Sample details: b0b8454ebcdfe3dd9e041f67cda818fc --

Hashes
MD5: b0b8454ebcdfe3dd9e041f67cda818fc
SHA1: 206edc63b7826128b03001b92a9832bc8fb0cb59
SHA256: 89c726bd0640d435f8ef8793de4a23a047fbd38248e81f8e215b61a35b2b94c0
SSDEEP: 384:hl1U8xfGPXf+oAIc5URitY7sfzbd6RvC6xKii7jgmlJImOLUSMImr7vvxlLEEj:/KoG3nl5ZgV+i7jp0zfC7D
Details
File Type: MS-DOS
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
Xp>{#I
D!>>o/
{4C*%-
Pyg{j)
-w.\"r`Pj'R
qRo;4s
DDQ;V}
jLRG!-
)t?iq$T5
6:(c&b(
4vpco o
k7&-|A
dUq/JHo
l9GCRmhCk7
Wy{7,!
0L3 Lyg
>)tI91
z*Pt+F4c.I?
~l#D#6
?d5d^Z
M!$_Tc`
bta9mV1
}'A$4q^.
m8v&{z|C
-bM;hl]
kWBT"8
[uH<(P
BAvl[|f#n
Wt#Y)'J
m/e4a}$\
9GzVdg
(Z{|C .%
9+,@3'
4<x	`H
oJ'jKN$;Y
[)V1D*%
{pJW{.U~
~|`#;Tv
[:yLhf1[
9`Ww1:
~DoUKZ
1!Se%\
;L$F_l
}`3!T.
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
TextOutW
WINSPOOL.DRV
COMDLG32.dll
FindTextA
ADVAPI32.dll
RegFlushKey
SHELL32.dll
ShellExecuteA
WININET.dll
InternetOpenA
SHLWAPI.dll
StrStrA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>