Sample details: ae5d5f2c188d7fb21a6afd3b676673a1 --

Hashes
MD5: ae5d5f2c188d7fb21a6afd3b676673a1
SHA1: 1bacdcbedf18c388c8812ecd5614f2085d414518
SHA256: 4ad562a6a7be9d1f47e90d2d0ebe9ae993db21d4c7062e41a125ce9045321c19
SSDEEP: 6144:d3ZvY3piJ9dherC38acKEknZSAqL6d4ceaJZ9CUkEqpo1Ju:fA3pkD389KEknZxqL6d4ELsZpB
Details
File Type: MS-DOS
Added: 2018-06-22 12:14:51
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
f-5efI
 B4jg)
Y_w|mD
kULb~%
1IVa?.W
WOu^e_
O>OAv5
0S1p	U
vtRRxkl?
kP\Z"}~*R}=GE
MSL"5(U
URXE0v
s9QGLJ
V>E7?Y
<K~3O/
rFp/gj
">4':4
RS~pnN
rAYJt8P
}Aa: #
'e;LA0
h3TMm>
DV:}B 
Eu^fclWY
QlF<6d
saA}y 
yE@n#S
VVL[g7U)l
bh;{+t
pG0Fm{
}JW0kpg
ctQ#9vD
UUmL]&g
[B(jj5
KxBz-#
M!.!dp
J?.:IL
^yXoH`
X{xtn-
Tm?;[Oa
jcYJz`
-y]7lH
MezaAdA
{D.3/B
p,Q{r2n
F0<^	8O6C
WE;t-RL
Fje'	-
#fjXbBQ_c
;h"Ckz
t[&mJ)
|?[cP'
v9y"-b
'_=eP[g
v1P~(8
yr5@I}D
O	x?Jr
ona@Xp
@cHb%`K
O'Fm T
*7^g?M
% z`=rA
tV2	3s
@4Szk_d
vvISmz
nhX}KQ@
H1y8	0
=}W$)Q&
[5uPIt@
2v5<X;
ob\E7-
^vMrVD0*
&B7E9"
[Wyn1(o
1!0K9"
|uu({|e
L%jfb(F
A5Qk,$7
RqX!7oUg
n8{jXE
3M"ErA
$lcq?Et"
L5,aY[~
A7  f9
l=9<M.
[xV%aY
UL}%R5
)Aa9Sb
CzLgpIq
-Gr}{~
9#R4 ZW
FL_XQ+
[*>86Q
Xy	0ew!
<6,LD3
$M|),{S1
yPyH-\:8
0%l4&`>
~.M]S6Z&
r&_yTH
2"jYv.
cZ{!>?
<lV)O-H
	pr{_4
L3<>K-
yeGWQ`:
55B'Id
(%;O-4
^_2T.k
??A.!lI)
e&2y&	
SjoY471
{;hGv3OJ
{eZfA$WAn
3Y!4$6
5L3	Kr
#e9 f E
t&\=;m
A5Uj^m
5(dQsr
+y<vV	19
L?f:},
bIoM	6pE
WErn2y
wuL]Q0
{iD~~P
S-IX*0J
@SqoCY~
Sq/emvk
$N1#3i=
MULr;b
6Hvc+Tw
XoD^T.][
:^wbK\
k}MR3L
"E%<Oh
BQs|2oF
[?&I6s
-Thf[l
%6NEQ^
R/[<]'
nb$Yl'
=aj+^{
kfj]AM|
KaNV-|
V5pBqw6
7Jg]zfk
+V" ,+
)f^g*@
KVM9R7;
  CEK7
_N(Mul
RFB;lw
gTV_v=
GhtxF+}
mxRvWU
suv2sDL
&M Gx|
R&aGwr
C7o.c6
=,t{Rk
6vJ`.f
bNMcw#
n}23\	
H^.dYu
)=eL)c
LQDn6;
vf1Trp
yN0Uvw
rG]Nf0oW
$BXEAZ
vfFOgT<
@QF>]y
WKx;!;
O~N`q={Y
P2.$~']
G{R;d_
cfAz!e
K$j Kz
jfPyIg\
a3T]%R
WrO@_n
\Qt3r 
Df|5i9
7R\Bmmx>
tRP`V-
9l'6ok
Or;9@!m
hy(_xN
UeBk7WP
r	S]-f
.|	Q;,
DME(#A
XAeVei
zFNx>x
p6o2_O
k]sT.DK\
(us:r!
