c6i6w6
7*767I7V7b7j7u7
8#8*848?8L8X8e8s8y8
9'919<9I9T9\9i9t9|9
:':-:5:B:M:\:e:k:x:
; ;8;?;J;W;c;s;
<#<0<<<D<J<R<]<j<v<
=,=8=I=V=b=o={=
>)>A>M>Y>i>o>|>
?%?2?=?E?K?R?]?j?u?
0.0D0Q0]0n0u0
1)151N1b1o1{1
2&222C2N2Z2e2{2
3#3.363<3B3O3[3n3|3
4!494@4M4Y4a4w4
5*50565C5O5\5b5o5{5
6,626<6R6_6k6s6y6
7$7*747A7M7Z7`7m7y7
8%818N8j8p8}8
9#989>9D9N9Y9f9r9
:%:1:A:G:M:Y:f:r:
;*;5;=;E;O;[;h;t;
<(<4<A<I<S<_<l<w<
=!=B=H=S=`=l=
>2>8>E>Q>d>q>}>
?$?*?7?B?L?V?b?n?v?|?
0"0-0:0F0\0h0t0
1"1/1:1K1X1d1l1z1
2)242>2K2W2d2q2|2
3 3<3I3U3]3h3n3x3
4'4/494O4X4e4q4
5,595E5M5S5`5l5t5~5
676=6G6R6_6k6|6
7$747;7H7T7d7m7z7
8 83898?8J8W8c8x8
9*969F9L9R9X9^9m9z9
:&:.:9:F:R:o:{:
;#;0;<;T;a;m;|;
<$<0<A<H<N<]<k<x<~<
= =+=E=Q=]=m=s=y=
>!>2>8>E>Q>^>j>v>
?&?2?F?S?]?j?u?}?
0,040@0M0Y0j0w0
1(1.1=1Q1d1q1}1
2'242;2F2S2_2p2}2
3"3/3;3S3`3k3|3
4'4:4F4S4_4o4|4
5%595E5Q5i5v5
656>6K6W6b6h6u6
7!7'717>7J7R7]7i7u7
8!8,898E8V8a8n8z8
9#939?9K9S9`9l9t9~9
:(:/:5:B:N:V:]:c:i:o:v:
;%;+;I;T;a;m;
<#<0<=<H<_<l<x<
=%=2=?=K=[=f=l=s=
>#>0><>T>a>l>
?+?1???L?X?k?w?
0#0E0P0^0k0w0
1$101@1M1Y1a1o1}1
2)252K2X2d2u2{2
3)353A3R3^3h3t3
4$474=4H4U4a4~4
5+575?5F5O5Y5f5r5z5
6!6)666B6J6P6Z6e6r6~6
7$7:7H7N7[7f7w7
8$818>8J8e8k8x8
9'949@9J9P9_9l9x9
:+:7:L:Y:e:u:}:
;+;7;?;L;X;e;r;~;
<+<8<D<i<r<
=)=5=F=L=R=\=j=w=
>&>9>H>U>`>p>z>
?*?0?;?A?H?T?Z?l?r?x?
0&060@0O0\0h0
1*171C1Y1e1q1
2+212>2J2R2\2b2o2{2
3!313>3J3[3a3m3s3
4 454;4H4T4\4f4t4
5'525?5J5`5m5y5
6!6.6:6K6Q6]6j6v6
7%7.7;7G7\7k7x7
8&808>8J8V8n8w8
9'939@9M9X9h9n9z9
:":,:6:=:J:V:^:d:j:p:
;';3;D;J;Q;_;j;w;
<&<2<B<H<N<T<Z<g<s<
=+=<=B=M=[=h=t=
>4>@>L>]>c>
?!?'?4?@?H?U?a?i?t?
0'0-050D0J0W0b0m0s0y0
1:1G1S1e1r1~1
2'242@2K2Q2W2d2p2
3%3+3=3J3V3g3m3|3
4 4&404<4H4U4b4n4~4
5#5)565A5I5O5\5n5t5
6*676B6T6_6j6w6
7 7-787I7O7\7h7x7
8$8*858B8N8_8s8
9!9.9:9M9T9Z9g9r9z9
:":.:>:K:V:i:s:y:
;%;,;8;M;Z;f;{;
<&<2<><J<Z<`<g<
=%=6=@=F=O=T=[=a=k=q={=
>'>.><>E>K>R>_>h>n>w>~>
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
gqirojgnipqxccpst
uhhiyotlhnocwt
tkgpfvdndlsujgw
H<mqz|
6|?w4	t
QvD5v7