gqRm&c
{{T)2V
mn>w57
UlF+.wC
}e%2	QQ
b43;KV
r|blXp
o3bH{d
9r2<oP>
"A.qquF
ij3h"ot
-K~tm[
/DJ_iW
&T!B"{
fIlm5LK
v&B`}/
;Jv<Rl
<	EGi/
ZcFZ*M
9fIN  d
k%<(t%
S*@3 *
1+SZqz
vD>!G`_;
&6T{@`
U4 D9lh
o',YkZ
GE3^fJ!\X
qE}:xl
2P+ldQ
$/E |.
LXjP+:
,GV-H#
R(Rri*'
$4u1*X>\
b#]79s}#d
Exk7ie0Z
j(DVLy
x0OTmH
}fXBjS
gadN_u
0XTxw#
BJ3(%wob
r!=zBe
XTY]Iy
wqPRhP
}f	{H^=
U:5y*\
t*y1H)-
PKyI:;
0fnE;|
6TdmGk
&Gq"Lmh?
kIps9>U
]SCd!#
YrHD>R
mqo\x@
1OC)H!
-/|& %
2uvw]P
y[{G'.
}zh<&"
	qbFb5}
aV@"u6
:or+H>
cU^sLy
%}Z8#P!$
F|HOZ#
U8~r$h
IK.\imp
9^Ir(a!w
:n!c4Cw
32m-}hq
Y/8F~H
bms52m
6<OF;Q
X&Zx=Qx
AOP#1K
a-qo+E
vZ[alZ`
?'Wlv&
Hmd8BL_x
j*c_<x
'k2|jG
QSL+m&
|:#pZ!
8Ka coh%m
nFe?w0
(\?%<1
-U3E>lJ
BcDxjH
Yn@BGJf
MH	TjY
Qx=zCf9B
&U	zJ1AY
IAbN\&
))+h0X
dIO."#
j5@;Z%<w
}&T:'|
OBT_U:[GV
uT[v9"
VvE4=v
_GT7a+nX
=S=@Bj
{@Q)Yd
)xBdB3=
Bv5y/A	e
r{4o$RE
)FlI:^
^06\O[
T[e6<D7
D6mEua9M
C#xOi][-
y}8}^"
8@>%&#
N2M?iE
gg^gg)
^ex9%On
zZ,28I
m~gs%X
8{.:7c
R^TN!Z
e1q%.[7,
Y~a~OD&
~9*JG_
VgQu#Zm
-A`*vC
Q(`&A?
TBH)~W
TO|&Yy
I@UR[5-
?QP1\Xa
9q_'r/(k@
MD}HB.
@3n--E
o-{,;c
9eV5%v
%5us&p
_8({5TEu
it!x\w
,8NG~V(B
:J-tD=p
l(;[B{
i^"9}R
L{Y'c$w=
',Gq(R
=Ji|^{
g=q\-|
f49N>||/
kfZ`J.*ec
&-D+:i<
*;OHVq
&~{>r!
5e!aS6*
Mqf	\G
)j.f"z9%
Ua({Xuj
3o$>9Nch
5rc?k0
s71*{=qO
w.>{gL
"Bv)iq&
"zd[KS
)	*z$O
w@>InFA
 MW^0i0
(I%hnq
Lq(KT]H
N-&4f]
P`d-m]t
8N,:RmKh
x	!Na	
fj^a6/
+Htfp{
x<29_w
#cltn78 
x~=-6T
6-piD0
P|h]0r
ay]|%a
gl`3wx
0#/Lm=
$&a5_tQ
mN[AtKA
X!95!,
GpZfkG8hi
 *.={ 2+
TP0\Pr
CkRlXb
6O9,0	
"L6zu"xw	
#&IJ,2
~tEb1c
KA8'_!
>lzU@1j'N
BM7=bZ
K9L2<Aum&
{tF(;F
>*$I&?9
*S" 0^
+|^D4(
T;_q/cn
wj[#^K]
,VHMM,
hgQV:C_
]cxTth
2(a Pm2
xa7m*$
kBS%!b
k7>v	<7*
0RIPyOi
vf2`&A
vw*:.+
vqrVOR
r\vSu6mJA
UjnML-
TP	k(<
/H!w~X
WbdtL_
Ud_?ud
*lF!3mo
#q`9WX
=]vp/,
uJR2<b
<|~C~Y
^X`prr
xb^vEN
|8tE[~(
lw#RcTng
i)*'o	+
?J#H~PZ
x;\V`D;K
M	|9`U
=jghDS
70	0r0
|wU@51
A@B~H@8
@c'J{~ef
n]t<Ah
E[)zK;
#v^ r'
qmoXh?
A dkE2=
EGRbg4B
	yoIs4L
J##%vW
X{Xod	k
il&9M}
\6lX:?
(0gx'_3
i!<lCL
"xR 07
;Sb_q`
9sN\*Dn
2QXf%t
3[7"++
_vGyj 
wFf+W9i
Bt  W,*
gP9-(+
,_*AjT
gw}c]8S
nzc1s5
BS*+Y#I
]BFY%aD
t4h!WO
Nj0,QQD
Da%(@b>s
-?NW{{
N1N:l6
&]|8e^t
?cPQlu
ze B-8d
2/iBwA
>+gc["
U4*KfH
|[(P&C
*l|m.p
\Rp|kV
t*7/ZK
+M)-Fl
=>P-SZQ4
p6J+}]8k
(:G1|[
y2ig:_
KuHt~eL
 NVE0A
J#|M]NpM
lUAHuZ[
.Cxr)d
*irFu 
Nn3Q7LM=
TOD=T'q
O/zOXfm
YY]Zg0^
4<3xkB!
m(":>0
&nzIfR
6$fVa_
Mrd*[tz
 |:}KS
Z1Mk U
4 iFJh
1AM5$Y
/U0k$=
;d*URJ
@UsYhl
""9%`2
4fnGT) 
5?\w{,
5KTtJ+D
e-k6}>
,"e^]4Q
; aBea
*Oi2"(
2b`alZ
^VH45)Bs
J{Io"af
sR1?Jz
?*j dG
q?~i\!x"Wp[
]MD40syT
`)a-vc
^w<hhP
CW"6+q
GgdhVyd
}B*EF*
<!#EMB
V-QOb8-PQ
vDfdl?
uj1SM`T
~y"RyN
2{{e9MF
gOA_x:G
MWgkvU7
<zXk+a
v-C]p>
HhV!3]
M^YQX"@8
O4vZ^	
vW-." 
pR-L(U4&
In/>tVBdk
mR7a(|
< 4xh0
S$YC>/Q
-|Xao3
}oi*[}
$9u{i&
O9BB^T
x)1G(3
coG`#E
Iy2.m9
%3y@f\
Hk@[ 	?:
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
wwwwwwwwwwwwwwwpx
pxwwwwwwwwwwwwwxpx
pxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpx
pwwwwwwwwwwwwwwwp
wwwwwwwpx
pxwwwwwwpxDDD
pxDDDDDDpx
pwwwwwwww
63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
WkV21TSav^8{
}>qooggggggg1`_fhsnHK
Nw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
"""""/
I3')+*+)))*))()*+++,6J!54 CBA
jYPQTVTSkllZTTXRTUiHceWda/
}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O' 
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>